From c283a6f615f5fe4bea63d5534bda8a0c6270b486 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 30 Mar 2024 12:07:22 +0000 Subject: [PATCH] core185: Ship everything that is linked against XZ This is a precautionary step to avoid that we have any issues to face because of a downgrade as new symbols have been added to liblzma 5.6.0. Furthermore, this should avoid shipping any traces of any other potential malware in XZ that has been added in 5.6.0 or after. Signed-off-by: Michael Tremer --- config/rootfiles/core/185/filelists/aarch64/boost | 1 + config/rootfiles/core/185/filelists/aarch64/grub | 1 + config/rootfiles/core/185/filelists/apache2 | 1 + config/rootfiles/core/185/filelists/collectd | 1 + config/rootfiles/core/185/filelists/files | 1 + config/rootfiles/core/185/filelists/kmod | 1 + config/rootfiles/core/185/filelists/libarchive | 1 + config/rootfiles/core/185/filelists/libtiff | 1 + config/rootfiles/core/185/filelists/libxml2 | 1 + config/rootfiles/core/185/filelists/riscv64/boost | 1 + config/rootfiles/core/185/filelists/riscv64/grub | 1 + config/rootfiles/core/185/filelists/x86_64/boost | 1 + config/rootfiles/core/185/filelists/x86_64/grub | 1 + config/rootfiles/core/185/update.sh | 3 +++ lfs/foomatic | 2 +- lfs/sarg | 2 +- lfs/tor | 2 +- 17 files changed, 19 insertions(+), 3 deletions(-) create mode 120000 config/rootfiles/core/185/filelists/aarch64/boost create mode 120000 config/rootfiles/core/185/filelists/aarch64/grub create mode 120000 config/rootfiles/core/185/filelists/apache2 create mode 120000 config/rootfiles/core/185/filelists/collectd create mode 120000 config/rootfiles/core/185/filelists/kmod create mode 120000 config/rootfiles/core/185/filelists/libarchive create mode 120000 config/rootfiles/core/185/filelists/libtiff create mode 120000 config/rootfiles/core/185/filelists/libxml2 create mode 120000 config/rootfiles/core/185/filelists/riscv64/boost create mode 120000 config/rootfiles/core/185/filelists/riscv64/grub create mode 120000 config/rootfiles/core/185/filelists/x86_64/boost create mode 120000 config/rootfiles/core/185/filelists/x86_64/grub diff --git a/config/rootfiles/core/185/filelists/aarch64/boost b/config/rootfiles/core/185/filelists/aarch64/boost new file mode 120000 index 000000000..807ad06be --- /dev/null +++ b/config/rootfiles/core/185/filelists/aarch64/boost @@ -0,0 +1 @@ +../../../../common/aarch64/boost \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/aarch64/grub b/config/rootfiles/core/185/filelists/aarch64/grub new file mode 120000 index 000000000..40ae85fb6 --- /dev/null +++ b/config/rootfiles/core/185/filelists/aarch64/grub @@ -0,0 +1 @@ +../../../../common/aarch64/grub \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/apache2 b/config/rootfiles/core/185/filelists/apache2 new file mode 120000 index 000000000..eef95efa7 --- /dev/null +++ b/config/rootfiles/core/185/filelists/apache2 @@ -0,0 +1 @@ +../../../common/apache2 \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/collectd b/config/rootfiles/core/185/filelists/collectd new file mode 120000 index 000000000..871b32f14 --- /dev/null +++ b/config/rootfiles/core/185/filelists/collectd @@ -0,0 +1 @@ +../../../common/collectd \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/files b/config/rootfiles/core/185/filelists/files index 09ce83886..53793fda1 100644 --- a/config/rootfiles/core/185/filelists/files +++ b/config/rootfiles/core/185/filelists/files @@ -50,6 +50,7 @@ srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/time.cgi +usr/lib/python3.10/lib-dynload/_lzma.cpython-310-xxxMACHINExxx-linux-gnu.so usr/local/bin/update-ids-ruleset var/ipfire/backup/bin/backup.pl var/ipfire/ids-functions.pl diff --git a/config/rootfiles/core/185/filelists/kmod b/config/rootfiles/core/185/filelists/kmod new file mode 120000 index 000000000..0020e197e --- /dev/null +++ b/config/rootfiles/core/185/filelists/kmod @@ -0,0 +1 @@ +../../../common/kmod \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/libarchive b/config/rootfiles/core/185/filelists/libarchive new file mode 120000 index 000000000..551f1f743 --- /dev/null +++ b/config/rootfiles/core/185/filelists/libarchive @@ -0,0 +1 @@ +../../../common/libarchive \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/libtiff b/config/rootfiles/core/185/filelists/libtiff new file mode 120000 index 000000000..dd89e3cda --- /dev/null +++ b/config/rootfiles/core/185/filelists/libtiff @@ -0,0 +1 @@ +../../../common/libtiff \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/libxml2 b/config/rootfiles/core/185/filelists/libxml2 new file mode 120000 index 000000000..242e69fa3 --- /dev/null +++ b/config/rootfiles/core/185/filelists/libxml2 @@ -0,0 +1 @@ +../../../common/libxml2 \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/riscv64/boost b/config/rootfiles/core/185/filelists/riscv64/boost new file mode 120000 index 000000000..cbc461c2b --- /dev/null +++ b/config/rootfiles/core/185/filelists/riscv64/boost @@ -0,0 +1 @@ +../../../../common/riscv64/boost \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/riscv64/grub b/config/rootfiles/core/185/filelists/riscv64/grub new file mode 120000 index 000000000..7013c0be5 --- /dev/null +++ b/config/rootfiles/core/185/filelists/riscv64/grub @@ -0,0 +1 @@ +../../../../common/riscv64/grub \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/x86_64/boost b/config/rootfiles/core/185/filelists/x86_64/boost new file mode 120000 index 000000000..9ed31e1d5 --- /dev/null +++ b/config/rootfiles/core/185/filelists/x86_64/boost @@ -0,0 +1 @@ +../../../../common/x86_64/boost \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/x86_64/grub b/config/rootfiles/core/185/filelists/x86_64/grub new file mode 120000 index 000000000..78d3bd784 --- /dev/null +++ b/config/rootfiles/core/185/filelists/x86_64/grub @@ -0,0 +1 @@ +../../../../common/x86_64/grub \ No newline at end of file diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh index f86013c0d..28f18a7da 100644 --- a/config/rootfiles/core/185/update.sh +++ b/config/rootfiles/core/185/update.sh @@ -88,12 +88,15 @@ chmod -v 640 /etc/sudoers.d/* # Start services telinit u /etc/init.d/sshd restart +/etc/init.d/apache restart /etc/init.d/suricata restart /etc/init.d/unbound restart /etc/init.d/ntp start if [ -f /var/ipfire/proxy/enable ]; then /etc/init.d/squid start fi +/etc/init.d/collectd restart + ## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections # Check if ovpnconfig exists and is not empty if [ -s /var/ipfire/ovpn/ovpnconfig ]; then diff --git a/lfs/foomatic b/lfs/foomatic index d057505a9..21a5a589a 100644 --- a/lfs/foomatic +++ b/lfs/foomatic @@ -37,7 +37,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/foomatic-filters-$(VER_FILTERS) TARGET = $(DIR_INFO)/$(THISAPP) PROG = foomatic -PAK_VER = 9 +PAK_VER = 10 DEPS = cups ghostscript hplip diff --git a/lfs/sarg b/lfs/sarg index d38933fb0..1b8a077a6 100644 --- a/lfs/sarg +++ b/lfs/sarg @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = sarg -PAK_VER = 6 +PAK_VER = 7 DEPS = diff --git a/lfs/tor b/lfs/tor index 74b738512..aed30805f 100644 --- a/lfs/tor +++ b/lfs/tor @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 83 +PAK_VER = 84 DEPS = libseccomp -- 2.39.2