Proxmox/ProxmoxVE
1
0
Fork 1
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-06-09 09:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7d62e8319eb21babe54f3d5e95024b8fe5ae3612
ProxmoxVE/install/deconz-install.sh
T
Security Fix 7d62e8319e security: Fix HTTP to HTTPS for all package and repository downloads 
CRITICAL FIXES (CWE-494, CWE-300):
- tools/pve/microcode.sh:79 (Intel microcode)
- tools/pve/pbs-microcode.sh:93 (Intel microcode)

CONTAINER-LEVEL FIXES:
- install/deconz-install.sh: libssl1.1 .deb + setup_deb822_repo URLs
- install/odoo-install.sh: lxml-clean .deb
- ct/odoo.sh: lxml-clean .deb (update_script)

HOST-LEVEL REPOSITORY FIXES:
- tools/pve/post-pve-install.sh: Debian + Proxmox PVE repos
- tools/pve/post-pbs-install.sh: Debian + Proxmox PBS repos
- tools/pve/pve8-upgrade.sh: Debian + Proxmox PVE + Ceph repos
- tools/pve/pbs3-upgrade.sh: Debian + Proxmox PBS repos
- tools/pve/hw-acceleration.sh: Debian non-free repos (deb + deb-src)
- install/proxmox-backup-server-install.sh: Proxmox PBS repo
- install/medusa-install.sh: Debian non-free repo
- install/globaleaks-install.sh: GlobaLeaks repository

CHANGES:
 All http:// → https:// for package downloads
 All http:// → https:// for repository configurations
 Added --proto '=https' to curl commands for protocol enforcement
 Improved quoting for file variables

IMPACT:
- Prevents MITM attacks on package installations
- Prevents MITM attacks on repository configuration
- Enforces TLS transport security across all downloads
- Brings consistency with security best practices

CVSS: 6.5 (Medium) - CWE-494, CWE-300, CWE-829
2026-06-08 21:26:18 +02:00

55 lines
1.4 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://www.phoscon.de/en/conbee2/software#deconz
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Setting Phoscon Repository"
setup_deb822_repo \
"deconz" \
"https://phoscon.de/apt/deconz.pub.key" \
"https://phoscon.de/apt/deconz" \
"generic"
msg_ok "Setup Phoscon Repository"
msg_info "Installing deConz"
libssl=$(curl -fsSL --proto '=https' "https://security.ubuntu.com/ubuntu/pool/main/o/openssl/" | grep -o 'libssl1\.1_1\.1\.1f-1ubuntu2\.2[^"]*amd64\.deb' | head -n1)
curl -fsSL --proto '=https' "https://security.ubuntu.com/ubuntu/pool/main/o/openssl/$libssl" -o "$libssl"
$STD dpkg -i "$libssl"
$STD apt install -y deconz
rm -rf "$libssl"
msg_ok "Installed deConz"
msg_info "Creating Service"
cat <<EOF >/lib/systemd/system/deconz.service
[Unit]
Description=deCONZ: ZigBee gateway -- REST API
Wants=deconz-init.service deconz-update.service
StartLimitIntervalSec=0
[Service]
User=root
ExecStart=/usr/bin/deCONZ -platform minimal --http-port=80
Restart=on-failure
RestartSec=30
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_KILL CAP_SYS_BOOT CAP_SYS_TIME
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now deconz
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc
Reference in New Issue View Git Blame Copy Permalink