From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arne Fitzenreiter To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 5562f26f6979c2d60202eafe32469989c0878f20 Date: Thu, 26 Mar 2020 17:58:22 +0000 Message-ID: <48pCQR42TPz2y9R@people01.haj.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7120301364594330482==" List-Id: --===============7120301364594330482== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 5562f26f6979c2d60202eafe32469989c0878f20 (commit) via d2738c4c3c8daab35958c41380c9b3673b341866 (commit) via 7ad653cc09409c4e23885bf89279bd8458189f11 (commit) via 5c1c9938ebcd5b2cde8e159424d17de849c12ef8 (commit) via 5dba838282f23954a1cfeb4586b1cabc294a9b32 (commit) via 5d957b01c98157e29675d61c2d3118d0be18a00f (commit) via ff3c71fb48bbc4ad15e22a7417f6b8adbd39b423 (commit) via 804deb1b23f24daa35d0cf052d8d0eac82c3319f (commit) via 417fd66045433d8101c11bea669e14a39af4db13 (commit) from 0167befa0a83baa7d774ae0a93db5d05608c310e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5562f26f6979c2d60202eafe32469989c0878f20 Author: Arne Fitzenreiter Date: Thu Mar 26 17:56:23 2020 +0000 vnstat: remove wrong tag file =20 fixes #12305 =20 I had created this tag file to ship the folder but vnstat doesn't like em= pty files. =20 Signed-off-by: Arne Fitzenreiter commit d2738c4c3c8daab35958c41380c9b3673b341866 Author: Markus Untersee Date: Thu Jan 30 13:41:36 2020 +0100 vnstat: Add restart command. =20 Signed-off-by: Stefan Schantl Signed-off-by: Arne Fitzenreiter commit 7ad653cc09409c4e23885bf89279bd8458189f11 Author: Stefan Schantl Date: Tue Jan 28 11:51:50 2020 +0100 ovpnmain.cgi: Validate CCDNet name when renaming it. =20 Fixes #12282 =20 Signed-off-by: Stefan Schantl Signed-off-by: Arne Fitzenreiter commit 5c1c9938ebcd5b2cde8e159424d17de849c12ef8 Author: Arne Fitzenreiter Date: Thu Mar 26 17:50:26 2020 +0000 core143: add firewall initskript =20 Signed-off-by: Arne Fitzenreiter commit 5dba838282f23954a1cfeb4586b1cabc294a9b32 Author: Peter M=C3=BCller Date: Mon Jan 27 15:04:00 2020 +0000 avoid emitting VPN traffic to the internet if the IPS crashed =20 Due to strange NFQUEUE behaviour, traffic to remote VPN (IPsec or OpenVPN) destinations was emitted to the internet (ppp0 or red0 interface) directly if the IPS was enabled but crashed during operation. =20 This patch places the IPSECBLOCK and OVPNBLOCK chains before the ones responsible for forwarding traffic into the IPS. =20 Thanks to Michael for his debugging effort. =20 Partially fixes #12257 =20 Cc: Michael Tremer Cc: Stefan Schantl Signed-off-by: Peter M=C3=BCller Acked-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 5d957b01c98157e29675d61c2d3118d0be18a00f Author: Arne Fitzenreiter Date: Thu Mar 26 17:48:18 2020 +0000 core143: add libtool =20 Signed-off-by: Arne Fitzenreiter commit ff3c71fb48bbc4ad15e22a7417f6b8adbd39b423 Author: Matthias Fischer Date: Sat Jan 25 20:13:06 2020 +0100 libtool: Update 2.4.6 =20 For details see: https://savannah.gnu.org/forum/forum.php?forum_id=3D8210 =20 Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 804deb1b23f24daa35d0cf052d8d0eac82c3319f Author: Arne Fitzenreiter Date: Thu Mar 26 17:46:05 2020 +0000 core143: add dhcp =20 Signed-off-by: Arne Fitzenreiter commit 417fd66045433d8101c11bea669e14a39af4db13 Author: Matthias Fischer Date: Sat Jan 25 