This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 5562f26f6979c2d60202eafe32469989c0878f20 (commit) via d2738c4c3c8daab35958c41380c9b3673b341866 (commit) via 7ad653cc09409c4e23885bf89279bd8458189f11 (commit) via 5c1c9938ebcd5b2cde8e159424d17de849c12ef8 (commit) via 5dba838282f23954a1cfeb4586b1cabc294a9b32 (commit) via 5d957b01c98157e29675d61c2d3118d0be18a00f (commit) via ff3c71fb48bbc4ad15e22a7417f6b8adbd39b423 (commit) via 804deb1b23f24daa35d0cf052d8d0eac82c3319f (commit) via 417fd66045433d8101c11bea669e14a39af4db13 (commit) from 0167befa0a83baa7d774ae0a93db5d05608c310e (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 5562f26f6979c2d60202eafe32469989c0878f20 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Mar 26 17:56:23 2020 +0000
vnstat: remove wrong tag file
fixes #12305
I had created this tag file to ship the folder but vnstat doesn't like empty files.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d2738c4c3c8daab35958c41380c9b3673b341866 Author: Markus Untersee m.untersee@buerliag.ch Date: Thu Jan 30 13:41:36 2020 +0100
vnstat: Add restart command.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7ad653cc09409c4e23885bf89279bd8458189f11 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 28 11:51:50 2020 +0100
ovpnmain.cgi: Validate CCDNet name when renaming it.
Fixes #12282
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5c1c9938ebcd5b2cde8e159424d17de849c12ef8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Mar 26 17:50:26 2020 +0000
core143: add firewall initskript
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5dba838282f23954a1cfeb4586b1cabc294a9b32 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Jan 27 15:04:00 2020 +0000
avoid emitting VPN traffic to the internet if the IPS crashed
Due to strange NFQUEUE behaviour, traffic to remote VPN (IPsec or OpenVPN) destinations was emitted to the internet (ppp0 or red0 interface) directly if the IPS was enabled but crashed during operation.
This patch places the IPSECBLOCK and OVPNBLOCK chains before the ones responsible for forwarding traffic into the IPS.
Thanks to Michael for his debugging effort.
Partially fixes #12257
Cc: Michael Tremer michael.tremer@ipfire.org Cc: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5d957b01c98157e29675d61c2d3118d0be18a00f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Mar 26 17:48:18 2020 +0000
core143: add libtool
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ff3c71fb48bbc4ad15e22a7417f6b8adbd39b423 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Jan 25 20:13:06 2020 +0100
libtool: Update 2.4.6
For details see: https://savannah.gnu.org/forum/forum.php?forum_id=8210
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 804deb1b23f24daa35d0cf052d8d0eac82c3319f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Mar 26 17:46:05 2020 +0000
core143: add dhcp
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 417fd66045433d8101c11bea669e14a39af4db13 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Jan 25 20:04:26 2020 +0100
dhcp: Update to 4.4.2
For details see: https://downloads.isc.org/isc/dhcp/4.4.2/dhcp-4.4.2-RELNOTES
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/backup.pl | 3 +++ config/rootfiles/common/vnstat | 3 +-- .../rootfiles/{oldcore/111 => core/143}/filelists/dhcp | 0 config/rootfiles/core/143/filelists/files | 1 + .../rootfiles/{oldcore/66 => core/143}/filelists/libtool | 0 config/rootfiles/core/143/update.sh | 3 +++ html/cgi-bin/ovpnmain.cgi | 7 +++++++ lfs/dhcp | 6 +++--- lfs/libtool | 6 +++--- lfs/vnstat | 3 +-- src/initscripts/system/firewall | 16 ++++++++-------- src/initscripts/system/vnstat | 8 ++++++-- 12 files changed, 36 insertions(+), 20 deletions(-) copy config/rootfiles/{oldcore/111 => core/143}/filelists/dhcp (100%) copy config/rootfiles/{oldcore/66 => core/143}/filelists/libtool (100%)
Difference in files: diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 9a92a9d9f..e08d8de84 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -76,6 +76,9 @@ restore_backup() { /bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null
+ # remove wrong vnstat tag file + rm -f /var/log/vnstat/tag + # Run converters
# Outgoing Firewall diff --git a/config/rootfiles/common/vnstat b/config/rootfiles/common/vnstat index d5b56a679..42e00ed2a 100644 --- a/config/rootfiles/common/vnstat +++ b/config/rootfiles/common/vnstat @@ -9,5 +9,4 @@ usr/bin/vnstati #usr/share/man/man1/vnstati.1 #usr/share/man/man1/vnstat.1 #var/lib/vnstat -#var/log/vnstat -var/log/vnstat/tag +var/log/vnstat diff --git a/config/rootfiles/core/143/filelists/dhcp b/config/rootfiles/core/143/filelists/dhcp new file mode 120000 index 000000000..32d8da443 --- /dev/null +++ b/config/rootfiles/core/143/filelists/dhcp @@ -0,0 +1 @@ +../../../common/dhcp \ No newline at end of file diff --git a/config/rootfiles/core/143/filelists/files b/config/rootfiles/core/143/filelists/files index e5edae10f..b571b41bd 100644 --- a/config/rootfiles/core/143/filelists/files +++ b/config/rootfiles/core/143/filelists/files @@ -2,6 +2,7 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs +etc/rc.d/init.d/firewall etc/rc.d/init.d/localnet srv/web/ipfire/cgi-bin/dhcp.cgi srv/web/ipfire/cgi-bin/fireinfo.cgi diff --git a/config/rootfiles/core/143/filelists/libtool b/config/rootfiles/core/143/filelists/libtool new file mode 120000 index 000000000..54f5666f8 --- /dev/null +++ b/config/rootfiles/core/143/filelists/libtool @@ -0,0 +1 @@ +../../../common/libtool \ No newline at end of file diff --git a/config/rootfiles/core/143/update.sh b/config/rootfiles/core/143/update.sh index 092b9c399..90d3f72fc 100644 --- a/config/rootfiles/core/143/update.sh +++ b/config/rootfiles/core/143/update.sh @@ -59,6 +59,9 @@ extract_files # update linker config ldconfig
+# remove wrong vnstat tag file +rm -f /var/log/vnstat/tag + # restart init after glibc replace telinit u
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index a6fdd6d75..ce9524df7 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -490,6 +490,13 @@ sub modccdnet my $oldname=$_[1]; my %ccdconfhash=(); my %ccdhash=(); + + # Check if the new name is valid. + if(!&General::validhostname($newname)) { + $errormessage=$Lang::tr{'ccd err invalidname'}; + return; + } + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); foreach my $key (keys %ccdconfhash) { if ($ccdconfhash{$key}[0] eq $oldname) { diff --git a/lfs/dhcp b/lfs/dhcp index 4c01428f5..8c64ae899 100644 --- a/lfs/dhcp +++ b/lfs/dhcp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 4.4.1 +VER = 4.4.2
THISAPP = dhcp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 18c7f4dcbb0a63df25098216d47b1ede +$(DL_FILE)_MD5 = 2afdaf8498dc1edaf3012efdd589b3e1
install : $(TARGET)
diff --git a/lfs/libtool b/lfs/libtool index 90dae11e8..e769a10d0 100644 --- a/lfs/libtool +++ b/lfs/libtool @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.4.4 +VER = 2.4.6
THISAPP = libtool-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 51bf400de3354687d68dfa2392506b7e +$(DL_FILE)_MD5 = 1bfb9b923f2c1339b4d2ce1807064aa5
install : $(TARGET)
diff --git a/lfs/vnstat b/lfs/vnstat index b1a17ce1f..27189126b 100644 --- a/lfs/vnstat +++ b/lfs/vnstat @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -87,7 +87,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) sed -i 's|/var/run/vnstat/vnstat.pid|/var/run/vnstat.pid|g' /etc/vnstat.conf
mkdir -p /var/log/vnstat - touch /var/log/vnstat/tag
@rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index ec396c708..ab144ea18 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -185,14 +185,6 @@ iptables_init() { iptables -A INPUT -j GUARDIAN iptables -A FORWARD -j GUARDIAN
- # IPS (suricata) chains - iptables -N IPS_INPUT - iptables -N IPS_FORWARD - iptables -N IPS_OUTPUT - iptables -A INPUT -j IPS_INPUT - iptables -A FORWARD -j IPS_FORWARD - iptables -A OUTPUT -j IPS_OUTPUT - # Block non-established IPsec networks iptables -N IPSECBLOCK iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK @@ -204,6 +196,14 @@ iptables_init() { iptables -A FORWARD -i tun+ -j OVPNBLOCK iptables -A FORWARD -o tun+ -j OVPNBLOCK
+ # IPS (suricata) chains + iptables -N IPS_INPUT + iptables -N IPS_FORWARD + iptables -N IPS_OUTPUT + iptables -A INPUT -j IPS_INPUT + iptables -A FORWARD -j IPS_FORWARD + iptables -A OUTPUT -j IPS_OUTPUT + # OpenVPN transfer network translation iptables -t nat -N OVPNNAT iptables -t nat -A POSTROUTING -j OVPNNAT diff --git a/src/initscripts/system/vnstat b/src/initscripts/system/vnstat index 518b2d7c6..363307013 100755 --- a/src/initscripts/system/vnstat +++ b/src/initscripts/system/vnstat @@ -21,7 +21,11 @@ case "$1" in stop) umount_ramdisk "${VNSTATLOG}" ;; - + restart) + ${0} stop + sleep 1 + ${0} start + ;; backup) # Backup all data if ramdisk is used if mountpoint "${RRDLOG}" &>/dev/null; then @@ -30,7 +34,7 @@ case "$1" in ;;
*) - echo "Usage: $0 {start|stop|backup}" + echo "Usage: $0 {start|stop|restart|backup}" exit 1 ;; esac
hooks/post-receive -- IPFire 2.x development tree