From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 95c60d31aaafb7d83aec297f7466f6106df88ec4
Date: Wed, 07 Nov 2018 20:29:40 +0000 [thread overview]
Message-ID: <20181107202941.830D31081BB0@git01.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 15855 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 95c60d31aaafb7d83aec297f7466f6106df88ec4 (commit)
via e300a3d13837841c965a69402536d32099c5ce7d (commit)
via 85759cc97346b066c3de48b075cdf5d91f1070b0 (commit)
via 5f0726b560de8b94d75f7e6bdf71089bebc2ffdd (commit)
via f4b6cdfbe71869fd636e41486f2044c97094cfef (commit)
via 01c2ea6b83d61fc216b834a323231b8977c5436d (commit)
via c19d29f70162ab7cfef4a69bc7cd32f267faaebe (commit)
via 9f60aa96795f8a9f6131c3350f96911ad4dcc389 (commit)
from 6104f2e816a215540fd3b08fbba2fd90af59a798 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 95c60d31aaafb7d83aec297f7466f6106df88ec4
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Nov 7 20:27:35 2018 +0000
udev: Do not try to change kernel hotplug handler any more
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e300a3d13837841c965a69402536d32099c5ce7d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Nov 7 20:26:34 2018 +0000
udev: Do no try to install any device nodes any more
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 85759cc97346b066c3de48b075cdf5d91f1070b0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Nov 7 20:17:08 2018 +0000
core125: Ship syslog changes
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5f0726b560de8b94d75f7e6bdf71089bebc2ffdd
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Nov 5 16:44:03 2018 +0100
Tor: update to 0.3.4.9
For details and release announcement, see:
https://blog.torproject.org/new-release-tor-0349
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f4b6cdfbe71869fd636e41486f2044c97094cfef
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Nov 4 08:28:07 2018 +0100
bind: Update to 9.11.5
For details see:
http://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html
Security fixes:
"named could crash during recursive processing of DNAME records when
deny-answer-aliases was in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
When recursion is enabled but the allow-recursion and allow-query-cache ACLs are
not specified, they should be limited to local networks, but they were
inadvertently set to match the default allow-query, thus allowing
remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]"
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 01c2ea6b83d61fc216b834a323231b8977c5436d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Nov 7 13:19:31 2018 +0000
observium-agent: New package
This ships the observium agent including a couple of
modules.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c19d29f70162ab7cfef4a69bc7cd32f267faaebe
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Nov 7 12:30:50 2018 +0000
Revert "haproxy: Make /dev/log available in chroot"
This reverts commit 699f0aa710932736d34dabf5a8c17287af29075c.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9f60aa96795f8a9f6131c3350f96911ad4dcc389
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Nov 7 12:29:19 2018 +0000
syslog: Listen to network and block access from anywhere but localhost
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/includes/observium-agent | 2 ++
config/firewall/firewall-policy | 12 +++++++++++
config/rootfiles/core/125/filelists/files | 3 +++
config/rootfiles/packages/observium-agent | 17 +++++++++++++++
lfs/bind | 4 ++--
lfs/haproxy | 2 +-
lfs/{rtpproxy => observium-agent} | 35 +++++++++++++++++++++----------
lfs/tor | 6 +++---
make.sh | 1 +
src/initscripts/packages/haproxy | 14 -------------
src/initscripts/system/sysklogd | 2 +-
src/initscripts/system/udev | 7 -------
12 files changed, 66 insertions(+), 39 deletions(-)
create mode 100644 config/backup/includes/observium-agent
create mode 100644 config/rootfiles/packages/observium-agent
copy lfs/{rtpproxy => observium-agent} (77%)
Difference in files:
diff --git a/config/backup/includes/observium-agent b/config/backup/includes/observium-agent
new file mode 100644
index 000000000..873b13dc4
--- /dev/null
+++ b/config/backup/includes/observium-agent
@@ -0,0 +1,2 @@
+etc/xinetd.d/observium_agent_xinetd
+usr/lib/observium_agent/scripts-enabled
diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
index c0a526f22..078c3c515 100755
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -57,6 +57,18 @@ HAVE_OPENVPN="true"
# INPUT
+# Drop syslog from anywhere but localhost
+# sysklogd cannot bind to specific interface and therefore we need to
+# block access by adding firewall rules
+case "${FWPOLICY}" in
+ REJECT)
+ iptables -A POLICYIN -p udp --dport 514 -j REJECT --reject-with icmp-host-unreachable
+ ;;
+ *)
+ iptables -A POLICYIN -p udp --dport 514 -j DROP
+ ;;
+esac
+
# Allow access from GREEN
if [ -n "${GREEN_DEV}" ]; then
iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
diff --git a/config/rootfiles/core/125/filelists/files b/config/rootfiles/core/125/filelists/files
index 286ce4c89..889365e1d 100644
--- a/config/rootfiles/core/125/filelists/files
+++ b/config/rootfiles/core/125/filelists/files
@@ -2,11 +2,14 @@ etc/system-release
etc/issue
etc/ssh/sshd_config
etc/sysctl.conf
+etc/rc.d/init.d/sysklogd
+etc/rc.d/init.d/udev
srv/web/ipfire/cgi-bin/credits.cgi
srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
srv/web/ipfire/cgi-bin/ids.cgi
srv/web/ipfire/cgi-bin/media.cgi
srv/web/ipfire/cgi-bin/pakfire.cgi
+usr/sbin/firewall-policy
usr/local/bin/backupiso
usr/local/bin/makegraphs
var/ipfire/backup/bin/backup.pl
diff --git a/config/rootfiles/packages/observium-agent b/config/rootfiles/packages/observium-agent
new file mode 100644
index 000000000..2dd1d4008
--- /dev/null
+++ b/config/rootfiles/packages/observium-agent
@@ -0,0 +1,17 @@
+etc/xinetd.d/observium_agent_xinetd
+usr/bin/observium_agent
+#usr/lib/observium_agent
+usr/lib/observium_agent/scripts-available
+usr/lib/observium_agent/scripts-available/apache
+usr/lib/observium_agent/scripts-available/dmi
+usr/lib/observium_agent/scripts-available/ksm
+usr/lib/observium_agent/scripts-available/lmsensors
+usr/lib/observium_agent/scripts-available/nfs
+usr/lib/observium_agent/scripts-available/nfsd
+usr/lib/observium_agent/scripts-available/nginx
+usr/lib/observium_agent/scripts-available/postfix_mailgraph
+usr/lib/observium_agent/scripts-available/postfix_qshape
+usr/lib/observium_agent/scripts-available/unbound
+usr/lib/observium_agent/scripts-available/vmwaretools
+usr/lib/observium_agent/scripts-enabled
+var/ipfire/backup/addons/includes/observium-agent
diff --git a/lfs/bind b/lfs/bind
index 085fa005b..d0fcfeda0 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
include Config
-VER = 9.11.4-P2
+VER = 9.11.5
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3b831d1cb9dcb3e0868409cf98d4519b
+$(DL_FILE)_MD5 = 17a0d02102117c9a221e857cf2cc8157
install : $(TARGET)
diff --git a/lfs/haproxy b/lfs/haproxy
index 2cf23526e..da56f889d 100644
--- a/lfs/haproxy
+++ b/lfs/haproxy
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = haproxy
-PAK_VER = 6
+PAK_VER = 7
DEPS = ""
diff --git a/lfs/observium-agent b/lfs/observium-agent
new file mode 100644
index 000000000..3254a8000
--- /dev/null
+++ b/lfs/observium-agent
@@ -0,0 +1,100 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 18.9.1
+
+THISAPP = observium-community-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/observium
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = observium-agent
+PAK_VER = 1
+
+DEPS = "xinetd"
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 88b978cbcfdac14fd7625ae7404a2771
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+ # Install xinet.d configuration
+ cd $(DIR_APP) && install -m 644 scripts/observium_agent_xinetd \
+ /etc/xinetd.d/observium_agent_xinetd
+
+ # Install the agent script
+ cd $(DIR_APP) && install -m 755 scripts/observium_agent \
+ /usr/bin/observium_agent
+
+ # Install modules
+ mkdir -pv /usr/lib/observium_agent/scripts-{available,enabled}
+ install -m 755 $(DIR_APP)/scripts/agent-local/{apache,dmi,ksm,lmsensors,nfs,nfsd,nginx,postfix_mailgraph,postfix_qshape,unbound,vmwaretools} \
+ /usr/lib/observium_agent/scripts-available/
+
+ # Backup
+ install -v -m 644 $(DIR_SRC)/config/backup/includes/observium-agent \
+ /var/ipfire/backup/addons/includes/observium-agent
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
+
diff --git a/lfs/tor b/lfs/tor
index 5b03aba5d..2c3940638 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -24,7 +24,7 @@
include Config
-VER = 0.3.3.9
+VER = 0.3.4.9
THISAPP = tor-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tor
-PAK_VER = 30
+PAK_VER = 31
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 16b24bda0772dc3d5c4c05254ec4bce7
+$(DL_FILE)_MD5 = 8a303c7c2491cd27b1646f6efdc4a5d0
install : $(TARGET)
diff --git a/make.sh b/make.sh
index 89ada4679..4e55f684d 100755
--- a/make.sh
+++ b/make.sh
@@ -1412,6 +1412,7 @@ buildipfire() {
lfsmake2 nagios_nrpe
lfsmake2 nagios-plugins
lfsmake2 icinga
+ lfsmake2 observium-agent
lfsmake2 ebtables
lfsmake2 directfb
lfsmake2 faad2
diff --git a/src/initscripts/packages/haproxy b/src/initscripts/packages/haproxy
index ded627773..78d64cee4 100644
--- a/src/initscripts/packages/haproxy
+++ b/src/initscripts/packages/haproxy
@@ -11,15 +11,6 @@
case "${1}" in
start)
- # Prepare chroot
- mkdir -p /var/lib/haproxy/dev
-
- # Create link for syslog socket
- if ! mountpoint /var/lib/haproxy/dev/log &>/dev/null; then
- touch /var/lib/haproxy/dev/log
- mount --bind /dev/log /var/lib/haproxy/dev/log
- fi
-
boot_mesg "Starting HAProxy..."
loadproc /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg \
-p /var/run/haproxy.pid
@@ -28,11 +19,6 @@ case "${1}" in
stop)
boot_mesg "Stopping HAProxy..."
killproc /usr/sbin/haproxy
-
- # umount /dev/log
- if mountpoint /var/lib/haproxy/dev/log &>/dev/null; then
- umount /var/lib/haproxy/dev/log
- fi
;;
reload)
diff --git a/src/initscripts/system/sysklogd b/src/initscripts/system/sysklogd
index 4482559b3..90fe851de 100644
--- a/src/initscripts/system/sysklogd
+++ b/src/initscripts/system/sysklogd
@@ -21,7 +21,7 @@ case "${1}" in
loadproc klogd -c 1
boot_mesg "Starting system log daemon..."
- loadproc syslogd -m 0
+ loadproc syslogd -m 0 -r
boot_mesg "Saving Bootlog..."
if [ -e /var/log/bootlog ]; then
diff --git a/src/initscripts/system/udev b/src/initscripts/system/udev
index 5e0d9bdfd..e85775f8c 100644
--- a/src/initscripts/system/udev
+++ b/src/initscripts/system/udev
@@ -51,13 +51,6 @@ case "${1}" in
mount -t devpts devpts -o gid=5,mode=620 /dev/pts
fi
- # Udev handles uevents itself, so we don't need to have
- # the kernel call out to any binary in response to them
- echo > /proc/sys/kernel/hotplug
-
- # Copy static device nodes to /dev
- cp -a /lib/udev/devices/* /dev
-
# Start the udev daemon to continually watch for, and act on,
# uevents
boot_mesg "Starting udev daemon..."
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2018-11-07 20:29 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181107202941.830D31081BB0@git01.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox