Development November 2015

development@lists.ipfire.org

13 participants
29 discussions

Re: [PATCH] BUG10940: remove leading zeros in ip address
by Michael Tremer 09 Nov '15

09 Nov '15

On Mon, 2015-11-09 at 20:14 +0100, Alexander Marx wrote: > > FULL ACK, Michael. > > But unfortunately it seems not to be possible to catch that issue > with modification of central functions like check_ip_address, becaus > ethat functions only return true or false not the "normalized ip" > without zero's. > > I am open for better solutions.... anyone ideas?! It is too late for that now. I think the best option would simply to consider those inputs as invalid and maybe fix this at some places where we can and where we find this makes sense. -Michael P.S. Please make sure to reply to the list. Especially if you are asking a question to the group :) > > cheers, > > Alex > > Am 09.11.2015 um 19:33 schrieb Michael Tremer: > > Hi, > > > > this does not look like the cleanest solution to be honest, but I > > guess > > this is acceptable. It solves the issue at hand, but generally I > > would > > like to have this solved one time so that one does not have to keep > > this problem in mind when writing new code. > > > > Merged. > > > > Best, > > -Michael > > > > On Mon, 2015-11-09 at 12:42 +0100, Alexander Marx wrote: > > > in firewallgroups (hosts) an error was created when using ip > > > adresses > > > like 192.168.000.008. Now all leading zeros are deleted in > > > firewallgroups and in the firewall itself when using single ip > > > addresses > > > as source or target. > > > > > > Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org> > > > --- > > > config/cfgroot/network-functions.pl | 13 +++++++++++++ > > > html/cgi-bin/firewall.cgi | 8 ++++++++ > > > html/cgi-bin/fwhosts.cgi | 13 +++++++------ > > > 3 files changed, 28 insertions(+), 6 deletions(-) > > > > > > diff --git a/config/cfgroot/network-functions.pl > > > b/config/cfgroot/network-functions.pl > > > index cb4ca3d..70fa5ed 100644 > > > --- a/config/cfgroot/network-functions.pl > > > +++ b/config/cfgroot/network-functions.pl > > > @@ -122,6 +122,19 @@ sub network2bin($) { > > > return ($network_start, $netmask_bin); > > > } > > > > > > +# Deletes leading zeros in ip address > > > +sub ip_remove_zero{ > > > + my $address = shift; > > > + my @ip = split (/\./, $address); > > > + > > > + foreach my $octet (@ip) { > > > + $octet = int($octet); > > > + } > > > + > > > + $address = join (".", @ip); > > > + > > > + return $address; > > > +} > > > # Returns True for all valid IP addresses > > > sub check_ip_address($) { > > > my $address = shift; > > > diff --git a/html/cgi-bin/firewall.cgi b/html/cgi > > > -bin/firewall.cgi > > > index 682c285..8007182 100644 > > > --- a/html/cgi-bin/firewall.cgi > > > +++ b/html/cgi-bin/firewall.cgi > > > @@ -31,6 +31,7 @@ no warnings 'uninitialized'; > > > #use CGI::Carp 'fatalsToBrowser'; > > > > > > require '/var/ipfire/general-functions.pl'; > > > +require '/var/ipfire/network-functions.pl'; > > > require "${General::swroot}/lang.pl"; > > > require "${General::swroot}/header.pl"; > > > require "${General::swroot}/geoip-functions.pl"; > > > @@ -465,6 +466,9 @@ sub checksource > > > } > > > } > > > if ($fwdfwsettings{'isip'} eq 'on'){ > > > + #remove leading zero > > > + $ip = &Network::ip_remove_zero($ip); > > > + > > > ##check if ip is valid > > > if (! &General::validip($ip)){ > > > $errormessage.=$Lang::tr{'fwdfw > > > err > > > src_addr'}."<br>"; > > > @@ -569,11 +573,15 @@ sub checktarget > > > ($ip,$subnet)=split > > > (/\//,$fwdfwsettings{'tgt_addr'}); > > > $subnet = > > > &General::iporsubtocidr($subnet); > > > } > > > + > > > #check if only ip > > > if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{ > > > 1,3} > > > )\.(\d{1,3})\.(\d{1,3})$/){ > > > $ip=$fwdfwsettings{'tgt_addr'}; > > > $subnet='32'; > > > } > > > + #remove leading zero > > > + $ip = &Network::ip_remove_zero($ip); > > > + > > > #check if ip is valid > > > if (! &General::validip($ip)){ > > > $errormessage.=$Lang::tr{'fwdfw err > > > tgt_addr'}."<br>"; > > > diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi > > > index 994a50a..35afad3 100644 > > > --- a/html/cgi-bin/fwhosts.cgi > > > +++ b/html/cgi-bin/fwhosts.cgi > > > @@ -27,6 +27,7 @@ use Sort::Naturally; > > > use CGI::Carp 'fatalsToBrowser'; > > > no warnings 'uninitialized'; > > > require '/var/ipfire/general-functions.pl'; > > > +require '/var/ipfire/network-functions.pl'; > > > require "/var/ipfire/geoip-functions.pl"; > > > require "/usr/lib/firewall/firewall-lib.pl"; > > > require "${General::swroot}/lang.pl"; > > > @@ -277,6 +278,9 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' ) > > > &addnet; > > > &viewtablenet; > > > }else{ > > > + #convert ip if leading '0' exists > > > + $fwhostsettings{'IP'} = > > > &Network::ip_remove_zero($fwhostsettings{'IP'}); > > > + > > > #check valid ip > > > if > > > (!&General::validipandmask($fwhostsettings{'IP'}."/".$fwhostsetti > > > ngs{ > > > 'SUBNET'})) > > > { > > > @@ -372,9 +376,6 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' ) > > > foreach my $i (0 .. 3) { > > > $customnetwork{$key}[$i] = "";} > > > $fwhostsettings{'SUBNET'} = > > > &General::iporsubtocidr($fwhostsettings{'SUBNET'}); > > > $customnetwork{$key}[0] = > > > $fwhostsettings{'HOSTNAME'}; > > > - #convert ip when leading '0' in byte > > > - $fwhostsettings{'IP'} =&G > > > ener > > > al::ip2dec($fwhostsettings{'IP'}); > > > - $fwhostsettings{'IP'} =&G > > > ener > > > al::dec2ip($fwhostsettings{'IP'}); > > > $customnetwork{$key}[1] = > > > &General::getnetworkip($fwhostsettings{'IP'},$fwhostsettings{'SUB > > > NET' > > > }) ; > > > $customnetwork{$key}[2] = > > > &General::iporsubtodec($fwhostsettings{'SUBNET'}) ; > > > $customnetwork{$key}[3] = > > > $fwhostsettings{'NETREMARK'}; > > > @@ -423,6 +424,9 @@ if ($fwhostsettings{'ACTION'} eq 'savehost') > > > } > > > #CHECK IP-PART > > > if ($fwhostsettings{'type'} eq 'ip'){ > > > + #convert ip if leading '0' exists > > > + $fwhostsettings{'IP'} = > > > &Network::ip_remove_zero($fwhostsettings{'IP'}); > > > + > > > #check for subnet > > > if (rindex($fwhostsettings{'IP'},'/') eq > > > ' > > > -1' ){ > > > if($fwhostsettings{'type'} eq > > > 'ip' > > > && !&General::validipandmask($fwhostsettings{'IP'}."/32")) > > > @@ -503,9 +507,6 @@ if ($fwhostsettings{'ACTION'} eq 'savehost') > > > $customhost{$key}[0] = > > > $fwhostsettings{'HOSTNAME'} ; > > > $customhost{$key}[1] = > > > $fwhostsettings{'type'} ; > > > if ($fwhostsettings{'type'} eq 'ip'){ > > > - #convert ip when leading '0' in > > > byte > > > - $fwhostsettings{'IP'}=&General:: > > > ip2d > > > ec($fwhostsettings{'IP'}); > > > - $fwhostsettings{'IP'}=&General:: > > > dec2 > > > ip($fwhostsettings{'IP'}); > > > $customhost{$key}[2] = > > > $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{ > > > 'SUB > > > NET'}); > > > }else{ > > > $customhost{$key}[2] = > > > $fwhostsettings{'IP'};

1 0

pam 1.2.1
by Matthias Fischer 09 Nov '15

09 Nov '15

Hi, ...before I take a bite thats too big for me: Current pam-version in 'next' is 0.99.10.0, would it be of interest updating to the current 1.2.1? The 'Changelog' since 0.99.10.0 is rather lengthy, but I don't want to start an update thats beyond my capabilities... Regards Matthias

2 1

[PATCH] BUG10940: remove leading zeros in ip address
by Alexander Marx 09 Nov '15

09 Nov '15

in firewallgroups (hosts) an error was created when using ip adresses like 192.168.000.008. Now all leading zeros are deleted in firewallgroups and in the firewall itself when using single ip addresses as source or target. Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org> --- config/cfgroot/network-functions.pl | 13 +++++++++++++ html/cgi-bin/firewall.cgi | 8 ++++++++ html/cgi-bin/fwhosts.cgi | 13 +++++++------ 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index cb4ca3d..70fa5ed 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -122,6 +122,19 @@ sub network2bin($) { return ($network_start, $netmask_bin); } +# Deletes leading zeros in ip address +sub ip_remove_zero{ + my $address = shift; + my @ip = split (/\./, $address); + + foreach my $octet (@ip) { + $octet = int($octet); + } + + $address = join (".", @ip); + + return $address; +} # Returns True for all valid IP addresses sub check_ip_address($) { my $address = shift; diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index 682c285..8007182 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -31,6 +31,7 @@ no warnings 'uninitialized'; #use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; +require '/var/ipfire/network-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "${General::swroot}/geoip-functions.pl"; @@ -465,6 +466,9 @@ sub checksource } } if ($fwdfwsettings{'isip'} eq 'on'){ + #remove leading zero + $ip = &Network::ip_remove_zero($ip); + ##check if ip is valid if (! &General::validip($ip)){ $errormessage.=$Lang::tr{'fwdfw err src_addr'}."<br>"; @@ -569,11 +573,15 @@ sub checktarget ($ip,$subnet)=split (/\//,$fwdfwsettings{'tgt_addr'}); $subnet = &General::iporsubtocidr($subnet); } + #check if only ip if($fwdfwsettings{'tgt_addr'}=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/){ $ip=$fwdfwsettings{'tgt_addr'}; $subnet='32'; } + #remove leading zero + $ip = &Network::ip_remove_zero($ip); + #check if ip is valid if (! &General::validip($ip)){ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>"; diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index 994a50a..35afad3 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -27,6 +27,7 @@ use Sort::Naturally; use CGI::Carp 'fatalsToBrowser'; no warnings 'uninitialized'; require '/var/ipfire/general-functions.pl'; +require '/var/ipfire/network-functions.pl'; require "/var/ipfire/geoip-functions.pl"; require "/usr/lib/firewall/firewall-lib.pl"; require "${General::swroot}/lang.pl"; @@ -277,6 +278,9 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' ) &addnet; &viewtablenet; }else{ + #convert ip if leading '0' exists + $fwhostsettings{'IP'} = &Network::ip_remove_zero($fwhostsettings{'IP'}); + #check valid ip if (!&General::validipandmask($fwhostsettings{'IP'}."/".$fwhostsettings{'SUBNET'})) { @@ -372,9 +376,6 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' ) foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";} $fwhostsettings{'SUBNET'} = &General::iporsubtocidr($fwhostsettings{'SUBNET'}); $customnetwork{$key}[0] = $fwhostsettings{'HOSTNAME'}; - #convert ip when leading '0' in byte - $fwhostsettings{'IP'} =&General::ip2dec($fwhostsettings{'IP'}); - $fwhostsettings{'IP'} =&General::dec2ip($fwhostsettings{'IP'}); $customnetwork{$key}[1] = &General::getnetworkip($fwhostsettings{'IP'},$fwhostsettings{'SUBNET'}) ; $customnetwork{$key}[2] = &General::iporsubtodec($fwhostsettings{'SUBNET'}) ; $customnetwork{$key}[3] = $fwhostsettings{'NETREMARK'}; @@ -423,6 +424,9 @@ if ($fwhostsettings{'ACTION'} eq 'savehost') } #CHECK IP-PART if ($fwhostsettings{'type'} eq 'ip'){ + #convert ip if leading '0' exists + $fwhostsettings{'IP'} = &Network::ip_remove_zero($fwhostsettings{'IP'}); + #check for subnet if (rindex($fwhostsettings{'IP'},'/') eq '-1' ){ if($fwhostsettings{'type'} eq 'ip' && !&General::validipandmask($fwhostsettings{'IP'}."/32")) @@ -503,9 +507,6 @@ if ($fwhostsettings{'ACTION'} eq 'savehost') $customhost{$key}[0] = $fwhostsettings{'HOSTNAME'} ; $customhost{$key}[1] = $fwhostsettings{'type'} ; if ($fwhostsettings{'type'} eq 'ip'){ - #convert ip when leading '0' in byte - $fwhostsettings{'IP'}=&General::ip2dec($fwhostsettings{'IP'}); - $fwhostsettings{'IP'}=&General::dec2ip($fwhostsettings{'IP'}); $customhost{$key}[2] = $fwhostsettings{'IP'}."/".&General::iporsubtodec($fwhostsettings{'SUBNET'}); }else{ $customhost{$key}[2] = $fwhostsettings{'IP'}; -- 1.9.1

