[git.ipfire.org] IPFire 2.x development tree branch, next, updated. adc2aa5f67dfcc537bb0c0acc4136b69cd62b8e0

[Michael Tremer <git@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 14681 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  adc2aa5f67dfcc537bb0c0acc4136b69cd62b8e0 (commit)
       via  eea288bc1a55ac99cac868b00367999455cecde5 (commit)
       via  abffcc99adab8311e9421c8203a82d65b7c5ea1c (commit)
       via  f1d98a1c3fb2459cf481e9330d113a958be35e58 (commit)
      from  502f6c63a3120a85ca855ec9aaec9c6cb90cbefd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit adc2aa5f67dfcc537bb0c0acc4136b69cd62b8e0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Jan 25 19:34:16 2021 +0000

    core154: Ship updated perl files
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit eea288bc1a55ac99cac868b00367999455cecde5
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date:   Sun Jan 17 15:20:04 2021 +0100

    network-functions.pl: Improve zone configuration functions
    
    Cache ethernet configuration in public variable "ethernet_settings",
    add functions to simplify working with the network configuration.
    
    Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit abffcc99adab8311e9421c8203a82d65b7c5ea1c
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date:   Sun Jan 17 15:20:03 2021 +0100

    Refactor "get_available_network_zones", move to network-functions.pl
    
    This function nicely translates the ethernet/settings "CONFIG_TYPE"
    into a list of available zones. Therefore it should be more accessible!
    
    Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit f1d98a1c3fb2459cf481e9330d113a958be35e58
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date:   Thu Jan 21 14:35:16 2021 +0100

    make: update to 4.3
    
    this this needed to build on systems with kernel >=5.5
    
    Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/cfgroot/ids-functions.pl             | 39 +----------------
 config/cfgroot/network-functions.pl         | 66 ++++++++++++++++++++++++++++
 config/rootfiles/core/154/filelists/files   |  4 ++
 config/suricata/convert-snort               |  3 +-
 html/cgi-bin/ids.cgi                        |  3 +-
 lfs/make                                    | 10 ++---
 src/patches/make-4.2.1-glob-SEGV.patch      | 67 -----------------------------
 src/patches/make-4.2.1-glob-build-fix.patch | 11 -----
 8 files changed, 80 insertions(+), 123 deletions(-)
 delete mode 100644 src/patches/make-4.2.1-glob-SEGV.patch
 delete mode 100644 src/patches/make-4.2.1-glob-build-fix.patch

Difference in files:
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index d45e1c70a..2fdae4a7a 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -24,6 +24,7 @@
 package IDS;
 
 require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/network-functions.pl";
 
 # Location where all config and settings files are stored.
 our $settingsdir = "${General::swroot}/suricata";
@@ -410,42 +411,6 @@ sub _store_error_message ($) {
 	&set_ownership("$storederrorfile");
 }
 
-#
-## Function to get a list of all available network zones.
-#
-sub get_available_network_zones () {
-	# Get netsettings.
-	my %netsettings = ();
-	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-
-	# Obtain the configuration type from the netsettings hash.
-	my $config_type = $netsettings{'CONFIG_TYPE'};
-
-	# Hash which contains the conversation from the config mode
-	# to the existing network interface names. They are stored like
-	# an array.
-	#
-	# Mode "0" red is a modem and green
-	# Mode "1" red is a netdev and green
-	# Mode "2" red, green and orange
-	# Mode "3" red, green and blue
-	# Mode "4" red, green, blue, orange
-	my %config_type_to_interfaces = (
-		"0" => [ "red", "green" ],
-		"1" => [ "red", "green" ],
-		"2" => [ "red", "green", "orange" ],
-		"3" => [ "red", "green", "blue" ],
-		"4" => [ "red", "green", "blue", "orange" ]
-	);
-
-	# Obtain and dereference the corresponding network interaces based on the read
-	# network config type.
-	my @network_zones = @{ $config_type_to_interfaces{$config_type} };
-
-	# Return them.
-	return @network_zones;
-}
-
 #
 ## Function to check if the IDS is running.
 #
@@ -613,7 +578,7 @@ sub generate_home_net_file() {
 	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 
 	# Get available network zones.
-	my @network_zones = &get_available_network_zones();
+	my @network_zones = &Network::get_available_network_zones();
 
 	# Temporary array to store network address and prefix of the configured
 	# networks.
diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl
index 3d7f04743..7bd6466e0 100644
--- a/config/cfgroot/network-functions.pl
+++ b/config/cfgroot/network-functions.pl
@@ -27,6 +27,14 @@ require "/var/ipfire/general-functions.pl";
 
 use Socket;
 
+# System ethernet configuration
+our %ethernet_settings = ();
+&General::readhash("${General::swroot}/ethernet/settings", \%ethernet_settings);
+
+# List of all possible network zones that can be configured
+our @known_network_zones = ("red", "green", "orange", "blue");
+
+# IPv4 netmask CIDR to dotted decimal notation conversion table
 my %PREFIX2NETMASK = (
 	32 => "255.255.255.255",
 	31 => "255.255.255.254",
@@ -444,6 +452,64 @@ sub get_mac_by_name($) {
 	return $mac;
 }
 
+#
+## Function to get a list of all available network zones.
+#
+sub get_available_network_zones () {
+	# Obtain the configuration type from the netsettings hash.
+	my $config_type = $ethernet_settings{'CONFIG_TYPE'};
+
+	# Hash which contains the conversation from the config mode
+	# to the existing network interface names. They are stored like
+	# an array.
+	#
+	# Mode "0" red is a modem and green
+	# Mode "1" red is a netdev and green
+	# Mode "2" red, green and orange
+	# Mode "3" red, green and blue
+	# Mode "4" red, green, blue, orange
+	my %config_type_to_interfaces = (
+		"0" => [ "red", "green" ],
+		"1" => [ "red", "green" ],
+		"2" => [ "red", "green", "orange" ],
+		"3" => [ "red", "green", "blue" ],
+		"4" => [ "red", "green", "blue", "orange" ]
+	);
+
+	# Obtain and dereference the corresponding network interaces based on the read
+	# network config type.
+	my @network_zones = @{ $config_type_to_interfaces{$config_type} };
+
+	# Return them.
+	return @network_zones;
+}
+
+#
+## Function to check if a network zone is available in the current configuration
+#
+sub is_zone_available() {
+	my $zone = lc shift;
+	
+	# Make sure the zone is valid
+	die("Unknown network zone '$zone'") unless ($zone ~~ @known_network_zones);
+	
+	# Get available zones and return result
+	my @available_zones = get_available_network_zones();
+	return ($zone ~~ @available_zones);
+}
+
+#
+## Function to determine if the RED zone is in standard IP (or modem, PPP, VDSL, ...) mode
+#
+sub is_red_mode_ip() {
+	# Obtain the settings from the netsettings hash
+	my $config_type = $ethernet_settings{'CONFIG_TYPE'};
+	my $red_type = $ethernet_settings{'RED_TYPE'};
+
+	# RED must be a network device (configuration 1-4) with dynamic or static IP
+	return (($config_type ~~ [1..4]) && ($red_type ~~ ["DHCP", "STATIC"]));
+}
+
 1;
 
 # Remove the next line to enable the testsuite
diff --git a/config/rootfiles/core/154/filelists/files b/config/rootfiles/core/154/filelists/files
index ec58127a2..b4ab41790 100644
--- a/config/rootfiles/core/154/filelists/files
+++ b/config/rootfiles/core/154/filelists/files
@@ -14,6 +14,7 @@ srv/web/ipfire/cgi-bin/dhcp.cgi
 srv/web/ipfire/cgi-bin/extrahd.cgi
 srv/web/ipfire/cgi-bin/gpl.cgi
 srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/optionsfw.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/remote.cgi
@@ -21,7 +22,10 @@ srv/web/ipfire/cgi-bin/services.cgi
 srv/web/ipfire/cgi-bin/wirelessclient.cgi
 usr/local/bin/ipsec-interfaces
 usr/local/bin/sshctrl
+usr/sbin/convert-snort
 var/ipfire/extrahd/bin/extrahd.pl
 var/ipfire/general-functions.pl
+var/ipfire/ids-functions.pl
+var/ipfire/network-functions.pl
 var/ipfire/header.pl
 var/ipfire/langs
diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort
index 3e938137e..7d75233b4 100644
--- a/config/suricata/convert-snort
+++ b/config/suricata/convert-snort
@@ -23,6 +23,7 @@ use strict;
 
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/ids-functions.pl";
+require "${General::swroot}/network-functions.pl";
 
 # Snort settings file, which contains the settings from the WUI.
 my $snort_settings_file = "${General::swroot}/snort/settings";
@@ -129,7 +130,7 @@ my %rulessettings = (
 );
 
 # Get all available network zones.
-my @network_zones = &IDS::get_available_network_zones();
+my @network_zones = &Network::get_available_network_zones();
 
 # Read-in snort settings file.
 &General::readhash("$snort_settings_file", \%snortsettings);
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index bc31a341f..83d5f52ba 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -29,6 +29,7 @@ require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 require "${General::swroot}/ids-functions.pl";
+require "${General::swroot}/network-functions.pl";
 
 my %color = ();
 my %mainsettings = ();
@@ -47,7 +48,7 @@ my %ignored=();
 
 # Get the available network zones, based on the config type of the system and store
 # the list of zones in an array.
-my @network_zones = &IDS::get_available_network_zones();
+my @network_zones = &Network::get_available_network_zones();
 
 # Check if openvpn is started and add it to the array of network zones.
 if ( -e "/var/run/openvpn.pid") {
diff --git a/lfs/make b/lfs/make
index 971b705df..f6ba0ccd6 100644
--- a/lfs/make
+++ b/lfs/make
@@ -24,14 +24,14 @@
 
 include Config
 
-VER        = 4.2.1
+VER        = 4.3
 
 THISAPP    = make-$(VER)
-DL_FILE    = $(THISAPP).tar.bz2
+DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 PROG       = make
-PAK_VER    = 4
+PAK_VER    = 5
 
 DEPS       =
 
@@ -55,7 +55,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 15b012617e7c44c0ed482721629577ac
+$(DL_FILE)_MD5 = fc7a67ea86ace13195b0bce683fd4469
 
 install : $(TARGET)
 
@@ -88,8 +88,6 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/make-4.2.1-glob-build-fix.patch
-	cd $(DIR_APP) && patch -p1 < $(DIR_SRC)/src/patches/make-4.2.1-glob-SEGV.patch
 	cd $(DIR_APP) && autoreconf -vfi
 	cd $(DIR_APP) && ./configure --prefix=$(PREFIX) --disable-nls
 	cd $(DIR_APP) && make $(MAKETUNING)
diff --git a/src/patches/make-4.2.1-glob-SEGV.patch b/src/patches/make-4.2.1-glob-SEGV.patch
deleted file mode 100644
index 911e3152e..000000000
--- a/src/patches/make-4.2.1-glob-SEGV.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 193f1e81edd6b1b56b0eb0ff8aa4b41c7b4257b4 Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert(a)cs.ucla.edu>
-Date: Sun, 24 Sep 2017 09:12:58 -0400
-Subject: glob: Do not assume glibc glob internals.
-
-It has been proposed that glibc glob start using gl_lstat,
-which the API allows it to do.  GNU 'make' should not get in
-the way of this.  See:
-https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html
-
-* dir.c (local_lstat): New function, like local_stat.
-(dir_setup_glob): Use it to initialize gl_lstat too, as the API
-requires.
----
- dir.c | 29 +++++++++++++++++++++++++++--
- 1 file changed, 27 insertions(+), 2 deletions(-)
-
-diff --git a/dir.c b/dir.c
-index adbb8a9..c343e4c 100644
---- a/dir.c
-+++ b/dir.c
-@@ -1299,15 +1299,40 @@ local_stat (const char *path, struct stat *buf)
- }
- #endif
- 
-+/* Similarly for lstat.  */
-+#if !defined(lstat) && !defined(WINDOWS32) || defined(VMS)
-+# ifndef VMS
-+#  ifndef HAVE_SYS_STAT_H
-+int lstat (const char *path, struct stat *sbuf);
-+#  endif
-+# else
-+    /* We are done with the fake lstat.  Go back to the real lstat */
-+#   ifdef lstat
-+#     undef lstat
-+#   endif
-+# endif
-+# define local_lstat lstat
-+#elif defined(WINDOWS32)
-+/* Windows doesn't support lstat().  */
-+# define local_lstat local_stat
-+#else
-+static int
-+local_lstat (const char *path, struct stat *buf)
-+{
-+  int e;
-+  EINTRLOOP (e, lstat (path, buf));
-+  return e;
-+}
-+#endif
-+
- void
- dir_setup_glob (glob_t *gl)
- {
-   gl->gl_opendir = open_dirstream;
-   gl->gl_readdir = read_dirstream;
-   gl->gl_closedir = free;
-+  gl->gl_lstat = local_lstat;
-   gl->gl_stat = local_stat;
--  /* We don't bother setting gl_lstat, since glob never calls it.
--     The slot is only there for compatibility with 4.4 BSD.  */
- }
- 
- void
--- 
-cgit v1.0-41-gc330
-
diff --git a/src/patches/make-4.2.1-glob-build-fix.patch b/src/patches/make-4.2.1-glob-build-fix.patch
deleted file mode 100644
index d5303b053..000000000
--- a/src/patches/make-4.2.1-glob-build-fix.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- make-4.2.1/configure.ac~	2018-02-08 12:31:17.105922978 +0000
-+++ make-4.2.1/configure.ac	2018-02-08 12:31:35.249509647 +0000
-@@ -402,7 +402,7 @@ AC_CACHE_CHECK([if system libc has GNU g
- #define GLOB_INTERFACE_VERSION 1
- #if !defined _LIBC && defined __GNU_LIBRARY__ && __GNU_LIBRARY__ > 1
- # include <gnu-versions.h>
--# if _GNU_GLOB_INTERFACE_VERSION == GLOB_INTERFACE_VERSION
-+# if _GNU_GLOB_INTERFACE_VERSION >= GLOB_INTERFACE_VERSION
-    gnu glob
- # endif
- #endif],


hooks/post-receive
--
IPFire 2.x development tree