From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. e967871e8f2f585feff7c42786815ff6e8784774
Date: Mon, 22 Apr 2019 20:25:12 +0100 [thread overview]
Message-ID: <20190422192513.31D4784FDAF@people01.i.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 60163 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via e967871e8f2f585feff7c42786815ff6e8784774 (commit)
via 08caa596fa2a92152b3d9e2c3b7f6e01cc4f39c9 (commit)
via e24daa08fa4f421765d9001a97f9492ae6b9ac9f (commit)
via cdc82a993af684a528c7bf2bbfcaf01c983b7783 (commit)
via ce1c170b0c38015c88d2ff2966853d7cd6d65952 (commit)
via ddc5602ac6674b5ede85068bcad16528199d2bfe (commit)
via 010d4a85a94d0b78a214032945652a6105771f50 (commit)
via 43c3a386d188c28fb925ff3e40bfec9f39cc935c (commit)
via 75faf7ac4fe580bdb707ea7024a64f4c301b009e (commit)
via 6e7c8a3303c60aee8a779f86d836cd0afc2b561b (commit)
via 7af7ced6fc7f308e5f9ba4aa6c751f64371b38f0 (commit)
from c33a6e7103b191efbff2590976e36bb4cfde47e7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e967871e8f2f585feff7c42786815ff6e8784774
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 20 14:21:46 2019 +0100
Update contributors
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 08caa596fa2a92152b3d9e2c3b7f6e01cc4f39c9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 20 14:20:06 2019 +0100
core132: Ship WPAD/proxy changes
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e24daa08fa4f421765d9001a97f9492ae6b9ac9f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 20 14:18:17 2019 +0100
Update translation
Fix some apostrophe and spelling errors
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit cdc82a993af684a528c7bf2bbfcaf01c983b7783
Author: Alexander Koch <ipfire(a)starkstromkonsument.de>
Date: Sun Apr 21 23:56:59 2019 +0200
squid / WPAD: Add Wiki-Link for required further adjustments to GUI
This patch adds a notice with a link to the Wiki-page https://wiki.ipfire.org/configuration/network/proxy/extend/wpad to the new WebGUI-Setion to make the user aware of the fact, that WPAD will only work correctly if he makes further adjustments:
- Add DHCP-Options for WPAD via DHCP
- Add HOST-Entries to DNS and Apache-vhost or haproxy-frontend/backend or firewall-redirect for WPAD via DNS
These additional options depend on the users environment and can not be shipped by default as they might break the users setups.
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch <ipfire(a)starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ce1c170b0c38015c88d2ff2966853d7cd6d65952
Author: Alexander Koch <ipfire(a)starkstromkonsument.de>
Date: Sun Apr 21 23:56:58 2019 +0200
squid / WPAD: Add GUI for exception-files for generation of proxy.pac
This patch adds the missing Web-GUI for the WPAD-Exceptions to proxy.cgi
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch <ipfire(a)starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ddc5602ac6674b5ede85068bcad16528199d2bfe
Author: Alexander Koch <ipfire(a)starkstromkonsument.de>
Date: Sun Apr 14 12:08:43 2019 +0200
squid / WPAD: Add exception-files for generation of proxy.pac
This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl
- /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch <ipfire(a)starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 010d4a85a94d0b78a214032945652a6105771f50
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sat Apr 13 15:55:16 2019 +0100
Enable seccomp support for qemu
Fixes: #11941
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 43c3a386d188c28fb925ff3e40bfec9f39cc935c
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sat Apr 13 15:55:15 2019 +0100
Add new package libseccomp
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 75faf7ac4fe580bdb707ea7024a64f4c301b009e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 20 14:10:12 2019 +0100
core132: Ship changed suricata configuration
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6e7c8a3303c60aee8a779f86d836cd0afc2b561b
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Apr 21 09:26:45 2019 +0200
suricata: Disable stats.log
This log is mainly needed for debugging the IPS. It writes some stats
every couple of seconds and will create some load on SD cards and other
cheap storage that we do not need.
Fixes #12056.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7af7ced6fc7f308e5f9ba4aa6c751f64371b38f0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 20 14:07:43 2019 +0100
Start Core Update 132
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/{131 => 132}/exclude | 0
config/rootfiles/core/132/filelists/files | 6 +
.../rootfiles/{oldcore/130 => core/132}/update.sh | 6 +-
config/rootfiles/{core => oldcore}/131/exclude | 0
.../{core => oldcore}/131/filelists/Net_SSLeay | 0
.../{core => oldcore}/131/filelists/aarch64/linux | 0
.../131/filelists/aarch64/linux-initrd | 0
.../{core => oldcore}/131/filelists/apache2 | 0
.../131/filelists/armv5tel/linux-initrd-kirkwood | 0
.../131/filelists/armv5tel/linux-initrd-multi | 0
.../131/filelists/armv5tel/linux-kirkwood | 0
.../131/filelists/armv5tel/linux-multi | 0
.../{core => oldcore}/131/filelists/collectd | 0
.../{core => oldcore}/131/filelists/files | 0
.../{core => oldcore}/131/filelists/gnutls | 0
.../{core => oldcore}/131/filelists/i586/linux | 0
.../131/filelists/i586/linux-initrd | 0
.../131/filelists/ids-ruleset-sources | 0
.../{core => oldcore}/131/filelists/libcap-ng | 0
.../{core => oldcore}/131/filelists/libhtp | 0
.../rootfiles/{core => oldcore}/131/filelists/lua | 0
.../{core => oldcore}/131/filelists/nettle | 0
.../rootfiles/{core => oldcore}/131/filelists/ntp | 0
.../{core => oldcore}/131/filelists/oinkmaster | 0
.../{core => oldcore}/131/filelists/rrdtool | 0
.../{core => oldcore}/131/filelists/setup | 0
.../{core => oldcore}/131/filelists/suricata | 0
.../{core => oldcore}/131/filelists/unbound | 0
.../rootfiles/{core => oldcore}/131/filelists/wget | 0
.../{core => oldcore}/131/filelists/wireless-regdb | 0
.../{core => oldcore}/131/filelists/x86_64/linux | 0
.../131/filelists/x86_64/linux-initrd | 0
.../rootfiles/{core => oldcore}/131/filelists/yaml | 0
config/rootfiles/{core => oldcore}/131/update.sh | 0
config/rootfiles/packages/libseccomp | 34 +++++
config/suricata/suricata.yaml | 2 +-
doc/language_issues.en | 8 ++
doc/language_issues.es | 8 ++
doc/language_issues.fr | 8 ++
doc/language_issues.it | 8 ++
doc/language_issues.nl | 8 ++
doc/language_issues.pl | 8 ++
doc/language_issues.ru | 8 ++
doc/language_issues.tr | 8 ++
doc/language_missings | 56 ++++++++
html/cgi-bin/credits.cgi | 2 +-
html/cgi-bin/proxy.cgi | 147 +++++++++++++++++++++
langs/de/cgi-bin/de.pl | 8 ++
langs/en/cgi-bin/en.pl | 8 ++
lfs/{faad2 => libseccomp} | 16 +--
lfs/qemu | 6 +-
make.sh | 3 +-
52 files changed, 340 insertions(+), 18 deletions(-)
copy config/rootfiles/core/{131 => 132}/exclude (100%)
create mode 100644 config/rootfiles/core/132/filelists/files
copy config/rootfiles/{oldcore/130 => core/132}/update.sh (96%)
rename config/rootfiles/{core => oldcore}/131/exclude (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/Net_SSLeay (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/aarch64/linux (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/aarch64/linux-initrd (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/apache2 (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/armv5tel/linux-initrd-kirkwood (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/armv5tel/linux-initrd-multi (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/armv5tel/linux-kirkwood (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/armv5tel/linux-multi (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/collectd (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/files (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/gnutls (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/i586/linux (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/i586/linux-initrd (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/ids-ruleset-sources (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/libcap-ng (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/libhtp (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/lua (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/nettle (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/ntp (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/oinkmaster (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/rrdtool (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/setup (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/suricata (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/unbound (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/wget (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/wireless-regdb (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/x86_64/linux (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/x86_64/linux-initrd (100%)
rename config/rootfiles/{core => oldcore}/131/filelists/yaml (100%)
rename config/rootfiles/{core => oldcore}/131/update.sh (100%)
create mode 100644 config/rootfiles/packages/libseccomp
copy lfs/{faad2 => libseccomp} (93%)
Difference in files:
diff --git a/config/rootfiles/core/131/exclude b/config/rootfiles/core/132/exclude
similarity index 100%
rename from config/rootfiles/core/131/exclude
rename to config/rootfiles/core/132/exclude
diff --git a/config/rootfiles/core/132/filelists/files b/config/rootfiles/core/132/filelists/files
new file mode 100644
index 000000000..52e26c375
--- /dev/null
+++ b/config/rootfiles/core/132/filelists/files
@@ -0,0 +1,6 @@
+etc/system-release
+etc/issue
+etc/suricata/suricata.yaml
+srv/web/ipfire/cgi-bin/credits.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+var/ipfire/lang
diff --git a/config/rootfiles/core/132/update.sh b/config/rootfiles/core/132/update.sh
new file mode 100644
index 000000000..53db5cb96
--- /dev/null
+++ b/config/rootfiles/core/132/update.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2019 IPFire-Team <info(a)ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=131
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Start services
+/etc/init.d/suricata restart
+
+# This update needs a reboot...
