* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. c594bd17b1a5dc185e6476fb014556e8d730df6c
@ 2016-05-04 7:55 git
0 siblings, 0 replies; only message in thread
From: git @ 2016-05-04 7:55 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 39170 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via c594bd17b1a5dc185e6476fb014556e8d730df6c (commit)
via 3af3a6c5ee445d52bc31315ddaf734fbfa61f76e (commit)
via d25d7bfccf37fd008af43021ec5a18f135894699 (commit)
via 68aa7aa602afac230dc8f9d81f2b7f43993d24d5 (commit)
from e78d9e4fc82c38315c064020a94553bca548f790 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c594bd17b1a5dc185e6476fb014556e8d730df6c
Merge: e78d9e4 3af3a6c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed May 4 09:14:29 2016 +0200
Merge remote-tracking branch 'origin/master' into next
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/{101 => 102}/exclude | 0
.../{oldcore/98 => core/102}/filelists/files | 0
.../99 => core/102}/filelists/i586/openssl-sse2 | 0
.../{oldcore/99 => core/102}/filelists/openssh | 0
.../{oldcore/99 => core/102}/filelists/openssl | 0
config/rootfiles/core/{101 => 102}/meta | 0
.../rootfiles/{oldcore/99 => core/102}/update.sh | 26 ++++++++++++++++------
config/rootfiles/oldcore/{100 => 101}/exclude | 0
.../101/filelists/armv5tel/ath9k-module | 0
.../{core => oldcore}/101/filelists/armv5tel/gmp | 0
.../101/filelists/armv5tel/linux-rpi | 0
.../rootfiles/{core => oldcore}/101/filelists/bind | 0
.../rootfiles/{core => oldcore}/101/filelists/dma | 0
.../{core => oldcore}/101/filelists/e2fsprogs | 0
.../{core => oldcore}/101/filelists/files | 0
.../rootfiles/{core => oldcore}/101/filelists/grep | 0
.../101/filelists/i586/ath9k-module | 0
.../{core => oldcore}/101/filelists/i586/dmidecode | 0
.../{core => oldcore}/101/filelists/i586/gmp | 0
.../{core => oldcore}/101/filelists/libxml2 | 0
.../rootfiles/{core => oldcore}/101/filelists/mpfr | 0
.../{core => oldcore}/101/filelists/nettle | 0
.../{core => oldcore}/101/filelists/patch | 0
.../{core => oldcore}/101/filelists/paxctl | 0
.../{core => oldcore}/101/filelists/pciutils | 0
.../rootfiles/{core => oldcore}/101/filelists/pcre | 0
.../101/filelists/perl-Apache-Htpasswd | 0
.../{core => oldcore}/101/filelists/squid | 0
.../101/filelists/x86_64/ath9k-module | 0
.../101/filelists/x86_64/dmidecode | 0
.../{core => oldcore}/101/filelists/x86_64/gmp | 0
config/rootfiles/oldcore/{99 => 101}/meta | 0
config/rootfiles/{core => oldcore}/101/update.sh | 0
lfs/openssh | 4 ++--
lfs/openssl | 8 +++----
make.sh | 4 ++--
src/patches/openssl-1.0.1m-weak-ciphers.patch | 11 ---------
src/patches/openssl-1.0.2h-weak-ciphers.patch | 12 ++++++++++
38 files changed, 39 insertions(+), 26 deletions(-)
rename config/rootfiles/core/{101 => 102}/exclude (100%)
copy config/rootfiles/{oldcore/98 => core/102}/filelists/files (100%)
copy config/rootfiles/{oldcore/99 => core/102}/filelists/i586/openssl-sse2 (100%)
copy config/rootfiles/{oldcore/99 => core/102}/filelists/openssh (100%)
copy config/rootfiles/{oldcore/99 => core/102}/filelists/openssl (100%)
rename config/rootfiles/core/{101 => 102}/meta (100%)
copy config/rootfiles/{oldcore/99 => core/102}/update.sh (88%)
copy config/rootfiles/oldcore/{100 => 101}/exclude (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/armv5tel/ath9k-module (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/armv5tel/gmp (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/armv5tel/linux-rpi (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/bind (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/dma (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/e2fsprogs (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/files (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/grep (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/i586/ath9k-module (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/i586/dmidecode (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/i586/gmp (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/libxml2 (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/mpfr (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/nettle (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/patch (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/paxctl (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/pciutils (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/pcre (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/perl-Apache-Htpasswd (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/squid (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/x86_64/ath9k-module (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/x86_64/dmidecode (100%)
