From patchwork Fri May 21 13:40:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4351 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Fmnmr0Gv7z3wbl for ; Fri, 21 May 2021 13:40:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Fmnmq4BJqz1LK; Fri, 21 May 2021 13:40:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Fmnmq2p0Wz2xdK; Fri, 21 May 2021 13:40:43 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Fmnmp2f3qz2xd6 for ; Fri, 21 May 2021 13:40:42 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Fmnmm5tGYzsV for ; Fri, 21 May 2021 13:40:40 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621604441; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ThvEjPy8eU9c0iGRFgN+VspSemDUTtFmhlLaXJSlkDA=; b=v8twCtojmR9kpqwAzsOKcIAqK/HJwDU+q/hR54rWcbyfDmqaSvpSF+nJdsxTAUz05m6Pck X1KkqTeUxiZnMBCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621604441; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ThvEjPy8eU9c0iGRFgN+VspSemDUTtFmhlLaXJSlkDA=; b=v0mjH7El4ID0K4MvW+WDn9xIRs7o25H79WAheHGLsYFJzfDyDE07a41hv5EDhwrb7jTsIO 8fw1WvODsTOpANNUBh25CjTk6NR/hamAznmeZSH1o08Mx6MukJhfEle+7ThuPG9JeSwKfQ UezDxQj+mZkijW4Mwj1B5OJSdvmJW0JuTpVC1J69K6cy6V4pQCGiDozM+jwQREPAD9ISwi cLjmmHdQmDuTiJYi0mA/Q+wc92TuwFAtLLICw8zj2y1XYaOGB/42JrGDesNDP4jDO9c4Nn WMybcoVxgbKYEOF4TUbSGB2jqQx5ZEUK5ys6jKx6c/vZcaExetVTA1gyHqj8Ag== Subject: [PATCH 1/6] Core Update 157: Apply changed SSH configurations To: development@lists.ipfire.org References: <542b1005-b471-30bf-ead7-1c5dd93d457c@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <429b9a37-26f3-5ec4-d82d-99cb4aaa27a7@ipfire.org> Date: Fri, 21 May 2021 15:40:38 +0200 MIME-Version: 1.0 In-Reply-To: <542b1005-b471-30bf-ead7-1c5dd93d457c@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is necessary to fix SSH not starting after upgrading to Core Update 157 unless it's settings are manually written via the WebUI. Reported-by: Erik Kapfer Reported-by: Tom Rymes Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index ce7b6f5bf..a53aa0759 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -97,6 +97,9 @@ extract_files # update linker config ldconfig +# Apply local configuration to sshd_config +/usr/local/bin/sshctrl + # Update Language cache /usr/local/bin/update-lang-cache From patchwork Fri May 21 13:41:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4352 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FmnnM0hmRz3wbl for ; Fri, 21 May 2021 13:41:11 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FmnnL56tlz6XM; Fri, 21 May 2021 13:41:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FmnnL3gKYz2xfn; Fri, 21 May 2021 13:41:10 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FmnnK0LNJz2xd6 for ; Fri, 21 May 2021 13:41:09 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FmnnH6ybhz14F for ; Fri, 21 May 2021 13:41:07 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621604468; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YtQDm3AGJs6NSTQ5L6wLmVy2h0L7cuNFIpjCkJKBxSc=; b=3T8tjDyzmAgypMlCnZywXyAL4pNwpGXTWSATL9JJ+hLfAxw8e3jcygti4T8+ZLkcuVbqfy twu9/I+zVSlRV+Dg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621604468; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YtQDm3AGJs6NSTQ5L6wLmVy2h0L7cuNFIpjCkJKBxSc=; b=E6mG8dJLwhbno9e/1h+9oMfzUy36cZMw3gaY6X7VeY7U6ycqYZRC5j6dyHqbCaVRwihmkn 3O7x0zdRBcTD+NUVId7zyKnropECnysAjuowYK6BfKlXYuNB2j3bf7P7F2l3o7PsAjjqWp fZ7kGFokqm6NdICiWIVPA7IrD61AutnW9IyaW/F6z/GmzJh0PmigpIUIgORpJwG6jFNa8j wn0k8qVG9oqZzCIXKYw/ruffwKjobefNxTQTN2fsmNuN9amGJgs/jwzT9SCWTebN4OFhHj UB9A2MdtPjruKxbGZ00mLAtpJcD+ksFTGkMxPIpfgModmAvTyreMLy13yevLOg== Subject: [PATCH 2/6] Core Update 157: Ship backup package to apply changed permissions To: development@lists.ipfire.org References: <542b1005-b471-30bf-ead7-1c5dd93d457c@ipfire.org> <429b9a37-26f3-5ec4-d82d-99cb4aaa27a7@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Fri, 21 May 2021 15:41:05 +0200 MIME-Version: 1.0 In-Reply-To: <429b9a37-26f3-5ec4-d82d-99cb4aaa27a7@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is required as "backup" itself does not gets updated automatically, contrary to it's LFS file suggesting by having a "PAK_VER" number. In order to fix #12619, it is therefore necessary to ship the backup files with Core Update 157. Partially fixes: #12619 Signed-off-by: Peter Müller --- config/rootfiles/core/157/filelists/backup | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/157/filelists/backup diff --git a/config/rootfiles/core/157/filelists/backup b/config/rootfiles/core/157/filelists/backup new file mode 120000 index 000000000..38e28a8b4 --- /dev/null +++ b/config/rootfiles/core/157/filelists/backup @@ -0,0 +1 @@ +../../../common/backup \ No newline at end of file From patchwork Fri May 21 13:41:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4353 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Fmnnq1Pf9z3wbl for ; Fri, 21 May 2021 13:41:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Fmnnp5z9gz6Xp; Fri, 21 May 2021 13:41:34 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Fmnnp4T22z2xdK; Fri, 21 May 2021 13:41:34 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Fmnnn2XBYz2xd6 for ; Fri, 21 May 2021 13:41:33 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Fmnnm19PHz5Pg for ; Fri, 21 May 2021 13:41:31 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621604492; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ENtQXWcEA9Uf8rd7Y4zMSWvyzsueKqMmFgg1ps82gCk=; b=Du8wjZo3hGwhNGALUix5oG33TdMGB2tPl9HmSUwNpS1fuqvEm4nJ7wo/NsYPnq6EJIslUj MixFwi+CqewN2iAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621604492; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ENtQXWcEA9Uf8rd7Y4zMSWvyzsueKqMmFgg1ps82gCk=; b=O3B6T1XSKwq4qsNMOBN0GSxc1H9I4/91Mdn3fD9MCWU+BbqAcAktOyGHj7Jlsp9DqHUINK PMrVZ5iFhL3puwkD9EMEzEDm67VO2joePg3luAK1DTsybE3yJb3gKbHt82O2MlKPtuwFXk lG9T6Ne2ZJYW+F/pKhX22F7y2oQdzG5vp1zarMda9x0a0M3I5/QW1IoN0f0zX0lMNBsrNA +N/TI8DqH8lwvQ3KZ/ErrLEEFdkDvWQTkH5UoefSAU8ag6HWWEwZn7OF1c48eGst0DyjYY ViuBWvEKhHooCk12n5hEVAnkxS0M+V5NdjTGmQrK+znT5HPT5Nz1fcx1uTucxg== Subject: [PATCH 3/6] pppd: Explicitly ship pppd shared object files To: development@lists.ipfire.org References: <542b1005-b471-30bf-ead7-1c5dd93d457c@ipfire.org> <429b9a37-26f3-5ec4-d82d-99cb4aaa27a7@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Fri, 21 May 2021 15:41:29 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" These are needed by pppd, but were not previously shipped as such. Instead, since their parent directory at /usr/lib/pppd/${version}/ was not commented out, we implicitly shipped the entire directory. This patch does not change our behaviour in the end, but makes things more transparent to developers. Signed-off-by: Peter Müller --- config/rootfiles/common/ppp | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index 8d0af69c4..d61fdf811 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -38,18 +38,18 @@ etc/ppp/standardloginscript #usr/include/pppd/upap.h usr/lib/pppd usr/lib/pppd/2.4.9 -#usr/lib/pppd/2.4.9/minconn.so -#usr/lib/pppd/2.4.9/openl2tp.so -#usr/lib/pppd/2.4.9/passprompt.so -#usr/lib/pppd/2.4.9/passwordfd.so -#usr/lib/pppd/2.4.9/pppoatm.so -#usr/lib/pppd/2.4.9/pppoe.so -#usr/lib/pppd/2.4.9/pppol2tp.so -#usr/lib/pppd/2.4.9/radattr.so -#usr/lib/pppd/2.4.9/radius.so -#usr/lib/pppd/2.4.9/radrealms.so -#usr/lib/pppd/2.4.9/rp-pppoe.so -#usr/lib/pppd/2.4.9/winbind.so +usr/lib/pppd/2.4.9/minconn.so +usr/lib/pppd/2.4.9/openl2tp.so +usr/lib/pppd/2.4.9/passprompt.so +usr/lib/pppd/2.4.9/passwordfd.so +usr/lib/pppd/2.4.9/pppoatm.so +usr/lib/pppd/2.4.9/pppoe.so +usr/lib/pppd/2.4.9/pppol2tp.so +usr/lib/pppd/2.4.9/radattr.so +usr/lib/pppd/2.4.9/radius.so +usr/lib/pppd/2.4.9/radrealms.so +usr/lib/pppd/2.4.9/rp-pppoe.so +usr/lib/pppd/2.4.9/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump From patchwork Fri May 21 13:41:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4354 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FmnpD23zvz3wbl for ; Fri, 21 May 2021 13:41:56 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FmnpC6tchz6Z5; Fri, 21 May 2021 13:41:55 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FmnpC5RPnz2ycQ; Fri, 21 May 2021 13:41:55 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FmnpB24VJz2xd6 for ; Fri, 21 May 2021 13:41:54 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Fmnp92M38z6Z5 for ; Fri, 21 May 2021 13:41:52 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621604514; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sxs7OeHYGtDVEgCCH7L3ojqNlu2gGaT/w/3A84BRjcw=; b=3+VC5b45h1a24EBOkizCwJKJrZ1aHp92o74o2QTqicbCnpXJrWUn+YeXekIs1oMy4FN7CH loi4kXWYyHWN2WBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621604514; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sxs7OeHYGtDVEgCCH7L3ojqNlu2gGaT/w/3A84BRjcw=; b=F5TPLduNUTCK+p4pAU0W6a2ZyPuqxhPh7vDBWoVgd1pTID8mY/uLQuYcmlC1m3iTl8zHsV rKg5wEfgEBwQzL7yy+P3isyuwbn7gHTCEq88VknLMfyDgzdaMWH7NeRPVTW/M5J5J+F9wb MjWvfPNcked+BEMS1H1WsI3LlkGrFiP8JYjaudsdbdxYV+tgNN0xBCz0CYuHnyS+ttihBd uQIQg/evGKZOF/lw3HDKC6+tHhEOOK+lKkcaQR/2XzAgbEColBotZtHtm0Gge804c+nI9v UgAnpSWtVcjoNLikZPlZTLEAYiq7bgCRvRB5Jh5EUmetSLNhypoVmHXVb5/zQw== Subject: [PATCH 4/6] Core Update 157: Delete shared object files leftover from pppd 2.4.8 To: development@lists.ipfire.org References: <542b1005-b471-30bf-ead7-1c5dd93d457c@ipfire.org> <429b9a37-26f3-5ec4-d82d-99cb4aaa27a7@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Fri, 21 May 2021 15:41:50 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/rootfiles/core/157/update.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index a53aa0759..94b10723f 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -124,6 +124,10 @@ rm -f \ /usr/lib/dma-mbox-create \ /usr/lib/openssh/ssh-keysign +# Delete orphaned pppd 2.4.8 shared object files +rm -rf \ + /usr/lib/pppd/2.4.8/ + # Start services /etc/init.d/sshd restart /etc/init.d/apache restart From patchwork Fri May 21 13:42:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4355 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Fmnpg2Xdxz3wbl for ; Fri, 21 May 2021 13:42:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Fmnpg0bd4z6Yc; Fri, 21 May 2021 13:42:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Fmnpf6KTTz2ycQ; Fri, 21 May 2021 13:42:18 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Fmnpf2b3yz2xd6 for ; Fri, 21 May 2021 13:42:18 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Fmnpd1vpsz297 for ; Fri, 21 May 2021 13:42:16 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621604538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BmV7VEjyIaMIn6eul1rECwL4N/6TyfNDlj9b5RU3++A=; b=X1N7w4g4Q1xXCt2zLDqZExbpFekJZ0S3jvart0P7qy+y2XZ9ftQe+7oswYUIL9B59epaye oW8kMheo58jd64Aw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621604538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BmV7VEjyIaMIn6eul1rECwL4N/6TyfNDlj9b5RU3++A=; b=LoiRaD+X2npqSNKWWPYHwW7xdaHw4JulFAeXQdQ5tpO1t/0yoXW8ahskOkze7V9Els6s+p 0zp87IBts3eQ+epvowyy44l6REJpEXO/4JdixSq0TOMosFUJbZSr+96ffYtxIiJob1UKxv slnU5DW+MuW829/iuIcOIoUc7dK0JzZGyXyfvfjKK6W9sDegR8op2j87YsWUgcsB2wPu8I 2ZawqQJEhS9K/Pq0GZqZbJi3i4JDrJ4LWndf/ddH5FOBPMyD2pgRl2wPCPUEyYnvPq/DZH pg4Ce8UL4kDVLzfaIBr51KQzWJbbDiovt7/oD4BiNqUfh6ep22X16/666R1a8Q== Subject: [PATCH 5/6] nagios-plugins: Set SUID bit for plugins which need it to function properly To: development@lists.ipfire.org References: <542b1005-b471-30bf-ead7-1c5dd93d457c@ipfire.org> <429b9a37-26f3-5ec4-d82d-99cb4aaa27a7@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <423afb1f-304d-eecf-8db3-3ea5d9353fb8@ipfire.org> Date: Fri, 21 May 2021 15:42:14 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- lfs/nagios-plugins | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lfs/nagios-plugins b/lfs/nagios-plugins index d35a94bbe..cdf1910b0 100644 --- a/lfs/nagios-plugins +++ b/lfs/nagios-plugins @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nagios-plugins -PAK_VER = 5 +PAK_VER = 6 DEPS = @@ -92,4 +92,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Prevent Nagios plugins from being owned (and hence writeable) by "nobody" chown root:root -R /usr/lib/nagios/plugins + # Unfortunately, some of these plugins need the SUID bit to do their work properly + chmod +s \ + /usr/lib/nagios/plugins/check_dhcp \ + /usr/lib/nagios/plugins/check_icmp \ + /usr/lib/nagios/plugins/check_ide_smart \ + /usr/lib/nagios/plugins/check_ping + @$(POSTBUILD) From patchwork Fri May 21 13:42:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4356 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Fmnq6485Sz3wbl for ; Fri, 21 May 2021 13:42:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Fmnq61TsRz6ZB; Fri, 21 May 2021 13:42:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Fmnq6067Lz2yb8; Fri, 21 May 2021 13:42:42 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Fmnq45V0Lz2xd6 for ; Fri, 21 May 2021 13:42:40 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Fmnq35Bbdz297 for ; Fri, 21 May 2021 13:42:39 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1621604560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gVkNW7N9Jra8MqJFBuL+qLKXW/A4Ojoodt8eLRrLNLs=; b=YtFxUSJ/a0Z8xsQDvwoBbHBoq5hwwcbTt7wpF/MWwB229mnUx21RIOaFRD2hIKQRezQP6L HW9M/F0TTLzmbLDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1621604560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gVkNW7N9Jra8MqJFBuL+qLKXW/A4Ojoodt8eLRrLNLs=; b=eLA/6qex2K0HASdscCZU4nU8b+rvp06bHizP287lZEhxR722WIbcNrsmDRhjEYH1mkj0JK 9vmarfo0Ndzk3vbRMmcSuleSV8UIyxnwAuX6BYYCD8tZTAI0GcyRZiatSPg8yXtmN0SJCd 7+4bDdbbAeI5wijRLXnoTQJ9xlg4h3mAhfww8u+pku3aLAo/u+Fp7YETrNOplGpIetsx1i Dz3KygllKuVPWSfbbyQ+7WuHj642rwgkQTO/2/tF/aQpY0b3vnZtstIC3/I48Zbm8leh6k dEFLvhxVANz5VN4gQvce0linwNv207AiYJET0qXKGS7j9iQSrKnoEs89Q06OZA== Subject: [PATCH 6/6] Icinga: Do not ship event handlers for Nagios To: development@lists.ipfire.org References: <542b1005-b471-30bf-ead7-1c5dd93d457c@ipfire.org> <429b9a37-26f3-5ec4-d82d-99cb4aaa27a7@ipfire.org> <423afb1f-304d-eecf-8db3-3ea5d9353fb8@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Fri, 21 May 2021 15:42:36 +0200 MIME-Version: 1.0 In-Reply-To: <423afb1f-304d-eecf-8db3-3ea5d9353fb8@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" These are owned (hence being writable) by "nobody", posing a potential security risk. Since the files itself were already exluded from being shipped, their parent directory should be as well. This patch should reduce the amount of executable files being owned by nobody to zero after upgrading to Core Update 157. Due to complexity reasons, not all applications available in Pakfire could be tested, though, so your mileage may vary. Signed-off-by: Peter Müller --- config/rootfiles/packages/icinga | 2 +- lfs/icinga | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/packages/icinga b/config/rootfiles/packages/icinga index f81ba9db2..000be6346 100644 --- a/config/rootfiles/packages/icinga +++ b/config/rootfiles/packages/icinga @@ -25,7 +25,7 @@ usr/bin/icinga usr/bin/icingastats #usr/lib/icinga usr/lib/icinga/p1.pl -usr/lib/nagios/plugins/eventhandlers +#usr/lib/nagios/plugins/eventhandlers #usr/lib/nagios/plugins/eventhandlers/disable_active_service_checks #usr/lib/nagios/plugins/eventhandlers/disable_notifications #usr/lib/nagios/plugins/eventhandlers/distributed-monitoring diff --git a/lfs/icinga b/lfs/icinga index 6534722ac..456f66388 100644 --- a/lfs/icinga +++ b/lfs/icinga @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = icinga -PAK_VER = 4 +PAK_VER = 5 DEPS = nagios-plugins