+#touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/oldcore/131/exclude b/config/rootfiles/oldcore/131/exclude
new file mode 100644
index 000000000..b22159878
--- /dev/null
+++ b/config/rootfiles/oldcore/131/exclude
@@ -0,0 +1,28 @@
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/core/131/filelists/Net_SSLeay b/config/rootfiles/oldcore/131/filelists/Net_SSLeay
similarity index 100%
rename from config/rootfiles/core/131/filelists/Net_SSLeay
rename to config/rootfiles/oldcore/131/filelists/Net_SSLeay
diff --git a/config/rootfiles/core/131/filelists/aarch64/linux b/config/rootfiles/oldcore/131/filelists/aarch64/linux
similarity index 100%
rename from config/rootfiles/core/131/filelists/aarch64/linux
rename to config/rootfiles/oldcore/131/filelists/aarch64/linux
diff --git a/config/rootfiles/core/131/filelists/aarch64/linux-initrd b/config/rootfiles/oldcore/131/filelists/aarch64/linux-initrd
similarity index 100%
rename from config/rootfiles/core/131/filelists/aarch64/linux-initrd
rename to config/rootfiles/oldcore/131/filelists/aarch64/linux-initrd
diff --git a/config/rootfiles/core/131/filelists/apache2 b/config/rootfiles/oldcore/131/filelists/apache2
similarity index 100%
rename from config/rootfiles/core/131/filelists/apache2
rename to config/rootfiles/oldcore/131/filelists/apache2
diff --git a/config/rootfiles/core/131/filelists/armv5tel/linux-initrd-kirkwood b/config/rootfiles/oldcore/131/filelists/armv5tel/linux-initrd-kirkwood
similarity index 100%
rename from config/rootfiles/core/131/filelists/armv5tel/linux-initrd-kirkwood
rename to config/rootfiles/oldcore/131/filelists/armv5tel/linux-initrd-kirkwood
diff --git a/config/rootfiles/core/131/filelists/armv5tel/linux-initrd-multi b/config/rootfiles/oldcore/131/filelists/armv5tel/linux-initrd-multi
similarity index 100%
rename from config/rootfiles/core/131/filelists/armv5tel/linux-initrd-multi
rename to config/rootfiles/oldcore/131/filelists/armv5tel/linux-initrd-multi
diff --git a/config/rootfiles/core/131/filelists/armv5tel/linux-kirkwood b/config/rootfiles/oldcore/131/filelists/armv5tel/linux-kirkwood
similarity index 100%
rename from config/rootfiles/core/131/filelists/armv5tel/linux-kirkwood
rename to config/rootfiles/oldcore/131/filelists/armv5tel/linux-kirkwood
diff --git a/config/rootfiles/core/131/filelists/armv5tel/linux-multi b/config/rootfiles/oldcore/131/filelists/armv5tel/linux-multi
similarity index 100%
rename from config/rootfiles/core/131/filelists/armv5tel/linux-multi
rename to config/rootfiles/oldcore/131/filelists/armv5tel/linux-multi
diff --git a/config/rootfiles/core/131/filelists/collectd b/config/rootfiles/oldcore/131/filelists/collectd
similarity index 100%
rename from config/rootfiles/core/131/filelists/collectd
rename to config/rootfiles/oldcore/131/filelists/collectd
diff --git a/config/rootfiles/core/131/filelists/files b/config/rootfiles/oldcore/131/filelists/files
similarity index 100%
rename from config/rootfiles/core/131/filelists/files
rename to config/rootfiles/oldcore/131/filelists/files
diff --git a/config/rootfiles/core/131/filelists/gnutls b/config/rootfiles/oldcore/131/filelists/gnutls
similarity index 100%
rename from config/rootfiles/core/131/filelists/gnutls
rename to config/rootfiles/oldcore/131/filelists/gnutls
diff --git a/config/rootfiles/core/131/filelists/i586/linux b/config/rootfiles/oldcore/131/filelists/i586/linux
similarity index 100%
rename from config/rootfiles/core/131/filelists/i586/linux
rename to config/rootfiles/oldcore/131/filelists/i586/linux
diff --git a/config/rootfiles/core/131/filelists/i586/linux-initrd b/config/rootfiles/oldcore/131/filelists/i586/linux-initrd
similarity index 100%
rename from config/rootfiles/core/131/filelists/i586/linux-initrd
rename to config/rootfiles/oldcore/131/filelists/i586/linux-initrd
diff --git a/config/rootfiles/core/131/filelists/ids-ruleset-sources b/config/rootfiles/oldcore/131/filelists/ids-ruleset-sources
similarity index 100%
rename from config/rootfiles/core/131/filelists/ids-ruleset-sources
rename to config/rootfiles/oldcore/131/filelists/ids-ruleset-sources
diff --git a/config/rootfiles/core/131/filelists/libcap-ng b/config/rootfiles/oldcore/131/filelists/libcap-ng
similarity index 100%
rename from config/rootfiles/core/131/filelists/libcap-ng
rename to config/rootfiles/oldcore/131/filelists/libcap-ng
diff --git a/config/rootfiles/core/131/filelists/libhtp b/config/rootfiles/oldcore/131/filelists/libhtp
similarity index 100%
rename from config/rootfiles/core/131/filelists/libhtp
rename to config/rootfiles/oldcore/131/filelists/libhtp
diff --git a/config/rootfiles/core/131/filelists/lua b/config/rootfiles/oldcore/131/filelists/lua
similarity index 100%
rename from config/rootfiles/core/131/filelists/lua
rename to config/rootfiles/oldcore/131/filelists/lua
diff --git a/config/rootfiles/core/131/filelists/nettle b/config/rootfiles/oldcore/131/filelists/nettle
similarity index 100%
rename from config/rootfiles/core/131/filelists/nettle
rename to config/rootfiles/oldcore/131/filelists/nettle
diff --git a/config/rootfiles/core/131/filelists/ntp b/config/rootfiles/oldcore/131/filelists/ntp
similarity index 100%
rename from config/rootfiles/core/131/filelists/ntp
rename to config/rootfiles/oldcore/131/filelists/ntp
diff --git a/config/rootfiles/core/131/filelists/oinkmaster b/config/rootfiles/oldcore/131/filelists/oinkmaster
similarity index 100%
rename from config/rootfiles/core/131/filelists/oinkmaster
rename to config/rootfiles/oldcore/131/filelists/oinkmaster
diff --git a/config/rootfiles/core/131/filelists/rrdtool b/config/rootfiles/oldcore/131/filelists/rrdtool
similarity index 100%
