This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via bf0aa7f25b3748190565e784c55c2867ee70da37 (commit)
via 76d514cf5bc5df3cda8655d2aa83dbe2cc8f8c2f (commit)
via d4c12742904f8b1a4fb4d42c3892ebf4b18e6ab4 (commit)
via 13460523499291ed47e0c99eb369ff18a08f1d23 (commit)
via 6ad7785b1d4a1f301c7e5c291cf8fa2b201c4406 (commit)
via 28b9c97651023355dce2b0653eedefea8e72d0d3 (commit)
from 70ccbf30f34e47563dae9487a339e50f7ceaccf9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bf0aa7f25b3748190565e784c55c2867ee70da37
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue May 23 13:50:07 2023 +0200
suricata: Update to 6.0.12
"6.0.12 -- 2023-05-08
Bug #6040: tcp: failed assertion ASSERT: !(ssn->state != TCP_SYN_SENT) (6.0.x backport)
Bug #6039: TCP resets have incorrect len, nh in IPv6 (6.0.x backport)
Bug #6034: time: integer comparison with different signs (6.0.x backport)
Bug #6031: af-packet: reload not occurring until packets are seen (6.0.x backport)
Bug #6020: smtp: fuzz debug assertion trigger (6.0.x backport)
Bug #6018: scan-build warning for mime decoder (6.0.x backport)
Bug #6017: scan-build warnings for ac implementations (6.0.x backport)
Bug #6016: scan-build warnings in radix implementation (6.0.x backport)
Bug #6015: scan-build warning for detect sigordering (6.0.x backport)
Bug #6014: scan-build warnings for detect address handling (6.0.x backport)
Bug #6013: scan-build warning for detect port handling (6.0.x backport)
Bug #6007: Unexpected behavior of `endswith` in combination with negated content matches (6.0.x backport)
Bug #5999: exception/policy: make work with simulated flow memcap (6.0.x backport)
Bug #5997: perf shows excessive time in IPOnlyMatchPacket (6.0.x backport)
Bug #5980: rust: warning for future compile errors
Bug #5961: smb: wrong endian conversion when parse NTLM Negotiate Flags (6.0.x backport)
Bug #5958: bpf: postpone IPS check after IPS runmode is determined from the configuration file (6.0.x backport)
Bug #5934: app-layer-htp: Condition depending on enabled IPS mode never true (6.0.x backport)
Optimization #6033: detect using uninitialized engine mode (6.0.x backport)
Feature #5996: Add support for 'inner' PF_RING clustering modes (6.0.x backport)
Task #6052: github-ci: add windows + windivert build (6.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
commit 76d514cf5bc5df3cda8655d2aa83dbe2cc8f8c2f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri May 26 14:27:31 2023 +0000
core175: Remove file that has been deleted through reverts
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d4c12742904f8b1a4fb4d42c3892ebf4b18e6ab4
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri May 26 14:27:08 2023 +0000
Revert "web-user-interface: Addition of new icon for secure connection certificate download"
This reverts commit 18bece0edbd817933f48fdbffcffffd074e42c05.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 13460523499291ed47e0c99eb369ff18a08f1d23
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri May 26 14:26:50 2023 +0000
Revert "en.pl: Update to language wording for secure connection icon"
This reverts commit 070abb0d011ff71e5aefd170dcb366d81bdf2497.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6ad7785b1d4a1f301c7e5c291cf8fa2b201c4406
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri May 26 14:26:31 2023 +0000
Revert "de.pl: Change language text for secure icon wording"
This reverts commit 82822934ba769bca4235cd2a02f848cdc8511120.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 28b9c97651023355dce2b0653eedefea8e72d0d3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri May 26 14:26:16 2023 +0000
Revert "ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password"
This reverts commit 762c88ec4d85e3a4f7265b887f054cbe7703eb7c.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/web-user-interface | 1 -
config/rootfiles/core/175/filelists/files | 1 -
html/cgi-bin/ovpnmain.cgi | 72 +++++++++------------
html/html/images/openvpn_encrypted.png | Bin 7004 -> 0 bytes
langs/de/cgi-bin/de.pl | 2 +-
langs/en/cgi-bin/en.pl | 2 +-
lfs/suricata | 4 +-
....0.8-fix-level1-cache-line-size-detection.patch | 2 +-
.../suricata/suricata-disable-sid-2210059.patch | 2 +-