2 1

[PATCH] bind: Update to 9.10.3
by Matthias Fischer 07 Nov '15

07 Nov '15

bind: Update to 9.10.3 Security fixes: An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. This flaw is disclosed in CVE-2015-5986. [RT #40286] A buffer accounting error could trigger an assertion failure when parsing certain malformed DNSSEC keys. This flaw was discovered by Hanno Böck of the Fuzzing Project, and is disclosed in CVE-2015-5722. [RT #40212] A specially crafted query could trigger an assertion failure in message.c. This flaw was discovered by Jonathan Foote, and is disclosed in CVE-2015-5477. [RT #40046] On servers configured to perform DNSSEC validation, an assertion failure could be triggered on answers from a specially configured server. This flaw was discovered by Breno Silveira Soares, and is disclosed in CVE-2015-4620. [RT #39795] Bug fixes: Asynchronous zone loads were not handled correctly when the zone load was already in progress; this could trigger a crash in zt.c. [RT #37573] A race during shutdown or reconfiguration could cause an assertion failure in mem.c. [RT #38979] Some answer formatting options didn't work correctly with dig +short. [RT #39291] Malformed records of some types, including NSAP and UNSPEC, could trigger assertion failures when loading text zone files. [RT #40274] [RT #40285] Fixed a possible crash in ratelimiter.c caused by NOTIFY messages being removed from the wrong rate limiter queue. [RT #40350] The default rrset-order of random was inconsistently applied. [RT #40456] BADVERS responses from broken authoritative name servers were not handled correctly. [RT #40427] Several bugs have been fixed in the RPZ implementation. For a complete list, see: https://kb.isc.org/article/AA-01306/0/BIND-9.10.3-Release-Notes.html Regards, Matthias Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/bind | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/bind b/lfs/bind index 0814cde..6480798 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@ include Config -VER = 9.10.2-P4 +VER = 9.10.3 THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 8b1f5064837756c938eadc1537dec5c7 +$(DL_FILE)_MD5 = d8cbf04a62a139a841d4bf878087a555 install : $(TARGET) -- 2.6.3

2 1

[PATCH] dma: Update to 0.10
by Matthias Fischer 03 Nov '15

03 Nov '15

Sorry, I borked the PATCH from yesterday...second try: dma: Update to 0.10 Changes: dns.c, do not treat unreachable DNS server as permanent error See: https://github.com/corecode/dma/commit/1a1306df018bd62cf1c5feb2e6e664f656bc… Deleted unnecessary blank lines in 'mail.cgi' Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- html/cgi-bin/mail.cgi | 15 --------------- lfs/dma | 6 +++--- 2 files changed, 3 insertions(+), 18 deletions(-) diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi index be663a6..a72f923 100755 --- a/html/cgi-bin/mail.cgi +++ b/html/cgi-bin/mail.cgi @@ -328,18 +328,3 @@ sub error { &Header::closebox(); } } - - - - - - - - - - - - - - - diff --git a/lfs/dma b/lfs/dma index 977efc8..cf264ea 100644 --- a/lfs/dma +++ b/lfs/dma @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2011 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2015 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 0.9.1 +VER = 0.10 THISAPP = dma-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 56afaf438ba34d4ff9c8879dc29a16b1 +$(DL_FILE)_MD5 = 91f521b0749e16f5d78e139e717245ea install : $(TARGET) -- 2.6.2

1 0

[PATCH] Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
by Matthias Fischer 02 Nov '15

02 Nov '15

dma: Update to 0.10 Changes: dns.c, do not treat unreachable DNS server as permanent error See: https://github.com/corecode/dma/commit/1a1306df018bd62cf1c5feb2e6e664f656bc… Deleted unnecessary blank lines in 'mail.cgi' Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- html/cgi-bin/mail.cgi | 15 --------------- lfs/dma | 6 +++--- 2 files changed, 3 insertions(+), 18 deletions(-) diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi index be663a6..a72f923 100755 --- a/html/cgi-bin/mail.cgi +++ b/html/cgi-bin/mail.cgi @@ -328,18 +328,3 @@ sub error { &Header::closebox(); } } - - - - - - - - - - - - - - - diff --git a/lfs/dma b/lfs/dma index 977efc8..cf264ea 100644 --- a/lfs/dma +++ b/lfs/dma @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2011 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2015 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 0.9.1 +VER = 0.10 THISAPP = dma-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 56afaf438ba34d4ff9c8879dc29a16b1 +$(DL_FILE)_MD5 = 91f521b0749e16f5d78e139e717245ea install : $(TARGET) -- 2.6.2

1 0

[PATCH] BUG10965: only write auth.conf if username/password are set
by Alexander Marx 02 Nov '15

02 Nov '15

auth.conf was always written, even if no username/password provided. In this case only the ip or Hostname of the mailserver was written into auth.conf. Now the file is only filled if username/password are filled. Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org> --- html/cgi-bin/mail.cgi | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi index be663a6..f5be104 100755 --- a/html/cgi-bin/mail.cgi +++ b/html/cgi-bin/mail.cgi @@ -110,9 +110,12 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite $mail{'SENDER'} = $cgiparams{'txt_mailsender'}; $mail{'RECIPIENT'} = $cgiparams{'txt_recipient'}; - $auth{'AUTHNAME'} = $cgiparams{'txt_mailuser'}; - $auth{'AUTHPASS'} = $cgiparams{'txt_mailpass'}; - $auth{'AUTHHOST'} = $cgiparams{'txt_mailserver'}; + if ($cgiparams{'txt_mailuser'} && $cgiparams{'txt_mailpass'}) { + $auth{'AUTHNAME'} = $cgiparams{'txt_mailuser'}; + $auth{'AUTHPASS'} = $cgiparams{'txt_mailpass'}; + $auth{'AUTHHOST'} = $cgiparams{'txt_mailserver'}; + print TXT1 "$auth{'AUTHNAME'}|$auth{'AUTHHOST'}:$auth{'AUTHPASS'}\n"; + } $dma{'SMARTHOST'} = $cgiparams{'txt_mailserver'}; $dma{'PORT'} = $cgiparams{'txt_mailport'}; @@ -129,7 +132,7 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite print TXT "$k $v\n"; } close TXT; - print TXT1 "$auth{'AUTHNAME'}|$auth{'AUTHHOST'}:$auth{'AUTHPASS'}\n"; + close TXT1; close TXT2; }else{ -- 1.9.1