rename config/rootfiles/{core => oldcore}/101/filelists/x86_64/gmp (100%)
copy config/rootfiles/oldcore/{99 => 101}/meta (100%)
rename config/rootfiles/{core => oldcore}/101/update.sh (100%)
delete mode 100644 src/patches/openssl-1.0.1m-weak-ciphers.patch
create mode 100644 src/patches/openssl-1.0.2h-weak-ciphers.patch
Difference in files:
diff --git a/config/rootfiles/core/101/exclude b/config/rootfiles/core/101/exclude
deleted file mode 100644
index 7ddeae0..0000000
--- a/config/rootfiles/core/101/exclude
+++ /dev/null
@@ -1,28 +0,0 @@
-boot/config.txt
-boot/grub/grub.cfg
-boot/grub/grubenv
-etc/alternatives
-etc/collectd.custom
-etc/default/grub
-etc/ipsec.conf
-etc/ipsec.secrets
-etc/ipsec.user.conf
-etc/ipsec.user.secrets
-etc/localtime
-etc/shadow
-etc/snort/snort.conf
-etc/ssh/ssh_config
-etc/ssh/sshd_config
-etc/ssl/openssl.cnf
-etc/sudoers
-etc/sysconfig/firewall.local
-etc/sysconfig/rc.local
-etc/udev/rules.d/30-persistent-network.rules
-srv/web/ipfire/html/proxy.pac
-var/ipfire/dma
-var/ipfire/time
-var/ipfire/ovpn
-var/lib/alternatives
-var/log/cache
-var/state/dhcp/dhcpd.leases
-var/updatecache
diff --git a/config/rootfiles/core/101/filelists/armv5tel/ath9k-module b/config/rootfiles/core/101/filelists/armv5tel/ath9k-module
deleted file mode 100644
index 92f518e..0000000
--- a/config/rootfiles/core/101/filelists/armv5tel/ath9k-module
+++ /dev/null
@@ -1,3 +0,0 @@
-lib/modules/KVER-ipfire-multi/kernel/drivers/net/wireless/ath/ath9k
-lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/wireless/ath/ath9k
-
diff --git a/config/rootfiles/core/101/filelists/armv5tel/gmp b/config/rootfiles/core/101/filelists/armv5tel/gmp
deleted file mode 120000
index 2bdf30d..0000000
--- a/config/rootfiles/core/101/filelists/armv5tel/gmp
+++ /dev/null
@@ -1 +0,0 @@
-../../../../common/armv5tel/gmp
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/armv5tel/linux-rpi b/config/rootfiles/core/101/filelists/armv5tel/linux-rpi
deleted file mode 120000
index a651a49..0000000
--- a/config/rootfiles/core/101/filelists/armv5tel/linux-rpi
+++ /dev/null
@@ -1 +0,0 @@
-../../../../common/armv5tel/linux-rpi
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/bind b/config/rootfiles/core/101/filelists/bind
deleted file mode 120000
index 48a0eba..0000000
--- a/config/rootfiles/core/101/filelists/bind
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/bind
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/dma b/config/rootfiles/core/101/filelists/dma
deleted file mode 120000
index 60f4682..0000000
--- a/config/rootfiles/core/101/filelists/dma
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/dma
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/e2fsprogs b/config/rootfiles/core/101/filelists/e2fsprogs
deleted file mode 120000
index 37b55de..0000000
--- a/config/rootfiles/core/101/filelists/e2fsprogs
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/e2fsprogs
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/files b/config/rootfiles/core/101/filelists/files
deleted file mode 100644
index c04cff6..0000000
--- a/config/rootfiles/core/101/filelists/files
+++ /dev/null
@@ -1,7 +0,0 @@
-etc/system-release
-etc/issue
-etc/rc.d/init.d/firewall
-srv/web/ipfire/cgi-bin/chpasswd.cgi
-srv/web/ipfire/cgi-bin/ipinfo.cgi
-srv/web/ipfire/cgi-bin/optionsfw.cgi
-srv/web/ipfire/cgi-bin/proxy.cgi
diff --git a/config/rootfiles/core/101/filelists/grep b/config/rootfiles/core/101/filelists/grep
deleted file mode 120000
index ab5ef8b..0000000
--- a/config/rootfiles/core/101/filelists/grep
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/grep
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/i586/ath9k-module b/config/rootfiles/core/101/filelists/i586/ath9k-module
deleted file mode 100644
index 2490e61..0000000
--- a/config/rootfiles/core/101/filelists/i586/ath9k-module
+++ /dev/null
@@ -1,3 +0,0 @@