9 files changed, 36 insertions(+), 50 deletions(-)
delete mode 100644 html/html/images/openvpn_encrypted.png
Difference in files:
diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
index 6c2a40cc2..52f879d35 100644
--- a/config/rootfiles/common/web-user-interface
+++ b/config/rootfiles/common/web-user-interface
@@ -235,7 +235,6 @@ srv/web/ipfire/html/images/off.gif
srv/web/ipfire/html/images/on.gif
srv/web/ipfire/html/images/openvpn.gif
srv/web/ipfire/html/images/openvpn.png
-srv/web/ipfire/html/images/openvpn_encrypted.png
srv/web/ipfire/html/images/package-x-generic.png
srv/web/ipfire/html/images/printer-error.png
srv/web/ipfire/html/images/printer.png
diff --git a/config/rootfiles/core/175/filelists/files b/config/rootfiles/core/175/filelists/files
index 01a32e672..8b36d5847 100644
--- a/config/rootfiles/core/175/filelists/files
+++ b/config/rootfiles/core/175/filelists/files
@@ -85,6 +85,5 @@ lib/firmware/rtw89/rtw8852b_fw-1.bin
srv/web/ipfire/cgi-bin/backup.cgi
srv/web/ipfire/cgi-bin/logs.cgi/log.dat
srv/web/ipfire/cgi-bin/ovpnmain.cgi
-srv/web/ipfire/html/images/openvpn_encrypted.png
usr/lib/dracut/dracut.conf.d/ipfire.conf
usr/lib/firewall/rules.pl
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 5b0accf3f..5c4fad0a5 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -4327,14 +4327,8 @@ if ($cgiparams{'TYPE'} eq 'net') {
$confighash{$key}[39] = $cgiparams{'DAUTH'};
$confighash{$key}[40] = $cgiparams{'DCIPHER'};
- if ($confighash{$key}[41] eq "") {
- if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
- $confighash{$key}[41] = "no-pass";
- } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} ne "")) {
- $confighash{$key}[41] = "pass";
- } elsif ($cgiparams{'TYPE'} eq 'net') {
- $confighash{$key}[41] = "no-pass";
- }
+ if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
+ $confighash{$key}[41] = "no-pass";
}
$confighash{$key}[42] = 'HOTP/T30/6';
@@ -5476,24 +5470,20 @@ END
}
- if ($confighash{$key}[41] eq "pass") {
- print <<END;
- <td align='center' $col1>$active</td>
+ print <<END;
+ <td align='center' $col1>$active</td>
- <form method='post' name='frm${key}a'><td align='center' $col>
- <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn_encrypted.png'
- alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
- <input type='hidden' name='MODE' value='secure' />
- <input type='hidden' name='KEY' value='$key' />
- </td></form>
+ <form method='post' name='frm${key}a'><td align='center' $col>
+ <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
+ <input type='hidden' name='KEY' value='$key' />
+ </td></form>
END
+ ;
- ; } elsif ($confighash{$key}[41] eq "no-pass") {
+ if ($confighash{$key}[41] eq "no-pass") {
print <<END;
- <td align='center' $col1>$active</td>
-
- <form method='post' name='frm${key}a'><td align='center' $col>
+ <form method='post' name='frm${key}g'><td align='center' $col>
<input type='image' name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
@@ -5501,7 +5491,7 @@ END
<input type='hidden' name='KEY' value='$key' />
</td></form>
END
- ; } else {
+ } else {
print "<td $col> </td>";
}
@@ -5577,32 +5567,30 @@ END
# If the config file contains entries, print Key to action icons
if ( $id ) {
print <<END;
- <table width='85%' border='0'>
- <tr>
+ <table border='0'>
+ <tr>
<td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
- <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
- <td class='base'>$Lang::tr{'dl client arch insecure'}</td>
- <td> <img src='/images/openvpn_encrypted.png' alt='?RELOAD'/></td>
- <td class='base'>$Lang::tr{'dl client arch'}</td>
+ <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
+ <td class='base'>$Lang::tr{'click to disable'}</td>
<td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
<td class='base'>$Lang::tr{'show certificate'}</td>
- <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
- <td class='base'>$Lang::tr{'show otp qrcode'}</td>
- </tr>
- <tr>
- <td> </td>
- <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
- <td class='base'>$Lang::tr{'download certificate'}</td>
- <td> <img src='/images/off.gif' alt='?OFF' /></td>
- <td class='base'>$Lang::tr{'click to enable'}</td>
