This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 00655793a6a7821b9debfd488e7fd91d1b370c1d (commit) via cc9eb2d30609f18f06b53b838efcd3c7326693f4 (commit) via 6386584baa5669755ebae9507a50ef71321b47aa (commit) via be7f8b800302c3b3198491cbc7ec323e0c7bdb2d (commit) via c867280f97574cc24e547c7bd2fdb2e488c499f8 (commit) via e43c3206d3a38c0db76b16860898c21e429a6037 (commit) via 2ae1c23f6200b0820a54ce30fe0677820094ff51 (commit) via 4ddc1aea083198724c666f27bb4c2df199018acc (commit) via f6a31bfa07f9b464885d500f1c4a3aee2efdde08 (commit) via eba306c216e6ee5ba6b2db9b9a0ddaf04d1b58d7 (commit) via 7f5b5954b241c8f78f1b81d1313f09b97988190a (commit) from cd6bd02f53e9dee2cd634c006228585d51fff839 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 00655793a6a7821b9debfd488e7fd91d1b370c1d Author: Arne Fitzenreiter Date: Tue Jul 28 18:38:40 2020 +0000 core148: add network-functions.pl Signed-off-by: Arne Fitzenreiter commit cc9eb2d30609f18f06b53b838efcd3c7326693f4 Author: Peter Müller Date: Sat Jul 25 19:08:37 2020 +0000 network-functions.pl: add missing unit tests for changed, network membership procedure Cc: Tim FitzGeorge Cc: Alexander Marx Signed-off-by: Peter Müller Signed-off-by: Arne Fitzenreiter commit 6386584baa5669755ebae9507a50ef71321b47aa Author: Peter Müller Date: Sat Jul 25 19:08:07 2020 +0000 network-functions.pl: fix network membership test This is based on an orphaned patch provided by Tim FitzGeorge and _finally_ fixes incorrect network membership calculations. Those were are usability pain in the ass deluxe, as they rendered some combinations of configuring OpenVPN and IPsec services unusable. Fixes: #11235 Fixes: #12263 Cc: Tim FitzGeorge Cc: Michael Tremer Cc: Alexander Marx Signed-off-by: Peter Müller Signed-off-by: Arne Fitzenreiter commit be7f8b800302c3b3198491cbc7ec323e0c7bdb2d Author: Adolf Belka Date: Tue Jul 28 18:17:43 2020 +0000 bacula: Correction to 9.6.5 - Corrected Download URL to remove filename from the end of it. This is defined separately. - Corrected to include install command for backup file which was missed in previous patch. - Added backup file to rootfiles list. Signed-off-by: Adolf Belka Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit c867280f97574cc24e547c7bd2fdb2e488c499f8 Author: Arne Fitzenreiter Date: Tue Jul 28 18:34:31 2020 +0000 core148: add networking/any initskript Signed-off-by: Arne Fitzenreiter commit e43c3206d3a38c0db76b16860898c21e429a6037 Author: Michael Tremer Date: Tue Jul 28 18:04:46 2020 +0000 network: Fix typo for MTU value Reported here: https://community.ipfire.org/t/strange-etc-init-d-networking-any-for-blue/2831 Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 2ae1c23f6200b0820a54ce30fe0677820094ff51 Author: Michael Tremer Date: Tue Jul 28 17:18:18 2020 +0000 location: Restart IPsec after firewall was restarted strongswan creates rules in iptables which are being dropped when the firewall is being restarted. Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 4ddc1aea083198724c666f27bb4c2df199018acc Author: Michael Tremer Date: Tue Jul 28 17:18:19 2020 +0000 core148: Do not update the location database straight away This process takes a long time and stalls the update process. Since the cronjob is being called once an hour, all systems will very quickly pull a recent database which will then be extracted in the background not disrupting the Core Update process. Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit f6a31bfa07f9b464885d500f1c4a3aee2efdde08 Author: Matthias Fischer Date: Mon Jul 27 17:50:50 2020 +0200 Fix typo in german translation Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit eba306c216e6ee5ba6b2db9b9a0ddaf04d1b58d7 Author: Matthias Fischer Date: Sat Jul 25 20:19:20 2020 +0200 mc: Update to 4.8.25 For details see: http://midnight-commander.org/wiki/NEWS-4.8.25 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter commit 7f5b5954b241c8f78f1b81d1313f09b97988190a Author: Michael Tremer Date: Tue Jul 21 12:48:55 2020 +0000 libloc: Apply -fstack-protector only on i586 All other architectures build fine and we do not need to weaken the Perl module unnecessarily. Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter ----------------------------------------------------------------------- Summary of changes: config/cfgroot/network-functions.pl | 38 +++++++++++++++++-------------- config/rootfiles/core/148/filelists/files | 2 ++ config/rootfiles/core/148/update.sh | 1 - config/rootfiles/packages/bacula | 1 + config/rootfiles/packages/mc | 2 ++ langs/de/cgi-bin/de.pl | 2 +- lfs/bacula | 4 +++- lfs/libloc | 2 ++ lfs/mc | 8 +++---- src/initscripts/networking/any | 2 +- src/scripts/convert-to-location | 5 ++++ 11 files changed, 42 insertions(+), 25 deletions(-) Difference in files: diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index 8649d0502..3d7f04743 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -115,7 +115,7 @@ sub network_equal { return undef; } - if ($bin1[0] eq $bin2[0] && $bin1[1] eq $bin2[1]) { + if ($bin1[0] == $bin2[0] && $bin1[1] == $bin2[1]) { return 1; } @@ -191,7 +191,7 @@ sub check_ip_address_and_netmask($$) { my ($address, $netmask) = split(/\//, $network, 2); # Check if the IP address is fine. - # + # my $result = &check_ip_address($address); unless ($result) { return $result; @@ -295,7 +295,7 @@ sub ip_address_in_network($$) { # Find end address my $broadcast_bin = $network_bin ^ (~$netmask_bin % 2 ** 32); - return (($address_bin ge $network_bin) && ($address_bin le $broadcast_bin)); + return (($address_bin >= $network_bin) && ($address_bin <= $broadcast_bin)); } sub setup_upstream_proxy() { @@ -449,14 +449,15 @@ sub get_mac_by_name($) { # Remove the next line to enable the testsuite __END__ -sub assert($) { +sub assert($$) { + my $tst = shift; my $ret = shift; if ($ret) { return; } - print "ASSERTION ERROR"; + print "ASSERTION ERROR - $tst\n"; exit(1); } @@ -464,10 +465,10 @@ sub testsuite() { my $result; my $address1 = &ip2bin("8.8.8.8"); - assert($address1 == 134744072); + assert('ip2bin("8.8.8.8")', $address1 == 134744072); my $address2 = &bin2ip($address1); - assert($address2 eq "8.8.8.8"); + assert("bin2ip($address1)", $address2 eq "8.8.8.8"); # Check if valid IP addresses are correctly recognised. foreach my $address ("1.2.3.4", "192.168.180.1", "127.0.0.1") { @@ -486,34 +487,37 @@ sub testsuite() { } $result = &check_ip_address_and_netmask("192.168.180.0/255.255.255.0"); - assert($result); + assert('check_ip_address_and_netmask("192.168.180.0/255.255.255.0")', $result); $result = &convert_netmask2prefix("255.255.254.0"); - assert($result == 23); + assert('convert_netmask2prefix("255.255.254.0")', $result == 23); $result = &convert_prefix2netmask(8); - assert($result eq "255.0.0.0"); + assert('convert_prefix2netmask(8)', $result eq "255.0.0.0"); $result = &find_next_ip_address("1.2.3.4", 2); - assert($result eq "1.2.3.6"); + assert('find_next_ip_address("1.2.3.4", 2)', $result eq "1.2.3.6"); $result = &network_equal("192.168.0.0/24", "192.168.0.0/255.255.255.0"); - assert($result); + assert('network_equal("192.168.0.0/24", "192.168.0.0/255.255.255.0")', $result); $result = &network_equal("192.168.0.0/24", "192.168.0.0/25"); - assert(!$result); + assert('network_equal("192.168.0.0/24", "192.168.0.0/25")', !$result); $result = &network_equal("192.168.0.0/24", "192.168.0.128/25"); - assert(!$result); + assert('network_equal("192.168.0.0/24", "192.168.0.128/25")', !$result); $result = &network_equal("192.168.0.1/24", "192.168.0.XXX/24"); - assert(!$result); + assert('network_equal("192.168.0.1/24", "192.168.0.XXX/24")', !$result); $result = &ip_address_in_network("10.0.1.4", "10.0.0.0/8"); - assert($result); + assert('ip_address_in_network("10.0.1.4", "10.0.0.0/8"', $result); $result = &ip_address_in_network("192.168.30.11", "192.168.30.0/255.255.255.0"); - assert($result); + assert('ip_address_in_network("192.168.30.11", "192.168.30.0/255.255.255.0")', $result); + + $result = &ip_address_in_network("192.168.30.11", "0.0.0.0/8"); + assert('ip_address_in_network("192.168.30.11", "0.0.0.0/8")', !$result); print "Testsuite completed successfully!\n"; diff --git a/config/rootfiles/core/148/filelists/files b/config/rootfiles/core/148/filelists/files index 3578b7a21..a49e0e179 100644 --- a/config/rootfiles/core/148/filelists/files +++ b/config/rootfiles/core/148/filelists/files @@ -3,6 +3,7 @@ etc/issue srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs etc/rc.d/init.d/firewall +etc/rc.d/init.d/networking/any srv/web/ipfire/cgi-bin/connections.cgi srv/web/ipfire/cgi-bin/country.cgi srv/web/ipfire/cgi-bin/dns.cgi @@ -25,4 +26,5 @@ usr/local/bin/update-location-database var/ipfire/backup/bin/backup.pl var/ipfire/firewall/locationblock var/ipfire/location-functions.pl +var/ipfire/network-functions.pl var/ipfire/menu.d/50-firewall.menu diff --git a/config/rootfiles/core/148/update.sh b/config/rootfiles/core/148/update.sh index c77e72276..d4bcc45bc 100644 --- a/config/rootfiles/core/148/update.sh +++ b/config/rootfiles/core/148/update.sh @@ -52,7 +52,6 @@ ldconfig # update location database /usr/local/bin/convert-to-location -/usr/local/bin/update-location-database # Update Language cache /usr/local/bin/update-lang-cache diff --git a/config/rootfiles/packages/bacula b/config/rootfiles/packages/bacula index 4ee408fc4..dc9179489 100644 --- a/config/rootfiles/packages/bacula +++ b/config/rootfiles/packages/bacula @@ -63,3 +63,4 @@ usr/sbin/bacula-fd #usr/share/man/man8/dbcheck.8.gz #var/bacula #var/bacula/working +var/ipfire/backup/addons/includes/bacula diff --git a/config/rootfiles/packages/mc b/config/rootfiles/packages/mc index 42a6aadf4..8e7a57db7 100644 --- a/config/rootfiles/packages/mc +++ b/config/rootfiles/packages/mc @@ -142,6 +142,7 @@ usr/share/mc/syntax/c.syntax usr/share/mc/syntax/cabal.syntax usr/share/mc/syntax/changelog.syntax usr/share/mc/syntax/cmake.syntax +usr/share/mc/syntax/cobol.syntax usr/share/mc/syntax/cs.syntax usr/share/mc/syntax/css.syntax usr/share/mc/syntax/cuda.syntax @@ -172,6 +173,7 @@ usr/share/mc/syntax/j.syntax usr/share/mc/syntax/jal.syntax usr/share/mc/syntax/java.syntax usr/share/mc/syntax/js.syntax +usr/share/mc/syntax/kotlin.syntax usr/share/mc/syntax/latex.syntax usr/share/mc/syntax/lisp.syntax usr/share/mc/syntax/lkr.syntax diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 5d74bf4a3..b01e75eb5 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1971,7 +1971,7 @@ 'pakfire last core list update' => 'Letztes Corelisten Update ist', 'pakfire last package update' => 'Letztes Paketlisten Update ist', 'pakfire last serverlist update' => 'Letztes Serverlisten Update ist', -'pakfire last update' => 'Letzes Update ist', +'pakfire last update' => 'Letztes Update ist', 'pakfire possible dependency' => ' Möglicherweise haben diese Pakete Abhängigkeiten, d.h. andere Pakete müssen zusätzlich installiert werden. Dazu sehen Sie unten eine Liste.', 'pakfire register' => 'Registrierung am Pakfire-Server:', 'pakfire system state' => 'System Status', diff --git a/lfs/bacula b/lfs/bacula index 1e4db011b..f5220bf16 100644 --- a/lfs/bacula +++ b/lfs/bacula @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = bacula -PAK_VER = 5 +PAK_VER = 6 DEPS = @@ -87,6 +87,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install ln -sf /etc/bacula/bacula-ctl-fd /etc/rc.d/init.d/bacula + install -v -m 644 ${DIR_SRC}/config/backup/includes/bacula \ + /var/ipfire/backup/addons/includes/bacula rm -f /root/.rnd @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/libloc b/lfs/libloc index df86ff19d..a71a9ac5b 100644 --- a/lfs/libloc +++ b/lfs/libloc @@ -82,7 +82,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libloc-0.9.3-country-terminate-buffer-when-reading-from-database.patch # Add patch for i586 to disable strong stack protector. +ifeq "$(BUILD_ARCH)" "i586" cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libloc-0.9.3-perl-regular-stack-protector.patch +endif cd $(DIR_APP) && ./autogen.sh cd $(DIR_APP) && ./configure \ diff --git a/lfs/mc b/lfs/mc index 8edba6df8..5c48dd332 100644 --- a/lfs/mc +++ b/lfs/mc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.8.24 +VER = 4.8.25 THISAPP = mc-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mc -PAK_VER = 19 +PAK_VER = 20 DEPS = @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 3a11df2dd379dd67c497c8d2c344715c +$(DL_FILE)_MD5 = 19f14d368001aac454c28a2ddd2e851b install : $(TARGET) diff --git a/src/initscripts/networking/any b/src/initscripts/networking/any index 8d2300950..0cf107f48 100644 --- a/src/initscripts/networking/any +++ b/src/initscripts/networking/any @@ -34,7 +34,7 @@ elif [ "$(basename $0)" == "blue" ]; then NETADDRESS="${BLUE_NETADDRESS}" NETMASK="${BLUE_NETMASK}" DEVICE="${BLUE_DEV}" - MTU="${GREEN_MTU}" + MTU="${BLUE_MTU}" elif [ "$(basename $0)" == "orange" ]; then DEVICE="${ORANGE_DEV}" ADDRESS="${ORANGE_ADDRESS}" diff --git a/src/scripts/convert-to-location b/src/scripts/convert-to-location index 9149b854d..428a91d34 100755 --- a/src/scripts/convert-to-location +++ b/src/scripts/convert-to-location @@ -47,6 +47,11 @@ if [ -f "$FW_CONF_DIR/geoipblock" ]; then # Regenerate firewall chains. /etc/init.d/firewall restart + + # Restart IPsec for dropped iptables rules + if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then + /etc/init.d/ipsec restart + fi fi # Finished. hooks/post-receive -- IPFire 2.x development tree