rename from config/rootfiles/core/131/filelists/rrdtool
rename to config/rootfiles/oldcore/131/filelists/rrdtool
diff --git a/config/rootfiles/core/131/filelists/setup b/config/rootfiles/oldcore/131/filelists/setup
similarity index 100%
rename from config/rootfiles/core/131/filelists/setup
rename to config/rootfiles/oldcore/131/filelists/setup
diff --git a/config/rootfiles/core/131/filelists/suricata b/config/rootfiles/oldcore/131/filelists/suricata
similarity index 100%
rename from config/rootfiles/core/131/filelists/suricata
rename to config/rootfiles/oldcore/131/filelists/suricata
diff --git a/config/rootfiles/core/131/filelists/unbound b/config/rootfiles/oldcore/131/filelists/unbound
similarity index 100%
rename from config/rootfiles/core/131/filelists/unbound
rename to config/rootfiles/oldcore/131/filelists/unbound
diff --git a/config/rootfiles/core/131/filelists/wget b/config/rootfiles/oldcore/131/filelists/wget
similarity index 100%
rename from config/rootfiles/core/131/filelists/wget
rename to config/rootfiles/oldcore/131/filelists/wget
diff --git a/config/rootfiles/core/131/filelists/wireless-regdb b/config/rootfiles/oldcore/131/filelists/wireless-regdb
similarity index 100%
rename from config/rootfiles/core/131/filelists/wireless-regdb
rename to config/rootfiles/oldcore/131/filelists/wireless-regdb
diff --git a/config/rootfiles/core/131/filelists/x86_64/linux b/config/rootfiles/oldcore/131/filelists/x86_64/linux
similarity index 100%
rename from config/rootfiles/core/131/filelists/x86_64/linux
rename to config/rootfiles/oldcore/131/filelists/x86_64/linux
diff --git a/config/rootfiles/core/131/filelists/x86_64/linux-initrd b/config/rootfiles/oldcore/131/filelists/x86_64/linux-initrd
similarity index 100%
rename from config/rootfiles/core/131/filelists/x86_64/linux-initrd
rename to config/rootfiles/oldcore/131/filelists/x86_64/linux-initrd
diff --git a/config/rootfiles/core/131/filelists/yaml b/config/rootfiles/oldcore/131/filelists/yaml
similarity index 100%
rename from config/rootfiles/core/131/filelists/yaml
rename to config/rootfiles/oldcore/131/filelists/yaml
diff --git a/config/rootfiles/core/131/update.sh b/config/rootfiles/oldcore/131/update.sh
similarity index 100%
rename from config/rootfiles/core/131/update.sh
rename to config/rootfiles/oldcore/131/update.sh
diff --git a/config/rootfiles/packages/libseccomp b/config/rootfiles/packages/libseccomp
new file mode 100644
index 000000000..402a7e942
--- /dev/null
+++ b/config/rootfiles/packages/libseccomp
@@ -0,0 +1,34 @@
+usr/bin/scmp_sys_resolver
+#usr/include/seccomp.h
+#usr/lib/libseccomp.la
+#usr/lib/libseccomp.so
+usr/lib/libseccomp.so.2
+usr/lib/libseccomp.so.2.4.0
+#usr/lib/pkgconfig/libseccomp.pc
+#usr/share/man/man1/scmp_sys_resolver.1
+#usr/share/man/man3/seccomp_api_get.3
+#usr/share/man/man3/seccomp_api_set.3
+#usr/share/man/man3/seccomp_arch_add.3
+#usr/share/man/man3/seccomp_arch_exist.3
+#usr/share/man/man3/seccomp_arch_native.3
+#usr/share/man/man3/seccomp_arch_remove.3
+#usr/share/man/man3/seccomp_arch_resolve_name.3
+#usr/share/man/man3/seccomp_attr_get.3
+#usr/share/man/man3/seccomp_attr_set.3
+#usr/share/man/man3/seccomp_export_bpf.3
+#usr/share/man/man3/seccomp_export_pfc.3
+#usr/share/man/man3/seccomp_init.3
+#usr/share/man/man3/seccomp_load.3
+#usr/share/man/man3/seccomp_merge.3
+#usr/share/man/man3/seccomp_release.3
+#usr/share/man/man3/seccomp_reset.3
+#usr/share/man/man3/seccomp_rule_add.3
+#usr/share/man/man3/seccomp_rule_add_array.3
+#usr/share/man/man3/seccomp_rule_add_exact.3
+#usr/share/man/man3/seccomp_rule_add_exact_array.3
+#usr/share/man/man3/seccomp_syscall_priority.3
+#usr/share/man/man3/seccomp_syscall_resolve_name.3
+#usr/share/man/man3/seccomp_syscall_resolve_name_arch.3
+#usr/share/man/man3/seccomp_syscall_resolve_name_rewrite.3
+#usr/share/man/man3/seccomp_syscall_resolve_num_arch.3
+#usr/share/man/man3/seccomp_version.3
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index e7e27c731..cb4f33865 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -82,7 +82,7 @@ outputs:
# Stats.log contains data from various counters of the suricata engine.
- stats:
- enabled: yes
+ enabled: no
filename: stats.log
append: no # append to file (yes) or overwrite it (no)
totals: yes # stats for all threads merged together
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 72d94868a..71b204526 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -233,6 +233,7 @@ WARNING: untranslated string: advproxy errmsg radius port = Invalid RADIUS port
WARNING: untranslated string: advproxy errmsg radius secret = RADIUS shared secret required
WARNING: untranslated string: advproxy errmsg radius server = Invalid IP address for RADIUS Server
WARNING: untranslated string: advproxy errmsg time restriction = Invalid time restriction
+WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet
WARNING: untranslated string: advproxy error design = Error messages design
WARNING: untranslated string: advproxy error language = Error messages language
WARNING: untranslated string: advproxy fake referer = Fake referer submitted to external sites
@@ -301,6 +302,13 @@ WARNING: untranslated string: advproxy username forwarding = Username forwarding
WARNING: untranslated string: advproxy via forwarding = Proxy address forwarding
WARNING: untranslated string: advproxy visible hostname = Visible hostname
WARNING: untranslated string: advproxy wednesday = Wed
+WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0
+WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org*
+WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line)
+WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line)
+WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.
+WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
+WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: age second = second
WARNING: untranslated string: aktiv = Active
WARNING: untranslated string: album = Album
diff --git a/doc/language_issues.es b/doc/language_issues.es
index f292ebb85..6a06fd3eb 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -717,9 +717,17 @@ WARNING: untranslated string: advproxy cache-digest = Enable Cache-Digest Genera
WARNING: untranslated string: advproxy errmsg cache = The RAM cache size is greater than the harddisk cache size:
WARNING: untranslated string: advproxy errmsg invalid upstream proxy = Invalid upstream proxy IP/hostname
WARNING: untranslated string: advproxy errmsg proxy ports equal = The proxy port and the transparent port cannot be equal.
+WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet
WARNING: untranslated string: advproxy group access control = Group based access control
WARNING: untranslated string: advproxy group required = Required group
WARNING: untranslated string: advproxy proxy port transparent = Transparent port
+WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0
+WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org*
+WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line)
+WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line)
+WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.
+WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
+WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: age second = second
WARNING: untranslated string: application layer gateways = Application Layer Gateways
WARNING: untranslated string: atm device = Device:
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index e903e017d..3d82cc542 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -781,6 +781,14 @@ WARNING: untranslated string: Daily = Daily
WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: Weekly = Weekly
+WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet
+WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0
+WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org*
+WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line)
+WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line)
+WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.
+WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
+WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
diff --git a/doc/language_issues.it b/doc/language_issues.it
index c18ff4d2b..5ad189f84 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -794,8 +794,16 @@ WARNING: untranslated string: administrator password = Administrator password
WARNING: untranslated string: administrator username = Administrator username
WARNING: untranslated string: advproxy AUTH method ntlm auth = Windows Active Directory
WARNING: untranslated string: advproxy basic authentication = Allow HTTP Basic authentication
+WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet
WARNING: untranslated string: advproxy group access control = Group based access control
WARNING: untranslated string: advproxy group required = Required group
+WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0
+WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org*
+WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line)
+WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line)
+WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.
+WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
+WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: application layer gateways = Application Layer Gateways
WARNING: untranslated string: block = Block
WARNING: untranslated string: bytes = unknown string
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 509a58f0b..fa53ed971 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -789,8 +789,16 @@ WARNING: untranslated string: administrator password = Administrator password
WARNING: untranslated string: administrator username = Administrator username
WARNING: untranslated string: advproxy AUTH method ntlm auth = Windows Active Directory
WARNING: untranslated string: advproxy basic authentication = Allow HTTP Basic authentication
+WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet
WARNING: untranslated string: advproxy group access control = Group based access control
WARNING: untranslated string: advproxy group required = Required group
+WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0
+WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org*
+WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line)
+WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line)
+WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.
+WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
+WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: application layer gateways = Application Layer Gateways
WARNING: untranslated string: atm device = Device:
WARNING: untranslated string: block = Block
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index f292ebb85..6a06fd3eb 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -717,9 +717,17 @@ WARNING: untranslated string: advproxy cache-digest = Enable Cache-Digest Genera
WARNING: untranslated string: advproxy errmsg cache = The RAM cache size is greater than the harddisk cache size:
WARNING: untranslated string: advproxy errmsg invalid upstream proxy = Invalid upstream proxy IP/hostname
WARNING: untranslated string: advproxy errmsg proxy ports equal = The proxy port and the transparent port cannot be equal.
+WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet
WARNING: untranslated string: advproxy group access control = Group based access control
WARNING: untranslated string: advproxy group required = Required group
WARNING: untranslated string: advproxy proxy port transparent = Transparent port
+WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0
+WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org*
+WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line)
+WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line)
+WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.
+WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
+WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: age second = second
WARNING: untranslated string: application layer gateways = Application Layer Gateways
WARNING: untranslated string: atm device = Device:
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index d6fa07a3c..10549e001 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -719,9 +719,17 @@ WARNING: untranslated string: advproxy cache-digest = Enable Cache-Digest Genera
WARNING: untranslated string: advproxy errmsg cache = The RAM cache size is greater than the harddisk cache size:
WARNING: untranslated string: advproxy errmsg invalid upstream proxy = Invalid upstream proxy IP/hostname
WARNING: untranslated string: advproxy errmsg proxy ports equal = The proxy port and the transparent port cannot be equal.
+WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet
WARNING: untranslated string: advproxy group access control = Group based access control
WARNING: untranslated string: advproxy group required = Required group
WARNING: untranslated string: advproxy proxy port transparent = Transparent port
+WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0
+WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org*
+WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line)
+WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line)
+WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.
+WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
+WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: age second = second
WARNING: untranslated string: application layer gateways = Application Layer Gateways
WARNING: untranslated string: atm device = Device:
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 9a4339db9..9a7dae8b8 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -782,6 +782,14 @@ WARNING: untranslated string: Daily = Daily
WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: Weekly = Weekly
+WARNING: untranslated string: advproxy errmsg wpad invalid ip or mask = WPAD: Invalid IP or subnet for excluded IP subnet
+WARNING: untranslated string: advproxy wpad example dst_noproxy_ip = e.g. 192.168.2.0/255.255.255.0
+WARNING: untranslated string: advproxy wpad example dst_noproxy_url = e.g. *.ipfire.org*
+WARNING: untranslated string: advproxy wpad label dst_noproxy_ip = Excluded IP Subnets (one per line)
+WARNING: untranslated string: advproxy wpad label dst_noproxy_url = Excluded URL s (one per line)
+WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.
+WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
+WARNING: untranslated string: advproxy wpad view pac = Open PAC File
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
diff --git a/doc/language_missings b/doc/language_missings
index 9d13d4775..112248713 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -72,9 +72,17 @@
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< advproxy errmsg proxy ports equal
+< advproxy errmsg wpad invalid ip or mask
< advproxy group access control
< advproxy group required
< advproxy proxy port transparent
+< advproxy wpad example dst_noproxy_ip
+< advproxy wpad example dst_noproxy_url
+< advproxy wpad label dst_noproxy_ip
+< advproxy wpad label dst_noproxy_url
+< advproxy wpad notice
+< advproxy wpad title
+< advproxy wpad view pac
< age second
< age seconds
< age shour
@@ -836,6 +844,14 @@
############################################################################
# Checking cgi-bin translations for language: fr #
############################################################################
+< advproxy errmsg wpad invalid ip or mask
+< advproxy wpad example dst_noproxy_ip
+< advproxy wpad example dst_noproxy_url
+< advproxy wpad label dst_noproxy_ip
+< advproxy wpad label dst_noproxy_url
+< advproxy wpad notice
+< advproxy wpad title
+< advproxy wpad view pac
< cryptographic settings
< Daily
< default IP address
@@ -895,8 +911,16 @@
< adsl settings
< advproxy AUTH method ntlm auth
< advproxy basic authentication
+< advproxy errmsg wpad invalid ip or mask
< advproxy group access control
< advproxy group required
+< advproxy wpad example dst_noproxy_ip
+< advproxy wpad example dst_noproxy_url
+< advproxy wpad label dst_noproxy_ip
+< advproxy wpad label dst_noproxy_url
+< advproxy wpad notice
+< advproxy wpad title
+< advproxy wpad view pac
< application layer gateways
< block
< Captive
@@ -1160,8 +1184,16 @@
< advproxy AUTH method ntlm
< advproxy AUTH method ntlm auth
< advproxy basic authentication
+< advproxy errmsg wpad invalid ip or mask
< advproxy group access control
< advproxy group required
+< advproxy wpad example dst_noproxy_ip
+< advproxy wpad example dst_noproxy_url
+< advproxy wpad label dst_noproxy_ip
+< advproxy wpad label dst_noproxy_url
+< advproxy wpad notice
+< advproxy wpad title
+< advproxy wpad view pac
< application layer gateways
< atm device
< block
@@ -1487,9 +1519,17 @@
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< advproxy errmsg proxy ports equal
+< advproxy errmsg wpad invalid ip or mask
< advproxy group access control
< advproxy group required
< advproxy proxy port transparent
+< advproxy wpad example dst_noproxy_ip
+< advproxy wpad example dst_noproxy_url
+< advproxy wpad label dst_noproxy_ip
+< advproxy wpad label dst_noproxy_url
+< advproxy wpad notice
+< advproxy wpad title
+< advproxy wpad view pac
< age second
< age seconds
< age shour
@@ -2250,9 +2290,17 @@
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
< advproxy errmsg proxy ports equal
+< advproxy errmsg wpad invalid ip or mask
< advproxy group access control
< advproxy group required
< advproxy proxy port transparent
+< advproxy wpad example dst_noproxy_ip
+< advproxy wpad example dst_noproxy_url
+< advproxy wpad label dst_noproxy_ip
+< advproxy wpad label dst_noproxy_url
+< advproxy wpad notice
+< advproxy wpad title
+< advproxy wpad view pac
< age second
< age seconds
< age shour
@@ -3006,6 +3054,14 @@
############################################################################
# Checking cgi-bin translations for language: tr #
############################################################################
+< advproxy errmsg wpad invalid ip or mask
+< advproxy wpad example dst_noproxy_ip
+< advproxy wpad example dst_noproxy_url
+< advproxy wpad label dst_noproxy_ip
+< advproxy wpad label dst_noproxy_url
+< advproxy wpad notice
+< advproxy wpad title
+< advproxy wpad view pac
< crypto error
< cryptographic settings
< crypto warning
diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi
index baa49fd3b..b2727733c 100644
--- a/html/cgi-bin/credits.cgi
+++ b/html/cgi-bin/credits.cgi
@@ -89,6 +89,7 @@ Lars Schuhmacher,
Rene Zingel,
Sascha Kilian,
Ronald Wiesinger,
+Alexander Koch,
Stephan Feddersen,
Stéphane Pautrel,
Justin Luth,
@@ -96,7 +97,6 @@ Michael Eitelwein,
Bernhard Bitsch,
Dominik Hassler,
Larsen,
-Alexander Koch,
Gabriel Rolland,
Anton D. Seliverstov,
Bernhard Bittner,
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 6daa7fbd2..91e4fcee8 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -124,6 +124,9 @@ my $acl_ports_safe = "$acldir/ports_safe.acl";
my $acl_ports_ssl = "$acldir/ports_ssl.acl";
my $acl_include = "$acldir/include.acl";
+my $acl_dst_noproxy_url = "$acldir/dst_noproxy_url.acl";
+my $acl_dst_noproxy_ip = "$acldir/dst_noproxy_ip.acl";
+
my $updaccelversion = 'n/a';
my $urlfilterversion = 'n/a';
@@ -556,6 +559,8 @@ ERROR:
delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
delete $proxysettings{'DST_NOCACHE'};
delete $proxysettings{'DST_NOAUTH'};
+ delete $proxysettings{'DST_NOPROXY_IP'};
+ delete $proxysettings{'DST_NOPROXY_URL'};
delete $proxysettings{'PORTS_SAFE'};
delete $proxysettings{'PORTS_SSL'};
delete $proxysettings{'MIME_TYPES'};
@@ -1315,6 +1320,64 @@ END
;
}
+# ===================================================================
+# WPAD settings
+# ===================================================================
+
+print <<END
+<table width='100%'>
+<tr>
+ <td colspan='4'><b>$Lang::tr{'advproxy wpad title'}</b></td>
+</tr>
+<tr>
+ <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
+</tr>
+<tr>
+ <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_ip'}:</td>
+ <td colspan='2' class='base'>$Lang::tr{'advproxy wpad label dst_noproxy_url'}:</td>
+</tr>
+<tr>
+ <td colspan='2'><textarea name='DST_NOPROXY_IP' cols='32' rows='3' wrap='off'>
+END
+;
+
+ print $proxysettings{'DST_NOPROXY_IP'};
+
+print <<END
+</textarea></td>
+
+ <td colspan='2'><textarea name='DST_NOPROXY_URL' cols='32' rows='3' wrap='off'>
+END
+;
+
+ print $proxysettings{'DST_NOPROXY_URL'};
+
+print <<END
+</textarea></td>
+</tr>
+<tr>
+ <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_ip'}</td>
+ <td colspan='2' class='base'>$Lang::tr{'advproxy wpad example dst_noproxy_url'}</td>
+</tr>
+<tr>
+ <td colspan="4"> </td>
+</tr>
+<tr>
+ <td colspan="4">$Lang::tr{'advproxy wpad view pac'}: <a href="http://$ENV{SERVER_ADDR}:81/wpad.dat" target="_blank">http://$ENV{SERVER_ADDR}:81/wpad.dat</a></td>
+</tr>
+<tr>
+ <td colspan="4"> </td>
+</tr>
+<tr>
+ <td colspan="4">$Lang::tr{'advproxy wpad notice'}</td>
+</tr>
+</table>
+
+<hr size='1'>
+
+END
+;
+
# -------------------------------------------------------------------
print <<END
@@ -2258,6 +2321,18 @@ sub read_acls
while (<FILE>) { $proxysettings{'DST_NOAUTH'} .= $_ };
close(FILE);
}
+ if (-e "$acl_dst_noproxy_ip") {
+ open(FILE,"$acl_dst_noproxy_ip");
+ delete $proxysettings{'DST_NOPROXY_IP'};
+ while (<FILE>) { $proxysettings{'DST_NOPROXY_IP'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$acl_dst_noproxy_url") {
+ open(FILE,"$acl_dst_noproxy_url");
+ delete $proxysettings{'DST_NOPROXY_URL'};
+ while (<FILE>) { $proxysettings{'DST_NOPROXY_URL'} .= $_ };
+ close(FILE);
+ }
if (-e "$acl_ports_safe") {
open(FILE,"$acl_ports_safe");
delete $proxysettings{'PORTS_SAFE'};
@@ -2443,6 +2518,31 @@ sub check_acls
}
}
+ @temp = split(/\n/,$proxysettings{'DST_NOPROXY_IP'});
+ undef $proxysettings{'DST_NOPROXY_IP'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_)
+ {
+ unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg wpad invalid ip or mask'}; }
+ $proxysettings{'DST_NOPROXY_IP'} .= $_."\n";
+ }
+ }
+
+ @temp = split(/\n/,$proxysettings{'DST_NOPROXY_URL'});
+ undef $proxysettings{'DST_NOPROXY_URL'};
+ foreach (@temp)
+ {
+ s/^\s+//g;
+ unless (/^#/) { s/\s+//g; }
+ if ($_)
+ {
+ if (/^\./) { $_ = '*'.$_; }
+ $proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
+ }
+ }
+
if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
{
@temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
@@ -2581,6 +2681,16 @@ sub write_acls
print FILE $proxysettings{'DST_NOAUTH'};
close(FILE);
+ open(FILE, ">$acl_dst_noproxy_ip");
+ flock(FILE, 2);
+ print FILE $proxysettings{'DST_NOPROXY_IP'};
+ close(FILE);
+
+ open(FILE, ">$acl_dst_noproxy_url");
+ flock(FILE, 2);
+ print FILE $proxysettings{'DST_NOPROXY_URL'};
+ close(FILE);
+
open(FILE, ">$acl_dst_noauth_net");
close(FILE);
open(FILE, ">$acl_dst_noauth_dom");
@@ -2763,6 +2873,43 @@ END
print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
}
+ # Additional exceptions for URLs
+ # The file has to be created by the user and should contain one entry per line
+ # Line-Format: <URL incl. wildcards>
+ # e.g. *.ipfire.org*
+ if (-s "$acl_dst_noproxy_url") {
+ undef @templist;
+
+ open(NOPROXY,"$acl_dst_noproxy_url");
+ @templist = <NOPROXY>;
+ close(NOPROXY);
+ chomp (@templist);
+
+ foreach (@templist)
+ {
+ print FILE " (shExpMatch(url, \"$_\")) ||\n";
+ }
+ }
+
+ # Additional exceptions for Subnets
+ # The file has to be created by the user and should contain one entry per line
+ # Line-Format: <IP>/<SUBNET MASK>
+ # e.g. 192.168.0.0/255.255.255.0
+ if (-s "$acl_dst_noproxy_ip") {
+ undef @templist;
+
+ open(NOPROXY,"$acl_dst_noproxy_ip");
+ @templist = <NOPROXY>;
+ close(NOPROXY);
+ chomp (@templist);
+
+ foreach (@templist)
+ {
+ @temp = split(/\//);
+ print FILE " (isInNet(host, \"$temp[0]\", \"$temp[1]\")) ||\n";
+ }
+ }
+
print FILE <<END
(isInNet(host, "169.254.0.0", "255.255.0.0"))
)
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 90b1ada06..6479172d5 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -319,6 +319,7 @@
'advproxy errmsg radius secret' => 'Shared Secret erforderlich',
