This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via e967871e8f2f585feff7c42786815ff6e8784774 (commit) via 08caa596fa2a92152b3d9e2c3b7f6e01cc4f39c9 (commit) via e24daa08fa4f421765d9001a97f9492ae6b9ac9f (commit) via cdc82a993af684a528c7bf2bbfcaf01c983b7783 (commit) via ce1c170b0c38015c88d2ff2966853d7cd6d65952 (commit) via ddc5602ac6674b5ede85068bcad16528199d2bfe (commit) via 010d4a85a94d0b78a214032945652a6105771f50 (commit) via 43c3a386d188c28fb925ff3e40bfec9f39cc935c (commit) via 75faf7ac4fe580bdb707ea7024a64f4c301b009e (commit) via 6e7c8a3303c60aee8a779f86d836cd0afc2b561b (commit) via 7af7ced6fc7f308e5f9ba4aa6c751f64371b38f0 (commit) from c33a6e7103b191efbff2590976e36bb4cfde47e7 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit e967871e8f2f585feff7c42786815ff6e8784774 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Apr 20 14:21:46 2019 +0100
Update contributors
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 08caa596fa2a92152b3d9e2c3b7f6e01cc4f39c9 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Apr 20 14:20:06 2019 +0100
core132: Ship WPAD/proxy changes
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e24daa08fa4f421765d9001a97f9492ae6b9ac9f Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Apr 20 14:18:17 2019 +0100
Update translation
Fix some apostrophe and spelling errors
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cdc82a993af684a528c7bf2bbfcaf01c983b7783 Author: Alexander Koch ipfire@starkstromkonsument.de Date: Sun Apr 21 23:56:59 2019 +0200
squid / WPAD: Add Wiki-Link for required further adjustments to GUI
This patch adds a notice with a link to the Wiki-page https://wiki.ipfire.org/configuration/network/proxy/extend/wpad to the new WebGUI-Setion to make the user aware of the fact, that WPAD will only work correctly if he makes further adjustments:
- Add DHCP-Options for WPAD via DHCP - Add HOST-Entries to DNS and Apache-vhost or haproxy-frontend/backend or firewall-redirect for WPAD via DNS
These additional options depend on the users environment and can not be shipped by default as they might break the users setups.
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ce1c170b0c38015c88d2ff2966853d7cd6d65952 Author: Alexander Koch ipfire@starkstromkonsument.de Date: Sun Apr 21 23:56:58 2019 +0200
squid / WPAD: Add GUI for exception-files for generation of proxy.pac
This patch adds the missing Web-GUI for the WPAD-Exceptions to proxy.cgi
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ddc5602ac6674b5ede85068bcad16528199d2bfe Author: Alexander Koch ipfire@starkstromkonsument.de Date: Sun Apr 14 12:08:43 2019 +0200
squid / WPAD: Add exception-files for generation of proxy.pac
This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl - /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 010d4a85a94d0b78a214032945652a6105771f50 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sat Apr 13 15:55:16 2019 +0100
Enable seccomp support for qemu
Fixes: #11941
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 43c3a386d188c28fb925ff3e40bfec9f39cc935c Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sat Apr 13 15:55:15 2019 +0100
Add new package libseccomp
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 75faf7ac4fe580bdb707ea7024a64f4c301b009e Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Apr 20 14:10:12 2019 +0100
core132: Ship changed suricata configuration
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6e7c8a3303c60aee8a779f86d836cd0afc2b561b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Apr 21 09:26:45 2019 +0200
suricata: Disable stats.log
This log is mainly needed for debugging the IPS. It writes some stats every couple of seconds and will create some load on SD cards and other cheap storage that we do not need.
Fixes #12056.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7af7ced6fc7f308e5f9ba4aa6c751f64371b38f0 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Apr 20 14:07:43 2019 +0100
Start Core Update 132
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/{131 => 132}/exclude | 0 config/rootfiles/core/132/filelists/files | 6 + .../rootfiles/{oldcore/130 => core/132}/update.sh | 6 +- config/rootfiles/{core => oldcore}/131/exclude | 0 .../{core => oldcore}/131/filelists/Net_SSLeay | 0 .../{core => oldcore}/131/filelists/aarch64/linux | 0 .../131/filelists/aarch64/linux-initrd | 0 .../{core => oldcore}/131/filelists/apache2 | 0 .../131/filelists/armv5tel/linux-initrd-kirkwood | 0 .../131/filelists/armv5tel/linux-initrd-multi | 0 .../131/filelists/armv5tel/linux-kirkwood | 0 .../131/filelists/armv5tel/linux-multi | 0 .../{core => oldcore}/131/filelists/collectd | 0 .../{core => oldcore}/131/filelists/files | 0 .../{core => oldcore}/131/filelists/gnutls | 0 .../{core => oldcore}/131/filelists/i586/linux | 0 .../131/filelists/i586/linux-initrd | 0 .../131/filelists/ids-ruleset-sources | 0 .../{core => oldcore}/131/filelists/libcap-ng | 0 .../{core => oldcore}/131/filelists/libhtp | 0 .../rootfiles/{core => oldcore}/131/filelists/lua | 0 .../{core => oldcore}/131/filelists/nettle | 0 .../rootfiles/{core => oldcore}/131/filelists/ntp | 0 .../{core => oldcore}/131/filelists/oinkmaster | 0 .../{core => oldcore}/131/filelists/rrdtool | 0 .../{core => oldcore}/131/filelists/setup | 0 .../{core => oldcore}/131/filelists/suricata | 0 .../{core => oldcore}/131/filelists/unbound | 0 .../rootfiles/{core => oldcore}/131/filelists/wget | 0 .../{core => oldcore}/131/filelists/wireless-regdb | 0 .../{core => oldcore}/131/filelists/x86_64/linux | 0 .../131/filelists/x86_64/linux-initrd | 0 .../rootfiles/{core => oldcore}/131/filelists/yaml | 0 config/rootfiles/{core => oldcore}/131/update.sh | 0 config/rootfiles/packages/libseccomp | 34 +++++ config/suricata/suricata.yaml | 2 +- doc/language_issues.en | 8 ++ doc/language_issues.es | 8 ++ doc/language_issues.fr | 8 ++ doc/language_issues.it | 8 ++ doc/language_issues.nl | 8 ++ doc/language_issues.pl | 8 ++ doc/language_issues.ru | 8 ++ doc/language_issues.tr | 8 ++ doc/language_missings | 56 ++++++++ html/cgi-bin/credits.cgi | 2 +- html/cgi-bin/proxy.cgi | 147 +++++++++++++++++++++ langs/de/cgi-bin/de.pl | 8 ++ langs/en/cgi-bin/en.pl | 8 ++ lfs/{faad2 => libseccomp} | 16 +-- lfs/qemu | 6 +- make.sh | 3 +- 52 files changed, 340 insertions(+), 18 deletions(-) copy config/rootfiles/core/{131 => 132}/exclude (100%) create mode 100644 config/rootfiles/core/132/filelists/files copy config/rootfiles/{oldcore/130 => core/132}/update.sh (96%) rename config/rootfiles/{core => oldcore}/131/exclude (100%) rename config/rootfiles/{core => oldcore}/131/filelists/Net_SSLeay (100%) rename config/rootfiles/{core => oldcore}/131/filelists/aarch64/linux (100%) rename config/rootfiles/{core => oldcore}/131/filelists/aarch64/linux-initrd (100%) rename config/rootfiles/{core => oldcore}/131/filelists/apache2 (100%) rename config/rootfiles/{core => oldcore}/131/filelists/armv5tel/linux-initrd-kirkwood (100%) rename config/rootfiles/{core => oldcore}/131/filelists/armv5tel/linux-initrd-multi (100%) rename config/rootfiles/{core => oldcore}/131/filelists/armv5tel/linux-kirkwood (100%) rename config/rootfiles/{core => oldcore}/131/filelists/armv5tel/linux-multi (100%) rename config/rootfiles/{core => oldcore}/131/filelists/collectd (100%) rename config/rootfiles/{core => oldcore}/131/filelists/files (100%) rename config/rootfiles/{core => oldcore}/131/filelists/gnutls (100%) rename config/rootfiles/{core => oldcore}/131/filelists/i586/linux (100%) rename config/rootfiles/{core => oldcore}/131/filelists/i586/linux-initrd (100%) rename config/rootfiles/{core => oldcore}/131/filelists/ids-ruleset-sources (100%) rename config/rootfiles/{core => oldcore}/131/filelists/libcap-ng (100%) rename config/rootfiles/{core => oldcore}/131/filelists/libhtp (100%) rename config/rootfiles/{core => oldcore}/131/filelists/lua (100%) rename config/rootfiles/{core => oldcore}/131/filelists/nettle (100%) rename config/rootfiles/{core => oldcore}/131/filelists/ntp (100%) rename config/rootfiles/{core => oldcore}/131/filelists/oinkmaster (100%) rename config/rootfiles/{core => oldcore}/131/filelists/rrdtool (100%) rename config/rootfiles/{core => oldcore}/131/filelists/setup (100%) rename config/rootfiles/{core => oldcore}/131/filelists/suricata (100%) rename config/rootfiles/{core => oldcore}/131/filelists/unbound (100%) rename config/rootfiles/{core => oldcore}/131/filelists/wget (100%) rename config/rootfiles/{core => oldcore}/131/filelists/wireless-regdb (100%) rename config/rootfiles/{core => oldcore}/131/filelists/x86_64/linux (100%) rename config/rootfiles/{core => oldcore}/131/filelists/x86_64/linux-initrd (100%) rename config/rootfiles/{core => oldcore}/131/filelists/yaml (100%) rename config/rootfiles/{core => oldcore}/131/update.sh (100%) create mode 100644 config/rootfiles/packages/libseccomp copy lfs/{faad2 => libseccomp} (93%)
Difference in files: diff --git a/config/rootfiles/core/131/exclude b/config/rootfiles/core/132/exclude similarity index 100% rename from config/rootfiles/core/131/exclude rename to config/rootfiles/core/132/exclude diff --git a/config/rootfiles/core/132/filelists/files b/config/rootfiles/core/132/filelists/files new file mode 100644 index 000000000..52e26c375 --- /dev/null +++ b/config/rootfiles/core/132/filelists/files @@ -0,0 +1,6 @@ +etc/system-release +etc/issue +etc/suricata/suricata.yaml +srv/web/ipfire/cgi-bin/credits.cgi +srv/web/ipfire/cgi-bin/proxy.cgi +var/ipfire/lang diff --git a/config/rootfiles/core/132/update.sh b/config/rootfiles/core/132/update.sh new file mode 100644 index 000000000..53db5cb96 --- /dev/null +++ b/config/rootfiles/core/132/update.sh @@ -0,0 +1,63 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2019 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=131 + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Start services +/etc/init.d/suricata restart + +# This update needs a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/131/exclude b/config/rootfiles/oldcore/131/exclude new file mode 100644 index 000000000..b22159878 --- /dev/null +++ b/config/rootfiles/oldcore/131/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/131/filelists/Net_SSLeay b/config/rootfiles/oldcore/131/filelists/Net_SSLeay similarity index 100% rename from config/rootfiles/core/131/filelists/Net_SSLeay rename to config/rootfiles/oldcore/131/filelists/Net_SSLeay diff --git a/config/rootfiles/core/131/filelists/aarch64/linux b/config/rootfiles/oldcore/131/filelists/aarch64/linux similarity index 100% rename from config/rootfiles/core/131/filelists/aarch64/linux rename to config/rootfiles/oldcore/131/filelists/aarch64/linux diff --git a/config/rootfiles/core/131/filelists/aarch64/linux-initrd b/config/rootfiles/oldcore/131/filelists/aarch64/linux-initrd similarity index 100% rename from config/rootfiles/core/131/filelists/aarch64/linux-initrd rename to config/rootfiles/oldcore/131/filelists/aarch64/linux-initrd diff --git a/config/rootfiles/core/131/filelists/apache2 b/config/rootfiles/oldcore/131/filelists/apache2 similarity index 100% rename from config/rootfiles/core/131/filelists/apache2 rename to config/rootfiles/oldcore/131/filelists/apache2 diff --git a/config/rootfiles/core/131/filelists/armv5tel/linux-initrd-kirkwood b/config/rootfiles/oldcore/131/filelists/armv5tel/linux-initrd-kirkwood similarity index 100% rename from config/rootfiles/core/131/filelists/armv5tel/linux-initrd-kirkwood rename to config/rootfiles/oldcore/131/filelists/armv5tel/linux-initrd-kirkwood diff --git a/config/rootfiles/core/131/filelists/armv5tel/linux-initrd-multi b/config/rootfiles/oldcore/131/filelists/armv5tel/linux-initrd-multi similarity index 100% rename from config/rootfiles/core/131/filelists/armv5tel/linux-initrd-multi rename to config/rootfiles/oldcore/131/filelists/armv5tel/linux-initrd-multi diff --git a/config/rootfiles/core/131/filelists/armv5tel/linux-kirkwood b/config/rootfiles/oldcore/131/filelists/armv5tel/linux-kirkwood similarity index 100% rename from config/rootfiles/core/131/filelists/armv5tel/linux-kirkwood rename to config/rootfiles/oldcore/131/filelists/armv5tel/linux-kirkwood diff --git a/config/rootfiles/core/131/filelists/armv5tel/linux-multi b/config/rootfiles/oldcore/131/filelists/armv5tel/linux-multi similarity index 100% rename from config/rootfiles/core/131/filelists/armv5tel/linux-multi rename to config/rootfiles/oldcore/131/filelists/armv5tel/linux-multi diff --git a/config/rootfiles/core/131/filelists/collectd b/config/rootfiles/oldcore/131/filelists/collectd similarity index 100% rename from config/rootfiles/core/131/filelists/collectd rename to config/rootfiles/oldcore/131/filelists/collectd diff --git a/config/rootfiles/core/131/filelists/files b/config/rootfiles/oldcore/131/filelists/files similarity index 100% rename from config/rootfiles/core/131/filelists/files rename to config/rootfiles/oldcore/131/filelists/files diff --git a/config/rootfiles/core/131/filelists/gnutls b/config/rootfiles/oldcore/131/filelists/gnutls similarity index 100% rename from config/rootfiles/core/131/filelists/gnutls rename to config/rootfiles/oldcore/131/filelists/gnutls diff --git a/config/rootfiles/core/131/filelists/i586/linux b/config/rootfiles/oldcore/131/filelists/i586/linux similarity index 100% rename from config/rootfiles/core/131/filelists/i586/linux rename to config/rootfiles/oldcore/131/filelists/i586/linux diff --git a/config/rootfiles/core/131/filelists/i586/linux-initrd b/config/rootfiles/oldcore/131/filelists/i586/linux-initrd similarity index 100% rename from config/rootfiles/core/131/filelists/i586/linux-initrd rename to config/rootfiles/oldcore/131/filelists/i586/linux-initrd diff --git a/config/rootfiles/core/131/filelists/ids-ruleset-sources b/config/rootfiles/oldcore/131/filelists/ids-ruleset-sources similarity index 100% rename from config/rootfiles/core/131/filelists/ids-ruleset-sources rename to config/rootfiles/oldcore/131/filelists/ids-ruleset-sources diff --git a/config/rootfiles/core/131/filelists/libcap-ng b/config/rootfiles/oldcore/131/filelists/libcap-ng similarity index 100% rename from config/rootfiles/core/131/filelists/libcap-ng rename to config/rootfiles/oldcore/131/filelists/libcap-ng diff --git a/config/rootfiles/core/131/filelists/libhtp b/config/rootfiles/oldcore/131/filelists/libhtp similarity index 100% rename from config/rootfiles/core/131/filelists/libhtp rename to config/rootfiles/oldcore/131/filelists/libhtp diff --git a/config/rootfiles/core/131/filelists/lua b/config/rootfiles/oldcore/131/filelists/lua similarity index 100% rename from config/rootfiles/core/131/filelists/lua rename to config/rootfiles/oldcore/131/filelists/lua diff --git a/config/rootfiles/core/131/filelists/nettle b/config/rootfiles/oldcore/131/filelists/nettle similarity index 100% rename from config/rootfiles/core/131/filelists/nettle rename to config/rootfiles/oldcore/131/filelists/nettle diff --git a/config/rootfiles/core/131/filelists/ntp b/config/rootfiles/oldcore/131/filelists/ntp similarity index 100% rename from config/rootfiles/core/131/filelists/ntp rename to config/rootfiles/oldcore/131/filelists/ntp diff --git a/config/rootfiles/core/131/filelists/oinkmaster b/config/rootfiles/oldcore/131/filelists/oinkmaster similarity index 100% rename from config/rootfiles/core/131/filelists/oinkmaster rename to config/rootfiles/oldcore/131/filelists/oinkmaster diff --git a/config/rootfiles/core/131/filelists/rrdtool b/config/rootfiles/oldcore/131/filelists/rrdtool similarity index 100% rename from config/rootfiles/core/131/filelists/rrdtool rename to config/rootfiles/oldcore/131/filelists/rrdtool diff --git a/config/rootfiles/core/131/filelists/setup b/config/rootfiles/oldcore/131/filelists/setup similarity index 100% rename from config/rootfiles/core/131/filelists/setup rename to config/rootfiles/oldcore/131/filelists/setup diff --git a/config/rootfiles/core/131/filelists/suricata b/config/rootfiles/oldcore/131/filelists/suricata similarity index 100% rename from config/rootfiles/core/131/filelists/suricata rename to config/rootfiles/oldcore/131/filelists/suricata diff --git a/config/rootfiles/core/131/filelists/unbound b/config/rootfiles/oldcore/131/filelists/unbound similarity index 100% rename from config/rootfiles/core/131/filelists/unbound rename to config/rootfiles/oldcore/131/filelists/unbound diff --git a/config/rootfiles/core/131/filelists/wget b/config/rootfiles/oldcore/131/filelists/wget similarity index 100% rename from config/rootfiles/core/131/filelists/wget rename to config/rootfiles/oldcore/131/filelists/wget diff --git a/config/rootfiles/core/131/filelists/wireless-regdb b/config/rootfiles/oldcore/131/filelists/wireless-regdb similarity index 100% rename from config/rootfiles/core/131/filelists/wireless-regdb rename to config/rootfiles/oldcore/131/filelists/wireless-regdb diff --git a/config/rootfiles/core/131/filelists/x86_64/linux b/config/rootfiles/oldcore/131/filelists/x86_64/linux similarity index 100% rename from config/rootfiles/core/131/filelists/x86_64/linux rename to config/rootfiles/oldcore/131/filelists/x86_64/linux diff --git a/config/rootfiles/core/131/filelists/x86_64/linux-initrd b/config/rootfiles/oldcore/131/filelists/x86_64/linux-initrd similarity index 100% rename from config/rootfiles/core/131/filelists/x86_64/linux-initrd rename to config/rootfiles/oldcore/131/filelists/x86_64/linux-initrd diff --git a/config/rootfiles/core/131/filelists/yaml b/config/rootfiles/oldcore/131/filelists/yaml similarity index 100% rename from config/rootfiles/core/131/filelists/yaml rename to config/rootfiles/oldcore/131/filelists/yaml diff --git a/config/rootfiles/core/131/update.sh b/config/rootfiles/oldcore/131/update.sh similarity index 100% rename from config/rootfiles/core/131/update.sh rename to config/rootfiles/oldcore/131/update.sh diff --git a/config/rootfiles/packages/libseccomp b/config/rootfiles/packages/libseccomp new file mode 100644 index 000000000..402a7e942 --- /dev/null +++ b/config/rootfiles/packages/libseccomp @@ -0,0 +1,34 @@ +usr/bin/scmp_sys_resolver +#usr/include/seccomp.h +#usr/lib/libseccomp.la +#usr/lib/libseccomp.so +usr/lib/libseccomp.so.2 +usr/lib/libseccomp.so.2.4.0 +#usr/lib/pkgconfig/libseccomp.pc +#usr/share/man/man1/scmp_sys_resolver.1 +#usr/share/man/man3/seccomp_api_get.3 +#usr/share/man/man3/seccomp_api_set.3 +#usr/share/man/man3/seccomp_arch_add.3 +#usr/share/man/man3/seccomp_arch_exist.3 +#usr/share/man/man3/seccomp_arch_native.3 +#usr/share/man/man3/seccomp_arch_remove.3 +#usr/share/man/man3/seccomp_arch_resolve_name.3 +#usr/share/man/man3/seccomp_attr_get.3 +#usr/share/man/man3/seccomp_attr_set.3 +#usr/share/man/man3/seccomp_export_bpf.3 +#usr/share/man/man3/seccomp_export_pfc.3 +#usr/share/man/man3/seccomp_init.3 +#usr/share/man/man3/seccomp_load.3 +#usr/share/man/man3/seccomp_merge.3 +#usr/share/man/man3/seccomp_release.3 +#usr/share/man/man3/seccomp_reset.3 +#usr/share/man/man3/seccomp_rule_add.3 +#usr/share/man/man3/seccomp_rule_add_array.3 +#usr/share/man/man3/seccomp_rule_add_exact.3 +#usr/share/man/man3/seccomp_rule_add_exact_array.3 +#usr/share/man/man3/seccomp_syscall_priority.3 +#usr/share/man/man3/seccomp_syscall_resolve_name.3 +#usr/share/man/man3/seccomp_syscall_resolve_name_arch.3 +#usr/share/man/man3/seccomp_syscall_resolve_name_rewrite.3 +#usr/share/man/man3/seccomp_syscall_resolve_num_arch.3 +#usr/share/man/man3/seccomp_version.3 diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index e7e27c731..cb4f33865 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -82,7 +82,7 @@ outputs:
# Stats.log contains data from various counters of the suricata engine. - stats: - enabled: yes + enabled: no filename: stats.log append: no # append to file (yes) or overwrite it (no) totals: yes # stats for all threads merged together diff --git a/doc/language_issues.en b/doc/language_issues.en index 72d94868a..71b204526 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -233,6 +233,7 @@ WARNING: untranslated string: advproxy errmsg radius port = Invalid RADIUS port WARNING: untranslated string: advproxy errmsg radius secret = RADIUS shared secret required WARNING: untranslated string: advproxy errmsg radius server = Invalid IP address for RADIUS Server WARNING: untranslated string: advproxy errmsg time restriction = Invalid time restriction +WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet WARNING: untranslated string: advproxy error design = Error messages design WARNING: untranslated string: advproxy error language = Error messages language WARNING: untranslated string: advproxy fake referer = Fake referer submitted to external sites @@ -301,6 +302,13 @@ WARNING: untranslated string: advproxy username forwarding = Username forwarding WARNING: untranslated string: advproxy via forwarding = Proxy address forwarding WARNING: untranslated string: advproxy visible hostname = Visible hostname WARNING: untranslated string: advproxy wednesday = Wed +WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0 +WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org* +WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line) +WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line) +WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>. +WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) +WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: age second = second WARNING: untranslated string: aktiv = Active WARNING: untranslated string: album = Album diff --git a/doc/language_issues.es b/doc/language_issues.es index f292ebb85..6a06fd3eb 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -717,9 +717,17 @@ WARNING: untranslated string: advproxy cache-digest = Enable Cache-Digest Genera WARNING: untranslated string: advproxy errmsg cache = The RAM cache size is greater than the harddisk cache size: WARNING: untranslated string: advproxy errmsg invalid upstream proxy = Invalid upstream proxy IP/hostname WARNING: untranslated string: advproxy errmsg proxy ports equal = The proxy port and the transparent port cannot be equal. +WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet WARNING: untranslated string: advproxy group access control = Group based access control WARNING: untranslated string: advproxy group required = Required group WARNING: untranslated string: advproxy proxy port transparent = Transparent port +WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0 +WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org* +WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line) +WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line) +WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>. +WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) +WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: age second = second WARNING: untranslated string: application layer gateways = Application Layer Gateways WARNING: untranslated string: atm device = Device: diff --git a/doc/language_issues.fr b/doc/language_issues.fr index e903e017d..3d82cc542 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -781,6 +781,14 @@ WARNING: untranslated string: Daily = Daily WARNING: untranslated string: Disabled = Disabled WARNING: untranslated string: Scan for Songs = unknown string WARNING: untranslated string: Weekly = Weekly +WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet +WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0 +WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org* +WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line) +WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line) +WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>. +WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) +WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: bytes = unknown string WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) diff --git a/doc/language_issues.it b/doc/language_issues.it index c18ff4d2b..5ad189f84 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -794,8 +794,16 @@ WARNING: untranslated string: administrator password = Administrator password WARNING: untranslated string: administrator username = Administrator username WARNING: untranslated string: advproxy AUTH method ntlm auth = Windows Active Directory WARNING: untranslated string: advproxy basic authentication = Allow HTTP Basic authentication +WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet WARNING: untranslated string: advproxy group access control = Group based access control WARNING: untranslated string: advproxy group required = Required group +WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0 +WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org* +WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line) +WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line) +WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>. +WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) +WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: application layer gateways = Application Layer Gateways WARNING: untranslated string: block = Block WARNING: untranslated string: bytes = unknown string diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 509a58f0b..fa53ed971 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -789,8 +789,16 @@ WARNING: untranslated string: administrator password = Administrator password WARNING: untranslated string: administrator username = Administrator username WARNING: untranslated string: advproxy AUTH method ntlm auth = Windows Active Directory WARNING: untranslated string: advproxy basic authentication = Allow HTTP Basic authentication +WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet WARNING: untranslated string: advproxy group access control = Group based access control WARNING: untranslated string: advproxy group required = Required group +WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0 +WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org* +WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line) +WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line) +WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>. +WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) +WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: application layer gateways = Application Layer Gateways WARNING: untranslated string: atm device = Device: WARNING: untranslated string: block = Block diff --git a/doc/language_issues.pl b/doc/language_issues.pl index f292ebb85..6a06fd3eb 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -717,9 +717,17 @@ WARNING: untranslated string: advproxy cache-digest = Enable Cache-Digest Genera WARNING: untranslated string: advproxy errmsg cache = The RAM cache size is greater than the harddisk cache size: WARNING: untranslated string: advproxy errmsg invalid upstream proxy = Invalid upstream proxy IP/hostname WARNING: untranslated string: advproxy errmsg proxy ports equal = The proxy port and the transparent port cannot be equal. +WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet WARNING: untranslated string: advproxy group access control = Group based access control WARNING: untranslated string: advproxy group required = Required group WARNING: untranslated string: advproxy proxy port transparent = Transparent port +WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0 +WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org* +WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line) +WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line) +WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>. +WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) +WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: age second = second WARNING: untranslated string: application layer gateways = Application Layer Gateways WARNING: untranslated string: atm device = Device: diff --git a/doc/language_issues.ru b/doc/language_issues.ru index d6fa07a3c..10549e001 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -719,9 +719,17 @@ WARNING: untranslated string: advproxy cache-digest = Enable Cache-Digest Genera WARNING: untranslated string: advproxy errmsg cache = The RAM cache size is greater than the harddisk cache size: WARNING: untranslated string: advproxy errmsg invalid upstream proxy = Invalid upstream proxy IP/hostname WARNING: untranslated string: advproxy errmsg proxy ports equal = The proxy port and the transparent port cannot be equal. +WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet WARNING: untranslated string: advproxy group access control = Group based access control WARNING: untranslated string: advproxy group required = Required group WARNING: untranslated string: advproxy proxy port transparent = Transparent port +WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0 +WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org* +WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line) +WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line) +WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>. +WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) +WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: age second = second WARNING: untranslated string: application layer gateways = Application Layer Gateways WARNING: untranslated string: atm device = Device: diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 9a4339db9..9a7dae8b8 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -782,6 +782,14 @@ WARNING: untranslated string: Daily = Daily WARNING: untranslated string: Disabled = Disabled WARNING: untranslated string: Scan for Songs = unknown string WARNING: untranslated string: Weekly = Weekly +WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet +WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0 +WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org* +WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line) +WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line) +WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>. +WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) +WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: bytes = unknown string WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning diff --git a/doc/language_missings b/doc/language_missings index 9d13d4775..112248713 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -72,9 +72,17 @@ < advproxy errmsg cache < advproxy errmsg invalid upstream proxy < advproxy errmsg proxy ports equal +< advproxy errmsg wpad invalid ip or mask < advproxy group access control < advproxy group required < advproxy proxy port transparent +< advproxy wpad example dst_noproxy_ip +< advproxy wpad example dst_noproxy_url +< advproxy wpad label dst_noproxy_ip +< advproxy wpad label dst_noproxy_url +< advproxy wpad notice +< advproxy wpad title +< advproxy wpad view pac < age second < age seconds < age shour @@ -836,6 +844,14 @@ ############################################################################ # Checking cgi-bin translations for language: fr # ############################################################################ +< advproxy errmsg wpad invalid ip or mask +< advproxy wpad example dst_noproxy_ip +< advproxy wpad example dst_noproxy_url +< advproxy wpad label dst_noproxy_ip +< advproxy wpad label dst_noproxy_url +< advproxy wpad notice +< advproxy wpad title +< advproxy wpad view pac < cryptographic settings < Daily < default IP address @@ -895,8 +911,16 @@ < adsl settings < advproxy AUTH method ntlm auth < advproxy basic authentication +< advproxy errmsg wpad invalid ip or mask < advproxy group access control < advproxy group required +< advproxy wpad example dst_noproxy_ip +< advproxy wpad example dst_noproxy_url +< advproxy wpad label dst_noproxy_ip +< advproxy wpad label dst_noproxy_url +< advproxy wpad notice +< advproxy wpad title +< advproxy wpad view pac < application layer gateways < block < Captive @@ -1160,8 +1184,16 @@ < advproxy AUTH method ntlm < advproxy AUTH method ntlm auth < advproxy basic authentication +< advproxy errmsg wpad invalid ip or mask < advproxy group access control < advproxy group required +< advproxy wpad example dst_noproxy_ip +< advproxy wpad example dst_noproxy_url +< advproxy wpad label dst_noproxy_ip +< advproxy wpad label dst_noproxy_url +< advproxy wpad notice +< advproxy wpad title +< advproxy wpad view pac < application layer gateways < atm device < block @@ -1487,9 +1519,17 @@ < advproxy errmsg cache < advproxy errmsg invalid upstream proxy < advproxy errmsg proxy ports equal +< advproxy errmsg wpad invalid ip or mask < advproxy group access control < advproxy group required < advproxy proxy port transparent +< advproxy wpad example dst_noproxy_ip +< advproxy wpad example dst_noproxy_url +< advproxy wpad label dst_noproxy_ip +< advproxy wpad label dst_noproxy_url +< advproxy wpad notice +< advproxy wpad title +< advproxy wpad view pac < age second < age seconds < age shour @@ -2250,9 +2290,17 @@ < advproxy errmsg cache < advproxy errmsg invalid upstream proxy < advproxy errmsg proxy ports equal +< advproxy errmsg wpad invalid ip or mask < advproxy group access control < advproxy group required < advproxy proxy port transparent +< advproxy wpad example dst_noproxy_ip +< advproxy wpad example dst_noproxy_url +< advproxy wpad label dst_noproxy_ip +< advproxy wpad label dst_noproxy_url +< advproxy wpad notice +< advproxy wpad title +< advproxy wpad view pac < age second < age seconds < age shour @@ -3006,6 +3054,14 @@ ############################################################################ # Checking cgi-bin translations for language: tr # ############################################################################ +< advproxy errmsg wpad invalid ip or mask +< advproxy wpad example dst_noproxy_ip +< advproxy wpad example dst_noproxy_url +< advproxy wpad label dst_noproxy_ip +< advproxy wpad label dst_noproxy_url +< advproxy wpad notice +< advproxy wpad title +< advproxy wpad view pac < crypto error < cryptographic settings < crypto warning diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi index baa49fd3b..b2727733c 100644 --- a/html/cgi-bin/credits.cgi +++ b/html/cgi-bin/credits.cgi @@ -89,6 +89,7 @@ Lars Schuhmacher, Rene Zingel, Sascha Kilian, Ronald Wiesinger, +Alexander Koch, Stephan Feddersen, Stéphane Pautrel, Justin Luth, @@ -96,7 +97,6 @@ Michael Eitelwein, Bernhard Bitsch, Dominik Hassler, Larsen, -Alexander Koch, Gabriel Rolland, Anton D. Seliverstov, Bernhard Bittner, diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fbd2..91e4fcee8 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -124,6 +124,9 @@ my $acl_ports_safe = "$acldir/ports_safe.acl"; my $acl_ports_ssl = "$acldir/ports_ssl.acl"; my $acl_include = "$acldir/include.acl";
+my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl"; +my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl"; + my $updaccelversion = 'n/a'; my $urlfilterversion = 'n/a';
@@ -556,6 +559,8 @@ ERROR: delete $proxysettings{'SRC_UNRESTRICTED_MAC'}; delete $proxysettings{'DST_NOCACHE'}; delete $proxysettings{'DST_NOAUTH'}; + delete $proxysettings{'DST_NOPROXY_IP'}; + delete $proxysettings{'DST_NOPROXY_URL'}; delete $proxysettings{'PORTS_SAFE'}; delete $proxysettings{'PORTS_SSL'}; delete $proxysettings{'MIME_TYPES'}; @@ -1315,6 +1320,64 @@ END ; }
+# =================================================================== +# WPAD settings +# =================================================================== + +print <<END +<table width='100%'> +<tr> + <td colspan='4'><b>$Lang::tr{'advproxy wpad title'}</b></td> +</tr> +<tr> + <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td> +</tr> +<tr> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_ip'}:</td> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_url'}:</td> +</tr> +<tr> + <td colspan='2'><textarea name='DST_NOPROXY_IP' cols='32' rows='3' wrap='off'> +END +; + + print $proxysettings{'DST_NOPROXY_IP'}; + +print <<END +</textarea></td> + + <td colspan='2'><textarea name='DST_NOPROXY_URL' cols='32' rows='3' wrap='off'> +END +; + + print $proxysettings{'DST_NOPROXY_URL'}; + +print <<END +</textarea></td> +</tr> +<tr> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_ip'}</td> + <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_url'}</td> +</tr> +<tr> + <td colspan="4"> </td> +</tr> +<tr> + <td colspan="4">$Lang::tr{'advproxy wpad view pac'}: <a href="http://$ENV{SERVER_ADDR}:81/wpad.dat" target="_blank">http://$ENV{SERVER_ADDR}:81/wpad.dat</a></td> +</tr> +<tr> + <td colspan="4"> </td> +</tr> +<tr> + <td colspan="4">$Lang::tr{'advproxy wpad notice'}</td> +</tr> +</table> + +<hr size='1'> + +END +; + # -------------------------------------------------------------------
print <<END @@ -2258,6 +2321,18 @@ sub read_acls while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ }; close(FILE); } + if (-e "$acl_dst_noproxy_ip") { + open(FILE,"$acl_dst_noproxy_ip"); + delete $proxysettings{'DST_NOPROXY_IP'}; + while (<FILE>) { $proxysettings{'DST_NOPROXY_IP'} .= $_ }; + close(FILE); + } + if (-e "$acl_dst_noproxy_url") { + open(FILE,"$acl_dst_noproxy_url"); + delete $proxysettings{'DST_NOPROXY_URL'}; + while (<FILE>) { $proxysettings{'DST_NOPROXY_URL'} .= $_ }; + close(FILE); + } if (-e "$acl_ports_safe") { open(FILE,"$acl_ports_safe"); delete $proxysettings{'PORTS_SAFE'}; @@ -2443,6 +2518,31 @@ sub check_acls } }
+ @temp = split(/\n/,$proxysettings{'DST_NOPROXY_IP'}); + undef $proxysettings{'DST_NOPROXY_IP'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg wpad invalid ip or mask'}; } + $proxysettings{'DST_NOPROXY_IP'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'DST_NOPROXY_URL'}); + undef $proxysettings{'DST_NOPROXY_URL'}; + foreach (@temp) + { + s/^\s+//g; + unless (/^#/) { s/\s+//g; } + if ($_) + { + if (/^./) { $_ = '*'.$_; } + $proxysettings{'DST_NOPROXY_URL'} .= $_."\n"; + } + } + if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) { @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'}); @@ -2581,6 +2681,16 @@ sub write_acls print FILE $proxysettings{'DST_NOAUTH'}; close(FILE);
+ open(FILE, ">$acl_dst_noproxy_ip"); + flock(FILE, 2); + print FILE $proxysettings{'DST_NOPROXY_IP'}; + close(FILE); + + open(FILE, ">$acl_dst_noproxy_url"); + flock(FILE, 2); + print FILE $proxysettings{'DST_NOPROXY_URL'}; + close(FILE); + open(FILE, ">$acl_dst_noauth_net"); close(FILE); open(FILE, ">$acl_dst_noauth_dom"); @@ -2763,6 +2873,43 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
+ # Additional exceptions for URLs + # The file has to be created by the user and should contain one entry per line + # Line-Format: <URL incl. wildcards> + # e.g. *.ipfire.org* + if (-s "$acl_dst_noproxy_url") { + undef @templist; + + open(NOPROXY,"$acl_dst_noproxy_url"); + @templist = <NOPROXY>; + close(NOPROXY); + chomp (@templist); + + foreach (@templist) + { + print FILE " (shExpMatch(url, "$_")) ||\n"; + } + } + + # Additional exceptions for Subnets + # The file has to be created by the user and should contain one entry per line + # Line-Format: <IP>/<SUBNET MASK> + # e.g. 192.168.0.0/255.255.255.0 + if (-s "$acl_dst_noproxy_ip") { + undef @templist; + + open(NOPROXY,"$acl_dst_noproxy_ip"); + @templist = <NOPROXY>; + close(NOPROXY); + chomp (@templist); + + foreach (@templist) + { + @temp = split(///); + print FILE " (isInNet(host, "$temp[0]", "$temp[1]")) ||\n"; + } + } + print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) ) diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 90b1ada06..6479172d5 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -319,6 +319,7 @@ 'advproxy errmsg radius secret' => 'Shared Secret erforderlich', 'advproxy errmsg radius server' => 'Ungültige IP-Adresse für den RADIUS-Server', 'advproxy errmsg time restriction' => 'Ungültige Zeitbeschränkung', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Ungültige IP oder Subnetz für ausgenommenes IP-Subnetz', 'advproxy error design' => 'Design der Fehlermeldungen', 'advproxy error language' => 'Sprache der Fehlermeldungen', 'advproxy fake referer' => 'Gefälschter Referer für externe Web-Sites', @@ -396,6 +397,13 @@ 'advproxy visible hostname' => 'Sichtbarer Hostname', 'advproxy web browser' => 'Web-Browser', 'advproxy wednesday' => 'Mi', +'advproxy wpad example dst_noproxy_ip' => 'z.B. 192.168.2.0/255.255.255.0', +'advproxy wpad example dst_noproxy_url' => 'z.B. *.ipfire.org*', +'advproxy wpad label dst_noproxy_ip' => 'Ausgenommene IP-Subnetze (eins pro Zeile)', +'advproxy wpad label dst_noproxy_url' => 'Ausgenommene URLs (eine pro Zeile)', +'advproxy wpad notice' => 'Hinweis: Damit WPAD / PAC korrekt funktioniert, sind weitere Anpassungen erforderlich. Bitte in das <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a> schauen.', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad view pac' => 'PAC-Datei aufrufen', 'again' => 'Wiederholung:', 'age second' => 'Sekunde', 'age seconds' => 'Sekunden', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 98e99f150..c053202b5 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -319,6 +319,7 @@ 'advproxy errmsg radius secret' => 'RADIUS shared secret required', 'advproxy errmsg radius server' => 'Invalid IP address for RADIUS Server', 'advproxy errmsg time restriction' => 'Invalid time restriction', +'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP subnet', 'advproxy error design' => 'Error messages design', 'advproxy error language' => 'Error messages language', 'advproxy fake referer' => 'Fake referer submitted to external sites', @@ -397,6 +398,13 @@ 'advproxy visible hostname' => 'Visible hostname', 'advproxy web browser' => 'Web browser', 'advproxy wednesday' => 'Wed', +'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0', +'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*', +'advproxy wpad label dst_noproxy_ip' => 'Excluded IP Subnets (one per line)', +'advproxy wpad label dst_noproxy_url' => 'Excluded URL s (one per line)', +'advproxy wpad notice' => 'Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.', +'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)', +'advproxy wpad view pac' => 'Open PAC File', 'again' => 'Again:', 'age second' => 'second', 'age seconds' => 'seconds', diff --git a/lfs/libseccomp b/lfs/libseccomp new file mode 100644 index 000000000..d577793d1 --- /dev/null +++ b/lfs/libseccomp @@ -0,0 +1,87 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 2.4.0 + +THISAPP = libseccomp-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = libseccomp +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 91625d78af26c646b03be3de58e71988 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar vxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --disable-static + + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/qemu b/lfs/qemu index 015837a59..d18b49cb3 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -33,9 +33,9 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = qemu -PAK_VER = 23 +PAK_VER = 24
-DEPS = "libusbredir sdl spice" +DEPS = "libusbredir sdl spice libseccomp"
############################################################################### # Top-level Rules @@ -82,7 +82,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \ --localstatedir=/var --enable-kvm --disable-bluez --disable-attr \ --target-list="i386-linux-user x86_64-linux-user arm-linux-user i386-softmmu x86_64-softmmu arm-softmmu" \ - --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir + --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir --enable-seccomp cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install
diff --git a/make.sh b/make.sh index 51ddda6a7..bfcc83709 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.23" # Version number -CORE="131" # Core Level (Filename) +CORE="132" # Core Level (Filename) PAKFIRE_CORE="131" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan @@ -1410,6 +1410,7 @@ buildipfire() { lfsmake2 spice lfsmake2 sdl lfsmake2 libusbredir + lfsmake2 libseccomp lfsmake2 qemu lfsmake2 sane lfsmake2 netpbm
hooks/post-receive -- IPFire 2.x development tree