From patchwork Mon May 17 19:00:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4302 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT4743gsz3wbb for ; Mon, 17 May 2021 19:00:55 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT455J3Wz1LK; Mon, 17 May 2021 19:00:53 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT454fyvz2yZm; Mon, 17 May 2021 19:00:53 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT444hm5z2xPC for ; Mon, 17 May 2021 19:00:52 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT3m671Kz1LK for ; Mon, 17 May 2021 19:00:36 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278037; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m8GAvFslqdPy6oKBSMZacPRMps8kOnyGMpD9d+eeFuM=; b=9Gm7gh3vD7NOaeWOEN0XDhjzPAqcOCTnm8vl79psm1IiB8XCLuYhjjiJ9209zi9r66xVMU ro145IkxA53n6JDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278037; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m8GAvFslqdPy6oKBSMZacPRMps8kOnyGMpD9d+eeFuM=; b=DZ1LYhcvWHwMnUC9e1Z77jaCK8fOM+trMIoltEaPK9IjUgjQWsYYRu5ExaUFdHz0SpK6Ls CtlmikAyGOfRBSg7FfmYBmw+HdlOKR4IT9nqD+ntMLS45BrzXFOiU9jN3P5vyEOzjtMgup KMnCYr78b7OFXc3rW9QkIkx0rPgsqc8//9yf/tVh/67RhSY6pQesRIH6jlSNH/3cnIv/G3 wRpp99HSnGxvJq+6XvUQ6xD/RG6BbzHo5FL3kIJoQQLdNPKI07gKHo9Pa3soRx+c0i89tz ZqK/IGEq/KXB2lFmTzPki85mqd4NuXpe7sEa1grq9yLta2i5rQKRmGwHDec1Ng== Subject: [PATCH 01/20] GnuPG does not need to have a SUID bit set To: development@lists.ipfire.org References: From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Mon, 17 May 2021 21:00:33 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- lfs/gnupg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/gnupg b/lfs/gnupg index f94948fe9..624855686 100644 --- a/lfs/gnupg +++ b/lfs/gnupg @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -77,6 +77,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure --prefix=/usr --libexecdir=/usr/lib --disable-nls cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install - chmod -v 4755 /usr/bin/gpg + chmod -v 755 /usr/bin/gpg @rm -rf $(DIR_APP) @$(POSTBUILD) From patchwork Mon May 17 19:01:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4303 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT4y245sz3wbb for ; Mon, 17 May 2021 19:01:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT4x6HX3z26y; Mon, 17 May 2021 19:01:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT4x5hT3z2ybq; Mon, 17 May 2021 19:01:37 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT4x09Hvz2xPC for ; Mon, 17 May 2021 19:01:37 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT4v6jsfzZF for ; Mon, 17 May 2021 19:01:35 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Y03V3mzyzSpqHQkjbFRJeLYnw8KDTvshKM1T3yuOnbI=; b=FbrhmEHx7ayG+UCphhTcusGPXLC5WTOHuCEpzhDlnQv+/feJvyufRNLUNEp/XshTGRcphi uaYEacd1dUHjdVCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Y03V3mzyzSpqHQkjbFRJeLYnw8KDTvshKM1T3yuOnbI=; b=LwGl53F/3MhR/1LW3b/32sJ48jsmjrbvS7tEYy0YLwSJlegOvXkzb+XDNy0dnByWYWw3+4 ClpbUswO+atKjQRD9Cc83H9IuQqBHDo2Z++ZxL7moKgbELFe6y/se5c6Fd1HzFDhvxCSzS uKairycLVGWH65IiSCYYJgHqK3s5jNE2/NZTiI1AMCAWlh2H2Bk27yb5FViEb4FtmSCGMR QuGTjD2CthQfKvzgkbIxLYZTjYKeLfn76kpSPbqdJ/+L0cfeL+73qvHBNNyJx1XKuSn+u1 mgPqDRBDvQM2ol8rSW5G/4z8Imhg0h6GcSyPEBSrJFkaZ/nG8wPMbwAPvP7rOQ== Subject: [PATCH 02/20] Core Update 157: remove SUID bit from /usr/bin/gpg To: development@lists.ipfire.org References: From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> Date: Mon, 17 May 2021 21:01:34 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index 09b8d8968..322e2ada2 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -103,6 +103,9 @@ ldconfig # Filesytem cleanup /usr/local/bin/filesystem-cleanup +# Fix file permissions changed +chmod -s /usr/bin/gpg + # Start services /etc/init.d/sshd restart /etc/init.d/apache restart From patchwork Mon May 17 19:01:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4304 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT5L2l5tz3wbb for ; Mon, 17 May 2021 19:01:58 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT5L0HRnz26y; Mon, 17 May 2021 19:01:58 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT5K6nDnz2xd6; Mon, 17 May 2021 19:01:57 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT5K2gc6z2xF1 for ; Mon, 17 May 2021 19:01:57 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT5J2Xntz1TQ for ; Mon, 17 May 2021 19:01:56 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278116; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=//i58Wr20jG6D1uS6TGLC0uWM0NUmru07LpqOwiGZEo=; b=X6iQsNEo+qSLtT/kAiP9AP2CllPAOdTDggQ1TeHXguMZmvWVfCG2rXgEyjmRLi9EiPdEaZ yaRpWD3XRsIKX5Dg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278116; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=//i58Wr20jG6D1uS6TGLC0uWM0NUmru07LpqOwiGZEo=; b=Md5mZbG0aofgDOjTWmXcw9BhQYBzAN+KJIjINiy/MfpKlktjyWcfjUYaDk+IfsHh2iZYkt 3RNUMQUixlximVMSDNgGBf8LpZEFN8eY6qBwWbvozvgW7kyEOG/zgcDxWXThVAwF2QMByf dmbBwkyVXc6M0k77Gbp9g2AVidu7hjtIZaQePon9RJP+fhsCe/bS2XlmWHt8384doRXwY8 KUtwWQpzLX5sVykREyjByDTYLoqTiGGhsQPDztVB4eSvKn3oSH8B0MS1ZDx2RX4gwv35Cx iyJaiuzhmLafUqvHBZtklmftPXY/9x5KmYUHlUWUH3Sm/OqXtPCsdNjiUxQiGg== Subject: [PATCH 03/20] /usr/bin/ping does not need a SUID bit if appropriate capabilities are set To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> Date: Mon, 17 May 2021 21:01:54 +0200 MIME-Version: 1.0 In-Reply-To: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Cc: Michael Tremer Signed-off-by: Peter Müller --- lfs/iputils | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lfs/iputils b/lfs/iputils index b1e2e2216..ae692df7a 100644 --- a/lfs/iputils +++ b/lfs/iputils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -71,9 +71,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && make ping tracepath - cd $(DIR_APP) && install -m 4755 ping /usr/bin + cd $(DIR_APP) && install -m 0755 ping /usr/bin cd $(DIR_APP) && install -m 0755 tracepath /usr/bin + # Allow execution of /usr/bin/ping by other users than "root" + setcap cap_net_raw+ep /usr/bin/ping + # Some scripts expect ping in /bin/ping. ln -svf ../usr/bin/ping /bin/ping From patchwork Mon May 17 19:02:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4305 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT5r3tNhz3wbb for ; Mon, 17 May 2021 19:02:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT5r19h1z1TQ; Mon, 17 May 2021 19:02:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT5r0Ypmz2ybq; Mon, 17 May 2021 19:02:24 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT5q1rjzz2xd6 for ; Mon, 17 May 2021 19:02:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT5n61N5z1LK for ; Mon, 17 May 2021 19:02:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278142; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m6q62E3gdhp99+wvZrkrcERPaZ7hll80g8dhB3ZyDWI=; b=jGqgoq6lYGidTcr/WonP7z9jK3P4sIhm8RNBSBXPP2npXu/kGS7N82GtMBGyu2jfU/nBZK P4ixQesbe1pMiDDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278142; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m6q62E3gdhp99+wvZrkrcERPaZ7hll80g8dhB3ZyDWI=; b=Le5elmN1le5b6WfUIOPtpcT3iuxHZtt/MhUPfMWK0ylHnH6rNeL0MoYjoWOwGZu6WgQQb6 KieqWDF2V5sUGe4hd+7n9HCEUWVO4LZWQOMo53iSUg3ciIHe7SliJN7SNBIYofquVWlS6Z 2JDiimUX/YIQG5j9Meb8TwFMe07AEY8Y7Rg9SgV/IEL0zLBpZWIOLkHC3qR6wU2Wk2ixcc JuOgO2MKRB9bml9WEVOcnIvQ1DRCuTgUq6bCKne2yNO0gBO1r4aEXhOGmXSpW1+5tto0wB 2dtXe8V0SnbWxE+bZyxHENhYIYQJOc1xJgNvXOp/fc4XMa16P2srSgkc3myZyw== Subject: [PATCH 04/20] Core Update 157: Delete ssh-keysign binary To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> Date: Mon, 17 May 2021 21:02:20 +0200 MIME-Version: 1.0 In-Reply-To: <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index 322e2ada2..0f4c76346 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -106,6 +106,9 @@ ldconfig # Fix file permissions changed chmod -s /usr/bin/gpg +# Delete scrubbed files +rm -f /usr/lib/openssh/ssh-keysign + # Start services /etc/init.d/sshd restart /etc/init.d/apache restart From patchwork Mon May 17 19:02:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4306 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT684tK1z3wbb for ; Mon, 17 May 2021 19:02:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT68278nz2L1; Mon, 17 May 2021 19:02:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT681VD1z2yZm; Mon, 17 May 2021 19:02:40 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT664KHTz2xPC for ; Mon, 17 May 2021 19:02:38 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT655KnXz1LK for ; Mon, 17 May 2021 19:02:37 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278158; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HoYmUXYVd/kCX8cUadgo2rwoJHTOHK2N4kS5gp0zOr8=; b=7xVtaprv2+KQi56DqX7W1DVZkGNFGi2Utvog+hfgxN5WdUUi1dqJJi+aAK+6H9frvFNYRn VEsLsis6rmTRiBBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278158; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HoYmUXYVd/kCX8cUadgo2rwoJHTOHK2N4kS5gp0zOr8=; b=AKXDXV0UXYC7ray61eHOXiwRpyPsrN30ueGQy6vMTgmUHy9hrxCH44yhAHXclkY0ZJt37G XpLUm20iHkxW+hebNQHJrb/gxfg6g60xb0cnFGNBAgl7qGl/WSYewnrlaEHGwnuTpWQpI+ nHFdSAOmye7zYal2x0TJsEwh4rtc4Y5A/K3POh4yaLGlyJCgB2lhwGVolu+CJ/57kfmI3H JrxK+ldFhXr9RW+/gAbdpGXEtPSlHO2lpJwb8sCTYij1srSO1lB/u8kWDmJUDdUArKYiaz q0rWsCBWxAIF/miwIeZK+sTS+IhHy8mqLO/ayJ9U9dpfOjFvahIP2tXm+UgTLA== Subject: [PATCH 05/20] DMA: do not ship a binary for creating mail boxes To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> Date: Mon, 17 May 2021 21:02:36 +0200 MIME-Version: 1.0 In-Reply-To: <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is only needed in case of bounces generated by locally emitted messages. We neither store these, nor do we create mail boxes on a firewall. Safe to drop. Cc: Michael Tremer Signed-off-by: Peter Müller --- config/rootfiles/common/dma | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/rootfiles/common/dma b/config/rootfiles/common/dma index e98e67415..79cad8ece 100644 --- a/config/rootfiles/common/dma +++ b/config/rootfiles/common/dma @@ -1,5 +1,5 @@ etc/alternatives/sendmail -usr/lib/dma-mbox-create +#usr/lib/dma-mbox-create usr/sbin/dma usr/sbin/dma-cleanup-spool usr/sbin/mailq From patchwork Mon May 17 19:02:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4307 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT6W6dllz3wbb for ; Mon, 17 May 2021 19:02:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT6W2t9Cz2L1; Mon, 17 May 2021 19:02:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT6W2HVCz2ybq; Mon, 17 May 2021 19:02:59 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT6V21cyz2xPC for ; Mon, 17 May 2021 19:02:58 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT6T1xnfz2BD for ; Mon, 17 May 2021 19:02:57 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278177; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=by5iUGOFSZ+xJWGExgUsxtzYMBb5SeVCMuGd+vCmhZs=; b=bk2+BiToqNxFCSOalajrX2+nnHcL1wYZencKza+rYgSqXgPTHTljv1GMkH1b2P4VzmcPhe RpExL0XKzQ2QxhBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278177; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=by5iUGOFSZ+xJWGExgUsxtzYMBb5SeVCMuGd+vCmhZs=; b=B0/Q0rUg7W/iprso4OYGJsRWr/y+QFzysY5/ZJoFsL8jeRH19vEgWma3XW/equCIcIQfuq Svi3Ebdddn8phpdhRLd4LBTIai/S1R4G8ab1dKD5zB1U33NRcVBjtfRpbfYaclTheJni63 4KYviJfe7fJmDFCCsUBN9lQqE8XCf+O6L7ZyxH87TlcverRq6kGXwacQfvfnBPXR2Z9uNl EFltG83rnGsfbKyFl+DMaYhPUnbs1ivn7sOt5XpD8pIAAMLl8n1JnEkprraf6pPjaWJPhY 7T4zkeB/gM0+6QbFXl+2KiUFW/nWQelhWel9bmGaNsx+TycXVxciDpjiuMu3pg== Subject: [PATCH 06/20] Core Update 157: Delete orphaned DMA mail box creation binary as well To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> Date: Mon, 17 May 2021 21:02:56 +0200 MIME-Version: 1.0 In-Reply-To: <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index 0f4c76346..8738a1e46 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -107,7 +107,9 @@ ldconfig chmod -s /usr/bin/gpg # Delete scrubbed files -rm -f /usr/lib/openssh/ssh-keysign +rm -f \ + /usr/lib/dma-mbox-create \ + /usr/lib/openssh/ssh-keysign # Start services /etc/init.d/sshd restart From patchwork Mon May 17 19:03:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4308 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT6s67XKz3wbb for ; Mon, 17 May 2021 19:03:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT6s3ccfz2L9; Mon, 17 May 2021 19:03:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT6s34S8z2yZm; Mon, 17 May 2021 19:03:17 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT6q5QzQz2xPC for ; Mon, 17 May 2021 19:03:15 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT6p5vBLzSG for ; Mon, 17 May 2021 19:03:14 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278195; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x7/h24c+HrvOn98Hq8jOsuD7MlLjX9baIjcxAKugC24=; b=AfvTf3lLmK6/2K8H4Xu+xybQ/ql3QIN9Qaw5zYZSLkaxrMbdWOXfxwd+MRkdJ36a8gJKSk 1vIJr9bajz4w+tBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278195; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x7/h24c+HrvOn98Hq8jOsuD7MlLjX9baIjcxAKugC24=; b=XBXM/KwYi/3KgvEpJeJ//x9dc8Wk/qXUzcFdRu4ayLx7gy8JGxST4+qfik/JXq3+iSlI4R Ze/Y/d2TnCBp7TnAbn0fBvLsZudb+sft9FirUil1xr4Bj9xhJwmKSapIylqcJG+LkzXxXu /TfeDW8Bce5Pyd6LstKK6BbK7Q5qF2KH/Sgt5iHGoNmX8IWkDO/8XtCl8V4SCzBFrsXdlU p6anpDWtylVmZeiYtmgB17HqkznIiOv9tAqRV+gi5x05YmTuasBD3ynsAoT3LAYBSugmym LqNxPMs4jp2x7PHm7LOnCMY2tpyfJfqygIaijAMaKgIfD9GjiJIGEV1CQJUJTw== Subject: [PATCH 07/20] Core Update 157: /var/ipfire/fwhosts/icmp-types does not have to be executable To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Mon, 17 May 2021 21:03:13 +0200 MIME-Version: 1.0 In-Reply-To: <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" See commit 183ccaa5a5c95f4cb2b639360f3c1465567577e9. Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index 8738a1e46..7ed02d690 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -105,6 +105,7 @@ ldconfig # Fix file permissions changed chmod -s /usr/bin/gpg +chmod -x /var/ipfire/fwhosts/icmp-types # Delete scrubbed files rm -f \ From patchwork Mon May 17 19:03:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4309 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT7J72GDz3wbb for ; Mon, 17 May 2021 19:03:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT7J4RX6z1Yb; Mon, 17 May 2021 19:03:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT7J3vnJz2xd6; Mon, 17 May 2021 19:03:40 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT7G5zCkz2xPC for ; Mon, 17 May 2021 19:03:38 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT7F56gFzSG for ; Mon, 17 May 2021 19:03:37 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qjFI00Le6SZsNJ7ZMMuF24TNPVnkfe84XEVrxfeifNc=; b=A0ijRU1nacjHYWWF9yjRZqPFCC7FDn+38ppHXV+ro30Oh9h6klTImlw8fIQSmw29yylTvB thFYo+rpjGU6sTBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qjFI00Le6SZsNJ7ZMMuF24TNPVnkfe84XEVrxfeifNc=; b=Z61rjM6yDJyeKvWwjm2NFy6PLJlrBUhlkIUe4v32hsgcojskdSpgmhPnbOmnw+jtDRJw0P 41lH7ezXAHkYUTlBRrHDnsQkqMyyjilSDZRbcN+aJva1fmIY+W85pBMRP2GqFvxn0aTnrX V19zw2H6KU9Qdfsd38H+n0iROcezpxuL59u+aonQMbdXuFH/9un6K1mVQSyeJXraESPum2 Lp10ZZzkOJ2eedK1Kbl3GcXimzGUDhu/GHonnuN8nU+ZjCwgqfbVFGJLg4ndfmQpDWw835 1Zc3vzdX+Q8UcHUR8JRM8ZRKiwNcUZtNcIhxoz40GgvIZQXo/kh8vqE3Qz6F8A== Subject: [PATCH 08/20] Core Update 157: Ship changed iputils due to /usr/bin/ping changes To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Mon, 17 May 2021 21:03:36 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/rootfiles/core/157/filelists/iputils | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/157/filelists/iputils diff --git a/config/rootfiles/core/157/filelists/iputils b/config/rootfiles/core/157/filelists/iputils new file mode 120000 index 000000000..361c28f71 --- /dev/null +++ b/config/rootfiles/core/157/filelists/iputils @@ -0,0 +1 @@ +../../../common/iputils \ No newline at end of file From patchwork Mon May 17 19:04:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4310 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT7n0xz2z3wbb for ; Mon, 17 May 2021 19:04:05 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT7m5GDVz1Yb; Mon, 17 May 2021 19:04:04 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT7m4l2xz2xjj; Mon, 17 May 2021 19:04:04 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT7k6531z2xPC for ; Mon, 17 May 2021 19:04:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT7j6h9czcb for ; Mon, 17 May 2021 19:04:01 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278242; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Whf4He2Yj+9COT7y0Ox/9J93y0WIn29KWIITH24TKms=; b=0fVzQrfCmZAoCLjY/Id+f1a8ULtL5OTlCVZ13PNmNZgWhxf1ziVJ3WVpLRYd+c1b3HoGUD HaMSKS0WOxPGe4DQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278242; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Whf4He2Yj+9COT7y0Ox/9J93y0WIn29KWIITH24TKms=; b=lEExhRUYEiUwDKRywB0OU6ZdL6X+kJl/WYb+OejYGweQtHQnDPz4HdXcPxlK8QWlzXtxen St1I4hg3rl+YRgFmhVGwzA+V5XwR9WWR3K03/ewZzjh2Hm8DGX4lru3IKEvdlmiXT1ELVj XtRgk0YrMDeWlLMCBygLohDJh3EdiyHGYlWPoeNmajrv6cvve8bFBGdU4hhYf/YMbOElMd rFIDMnhE1kOLKTVa1QJ0jZBmWciO0+yhm77HjeWNUK8T3iW/MsfrlpzkLS7Yz8TafLD/Iv 4kprKqvVSojM4cdI6wvIrfTAiCNntb042uDyjQ+bIEI2IGywEqGwBjftvDV/Rw== Subject: [PATCH 09/20] backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Mon, 17 May 2021 21:04:00 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is dangerous as nobody could write arbitrary contents to this file and execute it afterwards. Partially fixes: #12619 Signed-off-by: Peter Müller --- lfs/backup | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lfs/backup b/lfs/backup index 791d87adb..9d3e05735 100644 --- a/lfs/backup +++ b/lfs/backup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -30,7 +30,7 @@ THISAPP = backup-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = backup -PAK_VER = 1 +PAK_VER = 2 DEPS = @@ -56,10 +56,11 @@ dist: $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) -mkdir -p /var/ipfire/backup/bin - install -v -m 755 $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin + install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/ install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ chown nobody:nobody -R /var/ipfire/backup/ + chown root:root -R /var/ipfire/backup/bin/ -mkdir -p /var/ipfire/backup/addons -mkdir -p /var/ipfire/backup/addons/includes -mkdir -p /var/ipfire/backup/addons/backup From patchwork Mon May 17 19:04:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4311 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT8D30ptz3wbb for ; Mon, 17 May 2021 19:04:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT8C6B0tz1Yb; Mon, 17 May 2021 19:04:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT8C5YmVz2xd6; Mon, 17 May 2021 19:04:27 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT895Y1nz2xPC for ; Mon, 17 May 2021 19:04:25 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT886PDDzcb for ; Mon, 17 May 2021 19:04:24 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278265; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JoYKHqltctgH3P9nwcmVjx2m6/CbZhZ+wUAfvkhEZvY=; b=oZB7E8xxOSc4YDYh2WKhOb71MKhnPIA3w1CIHndChuRt3cPhNMFJYjuUqZQF+cRlGU8Syg LXSt+nEIrtxNmeAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278265; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JoYKHqltctgH3P9nwcmVjx2m6/CbZhZ+wUAfvkhEZvY=; b=bX053GZG85Y8ha6eQ3fZHPvctEVnF0Je1VTbtb9fDiECJAQbt+thBcUOHx+0Ta24HJjbt2 CmTrXhsGku+U1SyA50rC+hUg2Jy77NRdEckEeEmSWsgzYw8nq5jiI/qnA2oKd+SLd+h8Db olkLj5YrzbkZ1y5Zqp7VzJaVen6rMTqFyOykrpejntXXRW4GcY5Xkznb2c9dNAzuQcdlPi NtMqtKbHJKCWsG7CalNyGY9qt2raD7EwNw+gqQDehjB+WAG37p8AqUwqnES2IN3lPVArHG S2RRKOSQOrZkPmgDPBQhjkuFJaRXbL5/mpkdeOVcDmNogV+fEnTSkmV8fK1lQw== Subject: [PATCH 10/20] SquidGuard: Prevent binaries within /var/ipfire/urlfilter/bin/ from being owned by nobody To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Mon, 17 May 2021 21:04:23 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- lfs/squidguard | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lfs/squidguard b/lfs/squidguard index eb13c41dd..d5eb30377 100644 --- a/lfs/squidguard +++ b/lfs/squidguard @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -113,6 +113,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /usr/bin/perl $(DIR_CONF)/urlfilter/makeconf.pl touch /var/ipfire/urlfilter/settings chown -R nobody:nobody /var/ipfire/urlfilter + chown -R root:root /var/ipfire/urlfilter/bin chmod 755 /srv/web/ipfire/html/images/urlfilter chmod 644 /srv/web/ipfire/html/images/urlfilter/* chown -R nobody:nobody /var/urlrepo From patchwork Mon May 17 19:04:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4312 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT8Z30PPz3wbb for ; Mon, 17 May 2021 19:04:46 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT8Z06xBz26y; Mon, 17 May 2021 19:04:46 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT8Y6lYJz2yZm; Mon, 17 May 2021 19:04:45 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT8X0jGzz2xF1 for ; Mon, 17 May 2021 19:04:44 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT8V6Vj9zcb for ; Mon, 17 May 2021 19:04:42 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278283; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BgYI+GVpq3z4ajOrEit6EHSWBFUG2qm1YwiTO/gq0rI=; b=VuVtPYHoLayPASICHYS2k5qo4eOhWaa5JC92U23Npo5juAkNwjqrKQLSRXhnGHpSKzy7AR Q6wqBQcgkBei75Dw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278283; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BgYI+GVpq3z4ajOrEit6EHSWBFUG2qm1YwiTO/gq0rI=; b=TkINurhWV6slGfQu/eLRhkDQ45HRBUqb1OuII4txCrojMpa84gLPw9xQNLGUH+Yhy/zYUC kRrvbliP7bs50wCpG5+I3E0OAAUaDNPFN10ANPSHhCBFUmNdXEH0YJEDpkAc6FOY/hCe5W yF19DzmVsoVHtkQojRHMSox02VKvqJP9+3/eKcGGr0Y4xLxNoT4/paS7MFiOly7w0D9SUh 93BY71xWdidJFNT3UvQvLEQMSByfhSKlKfmcwZPnP9drWFXu0JPVGQvUCs2Xavsh4poOY6 PqFmqKVIj9y1Gom7pDVwF711aRuQCSNIhLHeZt2AaSTC9udu/ER7Q9Ol8G2zcw== Subject: [PATCH 11/20] Core Update 157: Apply changed permissions to /var/ipfire/urlfilter/bin/ To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Mon, 17 May 2021 21:04:41 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index 7ed02d690..f46a47572 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -106,6 +106,7 @@ ldconfig # Fix file permissions changed chmod -s /usr/bin/gpg chmod -x /var/ipfire/fwhosts/icmp-types +chown -R root:root /var/ipfire/urlfilter/bin # Delete scrubbed files rm -f \ From patchwork Mon May 17 19:05:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4313 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT934D8rz3wbb for ; Mon, 17 May 2021 19:05:11 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT930xT9z2L1; Mon, 17 May 2021 19:05:11 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT930RdGz2yTb; Mon, 17 May 2021 19:05:11 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT9203Nxz2xd6 for ; Mon, 17 May 2021 19:05:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT911Ls9zxV for ; Mon, 17 May 2021 19:05:09 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278309; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6Ny62lh7UJK1mRqXFQAb9zP7Z8tGYv8nteLZDHvMUDM=; b=sbw3bl4cX1XdGAE5cRwCiv1r+c7HVT9XQboNvFMHhkgSFHnxiuMFX5mfibjISAKCFu5Njm prG2JjjkH4p0IiAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278309; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6Ny62lh7UJK1mRqXFQAb9zP7Z8tGYv8nteLZDHvMUDM=; b=TMiZDTTfMmS5RuPAOrN12z1M9Qedcs32H+ANQ54iWc/PqS01tXxBNQLjnEsNi+az9avWiU gGBffK8mgKa1H0eIxhnykIEfHpG+xAeex78dxer6+kmt6y0aA/3Lt5h3HXFNPtsE9HAx+R N9ysG1O0ry21F4MEjmv9Bkq6hHQCwG6kp+E/EP1lBYQQFDQ3it+puBVjKix2mB3nFxXrRF liyDWtZ7cQqLvKmw11mgLuQGRwUw+Xzg9FcA1s8drXMqU+80ni3Bf0mkDgqJXPCz9kyU8+ nWAPNK1LrP1YNliiFXTpBX55Dk1XGJGmElEgKLEHQuVZDM6w/U10YPGCAHampQ== Subject: [PATCH 12/20] Squid: Prevent binaries within /var/ipfire/updatexlrator/bin/ from being owned by nobody To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <4d993216-9803-346c-3f54-de35633d1205@ipfire.org> Date: Mon, 17 May 2021 21:05:07 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- lfs/squid | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lfs/squid b/lfs/squid index 33cb95ba1..18cb30ef7 100644 --- a/lfs/squid +++ b/lfs/squid @@ -171,6 +171,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) ln -fs /bin/false /var/ipfire/updatexlrator/autocheck/cron.weekly chown -R nobody:nobody /var/ipfire/updatexlrator + chown -R root:root /var/ipfire/updatexlrator/bin chown nobody.squid /var/updatecache chown nobody.squid /var/updatecache/download chown nobody.squid /var/updatecache/metadata @@ -186,7 +187,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) chown nobody.nobody /srv/web/ipfire/html/proxy.pac ln -sf /srv/web/ipfire/html/proxy.pac /srv/web/ipfire/html/wpad.dat - #Copy stylesheets for the errorpages + # Copy stylesheets for the errorpages cp -f $(DIR_SRC)/config/proxy/errorpage-ipfire.css /var/ipfire/proxy/ cp -f /etc/squid/errorpage.css /var/ipfire/proxy/errorpage-squid.css From patchwork Mon May 17 19:05:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4314 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT9R4D3Jz3wbb for ; Mon, 17 May 2021 19:05:31 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT9R1fRvz5PC; Mon, 17 May 2021 19:05:31 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT9R18X4z2ybq; Mon, 17 May 2021 19:05:31 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT9Q2kQ6z2xPC for ; Mon, 17 May 2021 19:05:30 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT9N6vvYzxV for ; Mon, 17 May 2021 19:05:28 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278329; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tTXNPM3gIsVacfkeFcpOo35Rf2iRN9WotCO2Ta2Acyo=; b=DVSms+Sm3zChyjH0yM/MS0AYV/qjzNptyr5qhvf1HMY5zI4VmPUB1Ly3lx5R1/PDuuHUP7 UJggzybYTKLd2uBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278329; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tTXNPM3gIsVacfkeFcpOo35Rf2iRN9WotCO2Ta2Acyo=; b=YBHozD5Bk3thXyLGA+/WUXeH+2rkxmCMX7pWx6hpgPdFnyTwwp49UCYun/bR3+FhVxyduG cGr/KV5Jf5sYYAzHDGiqVUvOsaOXI+WDKZzIk604nKn60du+30oXoTcuOpW5t9BFFfEicL UpJkv+WAwLD7jkgMgSoeas9pPl6XFZfkN4bHgQITj8NyM+5vTQB4r84SZtVP5aEnGgA/Kj 27YMpAuwgljQaepGfFRgmbkNUuEF02X/0Jm7+EMwm+b8ZAKRT/0pRfBagfQY8s/+lnSfTF bNKGkFD+1t0VJPyvD59hunuBv0wv5PNjvJrByQ/O2FGxa+j8u//9b2gWyNoGRw== Subject: [PATCH 13/20] Core Update 157: Apply changed permissions to /var/ipfire/updatexlrator/bin/ To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> <4d993216-9803-346c-3f54-de35633d1205@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Mon, 17 May 2021 21:05:26 +0200 MIME-Version: 1.0 In-Reply-To: <4d993216-9803-346c-3f54-de35633d1205@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index f46a47572..c2fad638c 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -107,6 +107,7 @@ ldconfig chmod -s /usr/bin/gpg chmod -x /var/ipfire/fwhosts/icmp-types chown -R root:root /var/ipfire/urlfilter/bin +chown -R root:root /var/ipfire/updatexlrator/bin # Delete scrubbed files rm -f \ From patchwork Mon May 17 19:05:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4315 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkT9r5TGTz3wbk for ; Mon, 17 May 2021 19:05:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkT9r2MTSz5PT; Mon, 17 May 2021 19:05:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkT9r1vXSz2yZm; Mon, 17 May 2021 19:05:52 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkT9q2rLtz2xPC for ; Mon, 17 May 2021 19:05:51 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkT9p1b98zcb for ; Mon, 17 May 2021 19:05:49 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278350; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fChNKQ5bYMJ6j8IqC7bKq/bPjx1pJIdXKZm3ht+tSr0=; b=dZ92CaE7xNOr5wRslaNuMaQcNOk8NvdfY1XXqAQ6yMmRYecjuWRkuAfhJgGcG+M2QKdnoI f9WlO/bvTr4UnLDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278350; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fChNKQ5bYMJ6j8IqC7bKq/bPjx1pJIdXKZm3ht+tSr0=; b=vaGc+Lvvp3db/9NcqHacJcehDsGKaXKmfD2H/H+A0KB/B08CGruTLyIWc5uNVNoEkLERAu rwKdethEZepZsw0SHzBKuiM3x57NCVZtFJK4uQ4qoOmpxYJ6xjxKPY+qYLQIZOk0j6KwsM 1LPJ8l/VN1abFCHKs/FPLzdW5+ueZTqCIgGh/8KXr5zGJiLYm9qLqCApSeOGmh1eemFDsC BEZWGGTaoG5Ua6Wh9bESBwewzCqS7TPkoH3xjapYkruD18j/o04QWFJxrWq2qHc7+1LIMB uif+G8/hniNJQte7OFltiaSjNUo1uhST/pvddbWivN8HOeVPaEZ4YWGXtyGjMw== Subject: [PATCH 14/20] OpenVPN: ovpn-leases.db for sure does not have to be executable To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> <4d993216-9803-346c-3f54-de35633d1205@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Mon, 17 May 2021 21:05:49 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- lfs/openvpn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/openvpn b/lfs/openvpn index b026d515b..81ccc52bf 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -89,7 +89,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -mkdir -vp /var/ipfire/ovpn/n2nconf -mkdir -vp /var/ipfire/ovpn/scripts touch /var/ipfire/ovpn/ovpn-leases.db - chmod 700 /var/ipfire/ovpn/ovpn-leases.db + chmod 600 /var/ipfire/ovpn/ovpn-leases.db chown -R root:root /var/ipfire/ovpn/scripts chown -R nobody:nobody /var/ipfire/ovpn chmod 700 /var/ipfire/ovpn/certs From patchwork Mon May 17 19:06:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4316 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkTBH6QDlz3wbk for ; Mon, 17 May 2021 19:06:15 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkTBH3BVJz26y; Mon, 17 May 2021 19:06:15 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkTBH2hnCz2ybq; Mon, 17 May 2021 19:06:15 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkTBG1D4vz2xPC for ; Mon, 17 May 2021 19:06:14 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkTBF1vfTzZ6 for ; Mon, 17 May 2021 19:06:13 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278373; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Kajaz9dOUg0sm2dgYq4IjqoUkAkb6QS+ZrNHXePHcpI=; b=3qStmY2wsy8QCykDLMR2A+Kx4WV2m+v6v7+8Qr6PgK48jm0QgQX9u+bwBTeJZS8yFxyr/I 6oeBemnobnTK8yDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278373; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Kajaz9dOUg0sm2dgYq4IjqoUkAkb6QS+ZrNHXePHcpI=; b=qXcpNqEX8IDZDT28kKImivYYvvpWNCHWD4Y2NCjvyXMFERKqTY9pJ2rwTTbbCNtk7+r0MC CWXA39Ele1KhA1GsFybX9XdQYiGOYpayix78XTCmg9zq367cLcaANx1lNkdrsdGErXlF6V H0Oui34HY76vGO6MeE9A2jnh4SE1DUGNmbG/lRDsQOyRh9//05ZhGhgArmvvl2FM0j+/mw 6bO5bmzqUIYlfFY9QGvCn8P2U+vt0Z19U7vsng2shpnayCxC7V5eeyX7uCq2qzsHfJb9u8 7qovJ1wgoiqXv7Yprj5gLbGA2fidXcq8UVdS4/sFFOVed6Wy6y/rispMS0LnOw== Subject: [PATCH 15/20] Core Update 157: Apply changed permissions to /var/ipfire/ovpn/ovpn-leases.db To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> <4d993216-9803-346c-3f54-de35633d1205@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <0334d010-8b7d-7e4c-bf29-83f9bf12c229@ipfire.org> Date: Mon, 17 May 2021 21:06:12 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index c2fad638c..e270ef338 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -108,6 +108,7 @@ chmod -s /usr/bin/gpg chmod -x /var/ipfire/fwhosts/icmp-types chown -R root:root /var/ipfire/urlfilter/bin chown -R root:root /var/ipfire/updatexlrator/bin +chmod 600 /var/ipfire/ovpn/ovpn-leases.db # Delete scrubbed files rm -f \ From patchwork Mon May 17 19:06:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4317 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkTBg6nFZz3wbk for ; Mon, 17 May 2021 19:06:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkTBg3yWDzs2; Mon, 17 May 2021 19:06:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkTBg3VS9z2yZm; Mon, 17 May 2021 19:06:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkTBf3hq7z2xPC for ; Mon, 17 May 2021 19:06:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkTBd4hzrzZV for ; Mon, 17 May 2021 19:06:33 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278394; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xTQERYLFkFEfa9sTBiqscqvEMQkNIXIpBfRsR8VNUYI=; b=zy+A60xYjAXvWvNgk4Om67P53W917IW4AT11GAx+ByNPRNpU3EzBVnjTwJJTkOjxyX5Xn1 PpLiQ6OnjFpaetAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278394; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xTQERYLFkFEfa9sTBiqscqvEMQkNIXIpBfRsR8VNUYI=; b=dPQvChTSMNq7IG3UkpINetgZx9rXHmaWX/Dd5Xf3ngDa0lWpZGRoTc+RoRjoOwDfD6lPXI FvFa4RaOcYaMexd6NYB1o4dXcknmGuLdQ8/rASz7v2jMwfkDYAs9K7m91cOw40aj+FgLl6 QieQ6mMkTMpnEyPoGo838C8gUQRF87+o1FPrv/E2VX7S5Uhq5sP031g5+yImhVH82u+Ztu Syuo7jxw1cGb+ru+7Cu8MA4Jh7pqG/G/z/DaUe3B55xtgxnTzuuL1bG8GBBQMzgdIdN9OQ ZiUv4zkjC+1u7ChZ/M0pPIF+VT4n2xfSK91M1LwyXPa+U5PFchQ2Iu6Qzw5+nA== Subject: [PATCH 16/20] Core Update 157: Remove executable bit less ugly To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> <4d993216-9803-346c-3f54-de35633d1205@ipfire.org> <0334d010-8b7d-7e4c-bf29-83f9bf12c229@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <62f381bd-c870-107a-cd81-27cb283660bb@ipfire.org> Date: Mon, 17 May 2021 21:06:32 +0200 MIME-Version: 1.0 In-Reply-To: <0334d010-8b7d-7e4c-bf29-83f9bf12c229@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index e270ef338..d71c9688c 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -105,10 +105,12 @@ ldconfig # Fix file permissions changed chmod -s /usr/bin/gpg -chmod -x /var/ipfire/fwhosts/icmp-types +chmod -x \ + /var/ipfire/fwhosts/icmp-types \ + /var/ipfire/ovpn/ovpn-leases.db + chown -R root:root /var/ipfire/urlfilter/bin chown -R root:root /var/ipfire/updatexlrator/bin -chmod 600 /var/ipfire/ovpn/ovpn-leases.db # Delete scrubbed files rm -f \ From patchwork Mon May 17 19:06:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4318 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkTC20hqcz3wbk for ; Mon, 17 May 2021 19:06:54 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkTC14lz7z1Zf; Mon, 17 May 2021 19:06:53 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkTC14Hcrz2ybq; Mon, 17 May 2021 19:06:53 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkTC05CHvz2xPC for ; Mon, 17 May 2021 19:06:52 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkTBz6ZdVzxV for ; Mon, 17 May 2021 19:06:51 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278412; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7ruMFl3ZOTWcd6Yy7yFyzGST9PFzSSTgUCinC7GE3U0=; b=laTf7lgUS1HbszhECu4LbAcJEUha0uiu9O0Ss2+0fWELh+COZFz3xfnppYZRa6ehAoj7tu cZFmMwuhx4c3ERAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278412; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7ruMFl3ZOTWcd6Yy7yFyzGST9PFzSSTgUCinC7GE3U0=; b=FiEqq7Gonv+KOQOFSSQhX0/NAvlzlg0swbAjf0CLOI/HP1Mr1tfA6lDMrM+jhl/f94O7jn wSK23y/QLS/eSutg2NpmFW9MVKWOx2xe6TyWGQ1v7JYwadoJ0Xh9VpeG1s086vQ7LB8Gvv R74IPEoJd/mKe0iBwFXKVAmE9SMdA0clsbbrENfWKRaRtVGnLDnvPAMkTE0XlxH+qAJxrW IPsDWgs7+h79vcmjLPmi6xhPnOUxQGPjG+onHGYKMYXx2VAOhpfVfgNX+GicSGdYAPF1GE FQoPurA9n+suA0m5X/LEZQ1L02xbdxysy5k6t/uUaz2UDYPxjgDSJ8JV/BFm2A== Subject: [PATCH 17/20] NRPE: Prevent NRPE binary from being owned by "nobody" To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> <4d993216-9803-346c-3f54-de35633d1205@ipfire.org> <0334d010-8b7d-7e4c-bf29-83f9bf12c229@ipfire.org> <62f381bd-c870-107a-cd81-27cb283660bb@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Mon, 17 May 2021 21:06:50 +0200 MIME-Version: 1.0 In-Reply-To: <62f381bd-c870-107a-cd81-27cb283660bb@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- lfs/nagios_nrpe | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lfs/nagios_nrpe b/lfs/nagios_nrpe index a8b4b3676..260bcc810 100644 --- a/lfs/nagios_nrpe +++ b/lfs/nagios_nrpe @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nagios_nrpe -PAK_VER = 8 +PAK_VER = 9 DEPS = nagios-plugins @@ -99,5 +99,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 644 ${DIR_SRC}/config/backup/includes/nagios_nrpe \ /var/ipfire/backup/addons/includes/nagios_nrpe + # Prevent NRPE binary from being owned by "nobody" + chown root:root /usr/lib/nagios/check_nrpe + @rm -rf $(DIR_APP) @$(POSTBUILD) From patchwork Mon May 17 19:07:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4319 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkTCR1Hlhz3wbk for ; Mon, 17 May 2021 19:07:15 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkTCQ5xn3z5PX; Mon, 17 May 2021 19:07:14 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkTCQ5V7Kz2xjj; Mon, 17 May 2021 19:07:14 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkTCP2vRCz2xF1 for ; Mon, 17 May 2021 19:07:13 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkTCN3tpzz14D for ; Mon, 17 May 2021 19:07:12 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278432; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=H1tYUJ2CKCDfiOojFtOvfUD3do/UNYOfEkPVmeyOV84=; b=SlcMwJtKQ0DGIsiqDtL7Fx6jjsElNwti7dC6lSZgQHSjRRYfzOz3LH2rWr7NxfgEWn+MdX RzUf/N2PhSeRmrCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278432; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=H1tYUJ2CKCDfiOojFtOvfUD3do/UNYOfEkPVmeyOV84=; b=K/xtUtf8fZG4vquunNbNsYJ+1AA8PRVQ5d+ggzuiH+Apu51b7ifFZZRB5b2cmad/71d+KO rxzB5/3zehHqhiFUxeQpmI+beAEbXM36R03oEV9JoPOdJH7rPA9PvQH6BCzbpjoPgjx0x3 37p2+5j2QNggRZ0uzSIQsHyyVcBZCcnopEC32MY+SA/qghgOfcw7w3/YVQqns7ruQ21cUI KoeTdfI+m8JaOF068yuQMfm9FULIC1YNCCrMUDTbVdWQsZIuZNyDn7dhYSQrTWao3vBSHK E9TnTZ6PgrXb8Z8dMASgb2blGQXES3jCqI+h3vvQdwBKoAis7qaSfLb/DYpuNQ== Subject: [PATCH 18/20] nagios-plugins: Prevent Nagios plugins from being owned by nobody To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> <4d993216-9803-346c-3f54-de35633d1205@ipfire.org> <0334d010-8b7d-7e4c-bf29-83f9bf12c229@ipfire.org> <62f381bd-c870-107a-cd81-27cb283660bb@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <6eb3152c-47f8-5687-6241-ad699ab6c7bd@ipfire.org> Date: Mon, 17 May 2021 21:07:11 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- lfs/nagios-plugins | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lfs/nagios-plugins b/lfs/nagios-plugins index ad081d5f6..d35a94bbe 100644 --- a/lfs/nagios-plugins +++ b/lfs/nagios-plugins @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nagios-plugins -PAK_VER = 4 +PAK_VER = 5 DEPS = @@ -88,4 +88,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) + + # Prevent Nagios plugins from being owned (and hence writeable) by "nobody" + chown root:root -R /usr/lib/nagios/plugins + @$(POSTBUILD) From patchwork Mon May 17 19:07:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4320 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkTCs2yz2z3wbk for ; Mon, 17 May 2021 19:07:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkTCr6pdWz1Zf; Mon, 17 May 2021 19:07:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkTCr6Jjcz2ybq; Mon, 17 May 2021 19:07:36 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkTCq5qhpz2xd6 for ; Mon, 17 May 2021 19:07:35 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkTCp6d7Pzs2 for ; Mon, 17 May 2021 19:07:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278455; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zsX7gSlV+Aw6ZJCC9PaD1RE/s1XDRpGR3FUkTQgyKLI=; b=7XZpFIdh3MCADWa/DcaWrhwNUBSjtK5PQ8OZvVxXm0y+Zi3jGMYmrrHLI9QjHkQ9enfc/X q+CwZvyC2+eZmwBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278455; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zsX7gSlV+Aw6ZJCC9PaD1RE/s1XDRpGR3FUkTQgyKLI=; b=Wk4rLdh/W96Bb4Z2PqUIgQAjR4MH/ugfwIxXaXG2vbck9jMek74ECeJLrERVKuUAON5Kpm f7yHPKwbd47aBQirDlcOVaKV0ehTIW/EoPCE93tzqTvdx3u6XmkJ+vgqgtgk4Np26mytuD uulOY+nlM56j0NL51/kk2A4wrpedx2AAOdiIO9SE+ZGNIWET1HSUrOj62i5bESuQ0p6ni8 BDccmiMwaARypAnvVrtZzBTlWJyB6jGoABKqdpaJuD4lG4L5U7567UAOiXL1oqxPTv4SLP FdDbzIry4vEll+KsmIAnCWco9RqS/1jSNlq3YW3O46MLOmXkGo6DnilGRv/6MA== Subject: [PATCH 19/20] Squid: cachemgr.cgi does not have to be owned (hence writeable) by nobody To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> <4d993216-9803-346c-3f54-de35633d1205@ipfire.org> <0334d010-8b7d-7e4c-bf29-83f9bf12c229@ipfire.org> <62f381bd-c870-107a-cd81-27cb283660bb@ipfire.org> <6eb3152c-47f8-5687-6241-ad699ab6c7bd@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <3368b7e2-c4e8-076f-1dbc-75945b1a037f@ipfire.org> Date: Mon, 17 May 2021 21:07:32 +0200 MIME-Version: 1.0 In-Reply-To: <6eb3152c-47f8-5687-6241-ad699ab6c7bd@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- lfs/squid | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/squid b/lfs/squid index 18cb30ef7..38675f3f3 100644 --- a/lfs/squid +++ b/lfs/squid @@ -149,7 +149,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) chown -R squid:squid /var/log/squid /var/log/cache /var/log/updatexlrator cp /usr/lib/squid/cachemgr.cgi /srv/web/ipfire/cgi-bin/cachemgr.cgi - chown nobody.nobody /srv/web/ipfire/cgi-bin/cachemgr.cgi + chown root:root /srv/web/ipfire/cgi-bin/cachemgr.cgi cp -f $(DIR_SRC)/config/updxlrator/updxlrator /usr/sbin/updxlrator cp -f $(DIR_SRC)/config/updxlrator/checkup /var/ipfire/updatexlrator/bin/checkup From patchwork Mon May 17 19:07:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4321 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FkTDD36Ymz3wbk for ; Mon, 17 May 2021 19:07:56 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FkTDD0TcLz1Zf; Mon, 17 May 2021 19:07:56 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FkTDD01wpz2xjj; Mon, 17 May 2021 19:07:56 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FkTDB32jgz2xPC for ; Mon, 17 May 2021 19:07:54 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FkTD94vkBzZV for ; Mon, 17 May 2021 19:07:53 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621278474; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=STmcSMwtM3OvSwz3nLXVsDwqTWodicZVCgEbhVsoYXA=; b=qmNpDl9H9U6unk72QItUIdQu/WuqdFcWIyCNznhHIpTbrrQYvdFHKbs732RrsnCAViY0Pb ttDiufOsn9yGRCCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621278474; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=STmcSMwtM3OvSwz3nLXVsDwqTWodicZVCgEbhVsoYXA=; b=hNPWwPIoyi7jir/9m+I7S5zIpPzf/Y1X+PDUTjph9zxSfnLF5WgayATUdI7zB683lXm3E7 7ptSWI9jcrgQqksAdRHQN/xtTZvyEjEgpHharyK5xjnWN15oBn3n23jUXHpM63Fu3CKrEJ SK2HUvQkPEdgvobC2FgbLffpxK+xIPqPUuef/+2yfeA1C731mW1Tg3xBRwTaLIsH5Ye+Pd luS5YKPY6tA9osFeiPThuj7cQi+5bXh9Jkji0vxE5RpAFJLsUeF23xZxIifPiH2mR9wkrT Kghsfg/RC69p9p/HNAIuLEthQuI/pn/1GwrgCTukYrBIYTr5SWHI8551OVudBA== Subject: [PATCH 20/20] Core Update 157: Apply changed permissions to /srv/web/ipfire/cgi-bin/cachemgr.cgi To: development@lists.ipfire.org References: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> <6a4b79d4-6fdd-612f-36d4-e7614f1164be@ipfire.org> <2fb1ab47-34a4-f58d-93a8-3e2f79f122ff@ipfire.org> <0bd0080a-d095-5028-22fa-7d5436b9baf3@ipfire.org> <4d993216-9803-346c-3f54-de35633d1205@ipfire.org> <0334d010-8b7d-7e4c-bf29-83f9bf12c229@ipfire.org> <62f381bd-c870-107a-cd81-27cb283660bb@ipfire.org> <6eb3152c-47f8-5687-6241-ad699ab6c7bd@ipfire.org> <3368b7e2-c4e8-076f-1dbc-75945b1a037f@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <3b0ba7cd-9f63-20b4-86d0-279183c59aac@ipfire.org> Date: Mon, 17 May 2021 21:07:52 +0200 MIME-Version: 1.0 In-Reply-To: <3368b7e2-c4e8-076f-1dbc-75945b1a037f@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index d71c9688c..ce7b6f5bf 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -109,8 +109,12 @@ chmod -x \ /var/ipfire/fwhosts/icmp-types \ /var/ipfire/ovpn/ovpn-leases.db -chown -R root:root /var/ipfire/urlfilter/bin -chown -R root:root /var/ipfire/updatexlrator/bin +chown -R root:root \ + /var/ipfire/updatexlrator/bin \ + /var/ipfire/urlfilter/bin + +chown root:root \ + /srv/web/ipfire/cgi-bin/cachemgr.cgi # Delete scrubbed files rm -f \