- <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
- <td class='base'>$Lang::tr{'click to disable'}</td>
<td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
<td class='base'>$Lang::tr{'edit'}</td>
<td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
- </tr>
- </table><br>
+ </tr>
+ <tr>
+ <td> </td>
+ <td> <img src='/images/off.gif' alt='?OFF' /></td>
+ <td class='base'>$Lang::tr{'click to enable'}</td>
+ <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
+ <td class='base'>$Lang::tr{'download certificate'}</td>
+ <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
+ <td class='base'>$Lang::tr{'dl client arch'}</td>
+ <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
+ <td class='base'>$Lang::tr{'show otp qrcode'}</td>
+ </tr>
+ </table><br>
END
;
}
diff --git a/html/html/images/openvpn_encrypted.png b/html/html/images/openvpn_encrypted.png
deleted file mode 100644
index 873c6c461..000000000
Binary files a/html/html/images/openvpn_encrypted.png and /dev/null differ
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index b9665e62d..33730f0c3 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -817,7 +817,7 @@
'display hostname in window title' => 'Hostname im Fenstertitel anzeigen',
'display traffic at home' => 'Berechneten Traffic auf der Startseite anzeigen',
'display webinterface effects' => 'Überblendeffekte einschalten',
-'dl client arch' => 'Verschlüsseltes Client Paket herunterladen (zip)',
+'dl client arch' => 'Client Paket herunterladen (zip)',
'dl client arch insecure' => 'Ungesichertes Client-Paket herunterladen (zip)',
'dmz' => 'DMZ',
'dmz pinhole configuration' => 'Einstellungen des DMZ-Schlupfloches',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 7b1670494..729516538 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -859,7 +859,7 @@
'display hostname in window title' => 'Display hostname in window title',
'display traffic at home' => 'Display calculated traffic on startpage',
'display webinterface effects' => 'Activate effects',
-'dl client arch' => 'Download Encrypted Client Package (zip)',
+'dl client arch' => 'Download Client Package (zip)',
'dl client arch insecure' => 'Download insecure Client Package (zip)',
'dmz' => 'DMZ',
'dmz pinhole configuration' => 'DMZ pinhole configuration',
diff --git a/lfs/suricata b/lfs/suricata
index 75698b0b1..b28d5e3e7 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
include Config
-VER = 6.0.11
+VER = 6.0.12
THISAPP = suricata-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 41b37168e6c50b32971ad8c0541f3bc1981152c8360bbfc261a9abab5dc229425bef92fe19db5d0ec7cf32abff71acca62934c411aea79f5c8f9b38bd6422ee4
+$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6
install : $(TARGET)
diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
index 5aaabb167..f1529812d 100644
--- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
+++ b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
@@ -2,7 +2,7 @@ diff --git a/configure.ac b/configure.ac
index d56d3a550..81abf8f00 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -2390,7 +2390,7 @@ fi
+@@ -2424,7 +2424,7 @@ fi
AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
if test "$HAVE_GETCONF_CMD" != "no"; then
CLS=$(getconf LEVEL1_DCACHE_LINESIZE)
diff --git a/src/patches/suricata/suricata-disable-sid-2210059.patch b/src/patches/suricata/suricata-disable-sid-2210059.patch
index 54747dfd2..8955eec5e 100644
--- a/src/patches/suricata/suricata-disable-sid-2210059.patch
+++ b/src/patches/suricata/suricata-disable-sid-2210059.patch
@@ -1,7 +1,7 @@
diff -Nur a/rules/stream-events.rules b/rules/stream-events.rules
--- a/rules/stream-events.rules 2021-11-17 16:55:12.000000000 +0100
+++ b/rules/stream-events.rules 2021-12-08 18:12:39.850189502 +0100
-@@ -89,7 +89,7 @@
+@@ -97,7 +97,7 @@
# rule to alert if a stream has excessive retransmissions
alert tcp any any -> any any (msg:"SURICATA STREAM excessive retransmissions"; flowbits:isnotset,tcp.retransmission.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retransmission.alerted; classtype:protocol-command-decode; sid:2210054; rev:1;)
# Packet on wrong thread. Fires at most once per flow.
hooks/post-receive
--
IPFire 2.x development tree