From mboxrd@z Thu Jan 1 00:00:00 1970 From: git@ipfire.org To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 5cd3a05bf0653726834489c87b80064584e6073b Date: Sat, 14 Dec 2013 22:02:08 +0100 Message-ID: <20131214210209.3CFA2208DF@argus.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6195278856645816258==" List-Id: --===============6195278856645816258== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, master has been updated via 5cd3a05bf0653726834489c87b80064584e6073b (commit) via 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f (commit) via 325aa1e1f4b1948fe3dbd1bb6c65d056b1bebe29 (commit) via a1365ee37ccffa2be499d483ff1356d9f71013de (commit) via cfb00625b8224e929ecc4a2610bbe153f7ead475 (commit) via dfb1bfaf7b88a914ae2a384a0f30bdafaebc9125 (commit) via 9fa18495864b421b508201870abe93acc5a35b7c (commit) via afa75939328ba211a8905da1749711d2189c70bf (commit) via 3868dc2a0cec3dc14cf9f78145ec25a468d4ebd3 (commit) via a408e02da29d32d72a570112caec8544f0474f51 (commit) via 6003c4bbdb46094dcbcf63939395fe3bda82da70 (commit) via 4ea955c544fa5ff4939449bc163426fc36e1482f (commit) via 9f9e43dcdd2517cdd56810a243270e3697844569 (commit) via bdbfbac6b473908dcf93cf96bce8dc762c87d3fc (commit) via 57c8392d1c42e8794ac193a88923d0823103861d (commit) via c0a4b928399ca37112dda7de1e55ae93642889dc (commit) via ec4a4fafb28f4eaadf122e03754c9d601ec7f881 (commit) via b1c17c7a95e0a108a9ddcf022ec34f30dec1689b (commit) via fce512dce39a56dc1e099b1c73544f87beedcacf (commit) via 532b997c65fba44c2c5778fd7622fafe513cc245 (commit) via 78c2b230d42ba20858d7f4ce115a0c7669aca8e1 (commit) via 4f160f04cb819cafd9b4ddc53ccb24d48668aa92 (commit) via 0fffd0e763573f0e4be37653e5e4b8da9eec9531 (commit) via 1e6ce289bd8520b07897fa0f70253c8e56acc188 (commit) via 8cb142e76d95f24c396c8b4cd5ac80ea97aee675 (commit) via e2fedc9a47aa92b1572f26aeca78da2f922400c7 (commit) via 1a386bb9d8765a04651f54348d0d1e01d9950235 (commit) via c648458609b87478266e691429131ed2c8d70f9a (commit) via 34daf4dbf8e4e5e4fb901f8dcece703480a1ac1f (commit) via ec985733a532fb257e75fd75a10746fe9c8cfb80 (commit) via 6fb9681c24360c0c531e18215673e2ba83c53879 (commit) via 78e35c82dc1273e4503aa336372f0c104f0bb737 (commit) via 77117e740ccd09436449234be77b7a95d720043e (commit) via 2d490a7304b6a5a84822e5093c36a8985994d1c8 (commit) via f974c1d4bcfc0fa95a6c9982f7fc7800158062ed (commit) via 21b21d95a2c91ce235fe5705b0e5d2fbe6c396fe (commit) via abb6ed9179489ab3ab5ba30662bd7b6ed9483f53 (commit) via 6a1cdd5fda6b0f17033762c2507fc542a4b89bfd (commit) from af2dcb40f62adcdcb1cbb8303d1f67ff74df6981 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5cd3a05bf0653726834489c87b80064584e6073b Author: Arne Fitzenreiter Date: Sat Dec 14 22:01:16 2013 +0100 finalize core 74. commit 6c859e038223d4c6ec8535b7b7e635d9ef7fac1f Author: Michael Tremer Date: Thu Dec 12 21:20:56 2013 +0100 core74: Add httpscert script. commit 325aa1e1f4b1948fe3dbd1bb6c65d056b1bebe29 Author: Michael Tremer Date: Thu Dec 12 21:18:56 2013 +0100 httpscert: Increase size of the RSA key to 4096. =20 RSA keys with length of 1024 bits are considered weak. commit a1365ee37ccffa2be499d483ff1356d9f71013de Author: Michael Tremer Date: Thu Dec 12 21:17:53 2013 +0100 httpscert: Use regular random source. =20 Previous to this patch, the kernel image file and internal configuration settings have been used as a source for random data, which is not random at all. commit cfb00625b8224e929ecc4a2610bbe153f7ead475 Author: Michael Tremer Date: Thu Dec 12 21:15:24 2013 +0100 strongswan: Disable rdrand plugin. =20 Disabled because of security concerns. commit dfb1bfaf7b88a914ae2a384a0f30bdafaebc9125 Author: Michael Tremer Date: Wed Dec 11 21:59:22 2013 +0100 Always create squid.conf. =20 In some cases, /var/ipfire/proxy/squid.conf does not belong to nobody:nobody, so we do this explicitely. ----------------------------------------------------------------------- Summary of changes: config/rootfiles/common/apache2 | 1 + config/rootfiles/common/configroot | 1 + config/rootfiles/common/openvpn | 17 ++- config/rootfiles/common/strongswan | 14 +- config/rootfiles/core/{70 =3D> 74}/exclude | 0 config/rootfiles/core/74/filelists/files | 7 + .../{72 =3D> 74}/filelists/i586/strongswan-padlock | 0 .../{oldcore/53 =3D> core/74}/filelists/openvpn | 0 config/rootfiles/core/{71 =3D> 74}/filelists/squid | 0 .../rootfiles/core/{72 =3D> 74}/filelists/strongswan | 0 config/rootfiles/core/{70 =3D> 74}/meta | 0 config/rootfiles/core/{73 =3D> 74}/update.sh | 23 ++-- config/rootfiles/packages/check_mk_agent | 1 + doc/language_issues.tr | 89 +------------ html/cgi-bin/proxy.cgi | 2 +- langs/tr/cgi-bin/tr.pl | 101 +++++++++++++- lfs/check_mk_agent | 6 +- lfs/configroot | 2 +- lfs/nagios | 2 +- lfs/openvpn | 18 +-- lfs/squid | 11 +- lfs/strongswan | 16 ++- lfs/tor | 6 +- make.sh | 4 +- src/paks/check_mk_agent/install.sh | 10 ++ src/paks/check_mk_agent/uninstall.sh | 8 ++ src/patches/squid-3.1-10486.patch | 54 -------- src/patches/squid-3.1-10487.patch | 73 ---------- .../squid-3.3.10-optional-ssl-options.patch | 148 -------------------= -- src/patches/strongswan-5.1.1-delay-dpd.patch | 35 +++++ src/scripts/httpscert | 9 +- 31 files changed, 239 insertions(+), 419 deletions(-) copy config/rootfiles/core/{70 =3D> 74}/exclude (100%) create mode 100644 config/rootfiles/core/74/filelists/files copy config/rootfiles/core/{72 =3D> 74}/filelists/i586/strongswan-padlock (1= 00%) copy config/rootfiles/{oldcore/53 =3D> core/74}/filelists/openvpn (100%) copy config/rootfiles/core/{71 =3D> 74}/filelists/squid (100%) copy config/rootfiles/core/{72 =3D> 74}/filelists/strongswan (100%) copy config/rootfiles/core/{70 =3D> 74}/meta (100%) copy config/rootfiles/core/{73 =3D> 74}/update.sh (85%) delete mode 100644 src/patches/squid-3.1-10486.patch delete mode 100644 src/patches/squid-3.1-10487.patch delete mode 100644 src/patches/squid-3.3.10-optional-ssl-options.patch create mode 100644 src/patches/strongswan-5.1.1-delay-dpd.patch Difference in files: diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2 index 9be3581..c18b5ed 100644 --- a/config/rootfiles/common/apache2 +++ b/config/rootfiles/common/apache2 @@ -1388,6 +1388,7 @@ srv/web/ipfire/cgi-bin/connscheduler.cgi srv/web/ipfire/cgi-bin/country.cgi srv/web/ipfire/cgi-bin/credits.cgi srv/web/ipfire/cgi-bin/dns.cgi +srv/web/ipfire/cgi-bin/dnsforward.cgi srv/web/ipfire/cgi-bin/ddns.cgi srv/web/ipfire/cgi-bin/dhcp.cgi srv/web/ipfire/cgi-bin/dmzholes.cgi diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/con= figroot index 8965ff7..5a169d8 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -144,6 +144,7 @@ var/ipfire/proxy #var/ipfire/proxy/calamaris #var/ipfire/proxy/calamaris/bin #var/ipfire/proxy/settings +#var/ipfire/proxy/squid.conf var/ipfire/qos #var/ipfire/qos/bin #var/ipfire/qos/bin/RRD-func.pl diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn index 6be9a10..ae6d6ee 100644 --- a/config/rootfiles/common/openvpn +++ b/config/rootfiles/common/openvpn @@ -1,8 +1,19 @@ -usr/lib/openvpn -usr/lib/openvpn/openvpn-auth-pam.so -usr/lib/openvpn/openvpn-down-root.so +#usr/include/openvpn-plugin.h +#usr/lib/openvpn +#usr/lib/openvpn/plugins +#usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.la +usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so +#usr/lib/openvpn/plugins/openvpn-plugin-down-root.la +usr/lib/openvpn/plugins/openvpn-plugin-down-root.so usr/sbin/openvpn #usr/share/doc/openvpn +#usr/share/doc/openvpn/COPYING +#usr/share/doc/openvpn/COPYRIGHT.GPL +#usr/share/doc/openvpn/README +#usr/share/doc/openvpn/README.IPv6 +#usr/share/doc/openvpn/README.auth-pam +#usr/share/doc/openvpn/README.down-root +#usr/share/doc/openvpn/README.polarssl #usr/share/doc/openvpn/management-notes.txt #usr/share/man/man8/openvpn.8 var/ipfire/ovpn diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/str= ongswan index 5d61ec1..732e327 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -10,6 +10,7 @@ etc/ipsec.d/private etc/ipsec.d/reqs etc/ipsec.secrets etc/strongswan.conf +usr/bin/pki #usr/lib/ipsec #usr/lib/ipsec/libcharon.a #usr/lib/ipsec/libcharon.la @@ -74,6 +75,7 @@ usr/lib/ipsec/plugins/libstrongswan-sha2.so usr/lib/ipsec/plugins/libstrongswan-socket-default.so usr/lib/ipsec/plugins/libstrongswan-sshkey.so usr/lib/ipsec/plugins/libstrongswan-stroke.so +usr/lib/ipsec/plugins/libstrongswan-unity.so usr/lib/ipsec/plugins/libstrongswan-updown.so usr/lib/ipsec/plugins/libstrongswan-x509.so usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so @@ -85,11 +87,21 @@ usr/libexec/ipsec/_updown usr/libexec/ipsec/_updown_espmark usr/libexec/ipsec/charon usr/libexec/ipsec/openac -usr/libexec/ipsec/pki usr/libexec/ipsec/scepclient usr/libexec/ipsec/starter usr/libexec/ipsec/stroke usr/sbin/ipsec +#usr/share/man/man1/pki---gen.1 +#usr/share/man/man1/pki---issue.1 +#usr/share/man/man1/pki---keyid.1 +#usr/share/man/man1/pki---pkcs7.1 +#usr/share/man/man1/pki---print.1 +#usr/share/man/man1/pki---pub.1 +#usr/share/man/man1/pki---req.1 +#usr/share/man/man1/pki---self.1 +#usr/share/man/man1/pki---signcrl.1 +#usr/share/man/man1/pki---verify.1 +#usr/share/man/man1/pki.1 #usr/share/man/man5/ipsec.conf.5 #usr/share/man/man5/ipsec.secrets.5 #usr/share/man/man5/strongswan.conf.5 diff --git a/config/rootfiles/core/74/exclude b/config/rootfiles/core/74/excl= ude new file mode 100644 index 0000000..321a931 --- /dev/null +++ b/config/rootfiles/core/74/exclude @@ -0,0 +1,17 @@ +srv/web/ipfire/html/proxy.pac +boot/config.txt +etc/udev/rules.d/30-persistent-network.rules +etc/collectd.custom +etc/shadow +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +var/log/cache +var/updatecache +etc/localtime +var/ipfire/ovpn +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +var/state/dhcp/dhcpd.leases diff --git a/config/rootfiles/core/74/filelists/files b/config/rootfiles/core= /74/filelists/files new file mode 100644 index 0000000..52d0178 --- /dev/null +++ b/config/rootfiles/core/74/filelists/files @@ -0,0 +1,7 @@ +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/dnsforward.cgi +srv/web/ipfire/cgi-bin/proxy.cgi +usr/local/bin/httpscert +var/ipfire/header.pl +var/ipfire/langs diff --git a/config/rootfiles/core/74/filelists/i586/strongswan-padlock b/con= fig/rootfiles/core/74/filelists/i586/strongswan-padlock new file mode 120000 index 0000000..2412824 --- /dev/null +++ b/config/rootfiles/core/74/filelists/i586/strongswan-padlock @@ -0,0 +1 @@ +../../../../common/i586/strongswan-padlock \ No newline at end of file diff --git a/config/rootfiles/core/74/filelists/openvpn b/config/rootfiles/co= re/74/filelists/openvpn new file mode 120000 index 0000000..493f3f7 --- /dev/null +++ b/config/rootfiles/core/74/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/74/filelists/squid b/config/rootfiles/core= /74/filelists/squid new file mode 120000 index 0000000..2dc8372 --- /dev/null +++ b/config/rootfiles/core/74/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/74/filelists/strongswan b/config/rootfiles= /core/74/filelists/strongswan new file mode 120000 index 0000000..90c727e --- /dev/null +++ b/config/rootfiles/core/74/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/74/meta b/config/rootfiles/core/74/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/74/meta @@ -0,0 +1 @@ +DEPS=3D"" diff --git a/config/rootfiles/core/74/update.sh b/config/rootfiles/core/74/up= date.sh new file mode 100644 index 0000000..ca26b51 --- /dev/null +++ b/config/rootfiles/core/74/update.sh @@ -0,0 +1,84 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2013 IPFire-Team . = # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# +# Remove old core updates from pakfire cache to save space... +core=3D74 +for (( i=3D1; i<=3D$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + + +# +#Stop services +/etc/init.d/ipsec stop +/etc/init.d/squid stop + + +# +#Extract files +extract_files + +if [ -e "/var/ipfire/proxy/enable" ] || [ -e "/var/ipfire/proxy/enable_blue"= ]; then + ( + eval $(/usr/local/bin/readhash /var/ipfire/proxy/advanced/settings) + + if [ "${TRANSPARENT_PORT}" =3D "81" ]; then + TRANSPARENT_PORT=3D"$(( ${TRANSPARENT_PORT} + 1 ))" + sed -e "s/^TRANSPARENT_PORT=3D.*/TRANSPARENT_PORT=3D${TRANSPARENT_PORT}/"= \ + -i /var/ipfire/proxy/advanced/settings + fi + ) +fi + +# Regenerate squid configuration files. +/srv/web/ipfire/cgi-bin/proxy.cgi +chown nobody:nobody /var/ipfire/proxy/squid.conf + +# +#Start services +/etc/init.d/squid start + +if grep -q "ENABLED=3Don" /var/ipfire/vpn/settings; then + /etc/init.d/ipsec start +fi + +# +#Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# +#Finish +/etc/init.d/fireinfo start +sendprofile +#Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/packages/check_mk_agent b/config/rootfiles/pack= ages/check_mk_agent index 073b483..1d68f74 100644 --- a/config/rootfiles/packages/check_mk_agent +++ b/config/rootfiles/packages/check_mk_agent @@ -1,2 +1,3 @@ usr/bin/check_mk_agent +etc/xinetd.d/check_mk_agent usr/bin/waitmax diff --git a/doc/language_issues.tr b/doc/language_issues.tr index d58bcc3..d1d655a 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -437,6 +437,12 @@ WARNING: translation string unused: to email adr WARNING: translation string unused: to install an update WARNING: translation string unused: to warn email bad WARNING: translation string unused: too long 80 char max +WARNING: translation string unused: tor accounting period daily +WARNING: translation string unused: tor accounting period monthly +WARNING: translation string unused: tor accounting period weekly +WARNING: translation string unused: tor bridge enabled +WARNING: translation string unused: tor errmsg invalid node id +WARNING: translation string unused: tor exit country WARNING: translation string unused: traffic back WARNING: translation string unused: traffic calc time WARNING: translation string unused: traffic calc time bad @@ -512,13 +518,6 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy errmsg proxy ports equal WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: bytes -WARNING: untranslated string: dnsforward -WARNING: untranslated string: dnsforward add a new entry -WARNING: untranslated string: dnsforward configuration -WARNING: untranslated string: dnsforward edit an entry -WARNING: untranslated string: dnsforward entries -WARNING: untranslated string: dnsforward forward_server -WARNING: untranslated string: dnsforward zone WARNING: untranslated string: least preferred WARNING: untranslated string: most preferred WARNING: untranslated string: new @@ -527,82 +526,6 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table -WARNING: untranslated string: tor -WARNING: untranslated string: tor accounting -WARNING: untranslated string: tor accounting bytes -WARNING: untranslated string: tor accounting bytes left -WARNING: untranslated string: tor accounting interval -WARNING: untranslated string: tor accounting limit -WARNING: untranslated string: tor accounting period -WARNING: untranslated string: tor acls -WARNING: untranslated string: tor allowed subnets -WARNING: untranslated string: tor bandwidth burst -WARNING: untranslated string: tor bandwidth rate -WARNING: untranslated string: tor bandwidth settings -WARNING: untranslated string: tor bandwidth unlimited -WARNING: untranslated string: tor common settings -WARNING: untranslated string: tor configuration -WARNING: untranslated string: tor connected relays -WARNING: untranslated string: tor contact info -WARNING: untranslated string: tor daemon WARNING: untranslated string: tor directory port -WARNING: untranslated string: tor enabled -WARNING: untranslated string: tor errmsg invalid accounting limit WARNING: untranslated string: tor errmsg invalid directory port -WARNING: untranslated string: tor errmsg invalid ip or mask -WARNING: untranslated string: tor errmsg invalid relay address -WARNING: untranslated string: tor errmsg invalid relay name -WARNING: untranslated string: tor errmsg invalid relay port -WARNING: untranslated string: tor errmsg invalid socks port -WARNING: untranslated string: tor exit country any -WARNING: untranslated string: tor exit nodes -WARNING: untranslated string: tor relay address -WARNING: untranslated string: tor relay configuration -WARNING: untranslated string: tor relay enabled -WARNING: untranslated string: tor relay external address -WARNING: untranslated string: tor relay fingerprint -WARNING: untranslated string: tor relay mode -WARNING: untranslated string: tor relay mode bridge -WARNING: untranslated string: tor relay mode exit -WARNING: untranslated string: tor relay mode private bridge -WARNING: untranslated string: tor relay mode relay -WARNING: untranslated string: tor relay nickname -WARNING: untranslated string: tor relay port -WARNING: untranslated string: tor service -WARNING: untranslated string: tor socks port -WARNING: untranslated string: tor stats -WARNING: untranslated string: tor traffic limit hard -WARNING: untranslated string: tor traffic limit soft -WARNING: untranslated string: tor traffic read written -WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: urlfilter redirect template -WARNING: untranslated string: wlan client -WARNING: untranslated string: wlan client advanced settings -WARNING: untranslated string: wlan client and -WARNING: untranslated string: wlan client bssid -WARNING: untranslated string: wlan client ccmp -WARNING: untranslated string: wlan client configuration -WARNING: untranslated string: wlan client disconnected -WARNING: untranslated string: wlan client duplicate ssid -WARNING: untranslated string: wlan client edit entry -WARNING: untranslated string: wlan client encryption -WARNING: untranslated string: wlan client encryption none -WARNING: untranslated string: wlan client encryption wep -WARNING: untranslated string: wlan client encryption wpa -WARNING: untranslated string: wlan client encryption wpa2 -WARNING: untranslated string: wlan client group cipher -WARNING: untranslated string: wlan client group key algorithm -WARNING: untranslated string: wlan client invalid key length -WARNING: untranslated string: wlan client new entry -WARNING: untranslated string: wlan client new network -WARNING: untranslated string: wlan client pairwise cipher -WARNING: untranslated string: wlan client pairwise key algorithm -WARNING: untranslated string: wlan client pairwise key group key -WARNING: untranslated string: wlan client psk -WARNING: untranslated string: wlan client ssid -WARNING: untranslated string: wlan client tkip -WARNING: untranslated string: wlan client wpa mode -WARNING: untranslated string: wlan client wpa mode all -WARNING: untranslated string: wlan client wpa mode ccmp ccmp -WARNING: untranslated string: wlan client wpa mode ccmp tkip -WARNING: untranslated string: wlan client wpa mode tkip tkip diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6dd900f..acb4f97 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -391,7 +391,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($= proxysettings{'ACTION'} } } if (!($proxysettings{'FILEDESCRIPTORS'} =3D~ /^\d+/) || - ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTOR= S'} > 65536)) + ($proxysettings{'FILEDESCRIPTORS'} < 1) || ($proxysettings{'FILEDESCRIPTOR= S'} > 1048576)) { $errormessage =3D $Lang::tr{'proxy errmsg filedescriptors'}; goto ERROR; diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl index 9888121..2589668 100644 --- a/langs/tr/cgi-bin/tr.pl +++ b/langs/tr/cgi-bin/tr.pl @@ -737,6 +737,13 @@ 'dns saved txt' =3D> 'Girilen iki DNS sunucu adresi ba=C5=9Far=C4=B1l=C4=B1 = bir =C5=9Fekilde kaydedildi.
De=C4=9Fi=C5=9Fikliklerin aktifle=C5=9Ftiri= elebilmesi i=C3=A7in yeniden ba=C5=9Flat=C4=B1n!', 'dns server' =3D> 'DNS Sunucusu', 'dns title' =3D> 'Etki Alan=C4=B1 Ad Sistemi', +'dnsforward' =3D> 'DNS y=C3=B6nlendirmesi', +'dnsforward add a new entry' =3D> 'Yeni bir kay=C4=B1t ekle:', +'dnsforward configuration' =3D> '=C4=B0leri DNS yap=C4=B1land=C4=B1rmas=C4= =B1', +'dnsforward edit an entry' =3D> 'Varolan bir kayd=C4=B1 d=C3=BCzenle:', +'dnsforward entries' =3D> 'G=C3=BCncel kay=C4=B1tlar:', +'dnsforward forward_server' =3D> 'Ad sunucusu', +'dnsforward zone' =3D> 'B=C3=B6lge', 'do not log this port list' =3D> 'Otorumdan hemen =C3=B6nce bu ba=C4=9Flant= =C4=B1 noktalar=C4=B1 listesini b=C4=B1rak (g=C3=BCnl=C3=BCk boyutunu k=C3=BC= =C3=A7=C3=BClt=C3=BCr)', 'dod' =3D> '=C3=87evirmeli Ba=C4=9Flant=C4=B1 =C3=9Czerinden Talep', 'dod for dns' =3D> 'DNS i=C3=A7in =C3=A7evirmeli ba=C4=9Flant=C4=B1 =C3=BCze= rinden talep:', @@ -751,7 +758,7 @@ 'donation-link' =3D> 'https://www.paypal.com/en_US/GB/i/btn/btn_donateCC_LG.= gif', 'donation-text' =3D> 'IPFire bo=C5=9F zamanlar=C4=B1nda g= =C3=B6n=C3=BCll=C3=BCer taraf=C4=B1ndan geli=C5=9Ftirlmektedir. Bu projeyi ay= akta tutmak i=C3=A7in e=C4=9Fer bize destek olmak isterseniz k=C3=BC=C3=A7=C3= =BCk bir ba=C4=9F=C4=B1=C5=9Ftan mutluluk duyar=C4=B1z.', 'done' =3D> 'Yap', -'dos charset' =3D> 'DOS Karakter', +'dos charset' =3D> 'DOS Karakterleri', 'down and up speed' =3D> 'G=C3=B6nderme h=C4=B1z=C4=B1 d=C3=BC=C5=9Ft=C3=BC= =C4=9F=C3=BCnde Kaydet d=C3=BC=C4=9Fmesine bas=C4=B1n.', 'downlink speed' =3D> '=C4=B0ndirme ba=C4=9Flant=C4=B1 h=C4=B1z=C4=B1 (kbit/= san)', 'downlink std class' =3D> 'Standart indirme ba=C4=9Flant=C4=B1s=C4=B1 s=C4= =B1n=C4=B1f=C4=B1', @@ -1586,9 +1593,9 @@ 'reload' =3D> 'yeniden y=C3=BCkle', 'remark' =3D> 'A=C3=A7=C4=B1klama', 'remark title' =3D> 'A=C3=A7=C4=B1klama:', -'remote access' =3D> 'Uzaktan eri=C5=9Fim', -'remote announce' =3D> 'Uzaktan Duyuru', -'remote browse sync' =3D> 'Remote Browse Sync', +'remote access' =3D> 'Uzak eri=C5=9Fim', +'remote announce' =3D> 'Uzak duyuru', +'remote browse sync' =3D> 'Uzak taray=C4=B1c=C4=B1 e=C5=9Fitlemesi', 'remote host/ip' =3D> 'Uzak ana bilgisayar/IP', 'remote logging' =3D> 'Uzak g=C3=BCnl=C3=BCk', 'remote subnet' =3D> 'Uzak alt a=C4=9F:', @@ -1824,6 +1831,58 @@ 'tone' =3D> 'Ses', 'tone dial' =3D> 'Sesli =C3=A7evirme:', 'too long 80 char max' =3D> ' =C3=A7ok uzun, izin verilen en fazla 80 karakt= erdir', +'tor' =3D> 'Tor', +'tor accounting' =3D> 'Hesap', +'tor accounting bytes' =3D> 'Trafik (okuma/yazma)', +'tor accounting bytes left' =3D> 'left', +'tor accounting interval' =3D> 'Aral=C4=B1k (UTC)', +'tor accounting limit' =3D> 'Hesap s=C4=B1n=C4=B1r=C4=B1 (MB)', +'tor accounting period' =3D> 'Hesap d=C3=B6nemi', +'tor accounting period daily' =3D> 'g=C3=BCnl=C3=BCk', +'tor accounting period monthly' =3D> 'ayl=C4=B1k', +'tor accounting period weekly' =3D> 'haftal=C4=B1k', +'tor acls' =3D> 'Eri=C5=9Fim Kontrol=C3=BC', +'tor allowed subnets' =3D> '=C4=B0zin verilen alt a=C4=9Flar (her sat=C4=B1r= da bir tane)', +'tor bandwidth burst' =3D> 'En b=C3=BCy=C3=BCk ay=C4=B1rma', +'tor bandwidth rate' =3D> 'En b=C3=BCy=C3=BCk oran', +'tor bandwidth settings' =3D> 'Bant Geni=C5=9Fli=C4=9Fi Ayarlar=C4=B1', +'tor bandwidth unlimited' =3D> 's=C4=B1n=C4=B1rs=C4=B1z', +'tor bridge enabled' =3D> 'Tor k=C3=B6pr=C3=BCs=C3=BCn=C3=BC etkinle=C5=9Fti= r', +'tor common settings' =3D> 'Genel Ayarlar', +'tor configuration' =3D> 'Tor Yap=C4=B1land=C4=B1rmas=C4=B1', +'tor connected relays' =3D> 'Ba=C4=9Fl=C4=B1 aktar=C4=B1mlar', +'tor contact info' =3D> '=C4=B0leti=C5=9Fim Bilgileri', +'tor daemon' =3D> 'Artalan s=C3=BCreci', +'tor enabled' =3D> 'Tor Aktif', +'tor errmsg invalid accounting limit' =3D> 'Ge=C3=A7ersiz hesap s=C4=B1n=C4= =B1r=C4=B1', +'tor errmsg invalid ip or mask' =3D> 'Ge=C3=A7ersiz IP alt a=C4=9F=C4=B1', +'tor errmsg invalid node id' =3D> 'Ge=C3=A7ersiz d=C3=BC=C4=9F=C3=BCm kimli= =C4=9Fi (ID)', +'tor errmsg invalid relay address' =3D> 'Ge=C3=A7ersiz aktarma adresi', +'tor errmsg invalid relay name' =3D> 'Ge=C3=A7ersiz aktarma takma ad=C4=B1', +'tor errmsg invalid relay port' =3D> 'Ge=C3=A7ersiz aktarma ba=C4=9Flant=C4= =B1 noktas=C4=B1', +'tor errmsg invalid socks port' =3D> 'Ge=C3=A7ersiz SOCKS ba=C4=9Flant=C4=B1= noktas=C4=B1', +'tor exit country' =3D> '=C3=9Cl=C3=A7e =C3=A7=C4=B1k=C4=B1=C5=9F=C4=B1', +'tor exit country any' =3D> 'Herhangi bir =C3=BClke', +'tor exit nodes' =3D> '=C3=87=C4=B1k=C4=B1=C5=9F D=C3=BC=C4=9F=C3=BCmleri', +'tor relay address' =3D> 'Aktarma adresleri', +'tor relay configuration' =3D> 'Tor Aktarma Yap=C4=B1land=C4=B1rmas=C4=B1', +'tor relay enabled' =3D> 'Tor Aktarma Aktif', +'tor relay external address' =3D> 'Aktar=C4=B1m d=C4=B1=C5=9F adresi', +'tor relay fingerprint' =3D> 'Aktar=C4=B1m parmak izi', +'tor relay mode' =3D> 'Aktar=C4=B1m bi=C3=A7imi', +'tor relay mode bridge' =3D> 'K=C3=B6pr=C3=BC', +'tor relay mode exit' =3D> '=C3=87=C4=B1k=C4=B1=C5=9F-D=C3=BC=C4=9F=C3=BCm= =C3=BC', +'tor relay mode private bridge' =3D> '=C3=96zel k=C3=B6pr=C3=BC', +'tor relay mode relay' =3D> 'Sadece aktar=C4=B1m', +'tor relay nickname' =3D> 'Aktar=C4=B1m takma ad=C4=B1', +'tor relay port' =3D> 'Aktar=C4=B1m ba=C4=9Flant=C4=B1 noktas=C4=B1', +'tor service' =3D> 'Tor Servisi', +'tor socks port' =3D> 'SOCKS ba=C4=9Flant=C4=B1 noktas=C4=B1', +'tor stats' =3D> '=C4=B0statistik', +'tor traffic limit hard' =3D> 'Trafik s=C4=B1n=C4=B1r=C4=B1na ula=C5=9F=C4= =B1ld=C4=B1.', +'tor traffic limit soft' =3D> 'Trafik s=C4=B1n=C4=B1r=C4=B1na neredeyse ula= =C5=9F=C4=B1ld=C4=B1. Yeni herhangi bir ba=C4=9Flant=C4=B1 kabul edilmiyor.', +'tor traffic read written' =3D> 'Toplam tarfik (okuma/yazma)', +'tor use exit nodes' =3D> 'Sadece bu =C3=A7=C4=B1k=C4=B1=C5=9F d=C3=BC=C4=9F= =C3=BCmlerini kullan=C4=B1n (her sat=C4=B1ra bir tane)', 'total connection time' =3D> 'Toplam ba=C4=9Flant=C4=B1 s=C3=BCresi', 'total hits for log section' =3D> 'G=C3=BCnl=C3=BCk b=C3=B6l=C3=BCm=C3=BC i= =C3=A7in toplam kay=C4=B1t', 'traffic back' =3D> 'Geri', @@ -1933,7 +1992,7 @@ 'updxlrtr save and restart' =3D> 'Kaydet ve Yeniden Ba=C5=9Flat', 'updxlrtr source' =3D> 'Kaynak', 'updxlrtr source checkup' =3D> 'Kaynak kontrol=C3=BC', -'updxlrtr source checkup schedule' =3D> 'Kaynak kontrol=C3=BC program=C4=B1', +'updxlrtr source checkup schedule' =3D> 'Kaynak kontrol zaman=C4=B1', 'updxlrtr sources' =3D> 'Kaynaklar', 'updxlrtr standard view' =3D> 'Standart g=C3=B6r=C3=BCn=C3=BCm', 'updxlrtr statistics' =3D> '=C4=B0statistik', @@ -2066,7 +2125,7 @@ 'urlfilter hourly' =3D> 'Saatlik', 'urlfilter import blacklist' =3D> 'Kara listeyi al', 'urlfilter import text' =3D> '=C3=96nceden kaydedilmi=C5=9F *.tar.gz uzant= =C4=B1l=C4=B1 kara liste d=C3=BCzenleyici dosyas=C4=B1n=C4=B1 y=C3=BCklemek i= =C3=A7in a=C5=9Fa=C4=9F=C4=B1dan se=C3=A7in', -'urlfilter install blacklist' =3D> 'Kara listeyi kur', +'urlfilter install blacklist' =3D> 'Kara listeye y=C3=BCkle', 'urlfilter install information' =3D> 'Yeni kara liste otomatik olarak olu=C5= =9Fturulup veritabanlar=C4=B1 i=C3=A7in derlenecektir. Kara liste boyutuna ba= =C4=9Fl=C4=B1 olarak g=C3=BCncelleme i=C5=9Flemi birka=C3=A7 dakika zaman ala= bilir. URL filtreyi yeniden ba=C5=9Flatmadan =C3=B6nce bu g=C3=B6revin muhakk= ak bitirilmesini bekleyin.', 'urlfilter invalid content' =3D> 'Dosya squidGuard uyumlu kara liste de=C4= =9Fil', 'urlfilter invalid import file' =3D> 'Dosya ge=C3=A7erli URL filtre kara lis= te d=C3=BCzenleyicisi dosyas=C4=B1 de=C4=9Fil', @@ -2247,6 +2306,36 @@ 'wireless config added' =3D> 'Kablosuz a=C4=9F yap=C4=B1land=C4=B1rma eklend= i', 'wireless config changed' =3D> 'Kablosuz a=C4=9F yap=C4=B1land=C4=B1rma de= =C4=9Fi=C5=9Ftirildi', 'wireless configuration' =3D> 'Kablosuz A=C4=9F ayarlar=C4=B1', +'wlan client' =3D> 'Kablosuz istemci', +'wlan client advanced settings' =3D> 'Geli=C5=9Fmi=C5=9F ayarlar', +'wlan client and' =3D> 've', +'wlan client bssid' =3D> 'BSSID', +'wlan client ccmp' =3D> 'CCMP', +'wlan client configuration' =3D> 'Kablosuz isdemci Yap=C4=B1land=C4=B1rmas= =C4=B1', +'wlan client disconnected' =3D> 'Ba=C4=9Flant=C4=B1 kesildi', +'wlan client duplicate ssid' =3D> 'Yinelenen SSID', +'wlan client edit entry' =3D> 'Kablosuz istemci yap=C4=B1land=C4=B1rmas=C4= =B1n=C4=B1 d=C3=BCzenle', +'wlan client encryption' =3D> '=C5=9Eifreleme', +'wlan client encryption none' =3D> 'Hi=C3=A7biri', +'wlan client encryption wep' =3D> 'WEP', +'wlan client encryption wpa' =3D> 'WPA', +'wlan client encryption wpa2' =3D> 'WPA2', +'wlan client group cipher' =3D> 'Grup =C5=9Fifreleme', +'wlan client group key algorithm' =3D> 'GKA', +'wlan client invalid key length' =3D> 'Ge=C3=A7ersiz anahtar uzunlu=C4=9Fu.', +'wlan client new entry' =3D> 'Yeni kablosuz istemci yap=C4=B1land=C4=B1rmas= =C4=B1 olu=C5=9Ftur', +'wlan client new network' =3D> 'Yeni a=C4=9F', +'wlan client pairwise cipher' =3D> '=C4=B0kili =C5=9Fifreleme', +'wlan client pairwise key algorithm' =3D> 'PKA', +'wlan client pairwise key group key' =3D> '=C4=B0kili anahtar/grup anahtar= =C4=B1', +'wlan client psk' =3D> '=C3=96nceden payla=C5=9F=C4=B1lan anahtar', +'wlan client ssid' =3D> 'SSID', +'wlan client tkip' =3D> 'TKIP', +'wlan client wpa mode' =3D> 'WPA bi=C3=A7imi', +'wlan client wpa mode all' =3D> 'Otomatik', +'wlan client wpa mode ccmp ccmp' =3D> 'CCMP-CCMP', +'wlan client wpa mode ccmp tkip' =3D> 'CCMP-TKIP', +'wlan client wpa mode tkip tkip' =3D> 'TKIP-TKIP', 'wlanap access point' =3D> 'Eri=C5=9Fim Noktas=C4=B1', 'wlanap channel' =3D> 'Kanal', 'wlanap country' =3D> '=C3=9Clke Kodu', diff --git a/lfs/check_mk_agent b/lfs/check_mk_agent index c0f70d1..6e6d557 100644 --- a/lfs/check_mk_agent +++ b/lfs/check_mk_agent @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 1.2.0p3 +VER =3D 1.2.2p2 =20 THISAPP =3D check_mk_agent-$(VER) DL_FILE =3D check_mk-${VER}.tar.gz @@ -44,7 +44,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 2c0f27fe8b6e3455557ecb30954d8a79 +$(DL_FILE)_MD5 =3D caa0f7662b4d170b2b6db2516bd41a89 =20 install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) @@ -78,6 +78,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && tar xzf agents.tar.gz cd $(DIR_APP) && install -v -m 755 check_mk_agent.linux /usr/bin/check_mk_a= gent + -mkdir /etc/xinetd.d + cd $(DIR_APP) && install -v -m 755 xinetd.conf /etc/xinetd.d/check_mk_agent cd $(DIR_APP) && gcc $(CFLAGS) waitmax.c -o waitmax cd $(DIR_APP) && install -v -m 755 waitmax /usr/bin/waitmax @rm -rf $(DIR_APP) diff --git a/lfs/configroot b/lfs/configroot index 1185236..1260ceb 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -67,7 +67,7 @@ $(TARGET) : ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extra= hd/settings fwlogs/ipsettings fwlogs/portsettings \ isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing = main/settings net-traffic/settings optionsfw/settings outgoing/settings outgo= ing/rules \ ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/conf= ig ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ - ppp/settings-5 ppp/settings proxy/settings proxy/advanced/settings prox= y/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses= qos/level7config qos/portconfig \ + ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advan= ced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/class= es qos/subclasses qos/level7config qos/portconfig \ qos/tosconfig snort/settings tripwire/settings upnp/settings vpn/config= vpn/settings vpn/ipsec.conf \ vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config w= ireless/settings; do \ touch $(CONFIG_ROOT)/$$i; \ diff --git a/lfs/nagios b/lfs/nagios index 2bb2a41..a9cef53 100644 --- a/lfs/nagios +++ b/lfs/nagios @@ -103,7 +103,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_SRC)/nagios-plugins* && ./configure --prefix=3D/usr \ --libexecdir=3D/usr/lib/nagios \ --with-nagios-user=3Dnobody --with-nagios-group=3Dnobody - cd $(DIR_SRC)/nagios-plugins* && make $(MAKETUNING) + cd $(DIR_SRC)/nagios-plugins* && make cd $(DIR_SRC)/nagios-plugins* && make install chown -R nobody:nobody /var/nagios ln -s /etc/init.d/nagios /etc/rc.d/rc3.d/S67nagios diff --git a/lfs/openvpn b/lfs/openvpn index e57aa30..87daf07 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2011 IPFire Team = # +# Copyright (C) 2007-2013 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 2.2.2 +VER =3D 2.3.2 =20 THISAPP =3D openvpn-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D c5181e27b7945fa6276d21873329c5c7 +$(DL_FILE)_MD5 =3D 06e5f93dbf13f2c19647ca15ffc23ac1 =20 install : $(TARGET) =20 @@ -73,16 +73,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure \ --prefix=3D/usr \ --sysconfdir=3D/var/ipfire/ovpn \ + --enable-iproute2 \ --enable-password-save \ - --enable-pthread + --enable-plugins \ + --enable-plugin-auth-pam \ + --enable-plugin-down-root + cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire - -mkdir -pv /usr/lib/openvpn - cd $(DIR_APP)/plugin/auth-pam && make - cp -pvf $(DIR_APP)/plugin/auth-pam/openvpn-auth-pam.so /usr/lib/openvpn - cd $(DIR_APP)/plugin/down-root && make - cp -pvf $(DIR_APP)/plugin/down-root/openvpn-down-root.so /usr/lib/openvpn + -mkdir -vp /usr/lib/openvpn/plugins -mkdir -vp /var/ipfire/ovpn/ca -mkdir -vp /var/ipfire/ovpn/ccd -mkdir -vp /var/ipfire/ovpn/crls diff --git a/lfs/squid b/lfs/squid index a341857..3c5f6c5 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 3.3.10 +VER =3D 3.3.11 =20 THISAPP =3D squid-$(VER) DL_FILE =3D $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 28058812d722cac303517a643e28bcb0 +$(DL_FILE)_MD5 =3D dd016ff5f14b2548083b3882207914f6 =20 install : $(TARGET) =20 @@ -53,7 +53,6 @@ md5 : $(subst %,%_MD5,$(objects)) ############################################################################= ### # Downloading, checking, md5sum ############################################################################= ### - $(patsubst %,$(DIR_CHK)/%,$(objects)) : @$(CHECK) =20 @@ -70,9 +69,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - - cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-optional-= ssl-options.patch - cd $(DIR_APP) && ./configure \ --prefix=3D/usr \ --sysconfdir=3D/etc/squid \ @@ -104,8 +100,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-eui \ --with-pthreads \ --with-dl \ - --with-maxfd=3D"65536" \ - --with-filedescriptors=3D65536 \ + --with-filedescriptors=3D$$(( 16384 * 64 )) \ --with-large-files \ --with-aio \ --enable-async-io=3D8 \ diff --git a/lfs/strongswan b/lfs/strongswan index 4701f34..495d035 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 5.1.0 +VER =3D 5.1.1 =20 THISAPP =3D strongswan-$(VER) DL_FILE =3D $(THISAPP).tar.bz2 @@ -33,9 +33,11 @@ DIR_APP =3D $(DIR_SRC)/strongswan-$(VER) TARGET =3D $(DIR_INFO)/$(THISAPP) =20 ifeq "$(MACHINE)" "i586" - PADLOCK =3D --enable-padlock + CONFIGURE_OPTIONS =3D \ + --enable-padlock else - PADLOCK =3D --disable-padlock + CONFIGURE_OPTIONS =3D \ + --disable-padlock endif =20 ############################################################################= ### @@ -46,7 +48,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D c1cd0a3ba9960f590cae28c8470800e8 +$(DL_FILE)_MD5 =3D e3af3d493d22286be3cd794533a8966a =20 install : $(TARGET) =20 @@ -78,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) =20 cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.5.3_ipfi= re.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.1.1-dela= y-dpd.patch =20 cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh cd $(DIR_APP) && ./configure \ @@ -92,9 +95,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-eap-peap \ --enable-eap-mschapv2 \ --enable-eap-identity \ - $(PADLOCK) + --enable-unity \ + $(CONFIGURE_OPTIONS) =20 - cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS=3D"-lrt" + cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install =20 # Remove all library files we don't want or need. diff --git a/lfs/tor b/lfs/tor index 795f7c3..10eaca4 100644 --- a/lfs/tor +++ b/lfs/tor @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 0.2.4.17-rc +VER =3D 0.2.4.18-rc =20 THISAPP =3D tor-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D tor -PAK_VER =3D 4 +PAK_VER =3D 5 =20 DEPS =3D "libevent2" =20 @@ -44,7 +44,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 2cdfb8dcc3306a43cf465a858bf97b2d +$(DL_FILE)_MD5 =3D 6cc5bc776e9d61a9fb1b000609ed2692 =20 install : $(TARGET) =20 diff --git a/make.sh b/make.sh index ef98d6f..37fa1c8 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME=3D"IPFire" # Software name SNAME=3D"ipfire" # Short name VERSION=3D"2.13" # Version number -CORE=3D"73" # Core Level (Filename) -PAKFIRE_CORE=3D"73" # Core Level (PAKFIRE) +CORE=3D"74" # Core Level (Filename) +PAKFIRE_CORE=3D"74" # Core Level (PAKFIRE) GIT_BRANCH=3D`git status | head -n1 | cut -d" " -f4` # Git Branch SLOGAN=3D"www.ipfire.org" # Software slogan CONFIG_ROOT=3D/var/ipfire # Configuration rootdir diff --git a/src/paks/check_mk_agent/install.sh b/src/paks/check_mk_agent/ins= tall.sh index 682363b..6aed752 100644 --- a/src/paks/check_mk_agent/install.sh +++ b/src/paks/check_mk_agent/install.sh @@ -24,3 +24,13 @@ . /opt/pakfire/lib/functions.sh extract_files restore_backup ${NAME} + +mkdir -p /usr/lib/check_mk_agent/plugins + +if [[ -x /usr/sbin/xinetd ]]; +then + if [[ -x /etc/init.d/xinetd ]] + then + /etc/init.d/xinetd restart + fi +fi diff --git a/src/paks/check_mk_agent/uninstall.sh b/src/paks/check_mk_agent/u= ninstall.sh index 66f4344..3a0860a 100644 --- a/src/paks/check_mk_agent/uninstall.sh +++ b/src/paks/check_mk_agent/uninstall.sh @@ -24,3 +24,11 @@ . /opt/pakfire/lib/functions.sh make_backup ${NAME} remove_files + +if [[ -x /usr/sbin/xinetd ]]; +then + if [[ -x /etc/init.d/xinetd ]] + then + /etc/init.d/xinetd restart + fi +fi diff --git a/src/patches/squid-3.1-10486.patch b/src/patches/squid-3.1-10486.