#!/bin/bash UPGRADEVERSION=1.4.10 PREVIOUSVERSION="1.4."$((`echo $UPGRADEVERSION | /usr/bin/cut -f3 -d '.'`-1)) echo "This is the $UPGRADEVERSION update patch for IPCop $PREVIOUSVERSION installing." CURRENTVERSION=`perl -e "require '/var/ipcop/general-functions.pl';print \\$General::version;"` if [ "$CURRENTVERSION" != "$PREVIOUSVERSION" ]; then echo "You are not running IPCop v$PREVIOUSVERSION for this patch to install." echo "Aborting installation." exit -1 fi # general-functions might not be overwrited by patch... /bin/sed -i -e "s+= '1.4.*$+= '$UPGRADEVERSION';+" /var/ipcop/general-functions.pl #protect backup key fix for SF1344032 restrict access to root only [ -e /var/ipcop/backup/backup.key ] && /bin/chmod 400 /var/ipcop/backup/backup.key && ./fixbackups.sh /bin/tar -zxpf patch.tar.gz -C / # update linker cache (openssl CAN-2005-2969) /sbin/ldconfig #New option for vpn echo "VPN_DELAYED_START=0" >> /var/ipcop/vpn/settings #replaces ipcoprebirth/ipcopdeath with ipcopreboot /bin/rm -f /usr/local/bin/{ipcopdeath,ipcoprebirth} # restart new httpd apache_1.3.34 mod_ssl-2.8.25-1.3.34 mm-1.4.0 /bin/killall httpd sleep 2 /usr/sbin/httpd # missing from 1.4.9 update /usr/local/bin/setdmzholes # patched squid (CAN-2005-3258 and bug#1405) [ -e /var/ipcop/proxy/squid.conf ] && /usr/local/bin/restartsquid # snort now use binary logging /usr/local/bin/restartsnort # avoid 'too many arguments' on cleanup for i in `seq 1 9`; do /bin/rm -rf /var/log/snort/$i* done #Insert missing advanced values for VPN settings. #If user never went to adv screen, they are empty. #Whitout them, ipsec uses 3des-(sha|md5)-(768|1024|1536) #as default ike and esp algorythm. #This correction does not add 'aes128' as vpnmain, #so user will see effective algorythm selected. cp /var/ipcop/vpn/config /var/ipcop/vpn/oldconfig /usr/bin/perl -e "\ use strict; \ if (open(FILE, '/var/ipcop/vpn/oldconfig')){\ my @lines = ;\ close (FILE);\ foreach my \$line (@lines){\ my @confighash=split(',' ,\$line);\ \$confighash[15] = 'on' if (\$confighash[15] eq '');\ \$confighash[14] = 'off' if (\$confighash[14] eq '');\ \$confighash[19] = '3des' if (\$confighash[19] eq '');\ \$confighash[20] = 'sha|md5' if (\$confighash[20] eq '');\ \$confighash[21] = '1536|1024|768'if (\$confighash[21] eq '');\ \$confighash[17] = '1' if (\$confighash[17] eq '');\ \$confighash[22] = 'aes128|3des' if (\$confighash[22] eq '');\ \$confighash[23] = 'sha1|md5' if (\$confighash[23] eq '');\ \$confighash[18] = '8' if (\$confighash[18] eq '');\ \$confighash[25] = 'off' if (\$confighash[25] eq '');\ print join (',', @confighash); }}" >/var/ipcop/vpn/config rm /var/ipcop/vpn/oldconfig #build cachelang file after all "lang/*.pl" updates perl -e "require '/var/ipcop/lang.pl'; &Lang::BuildCacheLang" killall mingetty #redisplay correct version echo "end of $UPGRADEVERSION update"