This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core73 has been updated via 9a6b4cb648b871fcfce9a386213e5ab6f8b7bba9 (commit) via 8dc177053fc97d89afb99bb2ab4849656d550833 (commit) via 81c43f61b09f70f1402b5db6d7c468eae2bbe956 (commit) via 0f6b606785f640bfa5dcbc78616ebb4d194f578e (commit) via 6e77821da801d9714230c649c3748b19b697817d (commit) via 6f49e32b74ba5312385238e6b59bbe2f52ea2e5a (commit) via 0e4f36aee459a4e4f7dca4037c8bbdc181d74836 (commit) from 1bd3de895bd354ef9ec33930b25fd9679814e72d (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- -----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/73/update.sh | 9 +++++++++ doc/language_issues.es | 2 ++ doc/language_issues.fr | 2 ++ doc/language_issues.nl | 2 ++ doc/language_issues.pl | 2 ++ doc/language_issues.ru | 2 ++ doc/language_issues.tr | 2 ++ doc/language_missings | 8 ++++++++ html/cgi-bin/proxy.cgi | 35 ++++++++++++++++++++++++++++------- langs/de/cgi-bin/de.pl | 2 ++ langs/en/cgi-bin/en.pl | 2 ++ lfs/apache2 | 3 +++ lfs/squid | 6 +++--- src/initscripts/init.d/squid | 6 +++--- 14 files changed, 70 insertions(+), 13 deletions(-)
Difference in files: diff --git a/config/rootfiles/core/73/update.sh b/config/rootfiles/core/73/update.sh index 1fb3ac6..ee799ad 100644 --- a/config/rootfiles/core/73/update.sh +++ b/config/rootfiles/core/73/update.sh @@ -42,6 +42,15 @@ done #Extract files extract_files
+if [ -e "/var/ipfire/proxy/enable" ] || [ -e "/var/ipfire/proxy/enable_blue" ]; then + ( + eval $(/usr/local/bin/readhash /var/ipfire/proxy/advanced/settings) + + TRANSPARENT_PORT="$(( ${PROXY_PORT} + 1 ))" + echo "TRANSPARENT_PORT=${TRANSPARENT_PORT}" >> /var/ipfire/proxy/advanced/settings + ) +fi + # Regenerate squid configuration files. /srv/web/ipfire/cgi-bin/proxy.cgi
diff --git a/doc/language_issues.es b/doc/language_issues.es index afe7ed6..f46723e 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -506,6 +506,8 @@ WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: age second WARNING: untranslated string: age seconds WARNING: untranslated string: age shour diff --git a/doc/language_issues.fr b/doc/language_issues.fr index b62d16e..32aa9b5 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -505,6 +505,8 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: age second WARNING: untranslated string: age seconds WARNING: untranslated string: age shour diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 42fedc5..cdde0f3 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -506,6 +506,8 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy cache-digest +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: age second WARNING: untranslated string: age seconds WARNING: untranslated string: age shour diff --git a/doc/language_issues.pl b/doc/language_issues.pl index afe7ed6..f46723e 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -506,6 +506,8 @@ WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: age second WARNING: untranslated string: age seconds WARNING: untranslated string: age shour diff --git a/doc/language_issues.ru b/doc/language_issues.ru index cc5dd64..a7d46db 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -497,6 +497,8 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: age second WARNING: untranslated string: age seconds WARNING: untranslated string: age shour diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 27ca634..d58bcc3 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -509,6 +509,8 @@ WARNING: translation string unused: xtaccess bad transfert WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: bytes WARNING: untranslated string: dnsforward WARNING: untranslated string: dnsforward add a new entry diff --git a/doc/language_missings b/doc/language_missings index fca3f3e..7c7b082 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -14,6 +14,8 @@ < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy +< advproxy errmsg proxy ports equal +< advproxy proxy port transparent < age second < age seconds < age shour @@ -241,6 +243,8 @@ < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy +< advproxy errmsg proxy ports equal +< advproxy proxy port transparent < age second < age seconds < age shour @@ -461,6 +465,8 @@ < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy +< advproxy errmsg proxy ports equal +< advproxy proxy port transparent < age second < age seconds < age shour @@ -657,6 +663,8 @@ < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy +< advproxy errmsg proxy ports equal +< advproxy proxy port transparent < age second < age seconds < age shour diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index bcdc202..25e935b 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -195,6 +195,7 @@ $proxysettings{'ENABLE_BLUE'} = 'off'; $proxysettings{'TRANSPARENT'} = 'off'; $proxysettings{'TRANSPARENT_BLUE'} = 'off'; $proxysettings{'PROXY_PORT'} = '800'; +$proxysettings{'TRANSPARENT_PORT'} = '3128'; $proxysettings{'VISIBLE_HOSTNAME'} = ''; $proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; $proxysettings{'ADMIN_PASSWORD'} = ''; @@ -212,7 +213,7 @@ $proxysettings{'LOGGING'} = 'off'; $proxysettings{'CACHEMGR'} = 'off'; $proxysettings{'LOGQUERY'} = 'off'; $proxysettings{'LOGUSERAGENT'} = 'off'; -$proxysettings{'FILEDESCRIPTORS'} = '4096'; +$proxysettings{'FILEDESCRIPTORS'} = '16384'; $proxysettings{'CACHE_MEM'} = '2'; $proxysettings{'CACHE_SIZE'} = '50'; $proxysettings{'MAX_SIZE'} = '4096'; @@ -359,6 +360,15 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; goto ERROR; } + if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'}))) + { + $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; + goto ERROR; + } + if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) { + $errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'}; + goto ERROR; + } if (!($proxysettings{'UPSTREAM_PROXY'} eq '')) { my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'}); @@ -956,8 +966,8 @@ print <<END <tr> <td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td> <td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td> - <td class='base'>$Lang::tr{'advproxy visible hostname'}: <img src='/blob.gif' alt='*' /></td> - <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td> + <td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:</td> + <td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td> </tr> <tr> END @@ -969,7 +979,8 @@ if ($netsettings{'BLUE_DEV'}) { print "<td colspan='2'> </td>"; } print <<END - <td colspan='2'> </td> + <td class='base'>$Lang::tr{'advproxy visible hostname'}: <img src='/blob.gif' alt='*' /></td> + <td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td> </tr> <tr> END @@ -3078,15 +3089,25 @@ END }
print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}"; - if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" } if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } print FILE "\n";
+ if ($proxysettings{'TRANSPARENT'} eq 'on') { + print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept"; + if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } + print FILE "\n"; + } + if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') { print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}"; - if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') { print FILE " transparent" } if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } print FILE "\n"; + + if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') { + print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept"; + if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } + print FILE "\n"; + } }
if ($proxysettings{'CACHE_SIZE'} > 0) @@ -3457,7 +3478,7 @@ END # Check if squidclamav is enabled. if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') { print FILE "\n#Settings for squidclamav:\n"; - print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'} transparent\n"; + print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n"; print FILE "acl purge method PURGE\n"; print FILE "http_access deny to_localhost\n"; print FILE "http_access allow localhost\n"; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 58dc88e..d85981f 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -244,6 +244,7 @@ 'advproxy errmsg password length 1' => 'Passwort muss mindestens', 'advproxy errmsg password length 2' => ' Zeichen enthalten', 'advproxy errmsg passwords different' => 'Passwörter stimmen nicht überein', +'advproxy errmsg proxy ports equal' => 'Der Proxy-Port darf nicht identisch mit dem transparenten Port sein.', 'advproxy errmsg radius port' => 'Ungültige RADIUS Portnummer', 'advproxy errmsg radius secret' => 'Shared Secret erforderlich', 'advproxy errmsg radius server' => 'Ungültige IP-Adresse für den RADIUS-Server', @@ -281,6 +282,7 @@ 'advproxy on' => 'Proxy an', 'advproxy privacy' => 'Datenschutz', 'advproxy proxy port' => 'Proxy-Port', +'advproxy proxy port transparent' => 'Transparenter Port', 'advproxy ram cache size' => 'Cachegröße im Arbeitsspeicher (MB)', 'advproxy redirector children' => 'Anzahl der Filterprozesse', 'advproxy reset' => 'Zurücksetzen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 94eb828..d6ccfaf 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -244,6 +244,7 @@ 'advproxy errmsg password length 1' => 'Password must have at least ', 'advproxy errmsg password length 2' => ' characters', 'advproxy errmsg passwords different' => 'Passwords don't match', +'advproxy errmsg proxy ports equal' => 'The proxy port and the transparent port cannot be equal.', 'advproxy errmsg radius port' => 'Invalid RADIUS port number', 'advproxy errmsg radius secret' => 'RADIUS shared secret required', 'advproxy errmsg radius server' => 'Invalid IP address for RADIUS Server', @@ -281,6 +282,7 @@ 'advproxy on' => 'Proxy on', 'advproxy privacy' => 'Privacy', 'advproxy proxy port' => 'Proxy port', +'advproxy proxy port transparent' => 'Transparent port', 'advproxy ram cache size' => 'Memory cache size (MB)', 'advproxy redirector children' => 'Number of filter processes', 'advproxy reset' => 'Reset', diff --git a/lfs/apache2 b/lfs/apache2 index c3d9156..f50332b 100644 --- a/lfs/apache2 +++ b/lfs/apache2 @@ -98,6 +98,9 @@ ifeq "$(PASS)" "C" chmod -R 755 /srv/web/ipfire/cgi-bin chmod -R 644 /srv/web/ipfire/html chmod 755 /srv/web/ipfire/html /srv/web/ipfire/html/{index.cgi,redirect.cgi,dial.cgi,images,include,themes,themes/*,themes/*/*} + + # Reset permissions of redirect templates directories + find /srv/web/ipfire/html/redirect-templates -type d | xargs chmod -v 755 else @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 -i $(DIR_DL)/httpd-2.2.2-config-1.patch diff --git a/lfs/squid b/lfs/squid index 4a71b4d..bc0ef71 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 3.3.8 +VER = 3.3.9
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6a8fa0075f2fbdd899ac4c9d95fe67cb +$(DL_FILE)_MD5 = 6c4ba0d63c3a6d94de2da689f361cdab
install : $(TARGET)
@@ -114,7 +114,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-cache-digests \ --enable-forw-via-db \ --enable-htcp \ - --enable-ipf-transparent \ + --enable-linux-netfilter \ --enable-kill-parent-hack \ --disable-wccpv2 \ --enable-icap-client \ diff --git a/src/initscripts/init.d/squid b/src/initscripts/init.d/squid index 62d5bea..c641c7d 100644 --- a/src/initscripts/init.d/squid +++ b/src/initscripts/init.d/squid @@ -15,8 +15,8 @@ transparent() { eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
# If the proxy port is not set we set the default to 800. - if [ -z $PROXY_PORT ]; then - PROXY_PORT=800 + if [ -z "${TRANSPARENT_PORT}" ]; then + TRANSPARENT_PORT=800 fi
LOCALIP=`cat /var/ipfire/red/local-ipaddress | tr -d \n` @@ -43,7 +43,7 @@ transparent() { iptables -t nat -A SQUID -i $1 -p tcp -d $LOCALIP --dport 80 -j RETURN - iptables -t nat -A SQUID -i $1 -p tcp --dport 80 -j REDIRECT --to-port $PROXY_PORT + iptables -t nat -A SQUID -i $1 -p tcp --dport 80 -j REDIRECT --to-port "${TRANSPARENT_PORT}" }
case "$1" in
hooks/post-receive -- IPFire 2.x development tree