This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core78 has been updated via 69a324f0bb14e65c9e0a6b24b3bd9db8b57ff3b5 (commit) via f7fb5bc5c9b5831729669c35cd9a934f516db471 (commit) via 92bed25016aa2f4054723e4d607680a3354d8d96 (commit) via fc5dd098c2c70d76ca6f3b35576bd8b062afde71 (commit) via 520fd2431bfccddd30489653ba9024f2d214205a (commit) from 05a48c2b2a09e8a5c67276dd2c372d4fbc023017 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 69a324f0bb14e65c9e0a6b24b3bd9db8b57ff3b5 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 28 20:21:29 2014 +0200
squid: Disable -march=native.
This produces a binary that cannot be executed on all systems that we support.
(cherry picked from commit 5930a368ad783c21e4e5542aea64561f409cbd68)
commit f7fb5bc5c9b5831729669c35cd9a934f516db471 Author: Erik Kapfer erik.kapfer@ipfire.org Date: Wed May 28 08:12:52 2014 +0200
openvpn: Added DH parameter to CA chart.
Added also a 'Default' mark in N2N cipher menu for AES-256-CBC.
(cherry picked from commit c16d97c617b8a7a663f536da61f7b161251c6500)
commit 92bed25016aa2f4054723e4d607680a3354d8d96 Author: Erik Kapfer erik.kapfer@ipfire.org Date: Mon May 26 14:14:44 2014 +0200
openvpn: Fixed some typos
(cherry picked from commit b585282abfc3666feedd9e1464095297e76a8aaf)
commit fc5dd098c2c70d76ca6f3b35576bd8b062afde71 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 28 20:23:41 2014 +0200
core78: Add sudo to update.
commit 520fd2431bfccddd30489653ba9024f2d214205a Author: Michael Tremer michael.tremer@ipfire.org Date: Mon May 26 23:44:53 2014 +0200
sudo: Update to 1.8.10p3.
Disable linking against PAM which is not configured in IPFire 2.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/78/filelists/sudo | 1 + doc/language_issues.es | 3 ++ doc/language_issues.fr | 3 ++ doc/language_issues.nl | 3 ++ doc/language_issues.pl | 3 ++ doc/language_issues.ru | 3 ++ doc/language_issues.tr | 3 ++ doc/language_missings | 12 +++++++ html/cgi-bin/ovpnmain.cgi | 60 ++++++++++++++++++++++++++++----- langs/de/cgi-bin/de.pl | 3 ++ langs/en/cgi-bin/en.pl | 3 ++ lfs/squid | 3 +- lfs/sudo | 7 ++-- 13 files changed, 94 insertions(+), 13 deletions(-) create mode 120000 config/rootfiles/core/78/filelists/sudo
Difference in files: diff --git a/config/rootfiles/core/78/filelists/sudo b/config/rootfiles/core/78/filelists/sudo new file mode 120000 index 0000000..0d3c45e --- /dev/null +++ b/config/rootfiles/core/78/filelists/sudo @@ -0,0 +1 @@ +../../../common/sudo \ No newline at end of file diff --git a/doc/language_issues.es b/doc/language_issues.es index e13636b..7b59a5e 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -632,12 +632,14 @@ WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection +WARNING: untranslated string: default WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers WARNING: untranslated string: dnsforward @@ -648,6 +650,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: downlink +WARNING: untranslated string: download dh parameter WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 759c18d..2446583 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -642,12 +642,14 @@ WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection +WARNING: untranslated string: default WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter WARNING: untranslated string: dnat address WARNING: untranslated string: dns address deleted txt WARNING: untranslated string: dns servers @@ -659,6 +661,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: downlink +WARNING: untranslated string: download dh parameter WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action diff --git a/doc/language_issues.nl b/doc/language_issues.nl index c1173f7..8dd0a3c 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -650,11 +650,14 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: atm device WARNING: untranslated string: bytes WARNING: untranslated string: capabilities +WARNING: untranslated string: default WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter WARNING: untranslated string: dns servers +WARNING: untranslated string: download dh parameter WARNING: untranslated string: drop outgoing WARNING: untranslated string: firewall logs country WARNING: untranslated string: fwhost err hostip diff --git a/doc/language_issues.pl b/doc/language_issues.pl index e13636b..7b59a5e 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -632,12 +632,14 @@ WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection +WARNING: untranslated string: default WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers WARNING: untranslated string: dnsforward @@ -648,6 +650,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: downlink +WARNING: untranslated string: download dh parameter WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 0589067..2d12fc6 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -636,12 +636,14 @@ WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection +WARNING: untranslated string: default WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter WARNING: untranslated string: disk access per WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers @@ -653,6 +655,7 @@ WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone WARNING: untranslated string: downlink +WARNING: untranslated string: download dh parameter WARNING: untranslated string: dpd delay WARNING: untranslated string: dpd timeout WARNING: untranslated string: drop action diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 2d9ebf7..7ce95e0 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -648,10 +648,13 @@ WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes WARNING: untranslated string: capabilities +WARNING: untranslated string: default WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 +WARNING: untranslated string: dh parameter +WARNING: untranslated string: download dh parameter WARNING: untranslated string: firewall logs country WARNING: untranslated string: fwhost err hostip WARNING: untranslated string: gen dh diff --git a/doc/language_missings b/doc/language_missings index 2def481..7ae53f8 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -76,6 +76,7 @@ < countries < countrycode < country codes and flags +< default < default ip < deprecated fs warn < details @@ -83,6 +84,7 @@ < dh key move failed < dh key warn < dh key warn1 +< dh parameter < dnat address < dns address deleted txt < dnsforward @@ -93,6 +95,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< download dh parameter < dpd delay < dpd timeout < drop action @@ -593,6 +596,7 @@ < countries < countrycode < country codes and flags +< default < default ip < deprecated fs warn < details @@ -600,6 +604,7 @@ < dh key move failed < dh key warn < dh key warn1 +< dh parameter < dnat address < dnsforward < dnsforward add a new entry @@ -609,6 +614,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< download dh parameter < dpd delay < dpd timeout < drop action @@ -1101,6 +1107,7 @@ < countries < countrycode < country codes and flags +< default < default ip < deprecated fs warn < details @@ -1108,6 +1115,7 @@ < dh key move failed < dh key warn < dh key warn1 +< dh parameter < dnat address < dnsforward < dnsforward add a new entry @@ -1117,6 +1125,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< download dh parameter < dpd delay < dpd timeout < drop action @@ -1587,6 +1596,7 @@ < countrycode < country codes and flags < day-graph +< default < default ip < deprecated fs warn < details @@ -1594,6 +1604,7 @@ < dh key move failed < dh key warn < dh key warn1 +< dh parameter < disk access per < dnat address < dnsforward @@ -1604,6 +1615,7 @@ < dnsforward forward_server < dnsforward zone < dns servers +< download dh parameter < dpd delay < dpd timeout < drop action diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 0e8fad8..921009f 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1023,7 +1023,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General ### Save main settings ###
- if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') { &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too, @@ -1034,8 +1033,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg goto SETTINGS_ERROR; } } - if ($errormessage) { goto SETTINGS_ERROR; } - + if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) { $errormessage = $Lang::tr{'ovpn subnet is invalid'}; goto SETTINGS_ERROR; @@ -1520,6 +1518,18 @@ END print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`; exit(0); } + +### +### Download Diffie-Hellman parameter +### +}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download dh parameter'}) { + if ( -f "${General::swroot}/ovpn/ca/dh1024.pem" ) { + print "Content-Type: application/octet-stream\r\n"; + print "Content-Disposition: filename=dh1024.pem\r\n\r\n"; + print `/usr/bin/openssl dhparam -in ${General::swroot}/ovpn/ca/dh1024.pem`; + exit(0); + } + ### ### Form for generating a root certificate ### @@ -4470,7 +4480,7 @@ if ($cgiparams{'TYPE'} eq 'net') { <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> - <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option> + <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option> <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option> <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option> <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option> @@ -5216,7 +5226,9 @@ END END ; my $col1="bgcolor='$color{'color22'}'"; - my $col2="bgcolor='$color{'color20'}'"; + my $col2="bgcolor='$color{'color20'}'"; + my $col3="bgcolor='$color{'color22'}'"; + if (-f "${General::swroot}/ovpn/ca/cacert.pem") { my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; $casubject =~ /Subject: (.*)[\n]/; @@ -5282,6 +5294,39 @@ END ; }
