From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 5562f26f6979c2d60202eafe32469989c0878f20
Date: Thu, 26 Mar 2020 17:58:22 +0000 [thread overview]
Message-ID: <48pCQR42TPz2y9R@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 13817 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 5562f26f6979c2d60202eafe32469989c0878f20 (commit)
via d2738c4c3c8daab35958c41380c9b3673b341866 (commit)
via 7ad653cc09409c4e23885bf89279bd8458189f11 (commit)
via 5c1c9938ebcd5b2cde8e159424d17de849c12ef8 (commit)
via 5dba838282f23954a1cfeb4586b1cabc294a9b32 (commit)
via 5d957b01c98157e29675d61c2d3118d0be18a00f (commit)
via ff3c71fb48bbc4ad15e22a7417f6b8adbd39b423 (commit)
via 804deb1b23f24daa35d0cf052d8d0eac82c3319f (commit)
via 417fd66045433d8101c11bea669e14a39af4db13 (commit)
from 0167befa0a83baa7d774ae0a93db5d05608c310e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5562f26f6979c2d60202eafe32469989c0878f20
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Mar 26 17:56:23 2020 +0000
vnstat: remove wrong tag file
fixes #12305
I had created this tag file to ship the folder but vnstat doesn't like empty files.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d2738c4c3c8daab35958c41380c9b3673b341866
Author: Markus Untersee <m.untersee(a)buerliag.ch>
Date: Thu Jan 30 13:41:36 2020 +0100
vnstat: Add restart command.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7ad653cc09409c4e23885bf89279bd8458189f11
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Jan 28 11:51:50 2020 +0100
ovpnmain.cgi: Validate CCDNet name when renaming it.
Fixes #12282
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5c1c9938ebcd5b2cde8e159424d17de849c12ef8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Mar 26 17:50:26 2020 +0000
core143: add firewall initskript
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5dba838282f23954a1cfeb4586b1cabc294a9b32
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jan 27 15:04:00 2020 +0000
avoid emitting VPN traffic to the internet if the IPS crashed
Due to strange NFQUEUE behaviour, traffic to remote VPN (IPsec or
OpenVPN) destinations was emitted to the internet (ppp0 or red0
interface) directly if the IPS was enabled but crashed during operation.
This patch places the IPSECBLOCK and OVPNBLOCK chains before the
ones responsible for forwarding traffic into the IPS.
Thanks to Michael for his debugging effort.
Partially fixes #12257
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Cc: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5d957b01c98157e29675d61c2d3118d0be18a00f
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Mar 26 17:48:18 2020 +0000
core143: add libtool
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ff3c71fb48bbc4ad15e22a7417f6b8adbd39b423
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Jan 25 20:13:06 2020 +0100
libtool: Update 2.4.6
For details see:
https://savannah.gnu.org/forum/forum.php?forum_id=8210
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 804deb1b23f24daa35d0cf052d8d0eac82c3319f
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Mar 26 17:46:05 2020 +0000
core143: add dhcp
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 417fd66045433d8101c11bea669e14a39af4db13
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Jan 25 20:04:26 2020 +0100
dhcp: Update to 4.4.2
For details see:
https://downloads.isc.org/isc/dhcp/4.4.2/dhcp-4.4.2-RELNOTES
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/backup.pl | 3 +++
config/rootfiles/common/vnstat | 3 +--
.../rootfiles/{oldcore/111 => core/143}/filelists/dhcp | 0
config/rootfiles/core/143/filelists/files | 1 +
.../rootfiles/{oldcore/66 => core/143}/filelists/libtool | 0
config/rootfiles/core/143/update.sh | 3 +++
html/cgi-bin/ovpnmain.cgi | 7 +++++++
lfs/dhcp | 6 +++---
lfs/libtool | 6 +++---
lfs/vnstat | 3 +--
src/initscripts/system/firewall | 16 ++++++++--------
src/initscripts/system/vnstat | 8 ++++++--
12 files changed, 36 insertions(+), 20 deletions(-)
copy config/rootfiles/{oldcore/111 => core/143}/filelists/dhcp (100%)
copy config/rootfiles/{oldcore/66 => core/143}/filelists/libtool (100%)
Difference in files:
diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 9a92a9d9f..e08d8de84 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -76,6 +76,9 @@ restore_backup() {
/bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null
+ # remove wrong vnstat tag file
+ rm -f /var/log/vnstat/tag
+
# Run converters
# Outgoing Firewall
diff --git a/config/rootfiles/common/vnstat b/config/rootfiles/common/vnstat
index d5b56a679..42e00ed2a 100644
--- a/config/rootfiles/common/vnstat
+++ b/config/rootfiles/common/vnstat
@@ -9,5 +9,4 @@ usr/bin/vnstati
#usr/share/man/man1/vnstati.1
#usr/share/man/man1/vnstat.1
#var/lib/vnstat
-#var/log/vnstat
-var/log/vnstat/tag
+var/log/vnstat
diff --git a/config/rootfiles/core/143/filelists/dhcp b/config/rootfiles/core/143/filelists/dhcp
new file mode 120000
index 000000000..32d8da443
--- /dev/null
+++ b/config/rootfiles/core/143/filelists/dhcp
@@ -0,0 +1 @@
+../../../common/dhcp
\ No newline at end of file
diff --git a/config/rootfiles/core/143/filelists/files b/config/rootfiles/core/143/filelists/files
index e5edae10f..b571b41bd 100644
--- a/config/rootfiles/core/143/filelists/files
+++ b/config/rootfiles/core/143/filelists/files
@@ -2,6 +2,7 @@ etc/system-release
etc/issue
srv/web/ipfire/cgi-bin/credits.cgi
var/ipfire/langs
+etc/rc.d/init.d/firewall
etc/rc.d/init.d/localnet
srv/web/ipfire/cgi-bin/dhcp.cgi
srv/web/ipfire/cgi-bin/fireinfo.cgi
diff --git a/config/rootfiles/core/143/filelists/libtool b/config/rootfiles/core/143/filelists/libtool
new file mode 120000
index 000000000..54f5666f8
--- /dev/null
+++ b/config/rootfiles/core/143/filelists/libtool
@@ -0,0 +1 @@
+../../../common/libtool
\ No newline at end of file
diff --git a/config/rootfiles/core/143/update.sh b/config/rootfiles/core/143/update.sh
index 092b9c399..90d3f72fc 100644
--- a/config/rootfiles/core/143/update.sh
+++ b/config/rootfiles/core/143/update.sh
@@ -59,6 +59,9 @@ extract_files
# update linker config
ldconfig
+# remove wrong vnstat tag file
+rm -f /var/log/vnstat/tag
+
# restart init after glibc replace
telinit u
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index a6fdd6d75..ce9524df7 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -490,6 +490,13 @@ sub modccdnet
my $oldname=$_[1];
my %ccdconfhash=();
my %ccdhash=();
+
+ # Check if the new name is valid.
+ if(!&General::validhostname($newname)) {
+ $errormessage=$Lang::tr{'ccd err invalidname'};
+ return;
+ }
+
&General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
foreach my $key (keys %ccdconfhash) {
if ($ccdconfhash{$key}[0] eq $oldname) {
diff --git a/lfs/dhcp b/lfs/dhcp
index 4c01428f5..8c64ae899 100644
--- a/lfs/dhcp
+++ b/lfs/dhcp
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 4.4.1
+VER = 4.4.2
THISAPP = dhcp-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 18c7f4dcbb0a63df25098216d47b1ede
+$(DL_FILE)_MD5 = 2afdaf8498dc1edaf3012efdd589b3e1
install : $(TARGET)
diff --git a/lfs/libtool b/lfs/libtool
index 90dae11e8..e769a10d0 100644
--- a/lfs/libtool
+++ b/lfs/libtool
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.4.4
+VER = 2.4.6
THISAPP = libtool-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 51bf400de3354687d68dfa2392506b7e
+$(DL_FILE)_MD5 = 1bfb9b923f2c1339b4d2ce1807064aa5
install : $(TARGET)
diff --git a/lfs/vnstat b/lfs/vnstat
index b1a17ce1f..27189126b 100644
--- a/lfs/vnstat
+++ b/lfs/vnstat
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -87,7 +87,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
sed -i 's|/var/run/vnstat/vnstat.pid|/var/run/vnstat.pid|g' /etc/vnstat.conf
mkdir -p /var/log/vnstat
- touch /var/log/vnstat/tag
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index ec396c708..ab144ea18 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -185,14 +185,6 @@ iptables_init() {
iptables -A INPUT -j GUARDIAN
iptables -A FORWARD -j GUARDIAN
- # IPS (suricata) chains
- iptables -N IPS_INPUT
- iptables -N IPS_FORWARD
- iptables -N IPS_OUTPUT
- iptables -A INPUT -j IPS_INPUT
- iptables -A FORWARD -j IPS_FORWARD
- iptables -A OUTPUT -j IPS_OUTPUT
-
# Block non-established IPsec networks
iptables -N IPSECBLOCK
iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
@@ -204,6 +196,14 @@ iptables_init() {
iptables -A FORWARD -i tun+ -j OVPNBLOCK
iptables -A FORWARD -o tun+ -j OVPNBLOCK
+ # IPS (suricata) chains
+ iptables -N IPS_INPUT
+ iptables -N IPS_FORWARD
+ iptables -N IPS_OUTPUT
+ iptables -A INPUT -j IPS_INPUT
+ iptables -A FORWARD -j IPS_FORWARD
+ iptables -A OUTPUT -j IPS_OUTPUT
+
# OpenVPN transfer network translation
iptables -t nat -N OVPNNAT
iptables -t nat -A POSTROUTING -j OVPNNAT
diff --git a/src/initscripts/system/vnstat b/src/initscripts/system/vnstat
index 518b2d7c6..363307013 100755
--- a/src/initscripts/system/vnstat
+++ b/src/initscripts/system/vnstat
@@ -21,7 +21,11 @@ case "$1" in
stop)
umount_ramdisk "${VNSTATLOG}"
;;
-
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
backup)
# Backup all data if ramdisk is used
if mountpoint "${RRDLOG}" &>/dev/null; then
@@ -30,7 +34,7 @@ case "$1" in
;;
*)
- echo "Usage: $0 {start|stop|backup}"
+ echo "Usage: $0 {start|stop|restart|backup}"
exit 1
;;
esac
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2020-03-26 17:58 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48pCQR42TPz2y9R@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox