* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 088b7f4f3f6be2ccc082d26214bbc9daf86879bc
@ 2018-09-13 14:04 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2018-09-13 14:04 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 11829 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 088b7f4f3f6be2ccc082d26214bbc9daf86879bc (commit)
via 76e26c7f69dab295682452ff260e0e17335957de (commit)
via 0023f8a92b000d8714cc2dc8a9379f0fd0b965af (commit)
via b8fdc7398ce7ae1852e019e2f8773f95125619ed (commit)
via 614764e58af6dd710658fd072ed9b3a1b51f805a (commit)
via 7f6257e0a475681ff243ead159cafee2e03f6265 (commit)
from 924b48c7890ef573c1400474ef92951fb9cf3ded (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 088b7f4f3f6be2ccc082d26214bbc9daf86879bc
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Sep 13 14:45:05 2018 +0100
core124: Ship updated unbound
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 76e26c7f69dab295682452ff260e0e17335957de
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Sep 11 20:07:14 2018 +0200
unbound: Update to 1.8.0
For details see:
https://nlnetlabs.nl/svn/unbound/tags/release-1.8.0/doc/Changelog
and
https://nlnetlabs.nl/projects/unbound/download/
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0023f8a92b000d8714cc2dc8a9379f0fd0b965af
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Sep 13 14:41:21 2018 +0100
core124: Ship updated backup.cgi
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b8fdc7398ce7ae1852e019e2f8773f95125619ed
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Sep 13 14:37:51 2018 +0100
static-routes: Make it clear that we are reloading routes
When RED is brought down, we will reload all static routes.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 614764e58af6dd710658fd072ed9b3a1b51f805a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Aug 30 10:28:45 2018 +0100
backup: Sanitise content of ADDON variable
References: #11830
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7f6257e0a475681ff243ead159cafee2e03f6265
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Aug 30 10:20:06 2018 +0100
backup: Sanitise FILE parameter
This parameter was passed to some shell commands without any
sanitisation which allowed an attacker who was authenticated to
the web UI to download arbitrary files from some directories
and delete any file from the filesystem.
References: #11830
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/unbound | 4 +-
config/rootfiles/core/124/filelists/files | 3 +
.../{oldcore/106 => core/124}/filelists/unbound | 0
html/cgi-bin/backup.cgi | 109 +++++++++++++--------
lfs/unbound | 4 +-
.../networking/red.down/10-static-routes | 4 +-
src/initscripts/system/static-routes | 4 +-
7 files changed, 81 insertions(+), 47 deletions(-)
copy config/rootfiles/{oldcore/106 => core/124}/filelists/unbound (100%)
Difference in files:
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index f3172f028..9f7c512db 100644
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -10,8 +10,8 @@ etc/unbound/unbound.conf
#usr/include/unbound.h
#usr/lib/libunbound.la
#usr/lib/libunbound.so
-usr/lib/libunbound.so.2
-usr/lib/libunbound.so.2.5.11
+usr/lib/libunbound.so.8
+usr/lib/libunbound.so.8.0.0
#usr/lib/pkgconfig/libunbound.pc
usr/sbin/unbound
usr/sbin/unbound-anchor
diff --git a/config/rootfiles/core/124/filelists/files b/config/rootfiles/core/124/filelists/files
index cfd300dce..e3e295706 100644
--- a/config/rootfiles/core/124/filelists/files
+++ b/config/rootfiles/core/124/filelists/files
@@ -3,11 +3,14 @@ etc/issue
etc/rc.d/helper/aws-setup
etc/rc.d/init.d/aws
etc/rc.d/init.d/localnet
+etc/rc.d/init.d/networking/red.down/10-static-routes
etc/rc.d/init.d/partresize
+etc/rc.d/init.d/static-routes
etc/sysctl.conf
etc/unbound/unbound.conf
opt/pakfire/lib/functions.pl
opt/pakfire/pakfire
+srv/web/ipfire/cgi-bin/backup.cgi
srv/web/ipfire/cgi-bin/firewall.cgi
srv/web/ipfire/cgi-bin/fwhosts.cgi
srv/web/ipfire/cgi-bin/ids.cgi
diff --git a/config/rootfiles/core/124/filelists/unbound b/config/rootfiles/core/124/filelists/unbound
new file mode 120000
index 000000000..66adf0924
--- /dev/null
+++ b/config/rootfiles/core/124/filelists/unbound
@@ -0,0 +1 @@
+../../../common/unbound
\ No newline at end of file
diff --git a/html/cgi-bin/backup.cgi b/html/cgi-bin/backup.cgi
index 86e21cf34..2a036279d 100644
--- a/html/cgi-bin/backup.cgi
+++ b/html/cgi-bin/backup.cgi
@@ -24,6 +24,7 @@ use strict;
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
use File::Copy;
+use File::Basename;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
@@ -58,44 +59,25 @@ system("/usr/local/bin/backupctrl makedirs >/dev/null 2>&1 ") unless ( -e '/var/
############################################################################################################################
############################################## System calls ohne Http Header ###############################################
-# Replace slashes from filename
-$cgiparams{'FILE'} =~ s/\///;
-
-if ( $cgiparams{'ACTION'} eq "download" )
-{
- open(DLFILE, "</var/ipfire/backup/$cgiparams{'FILE'}") or die "Unable to open $cgiparams{'FILE'}: $!";
- my @fileholder = <DLFILE>;
- print "Content-Type:application/x-download\n";
- my @fileinfo = stat("/var/ipfire/backup/$cgiparams{'FILE'}");
- print "Content-Length:$fileinfo[7]\n";
- print "Content-Disposition:attachment;filename=$cgiparams{'FILE'}\n\n";
- print @fileholder;
- exit (0);
-}
-if ( $cgiparams{'ACTION'} eq "downloadiso" )
-{
- open(DLFILE, "</var/tmp/backupiso/$cgiparams{'FILE'}") or die "Unable to open $cgiparams{'FILE'}: $!";
- my @fileholder = <DLFILE>;
- print "Content-Type:application/x-download\n";
- my @fileinfo = stat("/var/tmp/backupiso/$cgiparams{'FILE'}");
- print "Content-Length:$fileinfo[7]\n";
- print "Content-Disposition:attachment;filename=$cgiparams{'FILE'}\n\n";
- print @fileholder;
- exit (0);
-}
-if ( $cgiparams{'ACTION'} eq "downloadaddon" )
-{
- open(DLFILE, "</var/ipfire/backup/addons/backup/$cgiparams{'FILE'}") or die "Unable to open $cgiparams{'FILE'}: $!";
- my @fileholder = <DLFILE>;
- print "Content-Type:application/x-download\n";
- my @fileinfo = stat("/var/ipfire/backup/addons/backup/$cgiparams{'FILE'}");
- print "Content-Length:$fileinfo[7]\n";
- print "Content-Disposition:attachment;filename=$cgiparams{'FILE'}\n\n";
- print @fileholder;
- exit (0);
-}
-elsif ( $cgiparams{'ACTION'} eq "restore" )
-{
+if ($cgiparams{'ACTION'} eq "download") {
+ my $file = &sanitise_file($cgiparams{'FILE'});
+ exit(1) unless defined($file);
+
+ &deliver_file($file);
+ exit(0);
+} elsif ($cgiparams{'ACTION'} eq "downloadiso") {
+ my $file = &sanitise_file($cgiparams{'FILE'});
+ exit(1) unless defined($file);
+
+ &deliver_file($file);
+ exit(0);
+} elsif ($cgiparams{'ACTION'} eq "downloadaddon") {
+ my $file = &sanitise_file($cgiparams{'FILE'});
+ exit(1) unless defined($file);
+
+ &deliver_file($file);
+ exit(0);
+} elsif ( $cgiparams{'ACTION'} eq "restore") {
my $upload = $a->param("UPLOAD");
open UPLOADFILE, ">/tmp/restore.ipf";
binmode $upload;
@@ -142,11 +124,22 @@ if ( $cgiparams{'ACTION'} eq "backup" )
}
if ( $cgiparams{'ACTION'} eq "addonbackup" )
{
+ # Exit if there is any dots or slashes in the addon name
+ exit(1) if ($cgiparams{'ADDON'} =~ /(\.|\/)/);
+
+ # Check if the addon exists
+ exit(1) unless (-e "/var/ipfire/backup/addons/includes/$cgiparams{'ADDON'}");
+
system("/usr/local/bin/backupctrl addonbackup $cgiparams{'ADDON'} >/dev/null 2>&1");
}
elsif ( $cgiparams{'ACTION'} eq "delete" )
{
- system("/usr/local/bin/backupctrl $cgiparams{'FILE'} >/dev/null 2>&1");
+ my $file = &sanitise_file($cgiparams{'FILE'});
+ exit(1) unless defined($file);
+
+ $file = &File::Basename::basename($file);
+
+ system("/usr/local/bin/backupctrl $file >/dev/null 2>&1");
}
############################################################################################################################
@@ -340,3 +333,41 @@ END
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
+
+sub sanitise_file() {
+ my $file = shift;
+
+ # Filenames cannot contain any slashes
+ return undef if ($file =~ /\//);
+
+ # File must end with .ipf or .iso
+ return undef unless ($file =~ /\.(ipf|iso)$/);
+
+ # Convert to absolute path
+ if (-e "/var/ipfire/backup/$file") {
+ return "/var/ipfire/backup/$file";
+ } elsif (-e "/var/ipfire/backup/addons/backup/$file") {
+ return "/var/ipfire/backup/addons/backup/$file";
+ } elsif (-e "/var/tmp/backupiso/$file") {
+ return "/var/tmp/backupiso/$file";
+ }
+
+ # File does not seem to exist
+ return undef;
+}
+
+sub deliver_file() {
+ my $file = shift;
+ my @stat = stat($file);
+
+ # Print headers
+ print "Content-Disposition: attachment; filename=" . &File::Basename::basename($file) . "\n";
+ print "Content-Type: application/octet-stream\n";
+ print "Content-Length: $stat[7]\n";
+ print "\n";
+
+ # Deliver content
+ open(FILE, "<$file") or die "Unable to open $file: $!";
+ print <FILE>;
+ close(FILE);
+}
diff --git a/lfs/unbound b/lfs/unbound
index b4c1b02f3..ae2795e0e 100644
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -24,7 +24,7 @@
include Config
-VER = 1.7.3
+VER = 1.8.0
THISAPP = unbound-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ea45068fb27ef358f581227b99645525
+$(DL_FILE)_MD5 = 495ffdff55a53ff1735fb58e956c1945
install : $(TARGET)
diff --git a/src/initscripts/networking/red.down/10-static-routes b/src/initscripts/networking/red.down/10-static-routes
index f8f00a7d1..650557a47 100644
--- a/src/initscripts/networking/red.down/10-static-routes
+++ b/src/initscripts/networking/red.down/10-static-routes
@@ -1,4 +1,4 @@
#!/bin/bash
-# Update the static routes.
-exec /etc/rc.d/init.d/static-routes start
+# Update the static routes
+exec /etc/rc.d/init.d/static-routes reload
diff --git a/src/initscripts/system/static-routes b/src/initscripts/system/static-routes
index 940a7b45c..84e3e3d29 100644
--- a/src/initscripts/system/static-routes
+++ b/src/initscripts/system/static-routes
@@ -42,7 +42,7 @@ function create_all_routes() {
CONFIGFILE="/var/ipfire/main/routing"
case "${1}" in
- start)
+ start|reload)
boot_mesg "Adding static routes..."
# First, initialize the table
@@ -61,7 +61,7 @@ case "${1}" in
;;
*)
- echo "Usage: ${0} {start|stop}"
+ echo "Usage: ${0} {start|stop|reload}"
exit 1
;;
esac
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-09-13 14:04 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-13 14:04 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 088b7f4f3f6be2ccc082d26214bbc9daf86879bc Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox