/var/log/ip-acct/*
/var/log/rrd/*
/var/log/rrd/collectd
-/var/log/rrd/vnstat
+/var/log/vnstat
/etc/sysconfig/firewall.local
/etc/sysconfig/rc.local
/root/.gitconfig
etc/ssh/sshd_config
usr/bin/scp
usr/bin/sftp
-usr/bin/slogin
usr/bin/ssh
usr/bin/ssh-add
usr/bin/ssh-agent
--- /dev/null
+boot/config.txt
+etc/alternatives
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+etc/system-release
+etc/issue
+var/ipfire/backup/include
--- /dev/null
+../../../../common/i586/openssl-sse2
\ No newline at end of file
--- /dev/null
+../../../common/openssh
\ No newline at end of file
--- /dev/null
+../../../common/openssl
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2016 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+# Remove old core updates from pakfire cache to save space...
+core=99
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+
+# remove slogin which is not included in new OpenSSH
+rm /usr/bin/slogin
+
+# Extract files
+extract_files
+
+# Update Language cache
+# /usr/local/bin/update-lang-cache
+
+# Start services
+/etc/init.d/sshd restart
+/etc/init.d/apache restart
+
+# This update need a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+sync
+
+# Don't report the exitcode last command
+exit 0
# Bugfixes for core96 updater bugs...
if [ -e /boot/grub/grub.conf ]; then
# legacy grub config on xen or citrix conflicts with grub2 config
- rm /boot/grub/grub.cfg
+ # and core96 contains an empty file
+ if [ ! -s /boot/grub/grub.cfg ]; then
+ rm /boot/grub/grub.cfg
+ fi
fi
if [ -e /boot/grub/grub.cfg ]; then
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 7.1p2
+VER = 7.2p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4d8547670e2a220d5ef805ad9e47acf2
+$(DL_FILE)_MD5 = b984775f0cfff1f7ff18b8797fce8a28
install : $(TARGET)
include Config
-VER = 1.0.2f
+VER = 1.0.2g
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
zlib-dynamic \
enable-camellia \
enable-md2 \
+ enable-ssl2 \
enable-seed \
enable-tlsext \
enable-rfc3779 \
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b3bf73f507172be9292ea2a8c28b659d
+$(DL_FILE)_MD5 = f3c710c045cdee5fd114feb69feba7aa
install : $(TARGET)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
# i586 specific patches
ifeq "$(MACHINE)" "i586"
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = stunnel
-PAK_VER = 1
+PAK_VER = 2
DEPS = ""
SNAME="ipfire" # Short name
VERSION="2.17" # Version number
CORE="100" # Core Level (Filename)
-PAKFIRE_CORE="98" # Core Level (PAKFIRE)
+PAKFIRE_CORE="99" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
--- /dev/null
+diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c
+--- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100
++++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100
+@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+
+ /*
+- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
+- * explicitly clear this option via either of SSL_CTX_clear_options() or
++ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to
++ * explicitly clear these options via either of SSL_CTX_clear_options() or
+ * SSL_clear_options().
+ */
+- ret->options |= SSL_OP_NO_SSLv2;
++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+
+ return (ret);
+ err:
+++ /dev/null
---- openssl-1.0.1m/ssl/ssl_lib.c.old 2015-03-19 15:56:40.966287977 +0100
-+++ openssl-1.0.1m/ssl/ssl_lib.c 2015-03-19 15:57:07.976160846 +0100
-@@ -1892,6 +1892,9 @@
- */
- ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-
-+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
-+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-+
- return (ret);
- err:
- SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);