* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 21be3871b9ac2ca3d5d744c22890f55cdf334006
@ 2020-04-07 9:00 Arne Fitzenreiter
0 siblings, 0 replies; only message in thread
From: Arne Fitzenreiter @ 2020-04-07 9:00 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 11767 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 21be3871b9ac2ca3d5d744c22890f55cdf334006 (commit)
via bb90622c2cfdd7b3bbbabcdbba8a573a36d9edc1 (commit)
via 154bb705b1b3ce52c9916457379321649bedde3e (commit)
via cce7aa9bb8252e00a89c93ca0cc19ecd8833f036 (commit)
via 1b6b8d97aac8a8056a4ef5c9d571a1947551e17f (commit)
via e4013c9dabd55f399b57939a4ad9b5192aac8077 (commit)
from e698090e7f696923ff146b272b587a3eeca34c6c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 21be3871b9ac2ca3d5d744c22890f55cdf334006
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Apr 7 08:59:32 2020 +0000
core143: add zoneconf.cgi
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bb90622c2cfdd7b3bbbabcdbba8a573a36d9edc1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Apr 6 17:38:38 2020 +0000
zoneconf.cgi: Skip checks for non-existing zones
On systems with RED on PPP and no BLUE or ORANGE zones,
there would always be an error when handling non-existant input.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 154bb705b1b3ce52c9916457379321649bedde3e
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Apr 6 18:42:35 2020 +0200
pcengines-apu-firmware: update to v4.11.0.5
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit cce7aa9bb8252e00a89c93ca0cc19ecd8833f036
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Apr 7 08:57:50 2020 +0000
core143: add unbmound initskript
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1b6b8d97aac8a8056a4ef5c9d571a1947551e17f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Apr 6 15:10:25 2020 +0000
unbound: Set domains with local data into type transparent mode
Records which are from the same domain than the IPFire hostname
might not be returned by unbound. This change explicitely instructs
unbound to check local data before checking the global DNS.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e4013c9dabd55f399b57939a4ad9b5192aac8077
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Apr 7 08:54:27 2020 +0000
core143: add suricata http port changes
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/143/filelists/files | 4 ++
config/rootfiles/core/143/update.sh | 7 +++-
config/suricata/suricata-generate-http-ports-file | 47 -----------------------
html/cgi-bin/zoneconf.cgi | 2 +
lfs/pcengines-apu-firmware | 21 ++++++----
src/initscripts/system/unbound | 12 +++++-
6 files changed, 35 insertions(+), 58 deletions(-)
delete mode 100644 config/suricata/suricata-generate-http-ports-file
Difference in files:
diff --git a/config/rootfiles/core/143/filelists/files b/config/rootfiles/core/143/filelists/files
index 816fffe9a..9cb36e78c 100644
--- a/config/rootfiles/core/143/filelists/files
+++ b/config/rootfiles/core/143/filelists/files
@@ -4,6 +4,7 @@ srv/web/ipfire/cgi-bin/credits.cgi
var/ipfire/langs
etc/rc.d/init.d/firewall
etc/rc.d/init.d/localnet
+etc/rc.d/init.d/unbound
etc/suricata/suricata.yaml
srv/web/ipfire/cgi-bin/dhcp.cgi
srv/web/ipfire/cgi-bin/fireinfo.cgi
@@ -11,8 +12,11 @@ srv/web/ipfire/cgi-bin/ids.cgi
srv/web/ipfire/cgi-bin/mail.cgi
srv/web/ipfire/cgi-bin/netother.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
+srv/web/ipfire/cgi-bin/zoneconf.cgi
usr/lib/firewall/rules.pl
+usr/sbin/convert-snort
var/ipfire/backup/bin/backup.pl
var/ipfire/backup/include
var/ipfire/ids-functions.pl
diff --git a/config/rootfiles/core/143/update.sh b/config/rootfiles/core/143/update.sh
index cb07bbb59..9cd426447 100644
--- a/config/rootfiles/core/143/update.sh
+++ b/config/rootfiles/core/143/update.sh
@@ -75,6 +75,11 @@ telinit u
# Apply local configuration to sshd_config
/usr/local/bin/sshctrl
+# Generate new http ports file for suricata
+perl -e "require '/var/ipfire/ids-functions.pl'; \
+ &IDS::generate_http_ports_file(); \
+ &IDS::set_ownership(\"\$IDS::http_ports_file\"); "
+
# Start services
/usr/local/bin/ipsecctrl S
/etc/init.d/unbound restart
@@ -100,8 +105,6 @@ done
# Filesytem cleanup
/usr/local/bin/filesystem-cleanup
-# Start services
-
# This update needs a reboot...
#touch /var/run/need_reboot
diff --git a/config/suricata/suricata-generate-http-ports-file b/config/suricata/suricata-generate-http-ports-file
deleted file mode 100644
index f0d6bb823..000000000
--- a/config/suricata/suricata-generate-http-ports-file
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/bin/perl
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2012 IPFire Development Team <info(a)ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-use strict;
-
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/ids-functions.pl";
-
-exit unless(-f $IDS::ids_settings_file and -f $IDS::rules_settings_file);
-
-#
-## Step 1: Generate and write the HTTP ports file.
-#
-
-# Call subfunction to generate the HTTP ports file.
-&IDS::generate_http_ports_file();
-
-# Set correct ownership.
-&IDS::set_ownership("$IDS::http_ports_file");
-
-#
-## Step 2: Restart suricata if necessary.
-#
-
-# Check if the IDS should be started.
-if(&IDS::ids_is_running()) {
- # Call suricatactrl and reload the rules.
- &IDS::call_suricatactrl("restart");
-}
diff --git a/html/cgi-bin/zoneconf.cgi b/html/cgi-bin/zoneconf.cgi
index 6b8642818..d99a3e611 100644
--- a/html/cgi-bin/zoneconf.cgi
+++ b/html/cgi-bin/zoneconf.cgi
@@ -211,6 +211,8 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
my $mac = $_->[0];
my $nic_access = $cgiparams{"ACCESS $uc $mac"};
+ next unless ($nic_access);
+
if ($nic_access ne "NONE") {
if ($VALIDATE_nic_check{"RESTRICT $mac"}) { # If this interface is already assigned to RED in PPP mode, throw an error
$VALIDATE_error = $Lang::tr{"zoneconf val ppp assignment error"};
diff --git a/lfs/pcengines-apu-firmware b/lfs/pcengines-apu-firmware
index dd76004f8..e430ad9a2 100644
--- a/lfs/pcengines-apu-firmware
+++ b/lfs/pcengines-apu-firmware
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,14 +24,14 @@
include Config
-VER = 4.10.0.3
+VER = 4.11.0.5
THISAPP = pcengines-apu-firmware-$(VER)
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = pcengines-apu-firmware
-PAK_VER = 4
+PAK_VER = 5
SUP_ARCH = i586 x86_64
DEPS = firmware-update
@@ -53,11 +53,11 @@ apu3_v$(VER).rom = $(DL_FROM)/apu3_v$(VER).rom
apu4_v$(VER).rom = $(DL_FROM)/apu4_v$(VER).rom
apu5_v$(VER).rom = $(DL_FROM)/apu5_v$(VER).rom
-apu1_v$(VER).rom_MD5 = f996d2272685683b1bf8be1f27b44f18
-apu2_v$(VER).rom_MD5 = 1ec2df4c0f9be2443192fead8e3b49e9
-apu3_v$(VER).rom_MD5 = 4a5cee9b621432627d7f3dcbb6191904
-apu4_v$(VER).rom_MD5 = a4a8bd06ebfa88907f5a4ddb6d7c3edc
-apu5_v$(VER).rom_MD5 = c389d490d02810bf65f0f3abb461070e
+apu1_v$(VER).rom_MD5 = eb9513cdb9bb212db524307d71d9f87c
+apu2_v$(VER).rom_MD5 = e3ce78e1cbc1eb35b10d97349afabf04
+apu3_v$(VER).rom_MD5 = 42ece2873efc4a4b86bb507df40423c6
+apu4_v$(VER).rom_MD5 = e5eb7a15efbfc1a434d3bd48d1bc5062
+apu5_v$(VER).rom_MD5 = f2924f98bbb1e2816760103ab045a175
install : $(TARGET)
@@ -96,3 +96,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
/lib/firmware/pcengines/apu
@$(POSTBUILD)
+eb9513cdb9bb212db524307d71d9f87c cache/apu1_v4.11.0.5.rom
+e3ce78e1cbc1eb35b10d97349afabf04 cache/apu2_v4.11.0.5.rom
+42ece2873efc4a4b86bb507df40423c6 cache/apu3_v4.11.0.5.rom
+e5eb7a15efbfc1a434d3bd48d1bc5062 cache/apu4_v4.11.0.5.rom
+f2924f98bbb1e2816760103ab045a175 cache/apu5_v4.11.0.5.rom
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 1cf26ec0e..35477ae28 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -72,8 +72,18 @@ write_hosts_conf() {
echo "local-data: \"${address} ${LOCAL_TTL} IN PTR ${HOSTNAME}\""
done
- # Add all hosts
local enabled address hostname domainname generateptr
+
+ # Find all unique domain names
+ while IFS="," read -r enabled address hostname domainname generateptr; do
+ [ "${enabled}" = "on" ] || continue
+
+ echo "${domainname}"
+ done < /var/ipfire/main/hosts | sort -u | while read -r domainname; do
+ echo "local-zone: ${domainname} typetransparent"
+ done
+
+ # Add all hosts
while IFS="," read -r enabled address hostname domainname generateptr; do
[ "${enabled}" = "on" ] || continue
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-04-07 9:00 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-07 9:00 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 21be3871b9ac2ca3d5d744c22890f55cdf334006 Arne Fitzenreiter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox