This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 21be3871b9ac2ca3d5d744c22890f55cdf334006 (commit) via bb90622c2cfdd7b3bbbabcdbba8a573a36d9edc1 (commit) via 154bb705b1b3ce52c9916457379321649bedde3e (commit) via cce7aa9bb8252e00a89c93ca0cc19ecd8833f036 (commit) via 1b6b8d97aac8a8056a4ef5c9d571a1947551e17f (commit) via e4013c9dabd55f399b57939a4ad9b5192aac8077 (commit) from e698090e7f696923ff146b272b587a3eeca34c6c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 21be3871b9ac2ca3d5d744c22890f55cdf334006 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Apr 7 08:59:32 2020 +0000
core143: add zoneconf.cgi
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bb90622c2cfdd7b3bbbabcdbba8a573a36d9edc1 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Apr 6 17:38:38 2020 +0000
zoneconf.cgi: Skip checks for non-existing zones
On systems with RED on PPP and no BLUE or ORANGE zones, there would always be an error when handling non-existant input.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 154bb705b1b3ce52c9916457379321649bedde3e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Apr 6 18:42:35 2020 +0200
pcengines-apu-firmware: update to v4.11.0.5
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit cce7aa9bb8252e00a89c93ca0cc19ecd8833f036 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Apr 7 08:57:50 2020 +0000
core143: add unbmound initskript
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1b6b8d97aac8a8056a4ef5c9d571a1947551e17f Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Apr 6 15:10:25 2020 +0000
unbound: Set domains with local data into type transparent mode
Records which are from the same domain than the IPFire hostname might not be returned by unbound. This change explicitely instructs unbound to check local data before checking the global DNS.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e4013c9dabd55f399b57939a4ad9b5192aac8077 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Apr 7 08:54:27 2020 +0000
core143: add suricata http port changes
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/143/filelists/files | 4 ++ config/rootfiles/core/143/update.sh | 7 +++- config/suricata/suricata-generate-http-ports-file | 47 ----------------------- html/cgi-bin/zoneconf.cgi | 2 + lfs/pcengines-apu-firmware | 21 ++++++---- src/initscripts/system/unbound | 12 +++++- 6 files changed, 35 insertions(+), 58 deletions(-) delete mode 100644 config/suricata/suricata-generate-http-ports-file
Difference in files: diff --git a/config/rootfiles/core/143/filelists/files b/config/rootfiles/core/143/filelists/files index 816fffe9a..9cb36e78c 100644 --- a/config/rootfiles/core/143/filelists/files +++ b/config/rootfiles/core/143/filelists/files @@ -4,6 +4,7 @@ srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs etc/rc.d/init.d/firewall etc/rc.d/init.d/localnet +etc/rc.d/init.d/unbound etc/suricata/suricata.yaml srv/web/ipfire/cgi-bin/dhcp.cgi srv/web/ipfire/cgi-bin/fireinfo.cgi @@ -11,8 +12,11 @@ srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/mail.cgi srv/web/ipfire/cgi-bin/netother.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi +srv/web/ipfire/cgi-bin/zoneconf.cgi usr/lib/firewall/rules.pl +usr/sbin/convert-snort var/ipfire/backup/bin/backup.pl var/ipfire/backup/include var/ipfire/ids-functions.pl diff --git a/config/rootfiles/core/143/update.sh b/config/rootfiles/core/143/update.sh index cb07bbb59..9cd426447 100644 --- a/config/rootfiles/core/143/update.sh +++ b/config/rootfiles/core/143/update.sh @@ -75,6 +75,11 @@ telinit u # Apply local configuration to sshd_config /usr/local/bin/sshctrl
+# Generate new http ports file for suricata +perl -e "require '/var/ipfire/ids-functions.pl'; \ + &IDS::generate_http_ports_file(); \ + &IDS::set_ownership("$IDS::http_ports_file"); " + # Start services /usr/local/bin/ipsecctrl S /etc/init.d/unbound restart @@ -100,8 +105,6 @@ done # Filesytem cleanup /usr/local/bin/filesystem-cleanup
-# Start services - # This update needs a reboot... #touch /var/run/need_reboot
diff --git a/config/suricata/suricata-generate-http-ports-file b/config/suricata/suricata-generate-http-ports-file deleted file mode 100644 index f0d6bb823..000000000 --- a/config/suricata/suricata-generate-http-ports-file +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2012 IPFire Development Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -use strict; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/ids-functions.pl"; - -exit unless(-f $IDS::ids_settings_file and -f $IDS::rules_settings_file); - -# -## Step 1: Generate and write the HTTP ports file. -# - -# Call subfunction to generate the HTTP ports file. -&IDS::generate_http_ports_file(); - -# Set correct ownership. -&IDS::set_ownership("$IDS::http_ports_file"); - -# -## Step 2: Restart suricata if necessary. -# - -# Check if the IDS should be started. -if(&IDS::ids_is_running()) { - # Call suricatactrl and reload the rules. - &IDS::call_suricatactrl("restart"); -} diff --git a/html/cgi-bin/zoneconf.cgi b/html/cgi-bin/zoneconf.cgi index 6b8642818..d99a3e611 100644 --- a/html/cgi-bin/zoneconf.cgi +++ b/html/cgi-bin/zoneconf.cgi @@ -211,6 +211,8 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) { my $mac = $_->[0]; my $nic_access = $cgiparams{"ACCESS $uc $mac"};
+ next unless ($nic_access); + if ($nic_access ne "NONE") { if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error $VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"}; diff --git a/lfs/pcengines-apu-firmware b/lfs/pcengines-apu-firmware index dd76004f8..e430ad9a2 100644 --- a/lfs/pcengines-apu-firmware +++ b/lfs/pcengines-apu-firmware @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,14 +24,14 @@
include Config
-VER = 4.10.0.3 +VER = 4.11.0.5
THISAPP = pcengines-apu-firmware-$(VER) DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = pcengines-apu-firmware -PAK_VER = 4 +PAK_VER = 5 SUP_ARCH = i586 x86_64
DEPS = firmware-update @@ -53,11 +53,11 @@ apu3_v$(VER).rom = $(DL_FROM)/apu3_v$(VER).rom apu4_v$(VER).rom = $(DL_FROM)/apu4_v$(VER).rom apu5_v$(VER).rom = $(DL_FROM)/apu5_v$(VER).rom
-apu1_v$(VER).rom_MD5 = f996d2272685683b1bf8be1f27b44f18 -apu2_v$(VER).rom_MD5 = 1ec2df4c0f9be2443192fead8e3b49e9 -apu3_v$(VER).rom_MD5 = 4a5cee9b621432627d7f3dcbb6191904 -apu4_v$(VER).rom_MD5 = a4a8bd06ebfa88907f5a4ddb6d7c3edc -apu5_v$(VER).rom_MD5 = c389d490d02810bf65f0f3abb461070e +apu1_v$(VER).rom_MD5 = eb9513cdb9bb212db524307d71d9f87c +apu2_v$(VER).rom_MD5 = e3ce78e1cbc1eb35b10d97349afabf04 +apu3_v$(VER).rom_MD5 = 42ece2873efc4a4b86bb507df40423c6 +apu4_v$(VER).rom_MD5 = e5eb7a15efbfc1a434d3bd48d1bc5062 +apu5_v$(VER).rom_MD5 = f2924f98bbb1e2816760103ab045a175
install : $(TARGET)
@@ -96,3 +96,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /lib/firmware/pcengines/apu
@$(POSTBUILD) +eb9513cdb9bb212db524307d71d9f87c cache/apu1_v4.11.0.5.rom +e3ce78e1cbc1eb35b10d97349afabf04 cache/apu2_v4.11.0.5.rom +42ece2873efc4a4b86bb507df40423c6 cache/apu3_v4.11.0.5.rom +e5eb7a15efbfc1a434d3bd48d1bc5062 cache/apu4_v4.11.0.5.rom +f2924f98bbb1e2816760103ab045a175 cache/apu5_v4.11.0.5.rom diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 1cf26ec0e..35477ae28 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -72,8 +72,18 @@ write_hosts_conf() { echo "local-data: "${address} ${LOCAL_TTL} IN PTR ${HOSTNAME}"" done
- # Add all hosts local enabled address hostname domainname generateptr + + # Find all unique domain names + while IFS="," read -r enabled address hostname domainname generateptr; do + [ "${enabled}" = "on" ] || continue + + echo "${domainname}" + done < /var/ipfire/main/hosts | sort -u | while read -r domainname; do + echo "local-zone: ${domainname} typetransparent" + done + + # Add all hosts while IFS="," read -r enabled address hostname domainname generateptr; do [ "${enabled}" = "on" ] || continue
hooks/post-receive -- IPFire 2.x development tree