This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via adc2aa5f67dfcc537bb0c0acc4136b69cd62b8e0 (commit) via eea288bc1a55ac99cac868b00367999455cecde5 (commit) via abffcc99adab8311e9421c8203a82d65b7c5ea1c (commit) via f1d98a1c3fb2459cf481e9330d113a958be35e58 (commit) from 502f6c63a3120a85ca855ec9aaec9c6cb90cbefd (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit adc2aa5f67dfcc537bb0c0acc4136b69cd62b8e0 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 25 19:34:16 2021 +0000
core154: Ship updated perl files
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit eea288bc1a55ac99cac868b00367999455cecde5 Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Sun Jan 17 15:20:04 2021 +0100
network-functions.pl: Improve zone configuration functions
Cache ethernet configuration in public variable "ethernet_settings", add functions to simplify working with the network configuration.
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit abffcc99adab8311e9421c8203a82d65b7c5ea1c Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Sun Jan 17 15:20:03 2021 +0100
Refactor "get_available_network_zones", move to network-functions.pl
This function nicely translates the ethernet/settings "CONFIG_TYPE" into a list of available zones. Therefore it should be more accessible!
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f1d98a1c3fb2459cf481e9330d113a958be35e58 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jan 21 14:35:16 2021 +0100
make: update to 4.3
this this needed to build on systems with kernel >=5.5
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/ids-functions.pl | 39 +---------------- config/cfgroot/network-functions.pl | 66 ++++++++++++++++++++++++++++ config/rootfiles/core/154/filelists/files | 4 ++ config/suricata/convert-snort | 3 +- html/cgi-bin/ids.cgi | 3 +- lfs/make | 10 ++--- src/patches/make-4.2.1-glob-SEGV.patch | 67 ----------------------------- src/patches/make-4.2.1-glob-build-fix.patch | 11 ----- 8 files changed, 80 insertions(+), 123 deletions(-) delete mode 100644 src/patches/make-4.2.1-glob-SEGV.patch delete mode 100644 src/patches/make-4.2.1-glob-build-fix.patch
Difference in files: diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d45e1c70a..2fdae4a7a 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -24,6 +24,7 @@ package IDS;
require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/network-functions.pl";
# Location where all config and settings files are stored. our $settingsdir = "${General::swroot}/suricata"; @@ -410,42 +411,6 @@ sub _store_error_message ($) { &set_ownership("$storederrorfile"); }
-# -## Function to get a list of all available network zones. -# -sub get_available_network_zones () { - # Get netsettings. - my %netsettings = (); - &General::readhash("${General::swroot}/ethernet/settings", %netsettings); - - # Obtain the configuration type from the netsettings hash. - my $config_type = $netsettings{'CONFIG_TYPE'}; - - # Hash which contains the conversation from the config mode - # to the existing network interface names. They are stored like - # an array. - # - # Mode "0" red is a modem and green - # Mode "1" red is a netdev and green - # Mode "2" red, green and orange - # Mode "3" red, green and blue - # Mode "4" red, green, blue, orange - my %config_type_to_interfaces = ( - "0" => [ "red", "green" ], - "1" => [ "red", "green" ], - "2" => [ "red", "green", "orange" ], - "3" => [ "red", "green", "blue" ], - "4" => [ "red", "green", "blue", "orange" ] - ); - - # Obtain and dereference the corresponding network interaces based on the read - # network config type. - my @network_zones = @{ $config_type_to_interfaces{$config_type} }; - - # Return them. - return @network_zones; -} - # ## Function to check if the IDS is running. # @@ -613,7 +578,7 @@ sub generate_home_net_file() { &General::readhash("${General::swroot}/ethernet/settings", %netsettings);
# Get available network zones. - my @network_zones = &get_available_network_zones(); + my @network_zones = &Network::get_available_network_zones();
# Temporary array to store network address and prefix of the configured # networks. diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index 3d7f04743..7bd6466e0 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -27,6 +27,14 @@ require "/var/ipfire/general-functions.pl";
use Socket;
+# System ethernet configuration +our %ethernet_settings = (); +&General::readhash("${General::swroot}/ethernet/settings", %ethernet_settings); + +# List of all possible network zones that can be configured +our @known_network_zones = ("red", "green", "orange", "blue"); + +# IPv4 netmask CIDR to dotted decimal notation conversion table my %PREFIX2NETMASK = ( 32 => "255.255.255.255", 31 => "255.255.255.254", @@ -444,6 +452,64 @@ sub get_mac_by_name($) { return $mac; }
+# +## Function to get a list of all available network zones. +# +sub get_available_network_zones () { + # Obtain the configuration type from the netsettings hash. + my $config_type = $ethernet_settings{'CONFIG_TYPE'}; + + # Hash which contains the conversation from the config mode + # to the existing network interface names. They are stored like + # an array. + # + # Mode "0" red is a modem and green + # Mode "1" red is a netdev and green + # Mode "2" red, green and orange + # Mode "3" red, green and blue + # Mode "4" red, green, blue, orange + my %config_type_to_interfaces = ( + "0" => [ "red", "green" ], + "1" => [ "red", "green" ], + "2" => [ "red", "green", "orange" ], + "3" => [ "red", "green", "blue" ], + "4" => [ "red", "green", "blue", "orange" ] + ); + + # Obtain and dereference the corresponding network interaces based on the read + # network config type. + my @network_zones = @{ $config_type_to_interfaces{$config_type} }; + + # Return them. + return @network_zones; +} + +# +## Function to check if a network zone is available in the current configuration +# +sub is_zone_available() { + my $zone = lc shift; + + # Make sure the zone is valid + die("Unknown network zone '$zone'") unless ($zone ~~ @known_network_zones); + + # Get available zones and return result + my @available_zones = get_available_network_zones(); + return ($zone ~~ @available_zones); +} + +# +## Function to determine if the RED zone is in standard IP (or modem, PPP, VDSL, ...) mode +# +sub is_red_mode_ip() { + # Obtain the settings from the netsettings hash + my $config_type = $ethernet_settings{'CONFIG_TYPE'}; + my $red_type = $ethernet_settings{'RED_TYPE'}; + + # RED must be a network device (configuration 1-4) with dynamic or static IP + return (($config_type ~~ [1..4]) && ($red_type ~~ ["DHCP", "STATIC"])); +} + 1;
# Remove the next line to enable the testsuite diff --git a/config/rootfiles/core/154/filelists/files b/config/rootfiles/core/154/filelists/files index ec58127a2..b4ab41790 100644 --- a/config/rootfiles/core/154/filelists/files +++ b/config/rootfiles/core/154/filelists/files @@ -14,6 +14,7 @@ srv/web/ipfire/cgi-bin/dhcp.cgi srv/web/ipfire/cgi-bin/extrahd.cgi srv/web/ipfire/cgi-bin/gpl.cgi srv/web/ipfire/cgi-bin/hardwaregraphs.cgi +srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/optionsfw.cgi srv/web/ipfire/cgi-bin/pakfire.cgi srv/web/ipfire/cgi-bin/remote.cgi @@ -21,7 +22,10 @@ srv/web/ipfire/cgi-bin/services.cgi srv/web/ipfire/cgi-bin/wirelessclient.cgi usr/local/bin/ipsec-interfaces usr/local/bin/sshctrl +usr/sbin/convert-snort var/ipfire/extrahd/bin/extrahd.pl var/ipfire/general-functions.pl +var/ipfire/ids-functions.pl +var/ipfire/network-functions.pl var/ipfire/header.pl var/ipfire/langs diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort index 3e938137e..7d75233b4 100644 --- a/config/suricata/convert-snort +++ b/config/suricata/convert-snort @@ -23,6 +23,7 @@ use strict;
require '/var/ipfire/general-functions.pl'; require "${General::swroot}/ids-functions.pl"; +require "${General::swroot}/network-functions.pl";
# Snort settings file, which contains the settings from the WUI. my $snort_settings_file = "${General::swroot}/snort/settings"; @@ -129,7 +130,7 @@ my %rulessettings = ( );
# Get all available network zones. -my @network_zones = &IDS::get_available_network_zones(); +my @network_zones = &Network::get_available_network_zones();
# Read-in snort settings file. &General::readhash("$snort_settings_file", %snortsettings); diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index bc31a341f..83d5f52ba 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -29,6 +29,7 @@ require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "${General::swroot}/ids-functions.pl"; +require "${General::swroot}/network-functions.pl";
my %color = (); my %mainsettings = (); @@ -47,7 +48,7 @@ my %ignored=();
# Get the available network zones, based on the config type of the system and store # the list of zones in an array. -my @network_zones = &IDS::get_available_network_zones(); +my @network_zones = &Network::get_available_network_zones();
# Check if openvpn is started and add it to the array of network zones. if ( -e "/var/run/openvpn.pid") { diff --git a/lfs/make b/lfs/make index 971b705df..f6ba0ccd6 100644 --- a/lfs/make +++ b/lfs/make @@ -24,14 +24,14 @@
include Config
-VER = 4.2.1 +VER = 4.3
THISAPP = make-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) PROG = make -PAK_VER = 4 +PAK_VER = 5
DEPS =
@@ -55,7 +55,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 15b012617e7c44c0ed482721629577ac +$(DL_FILE)_MD5 = fc7a67ea86ace13195b0bce683fd4469
install : $(TARGET)
@@ -88,8 +88,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/make-4.2.1-glob-build-fix.patch - cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/make-4.2.1-glob-SEGV.patch cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP) && ./configure --prefix=$(PREFIX) --disable-nls cd $(DIR_APP) && make $(MAKETUNING) diff --git a/src/patches/make-4.2.1-glob-SEGV.patch b/src/patches/make-4.2.1-glob-SEGV.patch deleted file mode 100644 index 911e3152e..000000000 --- a/src/patches/make-4.2.1-glob-SEGV.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 193f1e81edd6b1b56b0eb0ff8aa4b41c7b4257b4 Mon Sep 17 00:00:00 2001 -From: Paul Eggert eggert@cs.ucla.edu -Date: Sun, 24 Sep 2017 09:12:58 -0400 -Subject: glob: Do not assume glibc glob internals. - -It has been proposed that glibc glob start using gl_lstat, -which the API allows it to do. GNU 'make' should not get in -the way of this. See: -https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html - -* dir.c (local_lstat): New function, like local_stat. -(dir_setup_glob): Use it to initialize gl_lstat too, as the API -requires. ---- - dir.c | 29 +++++++++++++++++++++++++++-- - 1 file changed, 27 insertions(+), 2 deletions(-) - -diff --git a/dir.c b/dir.c -index adbb8a9..c343e4c 100644 ---- a/dir.c -+++ b/dir.c -@@ -1299,15 +1299,40 @@ local_stat (const char *path, struct stat *buf) - } - #endif - -+/* Similarly for lstat. */ -+#if !defined(lstat) && !defined(WINDOWS32) || defined(VMS) -+# ifndef VMS -+# ifndef HAVE_SYS_STAT_H -+int lstat (const char *path, struct stat *sbuf); -+# endif -+# else -+ /* We are done with the fake lstat. Go back to the real lstat */ -+# ifdef lstat -+# undef lstat -+# endif -+# endif -+# define local_lstat lstat -+#elif defined(WINDOWS32) -+/* Windows doesn't support lstat(). */ -+# define local_lstat local_stat -+#else -+static int -+local_lstat (const char *path, struct stat *buf) -+{ -+ int e; -+ EINTRLOOP (e, lstat (path, buf)); -+ return e; -+} -+#endif -+ - void - dir_setup_glob (glob_t *gl) - { - gl->gl_opendir = open_dirstream; - gl->gl_readdir = read_dirstream; - gl->gl_closedir = free; -+ gl->gl_lstat = local_lstat; - gl->gl_stat = local_stat; -- /* We don't bother setting gl_lstat, since glob never calls it. -- The slot is only there for compatibility with 4.4 BSD. */ - } - - void --- -cgit v1.0-41-gc330 - diff --git a/src/patches/make-4.2.1-glob-build-fix.patch b/src/patches/make-4.2.1-glob-build-fix.patch deleted file mode 100644 index d5303b053..000000000 --- a/src/patches/make-4.2.1-glob-build-fix.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- make-4.2.1/configure.ac~ 2018-02-08 12:31:17.105922978 +0000 -+++ make-4.2.1/configure.ac 2018-02-08 12:31:35.249509647 +0000 -@@ -402,7 +402,7 @@ AC_CACHE_CHECK([if system libc has GNU g - #define GLOB_INTERFACE_VERSION 1 - #if !defined _LIBC && defined __GNU_LIBRARY__ && __GNU_LIBRARY__ > 1 - # include <gnu-versions.h> --# if _GNU_GLOB_INTERFACE_VERSION == GLOB_INTERFACE_VERSION -+# if _GNU_GLOB_INTERFACE_VERSION >= GLOB_INTERFACE_VERSION - gnu glob - # endif - #endif],
hooks/post-receive -- IPFire 2.x development tree