= patch deleted file mode 100644 index 6a0388e..0000000 --- a/src/patches/squid-3.1-10486.patch +++ /dev/null @@ -1,54 +0,0 @@ ------------------------------------------------------------- -revno: 10486 -revision-id: squid3(a)treenet.co.nz-20130222111325-zizr296kq3te4g7h -parent: squid3(a)treenet.co.nz-20130109021503-hqg7ufldrudpzr9l -fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3D3790 -author: Reinhard Sojka -committer: Amos Jeffries -branch nick: SQUID_3_1 -timestamp: Fri 2013-02-22 04:13:25 -0700 -message: - Bug 3790: cachemgr.cgi crash with authentication ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20130222111325-zizr296kq3te4g7h -# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ -# /SQUID_3_1 -# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b -# timestamp: 2013-02-22 11:17:18 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ -# /SQUID_3_1 -# base_revision_id: squid3(a)treenet.co.nz-20130109021503-\ -# hqg7ufldrudpzr9l -#=20 -# Begin patch -=3D=3D=3D modified file 'tools/cachemgr.cc' ---- tools/cachemgr.cc 2013-01-08 23:11:51 +0000 -+++ tools/cachemgr.cc 2013-02-22 11:13:25 +0000 -@@ -1162,7 +1162,6 @@ - { - static char buf[1024]; - size_t stringLength =3D 0; -- const char *str64; -=20 - if (!req->passwd) - return ""; -@@ -1171,15 +1170,12 @@ - req->user_name ? req->user_name : "", - req->passwd); -=20 -- str64 =3D base64_encode(buf); -- -- stringLength +=3D snprintf(buf, sizeof(buf), "Authorization: Basic %s\r= \n", str64); -+ stringLength +=3D snprintf(buf, sizeof(buf), "Authorization: Basic %s\r= \n", base64_encode(buf)); -=20 - assert(stringLength < sizeof(buf)); -=20 -- snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authori= zation: Basic %s\r\n", str64); -+ snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authori= zation: Basic %s\r\n", base64_encode(buf)); -=20 -- xxfree(str64); - return buf; - } -=20 - diff --git a/src/patches/squid-3.1-10487.patch b/src/patches/squid-3.1-10487.= patch deleted file mode 100644 index 2ca4848..0000000 --- a/src/patches/squid-3.1-10487.patch +++ /dev/null @@ -1,73 +0,0 @@ ------------------------------------------------------------- -revno: 10487 -revision-id: squid3(a)treenet.co.nz-20130710124748-2n6111r04xsi71vx -parent: squid3(a)treenet.co.nz-20130222111325-zizr296kq3te4g7h -author: Nathan Hoad -committer: Amos Jeffries -branch nick: SQUID_3_1 -timestamp: Wed 2013-07-10 06:47:48 -0600 -message: - Protect against buffer overrun in DNS query generation - =20 - see SQUID-2013:2. - =20 - This bug has been present as long as the internal DNS component however - most code reaching this point is passing through URL validation first. - With Squid-3.2 Host header verification using DNS directly we may have - problems. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20130710124748-2n6111r04xsi71vx -# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ -# /SQUID_3_1 -# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0 -# timestamp: 2013-07-10 12:48:57 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ -# /SQUID_3_1 -# base_revision_id: squid3(a)treenet.co.nz-20130222111325-\ -# zizr296kq3te4g7h -#=20 -# Begin patch -=3D=3D=3D modified file 'src/dns_internal.cc' ---- src/dns_internal.cc 2011-10-11 02:12:56 +0000 -+++ src/dns_internal.cc 2013-07-10 12:47:48 +0000 -@@ -1532,22 +1532,26 @@ - void - idnsALookup(const char *name, IDNSCB * callback, void *data) - { -- unsigned int i; -+ size_t nameLength =3D strlen(name); -+ -+ // Prevent buffer overflow on q->name -+ if (nameLength > NS_MAXDNAME) { -+ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to per= form lookup: '" << name << "'. see access.log for details."); -+ callback(data, NULL, 0, "Internal error"); -+ return; -+ } -+ -+ if (idnsCachedLookup(name, callback, data)) -+ return; -+ -+ idns_query *q =3D cbdataAlloc(idns_query); -+ q->id =3D idnsQueryID(); - int nd =3D 0; -- idns_query *q; -- -- if (idnsCachedLookup(name, callback, data)) -- return; -- -- q =3D cbdataAlloc(idns_query); -- -- q->id =3D idnsQueryID(); -- -- for (i =3D 0; i < strlen(name); i++) -+ for (unsigned int i =3D 0; i < nameLength; ++i) - if (name[i] =3D=3D '.') - nd++; -=20 -- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] !=3D '= .') { -+ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] !=3D '.'= ) { - q->do_searchpath =3D 1; - } else { - q->do_searchpath =3D 0; - diff --git a/src/patches/squid-3.3.10-optional-ssl-options.patch b/src/patche= s/squid-3.3.10-optional-ssl-options.patch deleted file mode 100644 index f6a108c..0000000 --- a/src/patches/squid-3.3.10-optional-ssl-options.patch +++ /dev/null @@ -1,148 +0,0 @@ -From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115 - -Committer: Christos Tsantilas -Date: 2013-11-07 10:46:14 UTC -Revision ID: chtsanti(a)users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf - -http://bugs.squid-cache.org/show_bug.cgi?id=3D3936 -Bug 3936: error-details.txt parse error - -Squid fails parsing error-details.txt template when one or more listed OpenS= SL -errors are not supported on running platform. -This patch add a hardcoded list of OpenSSL errors wich can be optional. - -This is a Measurement Factory project - -=3D=3D=3D modified file 'src/ssl/ErrorDetail.cc' ---- src/ssl/ErrorDetail.cc 2013-07-31 00:13:04 +0000 -+++ src/ssl/ErrorDetail.cc 2013-11-07 10:46:14 +0000 -@@ -221,6 +221,31 @@ - {SSL_ERROR_NONE, NULL} - }; -=20 -+static const char *OptionalSslErrors[] =3D { -+ "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER", -+ "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION", -+ "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN", -+ "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION", -+ "X509_V_ERR_INVALID_NON_CA", -+ "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED", -+ "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE", -+ "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED", -+ "X509_V_ERR_INVALID_EXTENSION", -+ "X509_V_ERR_INVALID_POLICY_EXTENSION", -+ "X509_V_ERR_NO_EXPLICIT_POLICY", -+ "X509_V_ERR_DIFFERENT_CRL_SCOPE", -+ "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE", -+ "X509_V_ERR_UNNESTED_RESOURCE", -+ "X509_V_ERR_PERMITTED_VIOLATION", -+ "X509_V_ERR_EXCLUDED_VIOLATION", -+ "X509_V_ERR_SUBTREE_MINMAX", -+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE", -+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX", -+ "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX", -+ "X509_V_ERR_CRL_PATH_VALIDATION_ERROR", -+ NULL -+}; -+ - struct SslErrorAlias { - const char *name; - const Ssl::ssl_error_t *errors; -@@ -331,6 +356,16 @@ - return NULL; - } -=20 -+bool -+Ssl::ErrorIsOptional(const char *name) -+{ -+ for (int i =3D 0; OptionalSslErrors[i] !=3D NULL; ++i) { -+ if (strcmp(name, OptionalSslErrors[i]) =3D=3D 0) -+ return true; -+ } -+ return false; -+} -+ - const char * - Ssl::GetErrorDescr(Ssl::ssl_error_t value) - { - -=3D=3D=3D modified file 'src/ssl/ErrorDetail.h' ---- src/ssl/ErrorDetail.h 2013-05-30 10:10:29 +0000 -+++ src/ssl/ErrorDetail.h 2013-11-07 10:46:14 +0000 -@@ -40,6 +40,14 @@ -=20 - /** - \ingroup ServerProtocolSSLAPI -+ * Return true if the SSL error is optional and may not supported -+ * by current squid version -+ */ -+ -+bool ErrorIsOptional(const char *name); -+ -+/** -+ \ingroup ServerProtocolSSLAPI - * Used to pass SSL error details to the error pages returned to the - * end user. - */ - -=3D=3D=3D modified file 'src/ssl/ErrorDetailManager.cc' ---- src/ssl/ErrorDetailManager.cc 2013-10-25 00:13:46 +0000 -+++ src/ssl/ErrorDetailManager.cc 2013-11-07 10:46:14 +0000 -@@ -218,32 +218,35 @@ - } -=20 - Ssl::ssl_error_t ssl_error =3D Ssl::GetErrorCode(errorName.term= edBuf()); -- if (ssl_error =3D=3D SSL_ERROR_NONE) { -+ if (ssl_error !=3D SSL_ERROR_NONE) { -+ -+ if (theDetails->getErrorDetail(ssl_error)) { -+ debugs(83, DBG_IMPORTANT, HERE << -+ "WARNING! duplicate entry: " << errorName); -+ return false; -+ } -+ -+ ErrorDetailEntry &entry =3D theDetails->theList[ssl_error]; -+ entry.error_no =3D ssl_error; -+ entry.name =3D errorName; -+ String tmp =3D parser.getByName("detail"); -+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &e= ntry.detail); -+ tmp =3D parser.getByName("descr"); -+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &e= ntry.descr); -+ bool parseOK =3D entry.descr.defined() && entry.detail.defi= ned(); -+ -+ if (!parseOK) { -+ debugs(83, DBG_IMPORTANT, HERE << -+ "WARNING! missing important field for detail err= or: " << errorName); -+ return false; -+ } -+ -+ } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) { - debugs(83, DBG_IMPORTANT, HERE << - "WARNING! invalid error detail name: " << errorName); - return false; - } -=20 -- if (theDetails->getErrorDetail(ssl_error)) { -- debugs(83, DBG_IMPORTANT, HERE << -- "WARNING! duplicate entry: " << errorName); -- return false; -- } -- -- ErrorDetailEntry &entry =3D theDetails->theList[ssl_error]; -- entry.error_no =3D ssl_error; -- entry.name =3D errorName; -- String tmp =3D parser.getByName("detail"); -- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry= .detail); -- tmp =3D parser.getByName("descr"); -- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry= .descr); -- bool parseOK =3D entry.descr.defined() && entry.detail.defined(= ); -- -- if (!parseOK) { -- debugs(83, DBG_IMPORTANT, HERE << -- "WARNING! missing imporant field for detail error: "= << errorName); -- return false; -- } - }// else {only spaces and black lines; just ignore} -=20 - buf.consume(size); - diff --git a/src/patches/strongswan-5.1.1-delay-dpd.patch b/src/patches/stron= gswan-5.1.1-delay-dpd.patch new file mode 100644 index 0000000..db3d664 --- /dev/null +++ b/src/patches/strongswan-5.1.1-delay-dpd.patch @@ -0,0 +1,35 @@ +From b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c Mon Sep 17 00:00:00 2001 +From: Martin Willi +Date: Fri, 1 Nov 2013 11:28:53 +0100 +Subject: [PATCH] ike: Don't immediately DPD after deferred DELETEs following= IKE_SA rekeying + +Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, wh= ich +is perfectly valid. For short(er) DPD delays, this leads to the situation wh= ere +we send a DPD request during set_state(), but the IKE_SA has no hosts set ye= t. +Avoid that DPD by resetting the INBOUND timestamp during set_state(). +--- + src/libcharon/sa/ike_sa.c | 8 ++++++++ + 1 files changed, 8 insertions(+), 0 deletions(-) + +diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c +index 0282087..d482f8b 100644 +--- a/src/libcharon/sa/ike_sa.c ++++ b/src/libcharon/sa/ike_sa.c +@@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void, + DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t); + } + trigger_dpd =3D this->peer_cfg->get_dpd(this->peer_cfg); ++ if (trigger_dpd) ++ { ++ /* Some peers delay the DELETE after rekeying an IKE_SA. ++ * If this delay is longer than our DPD delay, we would ++ * send a DPD request here. The IKE_SA is not ready to do ++ * so yet, so prevent that. */ ++ this->stats[STAT_INBOUND] =3D this->stats[STAT_ESTABLISHED]; ++ } + } + break; + } +--=20 +1.7.4.1 + diff --git a/src/scripts/httpscert b/src/scripts/httpscert index fb2d64b..d0e23fa 100644 --- a/src/scripts/httpscert +++ b/src/scripts/httpscert @@ -6,13 +6,9 @@ # See how we were called. case "$1" in new) - # set temporary random file - export RANDFILE=3D/root/.rnd if [ ! -f /etc/httpd/server.key ]; then echo "Generating https server key." - /usr/bin/openssl genrsa -rand \ - /boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \ - /etc/httpd/server.key 1024 + /usr/bin/openssl genrsa -out /etc/httpd/server.key 4096 fi echo "Generating CSR" /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/opens= sl \ @@ -21,9 +17,6 @@ case "$1" in /usr/bin/openssl x509 -req -days 999999 -in \ /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \ /etc/httpd/server.crt - # unset and remove random file - export -n RANDFILE - rm -f /root/.rnd ;; read) if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/= server.csr ]; then hooks/post-receive -- IPFire 2.x development tree --===============6195278856645816258==--