20:04:26 2020 +0100 dhcp: Update to 4.4.2 =20 For details see: https://downloads.isc.org/isc/dhcp/4.4.2/dhcp-4.4.2-RELNOTES =20 Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Arne Fitzenreiter ----------------------------------------------------------------------- Summary of changes: config/backup/backup.pl | 3 +++ config/rootfiles/common/vnstat | 3 +-- .../rootfiles/{oldcore/111 =3D> core/143}/filelists/dhcp | 0 config/rootfiles/core/143/filelists/files | 1 + .../rootfiles/{oldcore/66 =3D> core/143}/filelists/libtool | 0 config/rootfiles/core/143/update.sh | 3 +++ html/cgi-bin/ovpnmain.cgi | 7 +++++++ lfs/dhcp | 6 +++--- lfs/libtool | 6 +++--- lfs/vnstat | 3 +-- src/initscripts/system/firewall | 16 ++++++++------= -- src/initscripts/system/vnstat | 8 ++++++-- 12 files changed, 36 insertions(+), 20 deletions(-) copy config/rootfiles/{oldcore/111 =3D> core/143}/filelists/dhcp (100%) copy config/rootfiles/{oldcore/66 =3D> core/143}/filelists/libtool (100%) Difference in files: diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 9a92a9d9f..e08d8de84 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -76,6 +76,9 @@ restore_backup() { /bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null =20 + # remove wrong vnstat tag file + rm -f /var/log/vnstat/tag + # Run converters =20 # Outgoing Firewall diff --git a/config/rootfiles/common/vnstat b/config/rootfiles/common/vnstat index d5b56a679..42e00ed2a 100644 --- a/config/rootfiles/common/vnstat +++ b/config/rootfiles/common/vnstat @@ -9,5 +9,4 @@ usr/bin/vnstati #usr/share/man/man1/vnstati.1 #usr/share/man/man1/vnstat.1 #var/lib/vnstat -#var/log/vnstat -var/log/vnstat/tag +var/log/vnstat diff --git a/config/rootfiles/core/143/filelists/dhcp b/config/rootfiles/core= /143/filelists/dhcp new file mode 120000 index 000000000..32d8da443 --- /dev/null +++ b/config/rootfiles/core/143/filelists/dhcp @@ -0,0 +1 @@ +../../../common/dhcp \ No newline at end of file diff --git a/config/rootfiles/core/143/filelists/files b/config/rootfiles/cor= e/143/filelists/files index e5edae10f..b571b41bd 100644 --- a/config/rootfiles/core/143/filelists/files +++ b/config/rootfiles/core/143/filelists/files @@ -2,6 +2,7 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs +etc/rc.d/init.d/firewall etc/rc.d/init.d/localnet srv/web/ipfire/cgi-bin/dhcp.cgi srv/web/ipfire/cgi-bin/fireinfo.cgi diff --git a/config/rootfiles/core/143/filelists/libtool b/config/rootfiles/c= ore/143/filelists/libtool new file mode 120000 index 000000000..54f5666f8 --- /dev/null +++ b/config/rootfiles/core/143/filelists/libtool @@ -0,0 +1 @@ +../../../common/libtool \ No newline at end of file diff --git a/config/rootfiles/core/143/update.sh b/config/rootfiles/core/143/= update.sh index 092b9c399..90d3f72fc 100644 --- a/config/rootfiles/core/143/update.sh +++ b/config/rootfiles/core/143/update.sh @@ -59,6 +59,9 @@ extract_files # update linker config ldconfig =20 +# remove wrong vnstat tag file +rm -f /var/log/vnstat/tag + # restart init after glibc replace telinit u =20 diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index a6fdd6d75..ce9524df7 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -490,6 +490,13 @@ sub modccdnet my $oldname=3D$_[1]; my %ccdconfhash=3D(); my %ccdhash=3D(); + + # Check if the new name is valid. + if(!&General::validhostname($newname)) { + $errormessage=3D$Lang::tr{'ccd err invalidname'}; + return; + } + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); foreach my $key (keys %ccdconfhash) { if ($ccdconfhash{$key}[0] eq $oldname) { diff --git a/lfs/dhcp b/lfs/dhcp index 4c01428f5..8c64ae899 100644 --- a/lfs/dhcp +++ b/lfs/dhcp @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2018 IPFire Team = # +# Copyright (C) 2007-2019 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 4.4.1 +VER =3D 4.4.2 =20 THISAPP =3D dhcp-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 18c7f4dcbb0a63df25098216d47b1ede +$(DL_FILE)_MD5 =3D 2afdaf8498dc1edaf3012efdd589b3e1 =20 install : $(TARGET) =20 diff --git a/lfs/libtool b/lfs/libtool index 90dae11e8..e769a10d0 100644 --- a/lfs/libtool +++ b/lfs/libtool @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2018 IPFire Team = # +# Copyright (C) 2007-2019 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 2.4.4 +VER =3D 2.4.6 =20 THISAPP =3D libtool-$(VER) DL_FILE =3D $(THISAPP).tar.xz @@ -42,7 +42,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 51bf400de3354687d68dfa2392506b7e +$(DL_FILE)_MD5 =3D 1bfb9b923f2c1339b4d2ce1807064aa5 =20 install : $(TARGET) =20 diff --git a/lfs/vnstat b/lfs/vnstat index b1a17ce1f..27189126b 100644 --- a/lfs/vnstat +++ b/lfs/vnstat @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2018 IPFire Team = # +# Copyright (C) 2007-2020 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -87,7 +87,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) sed -i 's|/var/run/vnstat/vnstat.pid|/var/run/vnstat.pid|g' /etc/vnstat.conf =20 mkdir -p /var/log/vnstat - touch /var/log/vnstat/tag =20 @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index ec396c708..ab144ea18 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -185,14 +185,6 @@ iptables_init() { iptables -A INPUT -j GUARDIAN iptables -A FORWARD -j GUARDIAN =20 - # IPS (suricata) chains - iptables -N IPS_INPUT - iptables -N IPS_FORWARD - iptables -N IPS_OUTPUT - iptables -A INPUT -j IPS_INPUT - iptables -A FORWARD -j IPS_FORWARD - iptables -A OUTPUT -j IPS_OUTPUT - # Block non-established IPsec networks iptables -N IPSECBLOCK iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK @@ -204,6 +196,14 @@ iptables_init() { iptables -A FORWARD -i tun+ -j OVPNBLOCK iptables -A FORWARD -o tun+ -j OVPNBLOCK =20 + # IPS (suricata) chains + iptables -N IPS_INPUT + iptables -N IPS_FORWARD + iptables -N IPS_OUTPUT + iptables -A INPUT -j IPS_INPUT + iptables -A FORWARD -j IPS_FORWARD + iptables -A OUTPUT -j IPS_OUTPUT + # OpenVPN transfer network translation iptables -t nat -N OVPNNAT iptables -t nat -A POSTROUTING -j OVPNNAT diff --git a/src/initscripts/system/vnstat b/src/initscripts/system/vnstat index 518b2d7c6..363307013 100755 --- a/src/initscripts/system/vnstat +++ b/src/initscripts/system/vnstat @@ -21,7 +21,11 @@ case "$1" in stop) umount_ramdisk "${VNSTATLOG}" ;; - + restart) + ${0} stop + sleep 1 + ${0} start + ;; backup) # Backup all data if ramdisk is used if mountpoint "${RRDLOG}" &>/dev/null; then @@ -30,7 +34,7 @@ case "$1" in ;; =20 *) - echo "Usage: $0 {start|stop|backup}" + echo "Usage: $0 {start|stop|restart|backup}" exit 1 ;; esac hooks/post-receive -- IPFire 2.x development tree --===============7120301364594330482==--