This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via bf0aa7f25b3748190565e784c55c2867ee70da37 (commit) via 76d514cf5bc5df3cda8655d2aa83dbe2cc8f8c2f (commit) via d4c12742904f8b1a4fb4d42c3892ebf4b18e6ab4 (commit) via 13460523499291ed47e0c99eb369ff18a08f1d23 (commit) via 6ad7785b1d4a1f301c7e5c291cf8fa2b201c4406 (commit) via 28b9c97651023355dce2b0653eedefea8e72d0d3 (commit) from 70ccbf30f34e47563dae9487a339e50f7ceaccf9 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit bf0aa7f25b3748190565e784c55c2867ee70da37 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue May 23 13:50:07 2023 +0200
suricata: Update to 6.0.12
"6.0.12 -- 2023-05-08
Bug #6040: tcp: failed assertion ASSERT: !(ssn->state != TCP_SYN_SENT) (6.0.x backport) Bug #6039: TCP resets have incorrect len, nh in IPv6 (6.0.x backport) Bug #6034: time: integer comparison with different signs (6.0.x backport) Bug #6031: af-packet: reload not occurring until packets are seen (6.0.x backport) Bug #6020: smtp: fuzz debug assertion trigger (6.0.x backport) Bug #6018: scan-build warning for mime decoder (6.0.x backport) Bug #6017: scan-build warnings for ac implementations (6.0.x backport) Bug #6016: scan-build warnings in radix implementation (6.0.x backport) Bug #6015: scan-build warning for detect sigordering (6.0.x backport) Bug #6014: scan-build warnings for detect address handling (6.0.x backport) Bug #6013: scan-build warning for detect port handling (6.0.x backport) Bug #6007: Unexpected behavior of `endswith` in combination with negated content matches (6.0.x backport) Bug #5999: exception/policy: make work with simulated flow memcap (6.0.x backport) Bug #5997: perf shows excessive time in IPOnlyMatchPacket (6.0.x backport) Bug #5980: rust: warning for future compile errors Bug #5961: smb: wrong endian conversion when parse NTLM Negotiate Flags (6.0.x backport) Bug #5958: bpf: postpone IPS check after IPS runmode is determined from the configuration file (6.0.x backport) Bug #5934: app-layer-htp: Condition depending on enabled IPS mode never true (6.0.x backport) Optimization #6033: detect using uninitialized engine mode (6.0.x backport) Feature #5996: Add support for 'inner' PF_RING clustering modes (6.0.x backport) Task #6052: github-ci: add windows + windivert build (6.0.x backport)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
commit 76d514cf5bc5df3cda8655d2aa83dbe2cc8f8c2f Author: Michael Tremer michael.tremer@ipfire.org Date: Fri May 26 14:27:31 2023 +0000
core175: Remove file that has been deleted through reverts
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d4c12742904f8b1a4fb4d42c3892ebf4b18e6ab4 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri May 26 14:27:08 2023 +0000
Revert "web-user-interface: Addition of new icon for secure connection certificate download"
This reverts commit 18bece0edbd817933f48fdbffcffffd074e42c05.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 13460523499291ed47e0c99eb369ff18a08f1d23 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri May 26 14:26:50 2023 +0000
Revert "en.pl: Update to language wording for secure connection icon"
This reverts commit 070abb0d011ff71e5aefd170dcb366d81bdf2497.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6ad7785b1d4a1f301c7e5c291cf8fa2b201c4406 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri May 26 14:26:31 2023 +0000
Revert "de.pl: Change language text for secure icon wording"
This reverts commit 82822934ba769bca4235cd2a02f848cdc8511120.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 28b9c97651023355dce2b0653eedefea8e72d0d3 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri May 26 14:26:16 2023 +0000
Revert "ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password"
This reverts commit 762c88ec4d85e3a4f7265b887f054cbe7703eb7c.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/web-user-interface | 1 - config/rootfiles/core/175/filelists/files | 1 - html/cgi-bin/ovpnmain.cgi | 72 +++++++++------------ html/html/images/openvpn_encrypted.png | Bin 7004 -> 0 bytes langs/de/cgi-bin/de.pl | 2 +- langs/en/cgi-bin/en.pl | 2 +- lfs/suricata | 4 +- ....0.8-fix-level1-cache-line-size-detection.patch | 2 +- .../suricata/suricata-disable-sid-2210059.patch | 2 +- 9 files changed, 36 insertions(+), 50 deletions(-) delete mode 100644 html/html/images/openvpn_encrypted.png
Difference in files: diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index 6c2a40cc2..52f879d35 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -235,7 +235,6 @@ srv/web/ipfire/html/images/off.gif srv/web/ipfire/html/images/on.gif srv/web/ipfire/html/images/openvpn.gif srv/web/ipfire/html/images/openvpn.png -srv/web/ipfire/html/images/openvpn_encrypted.png srv/web/ipfire/html/images/package-x-generic.png srv/web/ipfire/html/images/printer-error.png srv/web/ipfire/html/images/printer.png diff --git a/config/rootfiles/core/175/filelists/files b/config/rootfiles/core/175/filelists/files index 01a32e672..8b36d5847 100644 --- a/config/rootfiles/core/175/filelists/files +++ b/config/rootfiles/core/175/filelists/files @@ -85,6 +85,5 @@ lib/firmware/rtw89/rtw8852b_fw-1.bin srv/web/ipfire/cgi-bin/backup.cgi srv/web/ipfire/cgi-bin/logs.cgi/log.dat srv/web/ipfire/cgi-bin/ovpnmain.cgi -srv/web/ipfire/html/images/openvpn_encrypted.png usr/lib/dracut/dracut.conf.d/ipfire.conf usr/lib/firewall/rules.pl diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 5b0accf3f..5c4fad0a5 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4327,14 +4327,8 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[39] = $cgiparams{'DAUTH'}; $confighash{$key}[40] = $cgiparams{'DCIPHER'};
- if ($confighash{$key}[41] eq "") { - if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) { - $confighash{$key}[41] = "no-pass"; - } elsif (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} ne "")) { - $confighash{$key}[41] = "pass"; - } elsif ($cgiparams{'TYPE'} eq 'net') { - $confighash{$key}[41] = "no-pass"; - } + if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) { + $confighash{$key}[41] = "no-pass"; }
$confighash{$key}[42] = 'HOTP/T30/6'; @@ -5476,24 +5470,20 @@ END }
- if ($confighash{$key}[41] eq "pass") { - print <<END; - <td align='center' $col1>$active</td> + print <<END; + <td align='center' $col1>$active</td>
- <form method='post' name='frm${key}a'><td align='center' $col> - <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn_encrypted.png' - alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' /> - <input type='hidden' name='MODE' value='secure' /> - <input type='hidden' name='KEY' value='$key' /> - </td></form> + <form method='post' name='frm${key}a'><td align='center' $col> + <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' /> + <input type='hidden' name='KEY' value='$key' /> + </td></form> END + ;
- ; } elsif ($confighash{$key}[41] eq "no-pass") { + if ($confighash{$key}[41] eq "no-pass") { print <<END; - <td align='center' $col1>$active</td> - - <form method='post' name='frm${key}a'><td align='center' $col> + <form method='post' name='frm${key}g'><td align='center' $col> <input type='image' name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' /> <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' /> @@ -5501,7 +5491,7 @@ END <input type='hidden' name='KEY' value='$key' /> </td></form> END - ; } else { + } else { print "<td $col> </td>"; }
@@ -5577,32 +5567,30 @@ END # If the config file contains entries, print Key to action icons if ( $id ) { print <<END; - <table width='85%' border='0'> - <tr> + <table border='0'> + <tr> <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> - <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td> - <td class='base'>$Lang::tr{'dl client arch insecure'}</td> - <td> <img src='/images/openvpn_encrypted.png' alt='?RELOAD'/></td> - <td class='base'>$Lang::tr{'dl client arch'}</td> + <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> + <td class='base'>$Lang::tr{'click to disable'}</td> <td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td> <td class='base'>$Lang::tr{'show certificate'}</td> - <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td> - <td class='base'>$Lang::tr{'show otp qrcode'}</td> - </tr> - <tr> - <td> </td> - <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td> - <td class='base'>$Lang::tr{'download certificate'}</td> - <td> <img src='/images/off.gif' alt='?OFF' /></td> - <td class='base'>$Lang::tr{'click to enable'}</td> - <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> - <td class='base'>$Lang::tr{'click to disable'}</td> <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td> <td class='base'>$Lang::tr{'edit'}</td> <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td> <td class='base'>$Lang::tr{'remove'}</td> - </tr> - </table><br> + </tr> + <tr> + <td> </td> + <td> <img src='/images/off.gif' alt='?OFF' /></td> + <td class='base'>$Lang::tr{'click to enable'}</td> + <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td> + <td class='base'>$Lang::tr{'download certificate'}</td> + <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td> + <td class='base'>$Lang::tr{'dl client arch'}</td> + <td> <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td> + <td class='base'>$Lang::tr{'show otp qrcode'}</td> + </tr> + </table><br> END ; } diff --git a/html/html/images/openvpn_encrypted.png b/html/html/images/openvpn_encrypted.png deleted file mode 100644 index 873c6c461..000000000 Binary files a/html/html/images/openvpn_encrypted.png and /dev/null differ diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index b9665e62d..33730f0c3 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -817,7 +817,7 @@ 'display hostname in window title' => 'Hostname im Fenstertitel anzeigen', 'display traffic at home' => 'Berechneten Traffic auf der Startseite anzeigen', 'display webinterface effects' => 'Überblendeffekte einschalten', -'dl client arch' => 'Verschlüsseltes Client Paket herunterladen (zip)', +'dl client arch' => 'Client Paket herunterladen (zip)', 'dl client arch insecure' => 'Ungesichertes Client-Paket herunterladen (zip)', 'dmz' => 'DMZ', 'dmz pinhole configuration' => 'Einstellungen des DMZ-Schlupfloches', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 7b1670494..729516538 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -859,7 +859,7 @@ 'display hostname in window title' => 'Display hostname in window title', 'display traffic at home' => 'Display calculated traffic on startpage', 'display webinterface effects' => 'Activate effects', -'dl client arch' => 'Download Encrypted Client Package (zip)', +'dl client arch' => 'Download Client Package (zip)', 'dl client arch insecure' => 'Download insecure Client Package (zip)', 'dmz' => 'DMZ', 'dmz pinhole configuration' => 'DMZ pinhole configuration', diff --git a/lfs/suricata b/lfs/suricata index 75698b0b1..b28d5e3e7 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@
include Config
-VER = 6.0.11 +VER = 6.0.12
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 41b37168e6c50b32971ad8c0541f3bc1981152c8360bbfc261a9abab5dc229425bef92fe19db5d0ec7cf32abff71acca62934c411aea79f5c8f9b38bd6422ee4 +$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6
install : $(TARGET)
diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch index 5aaabb167..f1529812d 100644 --- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch +++ b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch @@ -2,7 +2,7 @@ diff --git a/configure.ac b/configure.ac index d56d3a550..81abf8f00 100644 --- a/configure.ac +++ b/configure.ac -@@ -2390,7 +2390,7 @@ fi +@@ -2424,7 +2424,7 @@ fi AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no") if test "$HAVE_GETCONF_CMD" != "no"; then CLS=$(getconf LEVEL1_DCACHE_LINESIZE) diff --git a/src/patches/suricata/suricata-disable-sid-2210059.patch b/src/patches/suricata/suricata-disable-sid-2210059.patch index 54747dfd2..8955eec5e 100644 --- a/src/patches/suricata/suricata-disable-sid-2210059.patch +++ b/src/patches/suricata/suricata-disable-sid-2210059.patch @@ -1,7 +1,7 @@ diff -Nur a/rules/stream-events.rules b/rules/stream-events.rules --- a/rules/stream-events.rules 2021-11-17 16:55:12.000000000 +0100 +++ b/rules/stream-events.rules 2021-12-08 18:12:39.850189502 +0100 -@@ -89,7 +89,7 @@ +@@ -97,7 +97,7 @@ # rule to alert if a stream has excessive retransmissions alert tcp any any -> any any (msg:"SURICATA STREAM excessive retransmissions"; flowbits:isnotset,tcp.retransmission.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retransmission.alerted; classtype:protocol-command-decode; sid:2210054; rev:1;) # Packet on wrong thread. Fires at most once per flow.
hooks/post-receive -- IPFire 2.x development tree