[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 2b51f53cfd32d6f24aba49c8fde822be8bee6d56

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 2b51f53cfd32d6f24aba49c8fde822be8bee6d56
@ 2021-05-25  9:43 Michael Tremer
  0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2021-05-25  9:43 UTC (permalink / raw)
  To: ipfire-scm

[-- Attachment #1: Type: text/plain, Size: 8804 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  2b51f53cfd32d6f24aba49c8fde822be8bee6d56 (commit)
       via  b6e3a3eec9e0848b339bbe60ad475ff9f583aed3 (commit)
       via  488e29e033097eadabd152e97022b71c21e6a414 (commit)
       via  7ae9f2212278c89365d62589b6d54d7adf39b638 (commit)
       via  3359061d68c0e872c18c7baa45b77311c2f8f385 (commit)
       via  a66fe2a79178f68b8c123f1dda569fe696240352 (commit)
      from  d267131be3a9500e00d2cc98f48de87b830561d3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2b51f53cfd32d6f24aba49c8fde822be8bee6d56
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date:   Fri May 21 15:42:36 2021 +0200

    Icinga: Do not ship event handlers for Nagios
    
    These are owned (hence being writable) by "nobody", posing a potential
    security risk. Since the files itself were already exluded from being
    shipped, their parent directory should be as well.
    
    This patch should reduce the amount of executable files being owned by
    nobody to zero after upgrading to Core Update 157. Due to complexity
    reasons, not all applications available in Pakfire could be tested,
    though, so your mileage may vary.
    
    Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit b6e3a3eec9e0848b339bbe60ad475ff9f583aed3
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date:   Fri May 21 15:42:14 2021 +0200

    nagios-plugins: Set SUID bit for plugins which need it to function properly
    
    Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 488e29e033097eadabd152e97022b71c21e6a414
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date:   Fri May 21 15:41:50 2021 +0200

    Core Update 157: Delete shared object files leftover from pppd 2.4.8
    
    Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 7ae9f2212278c89365d62589b6d54d7adf39b638
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date:   Fri May 21 15:41:29 2021 +0200

    pppd: Explicitly ship pppd shared object files
    
    These are needed by pppd, but were not previously shipped as such.
    Instead, since their parent directory at /usr/lib/pppd/${version}/ was
    not commented out, we implicitly shipped the entire directory.
    
    This patch does not change our behaviour in the end, but makes things
    more transparent to developers.
    
    Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 3359061d68c0e872c18c7baa45b77311c2f8f385
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date:   Fri May 21 15:41:05 2021 +0200

    Core Update 157: Ship backup package to apply changed permissions
    
    This is required as "backup" itself does not gets updated automatically,
    contrary to it's LFS file suggesting by having a "PAK_VER" number.
    
    In order to fix #12619, it is therefore necessary to ship the backup
    files with Core Update 157.
    
    Partially fixes: #12619
    
    Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit a66fe2a79178f68b8c123f1dda569fe696240352
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date:   Fri May 21 15:40:38 2021 +0200

    Core Update 157: Apply changed SSH configurations
    
    This is necessary to fix SSH not starting after upgrading to Core Update
    157 unless it's settings are manually written via the WebUI.
    
    Reported-by: Erik Kapfer <ummeegge(a)ipfire.org>
    Reported-by: Tom Rymes <tom(a)rymes.net>
    Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/common/ppp                | 24 ++++++++++++------------
 config/rootfiles/core/157/filelists/backup |  1 +
 config/rootfiles/core/157/update.sh        |  7 +++++++
 config/rootfiles/packages/icinga           |  2 +-
 lfs/icinga                                 |  2 +-
 lfs/nagios-plugins                         |  9 ++++++++-
 6 files changed, 30 insertions(+), 15 deletions(-)
 create mode 120000 config/rootfiles/core/157/filelists/backup

Difference in files:
diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp
index 8d0af69c4..d61fdf811 100644
--- a/config/rootfiles/common/ppp
+++ b/config/rootfiles/common/ppp
@@ -38,18 +38,18 @@ etc/ppp/standardloginscript
 #usr/include/pppd/upap.h
 usr/lib/pppd
 usr/lib/pppd/2.4.9
-#usr/lib/pppd/2.4.9/minconn.so
-#usr/lib/pppd/2.4.9/openl2tp.so
-#usr/lib/pppd/2.4.9/passprompt.so
-#usr/lib/pppd/2.4.9/passwordfd.so
-#usr/lib/pppd/2.4.9/pppoatm.so
-#usr/lib/pppd/2.4.9/pppoe.so
-#usr/lib/pppd/2.4.9/pppol2tp.so
-#usr/lib/pppd/2.4.9/radattr.so
-#usr/lib/pppd/2.4.9/radius.so
-#usr/lib/pppd/2.4.9/radrealms.so
-#usr/lib/pppd/2.4.9/rp-pppoe.so
-#usr/lib/pppd/2.4.9/winbind.so
+usr/lib/pppd/2.4.9/minconn.so
+usr/lib/pppd/2.4.9/openl2tp.so
+usr/lib/pppd/2.4.9/passprompt.so
+usr/lib/pppd/2.4.9/passwordfd.so
+usr/lib/pppd/2.4.9/pppoatm.so
+usr/lib/pppd/2.4.9/pppoe.so
+usr/lib/pppd/2.4.9/pppol2tp.so
+usr/lib/pppd/2.4.9/radattr.so
+usr/lib/pppd/2.4.9/radius.so
+usr/lib/pppd/2.4.9/radrealms.so
+usr/lib/pppd/2.4.9/rp-pppoe.so
+usr/lib/pppd/2.4.9/winbind.so
 usr/sbin/chat
 usr/sbin/pppd
 usr/sbin/pppdump
diff --git a/config/rootfiles/core/157/filelists/backup b/config/rootfiles/core/157/filelists/backup
new file mode 120000
index 000000000..38e28a8b4
--- /dev/null
+++ b/config/rootfiles/core/157/filelists/backup
@@ -0,0 +1 @@
+../../../common/backup
\ No newline at end of file
diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh
index ce7b6f5bf..94b10723f 100644
--- a/config/rootfiles/core/157/update.sh
+++ b/config/rootfiles/core/157/update.sh
@@ -97,6 +97,9 @@ extract_files
 # update linker config
 ldconfig
 
+# Apply local configuration to sshd_config
+/usr/local/bin/sshctrl
+
 # Update Language cache
 /usr/local/bin/update-lang-cache
 
@@ -121,6 +124,10 @@ rm -f \
 	/usr/lib/dma-mbox-create \
 	/usr/lib/openssh/ssh-keysign
 
+# Delete orphaned pppd 2.4.8 shared object files
+rm -rf \
+	/usr/lib/pppd/2.4.8/
+
 # Start services
 /etc/init.d/sshd restart
 /etc/init.d/apache restart
diff --git a/config/rootfiles/packages/icinga b/config/rootfiles/packages/icinga
index f81ba9db2..000be6346 100644
--- a/config/rootfiles/packages/icinga
+++ b/config/rootfiles/packages/icinga
@@ -25,7 +25,7 @@ usr/bin/icinga
 usr/bin/icingastats
 #usr/lib/icinga
 usr/lib/icinga/p1.pl
-usr/lib/nagios/plugins/eventhandlers
+#usr/lib/nagios/plugins/eventhandlers
 #usr/lib/nagios/plugins/eventhandlers/disable_active_service_checks
 #usr/lib/nagios/plugins/eventhandlers/disable_notifications
 #usr/lib/nagios/plugins/eventhandlers/distributed-monitoring
diff --git a/lfs/icinga b/lfs/icinga
index 6534722ac..456f66388 100644
--- a/lfs/icinga
+++ b/lfs/icinga
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = icinga
-PAK_VER    = 4
+PAK_VER    = 5
 
 DEPS       = nagios-plugins
 
diff --git a/lfs/nagios-plugins b/lfs/nagios-plugins
index d35a94bbe..cdf1910b0 100644
--- a/lfs/nagios-plugins
+++ b/lfs/nagios-plugins
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = nagios-plugins
-PAK_VER    = 5
+PAK_VER    = 6
 
 DEPS       =
 
@@ -92,4 +92,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# Prevent Nagios plugins from being owned (and hence writeable) by "nobody"
 	chown root:root -R /usr/lib/nagios/plugins
 
+	# Unfortunately, some of these plugins need the SUID bit to do their work properly
+	chmod +s \
+		/usr/lib/nagios/plugins/check_dhcp \
+		/usr/lib/nagios/plugins/check_icmp \
+		/usr/lib/nagios/plugins/check_ide_smart \
+		/usr/lib/nagios/plugins/check_ping
+
 	@$(POSTBUILD)


hooks/post-receive
--
IPFire 2.x development tree

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-05-25  9:43 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-25  9:43 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 2b51f53cfd32d6f24aba49c8fde822be8bee6d56 Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox