From d4ac818a0b285672a7725bcf4b8ea75c0b13a229 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 21 Feb 2018 11:23:07 +0000 Subject: [PATCH 1/4] Specifty `LC_ALL=C` when dealing with sorted lists. Signed-off-by: Adam Warner --- gravity.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gravity.sh b/gravity.sh index ce2734fc..71849380 100755 --- a/gravity.sh +++ b/gravity.sh @@ -330,7 +330,7 @@ gravity_ParseFileIntoDomains() { }' "${source}" > "${destination}.exceptionsFile.tmp" # Remove exceptions - comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}" + LC_ALL=C comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}" mv "${source}" "${destination}" fi @@ -409,7 +409,7 @@ gravity_SortAndFilterConsolidatedList() { str="Removing duplicate domains" echo -ne " ${INFO} ${str}..." - sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}" + LC_ALL=C sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}" echo -e "${OVER} ${TICK} ${str}" # Format $preEventHorizon line total as currency @@ -431,7 +431,7 @@ gravity_Whitelist() { echo -ne " ${INFO} ${str}..." # Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile - comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}" + LC_ALL=C comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}" echo -e "${OVER} ${INFO} ${str}" } From 6b4685b33308f426ecd7c2b591b0713132a32525 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 21 Feb 2018 11:33:29 +0000 Subject: [PATCH 2/4] much more elegant to export LC_ALL at the beginning of the script! Signed-off-by: Adam Warner --- gravity.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/gravity.sh b/gravity.sh index 71849380..cfc7566e 100755 --- a/gravity.sh +++ b/gravity.sh @@ -11,6 +11,8 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. +export LC_ALL=C + coltable="/opt/pihole/COL_TABLE" source "${coltable}" @@ -330,7 +332,7 @@ gravity_ParseFileIntoDomains() { }' "${source}" > "${destination}.exceptionsFile.tmp" # Remove exceptions - LC_ALL=C comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}" + comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}" mv "${source}" "${destination}" fi @@ -409,7 +411,7 @@ gravity_SortAndFilterConsolidatedList() { str="Removing duplicate domains" echo -ne " ${INFO} ${str}..." - LC_ALL=C sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}" + sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}" echo -e "${OVER} ${TICK} ${str}" # Format $preEventHorizon line total as currency @@ -431,7 +433,7 @@ gravity_Whitelist() { echo -ne " ${INFO} ${str}..." # Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile - LC_ALL=C comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}" + comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}" echo -e "${OVER} ${INFO} ${str}" } From 4606693e62a16a40a5bd342ec237859e0d39dac3 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Thu, 22 Feb 2018 20:13:38 -0800 Subject: [PATCH 3/4] Use pushd/popd and create random temporary directory to prevent potential backdoor binary injection. Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index b694b527..bdf99ee3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1734,17 +1734,14 @@ clone_or_update_repos() { fi } -# Download and install FTL binary +# Download FTL binary to random temp directory and install FTL binary FTLinstall() { # Local, named variables local binary="${1}" local latesttag - local orig_dir local str="Downloading and Installing FTL" echo -ne " ${INFO} ${str}..." - # Get the current working directory - orig_dir="${PWD}" # Find the latest version tag for FTL latesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}') # Tags should always start with v, check for that. @@ -1754,44 +1751,44 @@ FTLinstall() { return 1 fi + # Move into the temp ftl directory + pushd "$(mktmp -d)" || { echo "Unable to make temporary directory for FTL binary download"; return 1; } + # Always replace pihole-FTL.service install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL" # If the download worked, - if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "/tmp/${binary}"; then + if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "${binary}"; then # get sha1 of the binary we just downloaded for verification. - curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "/tmp/${binary}.sha1" + curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "${binary}.sha1" - # Move into the temp directory - cd /tmp # If we downloaded binary file (as opposed to text), if sha1sum --status --quiet -c "${binary}".sha1; then echo -n "transferred... " # Stop FTL stop_service pihole-FTL &> /dev/null # Install the new version with the correct permissions - install -T -m 0755 /tmp/${binary} /usr/bin/pihole-FTL - # Remove the tempoary file - rm /tmp/${binary} /tmp/${binary}.sha1 + install -T -m 0755 "${binary}" /usr/bin/pihole-FTL # Move back into the original directory the user was in - cd "${orig_dir}" + popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } # Install the FTL service echo -e "${OVER} ${TICK} ${str}" return 0 # Otherise, else + # the download failed, so just go back to the original directory + popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" echo -e " ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}" - # the download failed, so just go back to the original directory - cd "${orig_dir}" return 1 fi # Otherwise, else - cd "${orig_dir}" + popd || { echo "Unable to return to original directory after FTL binary download."; return 1; } echo -e "${OVER} ${CROSS} ${str}" # The URL could not be found echo -e " ${COL_LIGHT_RED}Error: URL not found${COL_NC}" + return 1 fi } From 3425b9a82ecd6fde89437f15c1aa49e3fd7e5271 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Fri, 2 Mar 2018 12:28:53 -0800 Subject: [PATCH 4/4] Fix mktmp > mktemp Signed-off-by: Dan Schaper --- automated install/basic-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index bdf99ee3..704055d5 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1752,7 +1752,7 @@ FTLinstall() { fi # Move into the temp ftl directory - pushd "$(mktmp -d)" || { echo "Unable to make temporary directory for FTL binary download"; return 1; } + pushd "$(mktemp -d)" || { echo "Unable to make temporary directory for FTL binary download"; return 1; } # Always replace pihole-FTL.service install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL"