This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, core80 has been updated via b3f401fba4b69ea06a1987a971f8f7ff59b3ee33 (commit) via cea4fc3aaf3fb9b776a2209ccdaff6452e099f8e (commit) via 8df091d9680ca0230723fc62b56c9e1d29acb481 (commit) via bc70c8273792c3cbe41edca1a90f62b4ff0666a1 (commit) from 5b861b054576b43e5564289ca08875ee28859cbf (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit b3f401fba4b69ea06a1987a971f8f7ff59b3ee33 Author: Erik Kapfer erik.kapfer@ipfire.org Date: Tue Jul 29 22:29:28 2014 +0200

ids.cgi fix snort rules download url.

fixes: 10579

-----------------------------------------------------------------------

Summary of changes: config/cfgroot/general-functions.pl | 27 +++++++++------------------ config/rootfiles/core/80/filelists/files | 2 ++ html/cgi-bin/ids.cgi | 6 +++--- src/initscripts/init.d/rngd | 10 ++++++++-- 4 files changed, 22 insertions(+), 23 deletions(-)

Difference in files: diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 6994f33..dbac0d7 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -413,9 +413,9 @@ sub getnetworkip #Gets: IP, CIDR (10.10.10.0-255, 24) #Gives: 10.10.10.0 my ($ccdip,$ccdsubnet) = @_; - my $ip_address_binary = &Socket::inet_pton( AF_INET,$ccdip ); - my $netmask_binary = &Socket::inet_pton(AF_INET,&iporsubtodec($ccdsubnet)); - my $network_address = &Socket::inet_ntop( AF_INET,$ip_address_binary & $netmask_binary ); + my $ip_address_binary = inet_aton( $ccdip ); + my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1); + my $network_address = inet_ntoa( $ip_address_binary & $netmask_binary ); return $network_address; }

@@ -773,21 +773,12 @@ sub validportrange # used to check a port range # Return: TRUE/FALSE sub IpInSubnet { - my $addr = shift; - my $network = shift; - my $netmask = shift; - - my $addr_num = &Socket::inet_pton(AF_INET,$addr); - my $network_num = &Socket::inet_pton(AF_INET,$network); - my $netmask_num = &Socket::inet_pton(AF_INET,$netmask); - - # Find start address - my $network_start = $network_num & $netmask_num; - - # Find end address - my $network_end = $network_start ^ ~$netmask_num; - - return (($addr_num ge $network_start) && ($addr_num le $network_end)); + my $ip = unpack('N', &Socket::inet_aton(shift)); + my $start = unpack('N', &Socket::inet_aton(shift)); + my $mask = unpack('N', &Socket::inet_aton(shift)); + $start &= $mask; # base of subnet... + my $end = $start + ~$mask; + return (($ip >= $start) && ($ip <= $end)); }

# diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files index 5f4c42c..cdddaac 100644 --- a/config/rootfiles/core/80/filelists/files +++ b/config/rootfiles/core/80/filelists/files @@ -6,7 +6,9 @@ etc/rc.d/init.d/dhcrelay etc/rc.d/init.d/dnsmasq etc/rc.d/init.d/firewall etc/rc.d/init.d/networking/red.up/30-ddns +etc/rc.d/init.d/rngd srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat srv/web/ipfire/cgi-bin/logs.cgi/log.dat srv/web/ipfire/cgi-bin/netexternal.cgi diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 5a28daa..ff72b78 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -263,11 +263,11 @@ if (-e "/etc/snort/snort.conf") { ####################### End added for snort rules control #################################

if ($snortsettings{'RULES'} eq 'subscripted') { - $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2961.tar.gz/$snortsetting..."; + $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snorts..."; } elsif ($snortsettings{'RULES'} eq 'registered') { - $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/$snortsetting..."; + $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snorts..."; } elsif ($snortsettings{'RULES'} eq 'community') { - $url=" http://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz"; + $url=" https://www.snort.org/rules/community"; } else { $url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz"; } diff --git a/src/initscripts/init.d/rngd b/src/initscripts/init.d/rngd index 22437fd..df4aa7d 100644 --- a/src/initscripts/init.d/rngd +++ b/src/initscripts/init.d/rngd @@ -28,12 +28,18 @@ case "${1}" in fi

boot_mesg "Starting Random Number Generator Daemon..." - loadproc /usr/sbin/rngd --no-tpm=1 + + if pidofproc /usr/sbin/rngd &>/dev/null; then + # Is already running. + echo_ok + else + loadproc /usr/sbin/rngd --no-tpm=1 + fi ;;

stop) boot_mesg "Stopping Random Number Generator Daemon..." - killproc /usr/sbin/rngd + killproc -p /var/run/rngd.pid /usr/sbin/rngd ;;

restart)

hooks/post-receive -- IPFire 2.x development tree