+ # Adding DH parameter to chart + if (-f "${General::swroot}/ovpn/ca/dh1024.pem") { + my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`; + $dhsubject =~ /PKCS#3 (.*)[\n]/; + $dhsubject = $1; + + + print <<END; + <tr> + <td class='base' $col3>$Lang::tr{'dh parameter'}</td> + <td class='base' $col3>$dhsubject</td> + <form method='post' name='frmdhparam'><td width='3%' align='center' $col3> + <input type='hidden' name='ACTION' value='$Lang::tr{'show dh'}' /> + <input type='image' name='$Lang::tr{'show dh'}' src='/images/info.gif' alt='$Lang::tr{'show dh'}' title='$Lang::tr{'show dh'}' width='20' height='20' border='0' /> + </td></form> + <form method='post' name='frmdhparam'><td width='3%' align='center' $col3> + <input type='image' name="$Lang::tr{'download dh parameter'}" src='/images/media-floppy.png' alt="$Lang::tr{'download dh parameter'}" title="$Lang::tr{'download dh parameter'}" border='0' /> + <input type='hidden' name='ACTION' value="$Lang::tr{'download dh parameter'}" /> + </td></form> + <td width='4%' $col3> </td></tr> +END + ; + } else { + # Nothing + print <<END; + <tr> + <td width='25%' class='base' $col3>$Lang::tr{'dh parameter'}:</td> + <td class='base' $col3>$Lang::tr{'not present'}</td> + </td><td colspan='3' $col3> </td></tr> +END + ; + } + if (! -f "${General::swroot}/ovpn/ca/cacert.pem") { print "<tr><td colspan='5' align='center'><form method='post'>"; print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />"; @@ -5353,7 +5398,7 @@ END
<tr><td colspan=4><hr /></td></tr><tr> <tr> - <td class'base'><b>$Lang::tr{'ovpn dh parameters'}:</b></td> + <td class'base'><b>$Lang::tr{'ovpn dh parameters'}</b></td> </tr>
<tr> @@ -5367,9 +5412,6 @@ END <td nowrap='nowrap'><size='15' align='left'/></td> <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td> </tr> - <tr> - <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show dh'}' /></td> - </tr> </table> <tr><td colspan=4><hr /></td></tr><tr> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 6d27012..5df9ba8 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -635,6 +635,7 @@ 'december' => 'Dezember', 'deep scan directories' => 'rekursiv scannen', 'def lease time' => 'Standardzeit für Zuordnung', +'default' => 'Voreinstellung', 'default ip' => 'Standard IP-Adresse', 'default lease time' => 'Haltezeit-Voreinstellung in min:', 'default networks' => 'Standard Netzwerke', @@ -666,6 +667,7 @@ 'dh key move failed' => 'Verschieben der Diffie-Hellman-Parameter fehlgeschlagen.', 'dh key warn' => 'Das Generieren der Diffie-Hellman-Parameter mit 1024 oder 2048 Bit dauert üblicherweise mehrere Minuten. Schlüssellängen von 3072 oder 4096 Bit beanspruchen mehrere Stunden. Bitte haben Sie etwas Geduld.', 'dh key warn1' => 'Bei schwachen Systemen oder Systeme mit wenig Entropie wird empfohlen lange Diffie-Hellman-Parameter über die Upload-Funktion hochzuladen.', +'dh parameter' => 'Diffie-Hellman-Parameter', 'dhcp advopt add' => 'DHCP Option hinzufügen', 'dhcp advopt added' => 'DHCP Option hinzugefügt', 'dhcp advopt blank value' => 'Wert für DHCP Option darf nicht leer sein', @@ -768,6 +770,7 @@ 'download' => 'herunterladen', 'download ca certificate' => 'CA-Zertifikat herunterladen', 'download certificate' => 'Zertifikate herunterladen', +'download dh parameter' => 'Diffie-Hellman-Parameter herunterladen', 'download host certificate' => 'Host-Zertifikat herunterladen', 'download new ruleset' => 'Neuen Regelsatz herunterladen', 'download pkcs12 file' => 'PKCS12-Datei herunterladen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index f7bfcd8..e0686f3 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -657,6 +657,7 @@ 'december' => 'December', 'deep scan directories' => 'Scan recursive', 'def lease time' => 'Default Lease Time', +'default' => 'Default', 'default ip' => 'Default IP address', 'default lease time' => 'Default lease time (mins):', 'default networks' => 'Default networks', @@ -689,6 +690,7 @@ 'dh key warn' => 'Creating Diffie-Hellman parameters with lengths of 1024 or 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.', 'dh key warn1' => 'For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.', 'dh name is invalid' => 'Name is invalid, please use "dh1024.pem".', +'dh parameter' => 'Diffie-Hellman parameters', 'dhcp advopt add' => 'Add a DHCP option', 'dhcp advopt added' => 'DHCP option added', 'dhcp advopt blank value' => 'DHCP Option value cannot be empty.', @@ -794,6 +796,7 @@ 'download' => 'download', 'download ca certificate' => 'Download CA certificate', 'download certificate' => 'Download certificate', +'download dh parameter' => 'Download Diffie-Hellman parameters', 'download host certificate' => 'Download host certificate', 'download new ruleset' => 'Download new ruleset', 'download pkcs12 file' => 'Download PKCS12 file', diff --git a/lfs/squid b/lfs/squid index 1f1589d..e050b17 100644 --- a/lfs/squid +++ b/lfs/squid @@ -118,7 +118,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --disable-wccpv2 \ --enable-icap-client \ --disable-esi \ - --enable-zph-qos + --enable-zph-qos \ + --disable-arch-native
cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/sudo b/lfs/sudo index 7c3feab..9dd72fe 100644 --- a/lfs/sudo +++ b/lfs/sudo @@ -24,7 +24,7 @@
include Config
-VER = 1.8.10p1 +VER = 1.8.10p3
THISAPP = sudo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1d9c2bc5aaf02608343d17b9a666e8e1 +$(DL_FILE)_MD5 = fcd8d0d9f9f0397d076ee901e242ed39
install : $(TARGET)
@@ -79,7 +79,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --with-env-editor \ --with-ignore-dot \ --with-tty-tickets \ - --with-passpromt="[sudo] password for %p: " + --with-passpromt="[sudo] password for %p: " \ + --without-pam cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP)
hooks/post-receive -- IPFire 2.x development tree