4 8

[PATCH] snort: Update to 2.9.7.6
by Matthias Fischer 01 Nov '15

01 Nov '15

Hi, On 01.11.2015 01:58, Michael Tremer wrote: > Shouldn't the version of the rules and snort be the same? No necessarily, IMHO one can use all current rule files on https://snort.org/downloads/#rule-downloads (2975 / 2976 / 2962), but newest should be better, right. > This is a diff which only changes what is shown there. The configure > flags won't get touched it I would merge this patch. This is right, because in this (older) commit I hadn't changed the configure options yet. Sequence was: 2015-01-06 - snort (Update to 2.9.76): http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=2a67ace7… 2015-10-26 - snort 2.9.76 (removed unrecognized configure options in lfs file) -> this contains ONLY the changed lfs-file: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=da8d8d0a… Finally I thought the easiest way could be if I would send a new patch containing both. Hope this helps... ;-) Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- html/cgi-bin/ids.cgi | 6 +++--- lfs/snort | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 5ada911..f17b16a 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2013 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2015 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -263,9 +263,9 @@ if (-e "/etc/snort/snort.conf") { ####################### End added for snort rules control ################################# if ($snortsettings{'RULES'} eq 'subscripted') { - $url=" https://www.snort.org/rules/snortrules-snapshot-2970.tar.gz?oinkcode=$snort…'OINKCODE'}"; + $url=" https://www.snort.org/rules/snortrules-snapshot-2976.tar.gz?oinkcode=$snort…'OINKCODE'}"; } elsif ($snortsettings{'RULES'} eq 'registered') { - $url=" https://www.snort.org/rules/snortrules-snapshot-2970.tar.gz?oinkcode=$snort…'OINKCODE'}"; + $url=" https://www.snort.org/rules/snortrules-snapshot-2976.tar.gz?oinkcode=$snort…'OINKCODE'}"; } elsif ($snortsettings{'RULES'} eq 'community') { $url=" https://www.snort.org/rules/community"; } else { diff --git a/lfs/snort b/lfs/snort index 373e53c..148f539 100644 --- a/lfs/snort +++ b/lfs/snort @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2013 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2015 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.9.7.0 +VER = 2.9.7.6 THISAPP = snort-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -36,11 +36,11 @@ TARGET = $(DIR_INFO)/$(THISAPP) # Top-level Rules ############################################################################### -objects = $(DL_FILE) +objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = c2a45bc56441ee9456478f219dd8d1e2 +$(DL_FILE)_MD5 = 65349f3272c4de5b3210f77f1f7ab0e6 install : $(TARGET) -- 2.6.2

1 0

Re: [PATCH] snort 2.9.7.6: removed unrecognized configure options in lfs file
by Michael Tremer 01 Nov '15

01 Nov '15

That pulls in an update for snort, too. Right? You mean this commit? http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commitdiff;h=2a67… -Michael On Fri, 2015-10-30 at 18:59 +0100, Matthias Fischer wrote: > Hi, > > I recently also pushed an update for 'ids.cgi', regarding the updated > snort rules: > > http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=blob;f=html > /cgi > -bin/ids.cgi;h=f17b16a799f17b7e8912de8bc7e472368196bb92;hb=2a67ace74a > 8aed9bd2d5b3f4542a2aab36577c57 > > Since this has been asked in the forum a few days ago - shouldn't we > integrate this, either? > > Best, > Matthias > > On 27.10.2015 15:38, Michael Tremer wrote: > > Alright. I merged this. Thanks. > > > > -Michael > > > > On Mon, 2015-10-26 at 20:17 +0100, Matthias Fischer wrote: > > > Hi Michael, > > > > > > On 26.10.2015 19:24, Michael Tremer wrote: > > > > Could you simply upload me your git branch with these changes > > > > and I > > > > pull them instead? > > > > > > You find it here: > > > > > > http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=shortlo > > > g;h= > > > refs/heads/snort > > > > > > Best, > > > Matthias > > > > > > > > >

2 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development November 2015