From patchwork Tue May 18 21:33:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4341 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Fl8Q55vDQz3wbh for ; Tue, 18 May 2021 21:33:49 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Fl8Q43cXSz1gy; Tue, 18 May 2021 21:33:48 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Fl8Q42HS5z2y4C; Tue, 18 May 2021 21:33:48 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Fl8Q35Ckzz2xYf for ; Tue, 18 May 2021 21:33:47 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Fl8Q212jvzRS for ; Tue, 18 May 2021 21:33:45 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621373626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=e63q6iWTl3bt3d4dlQmJQA4iHINQ2hc2gNJK3JyQFAI=; b=x0trhrNwcC4V1aPPV65rsQ7yJPmi/8vM/U4+qje+OwvCvglnf5RIFFXlp6pz2XpGlY3WWt nHK/XL246XGt7ZBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621373626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=e63q6iWTl3bt3d4dlQmJQA4iHINQ2hc2gNJK3JyQFAI=; b=n+2jHM8h+Xa0i0rbERTbs++ucmxCVPMfnlDFd4XB3F0q+ta6E0Y7qZrcRyiouIVFKWbWsb ob2r46w4YgeuH6/7XgLKvic/aeTdzXswqvTdN+X4/1nvJ5eYqpcA/KpmySnN6alF3CDV7m CoJjm497fqlH8oxJXU2s5Zrh5HBh46H8sM//oHnz0nXPHXpbie0V5vMvRB8If3+gXAgW4l 9hwkMOTQ5gAu3PE0dwUZK5Lna4DcfM7vm57RS+dX+2mCPg7RNSqtr21AW3QCwe2QwG6w7q j7jXc/O2DY+D7+zsnzqB7MlNhoaHNysg5rJWYchIo+/mdWAn0kvwwBtwGIciPA== To: "IPFire: Development" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH 1/4] Drop libupnp Message-ID: <61ca95a1-1c7f-00b7-6aad-a00a1e6d58ac@ipfire.org> Date: Tue, 18 May 2021 23:33:43 +0200 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This library has received no attention within the last three years. By design, UPnP is a security risk on any firewall, and and outdated version of a UPnP library definitely is. This patch therefore drops libupnp completely. Signed-off-by: Peter Müller --- config/rootfiles/common/libupnp | 37 --------------- config/upnp/gatedesc.xml | 81 --------------------------------- lfs/configroot | 4 +- lfs/libupnp | 78 ------------------------------- make.sh | 1 - 5 files changed, 2 insertions(+), 199 deletions(-) delete mode 100644 config/rootfiles/common/libupnp delete mode 100755 config/upnp/gatedesc.xml delete mode 100644 lfs/libupnp diff --git a/config/rootfiles/common/libupnp b/config/rootfiles/common/libupnp deleted file mode 100644 index 6b3f3e310..000000000 --- a/config/rootfiles/common/libupnp +++ /dev/null @@ -1,37 +0,0 @@ -#usr/include/upnp -#usr/include/upnp/Callback.h -#usr/include/upnp/UpnpActionComplete.h -#usr/include/upnp/UpnpActionRequest.h -#usr/include/upnp/UpnpDiscovery.h -#usr/include/upnp/UpnpEvent.h -#usr/include/upnp/UpnpEventSubscribe.h -#usr/include/upnp/UpnpExtraHeaders.h -#usr/include/upnp/UpnpFileInfo.h -#usr/include/upnp/UpnpGlobal.h -#usr/include/upnp/UpnpInet.h -#usr/include/upnp/UpnpIntTypes.h -#usr/include/upnp/UpnpStateVarComplete.h -#usr/include/upnp/UpnpStateVarRequest.h -#usr/include/upnp/UpnpStdInt.h -#usr/include/upnp/UpnpString.h -#usr/include/upnp/UpnpSubscriptionRequest.h -#usr/include/upnp/UpnpUniStd.h -#usr/include/upnp/ithread.h -#usr/include/upnp/ixml.h -#usr/include/upnp/ixmldebug.h -#usr/include/upnp/list.h -#usr/include/upnp/upnp.h -#usr/include/upnp/upnpconfig.h -#usr/include/upnp/upnpdebug.h -#usr/include/upnp/upnptools.h -#usr/lib/libixml.a -#usr/lib/libixml.la -#usr/lib/libixml.so -usr/lib/libixml.so.11 -usr/lib/libixml.so.11.0.1 -#usr/lib/libupnp.a -#usr/lib/libupnp.la -#usr/lib/libupnp.so -usr/lib/libupnp.so.17 -usr/lib/libupnp.so.17.0.6 -#usr/lib/pkgconfig/libupnp.pc diff --git a/config/upnp/gatedesc.xml b/config/upnp/gatedesc.xml deleted file mode 100755 index a0608bb53..000000000 --- a/config/upnp/gatedesc.xml +++ /dev/null @@ -1,81 +0,0 @@ - - - - 1 - 0 - - - urn:schemas-upnp-org:device:InternetGatewayDevice:1 - IPFire UPnP Device - IPFire Project - http://www.ipfire.org - IPFire 2.3 - uuid:75802409-bccb-40e7-8e6c-fa095ecce13e - - - image/gif - 118 - 119 - 8 - /ligd.gif - - - - - urn:schemas-dummy-com:service:Dummy:1 - urn:dummy-com:serviceId:dummy1 - /dummy - /dummy - /dummy.xml - - - - - urn:schemas-upnp-org:device:WANDevice:1 - WANDevice - IPFire Project - http://www.ipfire.org - WAN Device on Linux IGD - IPFire - 2.3 - http://linux-igd.sourceforge.net - 2.3 - uuid:75802409-bccb-40e7-8e6c-fa095ecce13e - Linux IGD - - - urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1 - urn:upnp-org:serviceId:WANCommonIFC1 - /upnp/control/WANCommonIFC1 - /upnp/control/WANCommonIFC1 - /gateicfgSCPD.xml - - - - - urn:schemas-upnp-org:device:WANConnectionDevice:1 - Internet Connection - IPFire Project - http://www.ipfire.org - Internet connection on Linux IPFire Firewall - IPFire - 2.3 - http://www.ipfire.org - 2.3 - uuid:75802409-bccb-40e7-8e6c-fa095ecce13e - Linux IGD - - - urn:schemas-upnp-org:service:WANIPConnection:1 - urn:upnp-org:serviceId:WANIPConn1 - /upnp/control/WANIPConn1 - /upnp/control/WANIPConn1 - /gateconnSCPD.xml - - - - - - - - diff --git a/lfs/configroot b/lfs/configroot index a3e474d70..2ab9cc29b 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -55,7 +55,7 @@ $(TARGET) : menu.d modem optionsfw \ ovpn patches pakfire portfw ppp private proxy/advanced/cre \ proxy/calamaris/bin qos/bin red remote sensors suricata time \ - updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \ + updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \ wakeonlan wireless ; do \ mkdir -p $(CONFIG_ROOT)/$$i; \ done @@ -69,7 +69,7 @@ $(TARGET) : isdn/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \ ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \ - qos/tosconfig suricata/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \ + qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \ vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \ touch $(CONFIG_ROOT)/$$i; \ done diff --git a/lfs/libupnp b/lfs/libupnp deleted file mode 100644 index 61856ff7b..000000000 --- a/lfs/libupnp +++ /dev/null @@ -1,78 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 1.14.6 - -THISAPP = libupnp-$(VER) -DL_FILE = $(THISAPP).tar.bz2 -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = 05c2393eee4fbf81c9e1b116b9554039 - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - $(UPDATE_AUTOMAKE) - cd $(DIR_APP) && ./configure --prefix=/usr - cd $(DIR_APP) && make $(MAKETUNING) - cd $(DIR_APP) && make install - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/make.sh b/make.sh index 4af0081e9..9fba3977d 100755 --- a/make.sh +++ b/make.sh @@ -1306,7 +1306,6 @@ buildipfire() { lfsmake2 whatmask lfsmake2 libtirpc lfsmake2 conntrack-tools - lfsmake2 libupnp lfsmake2 ipaddr lfsmake2 iputils lfsmake2 l7-protocols