This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 57521504a89e792336f55e893564a000bfe4b1d7 (commit) via 5b4464a94478059ceebf266bc31dee4a4ba18fac (commit) via a10b0e5b448bf7e4a9bcc334e177ddae09806dc7 (commit) via a46903cce3863923838c5cc0721f4932adf2175d (commit) via 6f8b156bf0dcda4a1bb8ccdc8db83a54b2d7d1d0 (commit) via 2c703afc04448f15f9ad6b9c90be216bad256532 (commit) via f81c2225198b894c180cf36b6ee2cd6c0ea3849d (commit) via 728f3d2e8f3d26e80154236c6d67e303e1f7f3b9 (commit) via 7bf5b0f22194fcb617f3e678c4a1c492b0faf01d (commit) from e1d9148b61bc973ac1fef063b58500de4d881d7e (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 57521504a89e792336f55e893564a000bfe4b1d7 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 16 12:34:19 2019 +0000
hostapd: Bump package version
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5b4464a94478059ceebf266bc31dee4a4ba18fac Author: Peter Müller peter.mueller@ipfire.org Date: Sat Mar 16 14:20:00 2019 +0000
hostapd: make client isolation configurable via WebUI
hostapd supports client-isolation, but this feature could not be configured via the WebUI so far. Since it might be desired in public wireless networks, or even private ones, it makes sense to provide a radio button to let the user decide on.
Fixes #11974.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a10b0e5b448bf7e4a9bcc334e177ddae09806dc7 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Mar 15 17:00:00 2019 +0000
ensure Tor daemon files have correct permissions
Set permissions for /var/lib/tor and /var/ipfire/tor to tor:tor, regardless whether Tor user has been created before or not.
This ensures Tor starts properly on existing systems after reinstallation of the add-on. Thanks to Michael for the hint.
Further, a comment for new Tor user in /etc/passwd has been added.
Fixes #11779.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a46903cce3863923838c5cc0721f4932adf2175d Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 16 12:32:10 2019 +0000
core130: Ship updated unbound
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6f8b156bf0dcda4a1bb8ccdc8db83a54b2d7d1d0 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Mar 15 19:15:19 2019 +0100
unbound: Update to 1.9.1
For details see: https://nlnetlabs.nl/pipermail/unbound-users/2019-March/011415.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2c703afc04448f15f9ad6b9c90be216bad256532 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 16 12:30:22 2019 +0000
core130: Ship updated ntp
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f81c2225198b894c180cf36b6ee2cd6c0ea3849d Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Mar 15 19:10:11 2019 +0100
ntp: Update to 4.2.8p13
For details see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 728f3d2e8f3d26e80154236c6d67e303e1f7f3b9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 16 13:04:18 2019 +0100
suricata: Fix ownership and file permissions of files inside /var/lib/suricata.
These files needs to have nobody.nobody as owner but requires read-acces from everyone to allow the suricata user reading-in this files during startup.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7bf5b0f22194fcb617f3e678c4a1c492b0faf01d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 16 12:57:25 2019 +0100
logs.cgi/ids.dat: Fixup processing dates from logfiles which contains a year
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/unbound | 2 +- config/rootfiles/{oldcore/100 => core/130}/filelists/ntp | 0 .../rootfiles/{oldcore/106 => core/130}/filelists/unbound | 0 config/rootfiles/core/130/update.sh | 1 + html/cgi-bin/logs.cgi/ids.dat | 9 ++++++++- html/cgi-bin/wlanap.cgi | 14 ++++++++++++++ lfs/hostapd | 2 +- lfs/ntp | 6 +++--- lfs/suricata | 8 ++++++-- lfs/unbound | 6 +++--- src/paks/tor/install.sh | 8 ++++---- 11 files changed, 41 insertions(+), 15 deletions(-) copy config/rootfiles/{oldcore/100 => core/130}/filelists/ntp (100%) copy config/rootfiles/{oldcore/106 => core/130}/filelists/unbound (100%)
Difference in files: diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 843e0eeca..a130a059b 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.0 +usr/lib/libunbound.so.8.1.1 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/config/rootfiles/core/130/filelists/ntp b/config/rootfiles/core/130/filelists/ntp new file mode 120000 index 000000000..7542d86cb --- /dev/null +++ b/config/rootfiles/core/130/filelists/ntp @@ -0,0 +1 @@ +../../../common/ntp \ No newline at end of file diff --git a/config/rootfiles/core/130/filelists/unbound b/config/rootfiles/core/130/filelists/unbound new file mode 120000 index 000000000..66adf0924 --- /dev/null +++ b/config/rootfiles/core/130/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/core/130/update.sh b/config/rootfiles/core/130/update.sh index b4238e7b4..d33321c32 100644 --- a/config/rootfiles/core/130/update.sh +++ b/config/rootfiles/core/130/update.sh @@ -77,6 +77,7 @@ ldconfig # Start services /etc/init.d/collectd restart /etc/init.d/firewall restart +/etc/init.d/unbound restart /etc/init.d/suricata start
# This update needs a reboot... diff --git a/html/cgi-bin/logs.cgi/ids.dat b/html/cgi-bin/logs.cgi/ids.dat index e374f5711..1447a06f0 100644 --- a/html/cgi-bin/logs.cgi/ids.dat +++ b/html/cgi-bin/logs.cgi/ids.dat @@ -460,7 +460,14 @@ sub processevent } } $line++; - unless ($line == 1 || $date ne "$monthstr/$daystr") { &append; } + + # Split the date into single chunks. + my ($month, $day, $year) = split('/', $date); + + # Check if all data is collected and the date of the event fits the desired date to + # get displayed. + if ($line gt 1 || "$month/$day" eq "$monthstr/$daystr") { &append; } + close(LOG); } } diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi index 72c9a1298..cae191101 100644 --- a/html/cgi-bin/wlanap.cgi +++ b/html/cgi-bin/wlanap.cgi @@ -75,6 +75,7 @@ $wlanapsettings{'DRIVER'} = 'NL80211'; $wlanapsettings{'HTCAPS'} = ''; $wlanapsettings{'VHTCAPS'} = ''; $wlanapsettings{'NOSCAN'} = 'off'; +$wlanapsettings{'CLIENTISOLATION'} = 'off';
&General::readhash("/var/ipfire/wlanap/settings", %wlanapsettings); &Header::getcgihash(%wlanapsettings); @@ -252,6 +253,10 @@ $checked{'NOSCAN'}{'off'} = ''; $checked{'NOSCAN'}{'on'} = ''; $checked{'NOSCAN'}{$wlanapsettings{'NOSCAN'}} = "checked='checked'";
+$checked{'CLIENTISOLATION'}{'off'} = ''; +$checked{'CLIENTISOLATION'}{'on'} = ''; +$checked{'CLIENTISOLATION'}{$wlanapsettings{'CLIENTISOLATION'}} = "checked='checked'"; + $selected{'ENC'}{$wlanapsettings{'ENC'}} = "selected='selected'"; $selected{'CHANNEL'}{$wlanapsettings{'CHANNEL'}} = "selected='selected'"; $selected{'COUNTRY'}{$wlanapsettings{'COUNTRY'}} = "selected='selected'"; @@ -377,6 +382,7 @@ print <<END <tr><td width='25%' class='base'>SSID: </td><td class='base' colspan='3'><input type='text' name='SSID' size='30' value='$wlanapsettings{'SSID'}' /></td></tr> <!--SSID Broadcast: on => HIDESSID: off --> <tr><td width='25%' class='base'>SSID Broadcast: </td><td class='base' colspan='3'>on <input type='radio' name='HIDESSID' value='off' $checked{'HIDESSID'}{'off'} /> | <input type='radio' name='HIDESSID' value='on' $checked{'HIDESSID'}{'on'} /> off</td></tr> +<tr><td width='25%' class='base'>Client Isolation: </td><td class='base' colspan='3'>on <input type='radio' name='CLIENTISOLATION' value='off' $checked{'CLIENTISOLATION'}{'off'} /> | <input type='radio' name='CLIENTISOLATION' value='on' $checked{'CLIENTISOLATION'}{'on'} /> off</td></tr>
<tr><td width='25%' class='base'>$Lang::tr{'wlanap country'}: </td><td class='base' colspan='3'> @@ -632,6 +638,14 @@ END
}
+ # https://forum.ipfire.org/viewtopic.php?f=22&t=12274&p=79070#p79070 + if ( $wlanapsettings{'CLIENTISOLATION'} eq 'on' ){ + print CONFIGFILE <<END +ap_isolate=1 +END +; + } + if ( $wlanapsettings{'NOSCAN'} eq 'on' ){ print CONFIGFILE <<END noscan=1 diff --git a/lfs/hostapd b/lfs/hostapd index 233863646..64ff28e4b 100644 --- a/lfs/hostapd +++ b/lfs/hostapd @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = hostapd -PAK_VER = 44 +PAK_VER = 45
DEPS = ""
diff --git a/lfs/ntp b/lfs/ntp index 8f845409c..040a0c2ae 100644 --- a/lfs/ntp +++ b/lfs/ntp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 4.2.8p12 +VER = 4.2.8p13
THISAPP = ntp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1522d66574bae14abb2622746dad2bdc +$(DL_FILE)_MD5 = ea040ab9b4ca656b5229b89d6b822f13
install : $(TARGET)
diff --git a/lfs/suricata b/lfs/suricata index 0a561ef8b..d7b5b71d6 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -101,8 +101,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # to the rules directory. mv /etc/suricata/*.config /var/lib/suricata
- # Set correct ownership for /var/lib/suricata - chown nobody:nobody /var/lib/suricata + # Set correct permissions for the files. + chmod 644 /var/lib/suricata/*.config + + # Set correct ownership for /var/lib/suricata and the + # contained files + chown -R nobody:nobody /var/lib/suricata
# Create logging directory. -mkdir -p /var/log/suricata diff --git a/lfs/unbound b/lfs/unbound index b090010d4..87666dfce 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.9.0 +VER = 1.9.1
THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1026159991a3883518525bc18e25582f +$(DL_FILE)_MD5 = 5d954920d192b33f7c88f015dd969940
install : $(TARGET)
diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh index e1ed33331..268bccecd 100644 --- a/src/paks/tor/install.sh +++ b/src/paks/tor/install.sh @@ -29,12 +29,12 @@ if ! getent group tor &>/dev/null; then fi
if ! getent passwd tor; then - useradd -u 119 -g tor -d /var/empty -s /bin/false tor - - # Adjust some folder permission for new UID/GID - chown -R tor:tor /var/lib/tor /var/ipfire/tor + useradd -u 119 -g tor -c "Tor daemon user" -d /var/empty -s /bin/false tor fi
+# Adjust some folder permission for new UID/GID +chown -R tor:tor /var/lib/tor /var/ipfire/tor + extract_files restore_backup ${NAME} start_service --background ${NAME}
hooks/post-receive -- IPFire 2.x development tree