'advproxy errmsg radius server' => 'Ungültige IP-Adresse für den RADIUS-Server',
'advproxy errmsg time restriction' => 'Ungültige Zeitbeschränkung',
+'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Ungültige IP oder Subnetz für ausgenommenes IP-Subnetz',
'advproxy error design' => 'Design der Fehlermeldungen',
'advproxy error language' => 'Sprache der Fehlermeldungen',
'advproxy fake referer' => 'Gefälschter Referer für externe Web-Sites',
@@ -396,6 +397,13 @@
'advproxy visible hostname' => 'Sichtbarer Hostname',
'advproxy web browser' => 'Web-Browser',
'advproxy wednesday' => 'Mi',
+'advproxy wpad example dst_noproxy_ip' => 'z.B. 192.168.2.0/255.255.255.0',
+'advproxy wpad example dst_noproxy_url' => 'z.B. *.ipfire.org*',
+'advproxy wpad label dst_noproxy_ip' => 'Ausgenommene IP-Subnetze (eins pro Zeile)',
+'advproxy wpad label dst_noproxy_url' => 'Ausgenommene URLs (eine pro Zeile)',
+'advproxy wpad notice' => 'Hinweis: Damit WPAD / PAC korrekt funktioniert, sind weitere Anpassungen erforderlich. Bitte in das <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a> schauen.',
+'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)',
+'advproxy wpad view pac' => 'PAC-Datei aufrufen',
'again' => 'Wiederholung:',
'age second' => 'Sekunde',
'age seconds' => 'Sekunden',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 98e99f150..c053202b5 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -319,6 +319,7 @@
'advproxy errmsg radius secret' => 'RADIUS shared secret required',
'advproxy errmsg radius server' => 'Invalid IP address for RADIUS Server',
'advproxy errmsg time restriction' => 'Invalid time restriction',
+'advproxy errmsg wpad invalid ip or mask' => 'WPAD: Invalid IP or subnet for excluded IP subnet',
'advproxy error design' => 'Error messages design',
'advproxy error language' => 'Error messages language',
'advproxy fake referer' => 'Fake referer submitted to external sites',
@@ -397,6 +398,13 @@
'advproxy visible hostname' => 'Visible hostname',
'advproxy web browser' => 'Web browser',
'advproxy wednesday' => 'Wed',
+'advproxy wpad example dst_noproxy_ip' => 'e.g. 192.168.2.0/255.255.255.0',
+'advproxy wpad example dst_noproxy_url' => 'e.g. *.ipfire.org*',
+'advproxy wpad label dst_noproxy_ip' => 'Excluded IP Subnets (one per line)',
+'advproxy wpad label dst_noproxy_url' => 'Excluded URL s (one per line)',
+'advproxy wpad notice' => 'Notice: For WPAD/PAC to work properly, furtcher changes need to be made. Please see the <a href="https://wiki.ipfire.org/configuration/network/proxy/extend/wpad" target="_blank">Wiki</a>.',
+'advproxy wpad title' => 'Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)',
+'advproxy wpad view pac' => 'Open PAC File',
'again' => 'Again:',
'age second' => 'second',
'age seconds' => 'seconds',
diff --git a/lfs/libseccomp b/lfs/libseccomp
new file mode 100644
index 000000000..d577793d1
--- /dev/null
+++ b/lfs/libseccomp
@@ -0,0 +1,87 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 2.4.0
+
+THISAPP = libseccomp-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = libseccomp
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 91625d78af26c646b03be3de58e71988
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar vxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-static
+
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/qemu b/lfs/qemu
index 015837a59..d18b49cb3 100644
--- a/lfs/qemu
+++ b/lfs/qemu
@@ -33,9 +33,9 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = i586 x86_64
PROG = qemu
-PAK_VER = 23
+PAK_VER = 24
-DEPS = "libusbredir sdl spice"
+DEPS = "libusbredir sdl spice libseccomp"
###############################################################################
# Top-level Rules
@@ -82,7 +82,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \
--localstatedir=/var --enable-kvm --disable-bluez --disable-attr \
--target-list="i386-linux-user x86_64-linux-user arm-linux-user i386-softmmu x86_64-softmmu arm-softmmu" \
- --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir
+ --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir --enable-seccomp
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
diff --git a/make.sh b/make.sh
index 51ddda6a7..bfcc83709 100755
--- a/make.sh
+++ b/make.sh
@@ -25,7 +25,7 @@
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.23" # Version number
-CORE="131" # Core Level (Filename)
+CORE="132" # Core Level (Filename)
PAKFIRE_CORE="131" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
@@ -1410,6 +1410,7 @@ buildipfire() {
lfsmake2 spice
lfsmake2 sdl
lfsmake2 libusbredir
+ lfsmake2 libseccomp
lfsmake2 qemu
lfsmake2 sane
lfsmake2 netpbm
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2019-04-22 19:25 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190422192513.31D4784FDAF@people01.i.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox