* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 81fba4196118d18441c6f495694e5527dc89c11e
@ 2021-05-17 21:03 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2021-05-17 21:03 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 31193 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 81fba4196118d18441c6f495694e5527dc89c11e (commit)
via 51128aa36df6c84f296b7fa8785341e31d700e95 (commit)
via cd1f7722dccb681884e8595e23b4c3cfaba5d0fd (commit)
via f2ccb35fa4b233da3e25b43c7464b2a202a9a1fc (commit)
via 50ba8b2e80459444c1973d0f904c3349741f765e (commit)
via d035499c08ca8404127d49c710176f83a2da032b (commit)
via 4dfde0c08817e740eff09e8ffb59a2a419794204 (commit)
via 07bf7d14d66dac4192f9e5c8f3021e326bf6f82e (commit)
via 9cb1dc19e8d3c108687fe06592f826d4b658949d (commit)
via 60259fe135072d48c4ea34ad70f0640fd31bdc96 (commit)
via 859100c5c0708ff9aed1da2802afb18540482a65 (commit)
via ef929318f6c45e2e3d0964c564ebcaf8f9df5a4e (commit)
via e47f7a600edbfbcf318f4a06ce54341f4fa6febc (commit)
via 6769d909306d7bdc43d64598872126fcf1b217f6 (commit)
via c8874ee0128f4b6ddf0328aff0956f2b5b372e46 (commit)
via e621c85c71d274b47302f468eb3bb31e0b13d590 (commit)
via becfea1d380951c261529f6a2cb66dc17856a34d (commit)
via b59bb1201aefc2803cb9e655937f2c88e8d73667 (commit)
via 09a2001d49c185e8b803c9aa2d6887da31e7eb6d (commit)
via e4c3bcc7eed6e25feec39e94f96b83f61b2834ae (commit)
via 92c6c8d11db5cb228d4e47e79b1f8753b623cc34 (commit)
via fdfea3d39b075dd8f6ebfa9b3dd50cccd50b527c (commit)
via 83e5f672564a2fc91bb9e9492d227eaff70d8ba9 (commit)
via 7bb9bbb7327497c9599abf50d7732ca4602fa429 (commit)
from bb0e8def7768e75132d13672bc520b3eea7ca67c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 81fba4196118d18441c6f495694e5527dc89c11e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon May 17 14:29:44 2021 +0200
elfutils: Update to 0.184
- Update from 0.183 to 0.184
- Update rootfiles
- Changelog
2021-05-10 Mark Wielaard <mark(a)klomp.org>
* configure.ac (AC_INIT): Set version to 0.184.
* NEWS: Add libdw, translation and debuginfod-client entries.
2021-03-30 Frank Ch. Eigler <fche(a)redhat.com>
* configure.ac: Look for pthread_setname_np.
2021-02-17 Timm Bäder <tbaeder(a)redhat.com>
* configure.ac: Add -Wno-packed-not-aligned check.
2021-02-17 Timm Bäder <tbaeder(a)redhat.com>
* configure.ac: Add -Wtrampolines check.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 51128aa36df6c84f296b7fa8785341e31d700e95
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon May 17 14:30:32 2021 +0200
gdb: Update to 10.2
- Update from 10.1 to 10.2
- Update rootfiles
- Changelog
GDB 10.2 brings the following fixes and enhancements over GDB 10.1:
* PR remote/26614 (AddressSanitizer: heap-use-after-free of extended_remote_target in remote_async_inferior_event_handler)
* PR gdb/26828 (SIGSEGV in follow_die_offset dwarf2/read.c:22950)
* PR gdb/26861 (internal-error: void target_mourn_inferior(ptid_t): Assertion `ptid == inferior_ptid' failed. OS: Mac OSX Catalina; Compiler: GCC; Language: C)
* PR gdb/26876 (gdb error: internal-error: Unknown CFA rule when debugging the linux kernel with qemu)
* PR breakpoints/26881 (infrun.c:6384: internal-error: void process_event_stop_test(execution_control_state*): Assertion `ecs->event_thread->control.exception_resume_breakpoint != NULL' failed)
* PR gdb/26901 (Array subscript fails with flexible array member without size)
* PR tui/26973 (gdb crashes when not including the status window in a new layout)
* PR python/26974 (Wrong Value.format_string docu for static members argument)
* PR breakpoints/27009 ([s390] GDB branches randomly for BC instruction while displaced stepping)
* PR tdep/27015 (ARC: "eret" value is collected from the wrong data in register cache)
* PR backtrace/27147 ([GNU/Linux, sparc64] GDB is unable to print full stack trace (got "previous frame inner to this frame" errors))
* PR rust/27194 (put rust demangler on 10.x branch)
* PR threads/27239 (gdb/cp-support.c:1619:(.text+0x5502): relocation truncated to fit: R_X86_64_PC32 against undefined symbol `TLS init function for thread_local_segv_handler')
* PR breakpoints/27330 (nextoverthrow.exp FAILs on arm-none-eabi)
* PR symtab/27333 ([dwarf-5] abort on unhandled DW_TAG_type_unit in process_psymtab_comp_unit)
* PR fortran/27341 ([dwarf-5] FAIL: gdb.fortran/function-calls.exp: p derived_types_and_module_calls::pass_cart_nd(c_nd))
* PR tdep/27369 (ARC: Stepping over atomic instruction sequences loops infinitely)
* PR build/27385 (Cannot compile arc.c with gcc-4.8 (error: no matching function for call to 'std::pair...'))
* PR gdb/27435 (Attach on solaris segfaults GDB)
* PR build/27535 (amd64-linux-siginfo.c fails to compile after updating to glibc-2.33 headers)
* PR build/27536 (aarch64-linux-hw-point.c fails to compile after updating to glibc-2.33)
* PR symtab/27541 (gdb crashes on "file -readnow")
* PR gdb/27750 (local variables have wrong address and values on sparc64)
* PR varobj/27757 (-var-list-children coredump)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit cd1f7722dccb681884e8595e23b4c3cfaba5d0fd
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:07:52 2021 +0200
Core Update 157: Apply changed permissions to /srv/web/ipfire/cgi-bin/cachemgr.cgi
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f2ccb35fa4b233da3e25b43c7464b2a202a9a1fc
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:07:32 2021 +0200
Squid: cachemgr.cgi does not have to be owned (hence writeable) by nobody
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 50ba8b2e80459444c1973d0f904c3349741f765e
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:07:11 2021 +0200
nagios-plugins: Prevent Nagios plugins from being owned by nobody
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d035499c08ca8404127d49c710176f83a2da032b
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:06:50 2021 +0200
NRPE: Prevent NRPE binary from being owned by "nobody"
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4dfde0c08817e740eff09e8ffb59a2a419794204
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:06:32 2021 +0200
Core Update 157: Remove executable bit less ugly
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 07bf7d14d66dac4192f9e5c8f3021e326bf6f82e
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:06:12 2021 +0200
Core Update 157: Apply changed permissions to /var/ipfire/ovpn/ovpn-leases.db
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9cb1dc19e8d3c108687fe06592f826d4b658949d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:05:49 2021 +0200
OpenVPN: ovpn-leases.db for sure does not have to be executable
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 60259fe135072d48c4ea34ad70f0640fd31bdc96
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:05:26 2021 +0200
Core Update 157: Apply changed permissions to /var/ipfire/updatexlrator/bin/
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 859100c5c0708ff9aed1da2802afb18540482a65
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:05:07 2021 +0200
Squid: Prevent binaries within /var/ipfire/updatexlrator/bin/ from being owned by nobody
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ef929318f6c45e2e3d0964c564ebcaf8f9df5a4e
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:04:41 2021 +0200
Core Update 157: Apply changed permissions to /var/ipfire/urlfilter/bin/
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e47f7a600edbfbcf318f4a06ce54341f4fa6febc
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:04:23 2021 +0200
SquidGuard: Prevent binaries within /var/ipfire/urlfilter/bin/ from being owned by nobody
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6769d909306d7bdc43d64598872126fcf1b217f6
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:04:00 2021 +0200
backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody
This is dangerous as nobody could write arbitrary contents to this file
and execute it afterwards.
Partially fixes: #12619
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c8874ee0128f4b6ddf0328aff0956f2b5b372e46
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:03:36 2021 +0200
Core Update 157: Ship changed iputils due to /usr/bin/ping changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e621c85c71d274b47302f468eb3bb31e0b13d590
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:03:13 2021 +0200
Core Update 157: /var/ipfire/fwhosts/icmp-types does not have to be executable
See commit 183ccaa5a5c95f4cb2b639360f3c1465567577e9.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit becfea1d380951c261529f6a2cb66dc17856a34d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:02:56 2021 +0200
Core Update 157: Delete orphaned DMA mail box creation binary as well
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b59bb1201aefc2803cb9e655937f2c88e8d73667
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:02:36 2021 +0200
DMA: do not ship a binary for creating mail boxes
This is only needed in case of bounces generated by locally emitted
messages. We neither store these, nor do we create mail boxes on a
firewall. Safe to drop.
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 09a2001d49c185e8b803c9aa2d6887da31e7eb6d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:02:20 2021 +0200
Core Update 157: Delete ssh-keysign binary
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e4c3bcc7eed6e25feec39e94f96b83f61b2834ae
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:01:54 2021 +0200
/usr/bin/ping does not need a SUID bit if appropriate capabilities are set
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 92c6c8d11db5cb228d4e47e79b1f8753b623cc34
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:01:34 2021 +0200
Core Update 157: remove SUID bit from /usr/bin/gpg
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit fdfea3d39b075dd8f6ebfa9b3dd50cccd50b527c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 17 21:00:33 2021 +0200
GnuPG does not need to have a SUID bit set
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 83e5f672564a2fc91bb9e9492d227eaff70d8ba9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon May 17 15:33:13 2021 +0000
unbound-dhcp-leases-bridge: Fix exception when running without debug
Fixes: https://bugzilla.ipfire.org/show_bug.cgi?id=12622
Fixes: #12622
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7bb9bbb7327497c9599abf50d7732ca4602fa429
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 16 22:48:58 2021 +0200
OpenSSH: do not ship ssh-keysign anymore
To my surprise, this binary comes with suid flag set, and since we do
not have SSH key signing enabled, there is no need to ship it with
IPFire.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/dma | 2 +-
config/rootfiles/common/gdb | 1 +
config/rootfiles/common/openssh | 2 +-
.../{oldcore/104 => core/157}/filelists/iputils | 0
config/rootfiles/core/157/update.sh | 18 ++++++++++++++++++
config/rootfiles/packages/elfutils | 6 +++---
config/unbound/unbound-dhcp-leases-bridge | 13 +++++++------
lfs/backup | 7 ++++---
lfs/elfutils | 6 +++---
lfs/gdb | 4 ++--
lfs/gnupg | 4 ++--
lfs/iputils | 7 +++++--
lfs/nagios-plugins | 8 ++++++--
lfs/nagios_nrpe | 7 +++++--
lfs/openvpn | 4 ++--
lfs/squid | 5 +++--
lfs/squidguard | 3 ++-
17 files changed, 65 insertions(+), 32 deletions(-)
copy config/rootfiles/{oldcore/104 => core/157}/filelists/iputils (100%)
Difference in files:
diff --git a/config/rootfiles/common/dma b/config/rootfiles/common/dma
index e98e67415..79cad8ece 100644
--- a/config/rootfiles/common/dma
+++ b/config/rootfiles/common/dma
@@ -1,5 +1,5 @@
etc/alternatives/sendmail
-usr/lib/dma-mbox-create
+#usr/lib/dma-mbox-create
usr/sbin/dma
usr/sbin/dma-cleanup-spool
usr/sbin/mailq
diff --git a/config/rootfiles/common/gdb b/config/rootfiles/common/gdb
index 0bb907f5e..d2be68c3e 100644
--- a/config/rootfiles/common/gdb
+++ b/config/rootfiles/common/gdb
@@ -5,6 +5,7 @@
#usr/include/gdb
#usr/include/gdb/jit-reader.h
#usr/lib/libinproctrace.so
+#usr/share/gdb
#usr/share/gdb/python
#usr/share/gdb/python/gdb
#usr/share/gdb/python/gdb/FrameDecorator.py
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
index f2f8ea6c5..c3666d914 100644
--- a/config/rootfiles/common/openssh
+++ b/config/rootfiles/common/openssh
@@ -19,7 +19,7 @@ usr/bin/ssh-keygen
usr/bin/ssh-keyscan
#usr/lib/openssh
usr/lib/openssh/sftp-server
-usr/lib/openssh/ssh-keysign
+#usr/lib/openssh/ssh-keysign
usr/lib/openssh/ssh-pkcs11-helper
usr/lib/openssh/ssh-sk-helper
usr/sbin/sshd
diff --git a/config/rootfiles/core/157/filelists/iputils b/config/rootfiles/core/157/filelists/iputils
new file mode 120000
index 000000000..361c28f71
--- /dev/null
+++ b/config/rootfiles/core/157/filelists/iputils
@@ -0,0 +1 @@
+../../../common/iputils
\ No newline at end of file
diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh
index 09b8d8968..ce7b6f5bf 100644
--- a/config/rootfiles/core/157/update.sh
+++ b/config/rootfiles/core/157/update.sh
@@ -103,6 +103,24 @@ ldconfig
# Filesytem cleanup
/usr/local/bin/filesystem-cleanup
+# Fix file permissions changed
+chmod -s /usr/bin/gpg
+chmod -x \
+ /var/ipfire/fwhosts/icmp-types \
+ /var/ipfire/ovpn/ovpn-leases.db
+
+chown -R root:root \
+ /var/ipfire/updatexlrator/bin \
+ /var/ipfire/urlfilter/bin
+
+chown root:root \
+ /srv/web/ipfire/cgi-bin/cachemgr.cgi
+
+# Delete scrubbed files
+rm -f \
+ /usr/lib/dma-mbox-create \
+ /usr/lib/openssh/ssh-keysign
+
# Start services
/etc/init.d/sshd restart
/etc/init.d/apache restart
diff --git a/config/rootfiles/packages/elfutils b/config/rootfiles/packages/elfutils
index adf4808ab..c96267c26 100644
--- a/config/rootfiles/packages/elfutils
+++ b/config/rootfiles/packages/elfutils
@@ -27,15 +27,15 @@ usr/bin/eu-unstrip
#usr/include/gelf.h
#usr/include/libelf.h
#usr/include/nlist.h
-usr/lib/libasm-0.183.so
+usr/lib/libasm-0.184.so
#usr/lib/libasm.a
#usr/lib/libasm.so
usr/lib/libasm.so.1
-usr/lib/libdw-0.183.so
+usr/lib/libdw-0.184.so
#usr/lib/libdw.a
#usr/lib/libdw.so
usr/lib/libdw.so.1
-usr/lib/libelf-0.183.so
+usr/lib/libelf-0.184.so
#usr/lib/libelf.a
#usr/lib/libelf.so
usr/lib/libelf.so.1
diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbound-dhcp-leases-bridge
index 6f2b7ff35..a2df5f101 100644
--- a/config/unbound/unbound-dhcp-leases-bridge
+++ b/config/unbound/unbound-dhcp-leases-bridge
@@ -571,12 +571,13 @@ if __name__ == "__main__":
args = parser.parse_args()
# Setup logging
- if args.verbose == 1:
- loglevel = logging.INFO
- elif args.verbose >= 2:
- loglevel = logging.DEBUG
- else:
- loglevel = logging.WARN
+ loglevel = logging.WARN
+
+ if args.verbose:
+ if args.verbose == 1:
+ loglevel = logging.INFO
+ elif args.verbose >= 2:
+ loglevel = logging.DEBUG
setup_logging(loglevel)
diff --git a/lfs/backup b/lfs/backup
index 791d87adb..9d3e05735 100644
--- a/lfs/backup
+++ b/lfs/backup
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -30,7 +30,7 @@ THISAPP = backup-$(VER)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = backup
-PAK_VER = 1
+PAK_VER = 2
DEPS =
@@ -56,10 +56,11 @@ dist:
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
-mkdir -p /var/ipfire/backup/bin
- install -v -m 755 $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
+ install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
chown nobody:nobody -R /var/ipfire/backup/
+ chown root:root -R /var/ipfire/backup/bin/
-mkdir -p /var/ipfire/backup/addons
-mkdir -p /var/ipfire/backup/addons/includes
-mkdir -p /var/ipfire/backup/addons/backup
diff --git a/lfs/elfutils b/lfs/elfutils
index c2d9a3331..8c86c3b76 100644
--- a/lfs/elfutils
+++ b/lfs/elfutils
@@ -24,7 +24,7 @@
include Config
-VER = 0.183
+VER = 0.184
THISAPP = elfutils-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = elfutils
-PAK_VER = 4
+PAK_VER = 5
DEPS =
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6f58aa1b9af1a5681b1cbf63e0da2d67
+$(DL_FILE)_MD5 = 9e5af45255ff7dc413de073da2ceff04
install : $(TARGET)
diff --git a/lfs/gdb b/lfs/gdb
index 88ce5d34e..cdbebadbd 100644
--- a/lfs/gdb
+++ b/lfs/gdb
@@ -24,7 +24,7 @@
include Config
-VER = 10.1
+VER = 10.2
THISAPP = gdb-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1822a7dd45e7813f4408407eec1a6af1
+$(DL_FILE)_MD5 = c044b7146903ec51c9d2337a29aee93b
install : $(TARGET)
diff --git a/lfs/gnupg b/lfs/gnupg
index f94948fe9..624855686 100644
--- a/lfs/gnupg
+++ b/lfs/gnupg
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -77,6 +77,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && ./configure --prefix=/usr --libexecdir=/usr/lib --disable-nls
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
- chmod -v 4755 /usr/bin/gpg
+ chmod -v 755 /usr/bin/gpg
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/iputils b/lfs/iputils
index b1e2e2216..ae692df7a 100644
--- a/lfs/iputils
+++ b/lfs/iputils
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -71,9 +71,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && make ping tracepath
- cd $(DIR_APP) && install -m 4755 ping /usr/bin
+ cd $(DIR_APP) && install -m 0755 ping /usr/bin
cd $(DIR_APP) && install -m 0755 tracepath /usr/bin
+ # Allow execution of /usr/bin/ping by other users than "root"
+ setcap cap_net_raw+ep /usr/bin/ping
+
# Some scripts expect ping in /bin/ping.
ln -svf ../usr/bin/ping /bin/ping
diff --git a/lfs/nagios-plugins b/lfs/nagios-plugins
index ad081d5f6..d35a94bbe 100644
--- a/lfs/nagios-plugins
+++ b/lfs/nagios-plugins
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nagios-plugins
-PAK_VER = 4
+PAK_VER = 5
DEPS =
@@ -88,4 +88,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
+
+ # Prevent Nagios plugins from being owned (and hence writeable) by "nobody"
+ chown root:root -R /usr/lib/nagios/plugins
+
@$(POSTBUILD)
diff --git a/lfs/nagios_nrpe b/lfs/nagios_nrpe
index a8b4b3676..260bcc810 100644
--- a/lfs/nagios_nrpe
+++ b/lfs/nagios_nrpe
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nagios_nrpe
-PAK_VER = 8
+PAK_VER = 9
DEPS = nagios-plugins
@@ -99,5 +99,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
install -v -m 644 ${DIR_SRC}/config/backup/includes/nagios_nrpe \
/var/ipfire/backup/addons/includes/nagios_nrpe
+ # Prevent NRPE binary from being owned by "nobody"
+ chown root:root /usr/lib/nagios/check_nrpe
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/openvpn b/lfs/openvpn
index b026d515b..81ccc52bf 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -89,7 +89,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
-mkdir -vp /var/ipfire/ovpn/n2nconf
-mkdir -vp /var/ipfire/ovpn/scripts
touch /var/ipfire/ovpn/ovpn-leases.db
- chmod 700 /var/ipfire/ovpn/ovpn-leases.db
+ chmod 600 /var/ipfire/ovpn/ovpn-leases.db
chown -R root:root /var/ipfire/ovpn/scripts
chown -R nobody:nobody /var/ipfire/ovpn
chmod 700 /var/ipfire/ovpn/certs
diff --git a/lfs/squid b/lfs/squid
index 33cb95ba1..38675f3f3 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -149,7 +149,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
chown -R squid:squid /var/log/squid /var/log/cache /var/log/updatexlrator
cp /usr/lib/squid/cachemgr.cgi /srv/web/ipfire/cgi-bin/cachemgr.cgi
- chown nobody.nobody /srv/web/ipfire/cgi-bin/cachemgr.cgi
+ chown root:root /srv/web/ipfire/cgi-bin/cachemgr.cgi
cp -f $(DIR_SRC)/config/updxlrator/updxlrator /usr/sbin/updxlrator
cp -f $(DIR_SRC)/config/updxlrator/checkup /var/ipfire/updatexlrator/bin/checkup
@@ -171,6 +171,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
ln -fs /bin/false /var/ipfire/updatexlrator/autocheck/cron.weekly
chown -R nobody:nobody /var/ipfire/updatexlrator
+ chown -R root:root /var/ipfire/updatexlrator/bin
chown nobody.squid /var/updatecache
chown nobody.squid /var/updatecache/download
chown nobody.squid /var/updatecache/metadata
@@ -186,7 +187,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
chown nobody.nobody /srv/web/ipfire/html/proxy.pac
ln -sf /srv/web/ipfire/html/proxy.pac /srv/web/ipfire/html/wpad.dat
- #Copy stylesheets for the errorpages
+ # Copy stylesheets for the errorpages
cp -f $(DIR_SRC)/config/proxy/errorpage-ipfire.css /var/ipfire/proxy/
cp -f /etc/squid/errorpage.css /var/ipfire/proxy/errorpage-squid.css
diff --git a/lfs/squidguard b/lfs/squidguard
index eb13c41dd..d5eb30377 100644
--- a/lfs/squidguard
+++ b/lfs/squidguard
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -113,6 +113,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
/usr/bin/perl $(DIR_CONF)/urlfilter/makeconf.pl
touch /var/ipfire/urlfilter/settings
chown -R nobody:nobody /var/ipfire/urlfilter
+ chown -R root:root /var/ipfire/urlfilter/bin
chmod 755 /srv/web/ipfire/html/images/urlfilter
chmod 644 /srv/web/ipfire/html/images/urlfilter/*
chown -R nobody:nobody /var/urlrepo
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-05-17 21:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-17 21:03 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 81fba4196118d18441c6f495694e5527dc89c11e Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox