my ($language, $country) = split(/_/, $shortlang);
push(@options, $language);
+ # Add English as fallback
+ push(@options, "en");
+
foreach my $option (@options) {
return $option if (-e "${General::swroot}/langs/$option.pl");
}
etc/rc.d/init.d/functions
#etc/rc.d/init.d/gnump3d
etc/rc.d/init.d/halt
+#etc/rc.d/init.d/haproxy
#etc/rc.d/init.d/hostapd
#etc/rc.d/init.d/imspector
etc/rc.d/init.d/ipsec
etc/rc.d/init.d/functions
#etc/rc.d/init.d/gnump3d
etc/rc.d/init.d/halt
+#etc/rc.d/init.d/haproxy
#etc/rc.d/init.d/hostapd
#etc/rc.d/init.d/imspector
etc/rc.d/init.d/ipsec
+++ /dev/null
-etc/system-release
-etc/issue
-srv/web/ipfire/cgi-bin/fwhosts.cgi
-srv/web/ipfire/cgi-bin/ovpnmain.cgi
-var/ipfire/backup/bin/backup.pl
-var/ipfire/langs
--- /dev/null
+../../../common/collectd
\ No newline at end of file
--- /dev/null
+etc/system-release
+etc/issue
+etc/collectd.conf
+etc/collectd.vpn
+etc/rc.d/init.d/dnsmasq
+srv/web/ipfire/cgi-bin/ddns.cgi
+srv/web/ipfire/cgi-bin/firewall.cgi
+srv/web/ipfire/cgi-bin/fwhosts.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
+srv/web/ipfire/cgi-bin/netovpnrw.cgi
+srv/web/ipfire/cgi-bin/netovpnsrv.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+var/ipfire/backup/bin/backup.pl
+var/ipfire/graphs.pl
+var/ipfire/langs
+var/ipfire/lang.pl
+var/ipfire/menu.d/20-status.menu
--- /dev/null
+../../../common/fuse
\ No newline at end of file
--- /dev/null
+../../../common/ntfs-3g
\ No newline at end of file
--- /dev/null
+../../../common/openssh
\ No newline at end of file
--- /dev/null
+../../../common/openssl
\ No newline at end of file
--- /dev/null
+../../../common/openssl-compat
\ No newline at end of file
--- /dev/null
+../../../common/setup
\ No newline at end of file
--- /dev/null
+../../../common/strongswan
\ No newline at end of file
--- /dev/null
+../../../common/tzdata
\ No newline at end of file
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
# Remove old core updates from pakfire cache to save space...
-core=88
+core=89
for (( i=1; i<=$core; i++ ))
do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done
# Stop services
+/etc/init.d/ipsec stop
# Remove old files
# Extract files
extract_files
+# Generate ddns configuration file
+sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi
+
# Start services
+/etc/init.d/dnsmasq restart
+if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
+ /etc/init.d/ipsec start
+fi
# Update Language cache
perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
-# Uninstall the sqlite package.
+# Prevent uninstall sqlite (now common package).
rm -f \
- /opt/pakfire/db/installed/meta-sqlite \
+ /opt/pakfire/db/*/meta-sqlite \
/opt/pakfire/db/rootfiles/sqlite
# Fix #10625
my $use_token = 0;
# Handle token based auth for various providers.
- if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com", "spdns.de"] && $username eq "token") {
+ if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com",
+ "spdns.de", "zzzz.io"] && $username eq "token") {
$use_token = 1;
# Handle token auth for freedns.afraid.org and regfish.com.
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/crda-3.13-crypto_use_optional.patch
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
cd $(DIR_APP) && find crypto/ -name Makefile -exec \
sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
no-mdc2 \
no-rc5 \
no-srp \
- no-ssl2 \
- no-ssl3 \
$(CONFIGURE_ARGS) \
-DSSL_FORBID_ENULL \
-DHAVE_CRYPTODEV \
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8u-cryptodev.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config
cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.17" # Version number
-CORE="87" # Core Level (Filename)
-PAKFIRE_CORE="87" # Core Level (PAKFIRE)
+CORE="88" # Core Level (Filename)
+PAKFIRE_CORE="88" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
+++ /dev/null
-Submitted By: hauke from OpenWRT
-Date: 2009-04-17
-Initial Package Version: 1.0.2
-Origin: https://dev.openwrt.org/changeset/15405/trunk/package/crda/patches/101-make_crypto_use_optional.patch
-Description: The patch was modified for version crda-3.13 by Erik Kapfer <erik.kapfer@ipfire.org>..
-This patch provides the following improvements:
- * Crypto usage is optional.
-
-diff -Nur crda-3.13.orig/Makefile crda-3.13/Makefile
---- crda-3.13.orig/Makefile 2015-01-12 07:55:08.791183765 +0100
-+++ crda-3.13/Makefile 2015-01-12 07:56:35.437381029 +0100
-@@ -43,7 +43,9 @@
-
- $(LIBREG): keys-ssl.c
-
--else
-+endif
-+
-+ifeq ($(USE_GCRYPT),1)
- CFLAGS += -DUSE_GCRYPT
- LDLIBS += -lgcrypt
-
--- /dev/null
+diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c\r
+--- openssl-1.0.1h/ssl/ssl_lib.c.v2v3 2014-06-11 16:02:52.000000000 +0200\r
++++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-30 14:18:04.290248080 +0200\r
+@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m\r
+ */\r
+ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;\r
+ \r
++ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */\r
++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;\r
++\r
+ return(ret);\r
+ err:\r
+ SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);\r