-lib/modules/KVER-ipfire/kernel/drivers/net/wireless/ath/ath9k
-lib/modules/KVER-ipfire-pae/kernel/drivers/net/wireless/ath/ath9k
-
diff --git a/config/rootfiles/core/101/filelists/i586/dmidecode b/config/rootfiles/core/101/filelists/i586/dmidecode
deleted file mode 120000
index 1add99b..0000000
--- a/config/rootfiles/core/101/filelists/i586/dmidecode
+++ /dev/null
@@ -1 +0,0 @@
-../../../../common/i586/dmidecode
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/i586/gmp b/config/rootfiles/core/101/filelists/i586/gmp
deleted file mode 120000
index 52a09cd..0000000
--- a/config/rootfiles/core/101/filelists/i586/gmp
+++ /dev/null
@@ -1 +0,0 @@
-../../../../common/i586/gmp
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/libxml2 b/config/rootfiles/core/101/filelists/libxml2
deleted file mode 120000
index 242e69f..0000000
--- a/config/rootfiles/core/101/filelists/libxml2
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/libxml2
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/mpfr b/config/rootfiles/core/101/filelists/mpfr
deleted file mode 120000
index c8468bf..0000000
--- a/config/rootfiles/core/101/filelists/mpfr
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/mpfr
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/nettle b/config/rootfiles/core/101/filelists/nettle
deleted file mode 120000
index f0dba7a..0000000
--- a/config/rootfiles/core/101/filelists/nettle
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/nettle
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/patch b/config/rootfiles/core/101/filelists/patch
deleted file mode 120000
index 27a3825..0000000
--- a/config/rootfiles/core/101/filelists/patch
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/patch
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/paxctl b/config/rootfiles/core/101/filelists/paxctl
deleted file mode 120000
index dda8d9f..0000000
--- a/config/rootfiles/core/101/filelists/paxctl
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/paxctl
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/pciutils b/config/rootfiles/core/101/filelists/pciutils
deleted file mode 120000
index aeb45e7..0000000
--- a/config/rootfiles/core/101/filelists/pciutils
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/pciutils
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/pcre b/config/rootfiles/core/101/filelists/pcre
deleted file mode 120000
index b390d9a..0000000
--- a/config/rootfiles/core/101/filelists/pcre
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/pcre
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/perl-Apache-Htpasswd b/config/rootfiles/core/101/filelists/perl-Apache-Htpasswd
deleted file mode 120000
index c7d2c8d..0000000
--- a/config/rootfiles/core/101/filelists/perl-Apache-Htpasswd
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/perl-Apache-Htpasswd
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/squid b/config/rootfiles/core/101/filelists/squid
deleted file mode 120000
index 2dc8372..0000000
--- a/config/rootfiles/core/101/filelists/squid
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/x86_64/ath9k-module b/config/rootfiles/core/101/filelists/x86_64/ath9k-module
deleted file mode 100644
index 25361ce..0000000
--- a/config/rootfiles/core/101/filelists/x86_64/ath9k-module
+++ /dev/null
@@ -1,2 +0,0 @@
-lib/modules/KVER-ipfire/kernel/drivers/net/wireless/ath/ath9k
-
diff --git a/config/rootfiles/core/101/filelists/x86_64/dmidecode b/config/rootfiles/core/101/filelists/x86_64/dmidecode
deleted file mode 120000
index 88f5f0a..0000000
--- a/config/rootfiles/core/101/filelists/x86_64/dmidecode
+++ /dev/null
@@ -1 +0,0 @@
-../../../../common/x86_64/dmidecode
\ No newline at end of file
diff --git a/config/rootfiles/core/101/filelists/x86_64/gmp b/config/rootfiles/core/101/filelists/x86_64/gmp
deleted file mode 120000
index 7c59c60..0000000
--- a/config/rootfiles/core/101/filelists/x86_64/gmp
+++ /dev/null
@@ -1 +0,0 @@
-../../../../common/x86_64/gmp
\ No newline at end of file
diff --git a/config/rootfiles/core/101/meta b/config/rootfiles/core/101/meta
deleted file mode 100644
index d547fa8..0000000
--- a/config/rootfiles/core/101/meta
+++ /dev/null
@@ -1 +0,0 @@
-DEPS=""
diff --git a/config/rootfiles/core/101/update.sh b/config/rootfiles/core/101/update.sh
deleted file mode 100644
index 207b046..0000000
--- a/config/rootfiles/core/101/update.sh
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/bin/bash
-############################################################################
-# #
-# This file is part of the IPFire Firewall. #
-# #
-# IPFire is free software; you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation; either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# IPFire is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with IPFire; if not, write to the Free Software #
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
-# #
-# Copyright (C) 2016 IPFire-Team <info(a)ipfire.org>. #
-# #
-############################################################################
-#
-. /opt/pakfire/lib/functions.sh
-/usr/local/bin/backupctrl exclude >/dev/null 2>&1
-
-core=101
-
-function exit_with_error() {
- # Set last succesfull installed core.
- echo $(($core-1)) > /opt/pakfire/db/core/mine
- /usr/bin/logger -p syslog.emerg -t ipfire \
- "core-update-${core}: $1"
- exit $2
-}
-
-# Remove old core updates from pakfire cache to save space...
-for (( i=1; i<=$core; i++ ))
-do
- rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
-done
-
-
-# Stop services
-/etc/init.d/squid stop
-
-# Remove old raspberrypi modules
-rm -rf /lib/modules/3.14.65-ipfire-rpi
-
-# Extract files
-extract_files
-
-# update linker config
-ldconfig
-
-# Fix conntrack configuration
-for i in CONNTRACK_H323 CONNTRACK_FTP CONNTRACK_PPTP CONNTRACK_TFTP CONNTRACK_IRC; do
- if ! grep -q "^${i}" /var/ipfire/optionsfw/settings; then
- echo "${i}=on"
- fi
-done >> /var/ipfire/optionsfw/settings
-
-# Special handling for SIP
-if ! grep -q "^CONNTRACK_SIP" /var/ipfire/optionsfw/settings; then
- if [ -e "/var/ipfire/main/disable_nf_sip" ]; then
- echo "CONNTRACK_SIP=off" >> /var/ipfire/optionsfw/settings
- rm -f /var/ipfire/main/disable_nf_sip
- else
- echo "CONNTRACK_SIP=on" >> /var/ipfire/optionsfw/settings
- fi
-fi
-
-# Update Language cache
-#/usr/local/bin/update-lang-cache
-
-#
-# Start services
-#
-/etc/init.d/squid start
-
-sync
-# This update need a reboot...
-touch /var/run/need_reboot
-
-# Finish
-/etc/init.d/fireinfo start
-sendprofile
-# Update grub config to display new core version
-if [ -e /boot/grub/grub.cfg ]; then
- grub-mkconfig -o /boot/grub/grub.cfg
-fi
-sync
-
-# Don't report the exitcode last command
-exit 0
diff --git a/config/rootfiles/core/102/exclude b/config/rootfiles/core/102/exclude
new file mode 100644
index 0000000..7ddeae0
--- /dev/null
+++ b/config/rootfiles/core/102/exclude
@@ -0,0 +1,28 @@
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/core/102/filelists/files b/config/rootfiles/core/102/filelists/files
new file mode 100644
index 0000000..409e5fe
--- /dev/null
+++ b/config/rootfiles/core/102/filelists/files
@@ -0,0 +1,2 @@
+etc/system-release
+etc/issue
diff --git a/config/rootfiles/core/102/filelists/i586/openssl-sse2 b/config/rootfiles/core/102/filelists/i586/openssl-sse2
new file mode 120000
index 0000000..f424713
--- /dev/null
+++ b/config/rootfiles/core/102/filelists/i586/openssl-sse2
@@ -0,0 +1 @@
+../../../../common/i586/openssl-sse2
\ No newline at end of file
diff --git a/config/rootfiles/core/102/filelists/openssh b/config/rootfiles/core/102/filelists/openssh
new file mode 120000
index 0000000..d8c77fd
--- /dev/null
+++ b/config/rootfiles/core/102/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file
diff --git a/config/rootfiles/core/102/filelists/openssl b/config/rootfiles/core/102/filelists/openssl
new file mode 120000
index 0000000..e011a92
--- /dev/null
+++ b/config/rootfiles/core/102/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file
diff --git a/config/rootfiles/core/102/meta b/config/rootfiles/core/102/meta
new file mode 100644
index 0000000..d547fa8
--- /dev/null
+++ b/config/rootfiles/core/102/meta
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/core/102/update.sh b/config/rootfiles/core/102/update.sh
new file mode 100644
index 0000000..2f51d10
--- /dev/null
+++ b/config/rootfiles/core/102/update.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2016 IPFire-Team <info(a)ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=102
+
+function exit_with_error() {
+ # Set last succesfull installed core.
+ echo $(($core-1)) > /opt/pakfire/db/core/mine
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: $1"
+ exit $2
+}
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+
+# Stop services
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# Update Language cache
+#/usr/local/bin/update-lang-cache
+
+#
+# Start services
+#
+
+sync
+# This update need a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+sync
+
+# Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/oldcore/101/exclude b/config/rootfiles/oldcore/101/exclude
new file mode 100644
index 0000000..7ddeae0
--- /dev/null
+++ b/config/rootfiles/oldcore/101/exclude
@@ -0,0 +1,28 @@
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/oldcore/101/filelists/armv5tel/ath9k-module b/config/rootfiles/oldcore/101/filelists/armv5tel/ath9k-module
new file mode 100644
index 0000000..92f518e
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/armv5tel/ath9k-module
@@ -0,0 +1,3 @@
+lib/modules/KVER-ipfire-multi/kernel/drivers/net/wireless/ath/ath9k
+lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/wireless/ath/ath9k
+
diff --git a/config/rootfiles/oldcore/101/filelists/armv5tel/gmp b/config/rootfiles/oldcore/101/filelists/armv5tel/gmp
new file mode 120000
index 0000000..2bdf30d
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/armv5tel/gmp
@@ -0,0 +1 @@
+../../../../common/armv5tel/gmp
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/armv5tel/linux-rpi b/config/rootfiles/oldcore/101/filelists/armv5tel/linux-rpi
new file mode 120000
index 0000000..a651a49
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/armv5tel/linux-rpi
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-rpi
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/bind b/config/rootfiles/oldcore/101/filelists/bind
new file mode 120000
index 0000000..48a0eba
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/bind
@@ -0,0 +1 @@
+../../../common/bind
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/dma b/config/rootfiles/oldcore/101/filelists/dma
new file mode 120000
index 0000000..60f4682
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/dma
@@ -0,0 +1 @@
+../../../common/dma
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/e2fsprogs b/config/rootfiles/oldcore/101/filelists/e2fsprogs
new file mode 120000
index 0000000..37b55de
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/e2fsprogs
@@ -0,0 +1 @@
+../../../common/e2fsprogs
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/files b/config/rootfiles/oldcore/101/filelists/files
new file mode 100644
index 0000000..c04cff6
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/files
@@ -0,0 +1,7 @@
+etc/system-release
+etc/issue
+etc/rc.d/init.d/firewall
+srv/web/ipfire/cgi-bin/chpasswd.cgi
+srv/web/ipfire/cgi-bin/ipinfo.cgi
+srv/web/ipfire/cgi-bin/optionsfw.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
diff --git a/config/rootfiles/oldcore/101/filelists/grep b/config/rootfiles/oldcore/101/filelists/grep
new file mode 120000
index 0000000..ab5ef8b
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/grep
@@ -0,0 +1 @@
+../../../common/grep
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/i586/ath9k-module b/config/rootfiles/oldcore/101/filelists/i586/ath9k-module
new file mode 100644
index 0000000..2490e61
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/i586/ath9k-module
@@ -0,0 +1,3 @@
+lib/modules/KVER-ipfire/kernel/drivers/net/wireless/ath/ath9k
+lib/modules/KVER-ipfire-pae/kernel/drivers/net/wireless/ath/ath9k
+
diff --git a/config/rootfiles/oldcore/101/filelists/i586/dmidecode b/config/rootfiles/oldcore/101/filelists/i586/dmidecode
new file mode 120000
index 0000000..1add99b
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/i586/dmidecode
@@ -0,0 +1 @@
+../../../../common/i586/dmidecode
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/i586/gmp b/config/rootfiles/oldcore/101/filelists/i586/gmp
new file mode 120000
index 0000000..52a09cd
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/i586/gmp
@@ -0,0 +1 @@
+../../../../common/i586/gmp
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/libxml2 b/config/rootfiles/oldcore/101/filelists/libxml2
new file mode 120000
index 0000000..242e69f
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/libxml2
@@ -0,0 +1 @@
+../../../common/libxml2
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/mpfr b/config/rootfiles/oldcore/101/filelists/mpfr
new file mode 120000
index 0000000..c8468bf
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/mpfr
@@ -0,0 +1 @@
+../../../common/mpfr
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/nettle b/config/rootfiles/oldcore/101/filelists/nettle
new file mode 120000
index 0000000..f0dba7a
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/nettle
@@ -0,0 +1 @@
+../../../common/nettle
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/patch b/config/rootfiles/oldcore/101/filelists/patch
new file mode 120000
index 0000000..27a3825
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/patch
@@ -0,0 +1 @@
+../../../common/patch
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/paxctl b/config/rootfiles/oldcore/101/filelists/paxctl
new file mode 120000
index 0000000..dda8d9f
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/paxctl
@@ -0,0 +1 @@
+../../../common/paxctl
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/pciutils b/config/rootfiles/oldcore/101/filelists/pciutils
new file mode 120000
index 0000000..aeb45e7
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/pciutils
@@ -0,0 +1 @@
+../../../common/pciutils
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/pcre b/config/rootfiles/oldcore/101/filelists/pcre
new file mode 120000
index 0000000..b390d9a
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/pcre
@@ -0,0 +1 @@
+../../../common/pcre
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/perl-Apache-Htpasswd b/config/rootfiles/oldcore/101/filelists/perl-Apache-Htpasswd
new file mode 120000
index 0000000..c7d2c8d
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/perl-Apache-Htpasswd
@@ -0,0 +1 @@
+../../../common/perl-Apache-Htpasswd
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/squid b/config/rootfiles/oldcore/101/filelists/squid
new file mode 120000
index 0000000..2dc8372
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/x86_64/ath9k-module b/config/rootfiles/oldcore/101/filelists/x86_64/ath9k-module
new file mode 100644
index 0000000..25361ce
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/x86_64/ath9k-module
@@ -0,0 +1,2 @@
+lib/modules/KVER-ipfire/kernel/drivers/net/wireless/ath/ath9k
+
diff --git a/config/rootfiles/oldcore/101/filelists/x86_64/dmidecode b/config/rootfiles/oldcore/101/filelists/x86_64/dmidecode
new file mode 120000
index 0000000..88f5f0a
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/x86_64/dmidecode
@@ -0,0 +1 @@
+../../../../common/x86_64/dmidecode
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/filelists/x86_64/gmp b/config/rootfiles/oldcore/101/filelists/x86_64/gmp
new file mode 120000
index 0000000..7c59c60
--- /dev/null
+++ b/config/rootfiles/oldcore/101/filelists/x86_64/gmp
@@ -0,0 +1 @@
+../../../../common/x86_64/gmp
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/101/meta b/config/rootfiles/oldcore/101/meta
new file mode 100644
index 0000000..d547fa8
--- /dev/null
+++ b/config/rootfiles/oldcore/101/meta
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/oldcore/101/update.sh b/config/rootfiles/oldcore/101/update.sh
new file mode 100644
index 0000000..207b046
--- /dev/null
+++ b/config/rootfiles/oldcore/101/update.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2016 IPFire-Team <info(a)ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=101
+
+function exit_with_error() {
+ # Set last succesfull installed core.
+ echo $(($core-1)) > /opt/pakfire/db/core/mine
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: $1"
+ exit $2
+}
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+
+# Stop services
+/etc/init.d/squid stop
+
+# Remove old raspberrypi modules
+rm -rf /lib/modules/3.14.65-ipfire-rpi
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# Fix conntrack configuration
+for i in CONNTRACK_H323 CONNTRACK_FTP CONNTRACK_PPTP CONNTRACK_TFTP CONNTRACK_IRC; do
+ if ! grep -q "^${i}" /var/ipfire/optionsfw/settings; then
+ echo "${i}=on"
+ fi
+done >> /var/ipfire/optionsfw/settings
+
+# Special handling for SIP
+if ! grep -q "^CONNTRACK_SIP" /var/ipfire/optionsfw/settings; then
+ if [ -e "/var/ipfire/main/disable_nf_sip" ]; then
+ echo "CONNTRACK_SIP=off" >> /var/ipfire/optionsfw/settings
+ rm -f /var/ipfire/main/disable_nf_sip
+ else
+ echo "CONNTRACK_SIP=on" >> /var/ipfire/optionsfw/settings
+ fi
+fi
+
+# Update Language cache
+#/usr/local/bin/update-lang-cache
+
+#
+# Start services
+#
+/etc/init.d/squid start
+
+sync
+# This update need a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+sync
+
+# Don't report the exitcode last command
+exit 0
diff --git a/lfs/openssh b/lfs/openssh
index ab25d62..c4dff4d 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -24,7 +24,7 @@
include Config
-VER = 7.2p1
+VER = 7.2p2
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b984775f0cfff1f7ff18b8797fce8a28
+$(DL_FILE)_MD5 = 13009a9156510d8f27e752659075cced
install : $(TARGET)
diff --git a/lfs/openssl b/lfs/openssl
index eb7352f..0a0b2cf 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
include Config
-VER = 1.0.2g
+VER = 1.0.2h
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -53,7 +53,7 @@ CONFIGURE_OPTIONS = \
zlib-dynamic \
enable-camellia \
enable-md2 \
- enable-ssl2 \
+ disable-ssl2 \
enable-seed \
enable-tlsext \
enable-rfc3779 \
@@ -87,7 +87,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f3c710c045cdee5fd114feb69feba7aa
+$(DL_FILE)_MD5 = 9392e65072ce4b614c1392eefc1f23d0
install : $(TARGET)
@@ -119,7 +119,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
# i586 specific patches
diff --git a/make.sh b/make.sh
index 8bff864..bdf58b9 100755
--- a/make.sh
+++ b/make.sh
@@ -25,8 +25,8 @@
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.19" # Version number
-CORE="101" # Core Level (Filename)
-PAKFIRE_CORE="101" # Core Level (PAKFIRE)
+CORE="102" # Core Level (Filename)
+PAKFIRE_CORE="102" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
diff --git a/src/patches/openssl-1.0.1m-weak-ciphers.patch b/src/patches/openssl-1.0.1m-weak-ciphers.patch
deleted file mode 100644
index f57b978..0000000
--- a/src/patches/openssl-1.0.1m-weak-ciphers.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- openssl-1.0.1m/ssl/ssl.h.old 2015-03-19 15:25:20.646533583 +0100
-+++ openssl-1.0.1m/ssl/ssl.h 2015-03-19 15:25:31.229875691 +0100
-@@ -334,7 +334,7 @@
- * The following cipher list is used by default. It also is substituted when
- * an application-defined cipher list string starts with 'DEFAULT'.
- */
--# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
-+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
- /*
- * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
- * starts with a reasonable order, and all we have to do for DEFAULT is
diff --git a/src/patches/openssl-1.0.2h-weak-ciphers.patch b/src/patches/openssl-1.0.2h-weak-ciphers.patch
new file mode 100644
index 0000000..d1ec6a2
--- /dev/null
+++ b/src/patches/openssl-1.0.2h-weak-ciphers.patch
@@ -0,0 +1,12 @@
+diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h
+--- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200
++++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200
+@@ -338,7 +338,7 @@
+ * The following cipher list is used by default. It also is substituted when
+ * an application-defined cipher list string starts with 'DEFAULT'.
+ */
+-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
+ /*
+ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-05-04 7:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-04 7:55 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. c594bd17b1a5dc185e6476fb014556e8d730df6c git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox