* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 18b67efc6fc7414ab7a2d4865357e70c0b1da314
@ 2025-08-30 17:51 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-08-30 17:51 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 18b67efc6fc7414ab7a2d4865357e70c0b1da314 (commit)
via 549624643bdb9aa23fe3452e1715725f9cd83ca7 (commit)
via 51a09474c2651160048b34e0416f3d9de897edcf (commit)
via d4eb2e77a9647c6b85a73f3d5695d72c1665f03a (commit)
via 351113e21eecd730b33a2d73c1bb74eff9fcb845 (commit)
via 7c86a0354a4e5d0dc970c0500864a95ff60f04a3 (commit)
via 676ce3b4cfdc72c758380da512ee3a00c370623e (commit)
via 5339b5bc1ada6b4148384bc7db5e5b91b519c895 (commit)
via 6c35b21c6760c6f9f6cfa57dbca0a5a917baa470 (commit)
from 8de5c299f9674cbeb6eff05eaaf696fd03915ce1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 18b67efc6fc7414ab7a2d4865357e70c0b1da314
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Aug 30 15:32:42 2025 +0200
core198: Ship fireinfo
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 549624643bdb9aa23fe3452e1715725f9cd83ca7
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Aug 30 15:27:15 2025 +0200
fireinfo: housekeeping to merge patches into version v2.2.1
- As the last update was 5 years ago, I thought it good housekeeping to merge the four
patches into the fireinfo tarball
- Update of rootfile not required
- Changelog
v2.2.1
Inclusion of previous four patches into tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 51a09474c2651160048b34e0416f3d9de897edcf
Merge: 8de5c299f d4eb2e77a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Aug 30 17:50:00 2025 +0000
Merge remote-tracking branch 'origin/master' into next
-----------------------------------------------------------------------
Summary of changes:
config/backup/backup.pl | 5 --
.../{oldcore/127 => core/198}/filelists/fireinfo | 0
config/rootfiles/oldcore/197/update.sh | 4 --
html/cgi-bin/ovpnmain.cgi | 56 +++++++++++-----------
lfs/fireinfo | 16 ++-----
...ff-by-one-error-when-detecting-hypervisor.patch | 38 ---------------
.../fireinfo/fireinfo-2.2.0-python-3.8.patch | 26 ----------
...nfo-system-blacklist-jetways-product-uuid.patch | 28 -----------
...stem-ignore-when-the-serial-number-is-ssn.patch | 37 --------------
9 files changed, 32 insertions(+), 178 deletions(-)
copy config/rootfiles/{oldcore/127 => core/198}/filelists/fireinfo (100%)
delete mode 100644 src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch
delete mode 100644 src/patches/fireinfo/fireinfo-2.2.0-python-3.8.patch
delete mode 100644 src/patches/fireinfo/fireinfo-system-blacklist-jetways-product-uuid.patch
delete mode 100644 src/patches/fireinfo/fireinfo-system-ignore-when-the-serial-number-is-ssn.patch
Difference in files:
diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 42d24aa3c4..e79f510c67 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -350,11 +350,6 @@ restore_backup() {
fi
# Update the OpenVPN configuration and restart the openvpn daemons
- if grep -q "ncp-disable" /var/ipfire/ovpn/server.conf; then
- sed -r -e "/ncp-disable/d" -i /var/ipfire/ovpn/server.conf
- echo "DATACIPHERS=AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305" >> \
- /var/ipfire/ovpn/settings
- fi
sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
/etc/init.d/openvpn-n2n restart
/etc/init.d/openvpn-rw restart
diff --git a/config/rootfiles/core/198/filelists/fireinfo b/config/rootfiles/core/198/filelists/fireinfo
new file mode 120000
index 0000000000..c46115521f
--- /dev/null
+++ b/config/rootfiles/core/198/filelists/fireinfo
@@ -0,0 +1 @@
+../../../common/fireinfo
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/197/update.sh b/config/rootfiles/oldcore/197/update.sh
index f1800b2c09..0fd5cc6f03 100644
--- a/config/rootfiles/oldcore/197/update.sh
+++ b/config/rootfiles/oldcore/197/update.sh
@@ -123,10 +123,6 @@ ldconfig
/usr/local/bin/filesystem-cleanup
# Update the OpenVPN configuration
-if grep -q "ncp-disable" /var/ipfire/ovpn/server.conf; then
- sed -r -e "/ncp-disable/d" -i /var/ipfire/ovpn/server.conf
- echo "DATACIPHERS=AES-256-GCM|AES-128-GCM|CHACHA20-POLY1305" >> /var/ipfire/ovpn/settings
-fi
sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
# Apply SSH configuration
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index dfe7f8ad58..ccf46fb02f 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -132,7 +132,7 @@ my $col="";
"MAX_CLIENTS" => 100,
"MSSFIX" => "off",
"TLSAUTH" => "on",
-}) unless (%vpnsettings);
+});
# Load CGI parameters
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
@@ -211,6 +211,21 @@ sub deletebackupcert
}
}
+# Writes the OpenVPN RW server settings and ensures that some values are set
+sub writesettings() {
+ # Initialize TLSAUTH
+ if ($vpnsettings{"TLSAUTH"} eq "") {
+ $vpnsettings{"TLSAUTH"} = "off";
+ }
+
+ # Initialize MSSFIX
+ if ($vpnsettings{"MSSFIX"} eq "") {
+ $vpnsettings{"MSSFIX"} = "off";
+ }
+
+ &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
+}
+
sub writeserverconf {
# Do we require the OpenSSL Legacy Provider?
my $requires_legacy_provider = 0;
@@ -590,6 +605,7 @@ sub write_ccd_configs() {
foreach my $key (keys %conns) {
my $name = $conns{$key}[1];
my $type = $conns{$key}[3];
+ my $gateway = "";
# Skip anything that isn't a host connection
next unless ($type eq "host");
@@ -616,8 +632,13 @@ sub write_ccd_configs() {
# Fetch the network of the pool
my $network = &get_cdd_network($pool);
+ my $netaddr = &Network::get_netaddress($network);
my $netmask = &Network::get_netmask($network);
+ # The gateway is always the first address in the network
+ # (this is needed to push any routes below)
+ $gateway = &Network::find_next_ip_address($netaddr, 1);
+
if (defined $address && defined $network && defined $netmask) {
print CONF "# Allocated IP address from $pool\n";
print CONF "ifconfig-push ${address} ${netmask}\n\n";
@@ -693,7 +714,7 @@ sub write_ccd_configs() {
next;
}
- print CONF "push \"route $netaddress $netmask\"\n";
+ print CONF "push \"route $netaddress $netmask $gateway\"\n";
}
# Newline
@@ -1067,7 +1088,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
}
if ($cgiparams{'MSSFIX'} ne 'on') {
- delete $vpnsettings{'MSSFIX'};
+ $vpnsettings{'MSSFIX'} = "off";
} else {
$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
}
@@ -1124,7 +1145,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
}
# Store our configuration
- &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ &writesettings();
# Write the server configuration
&writeserverconf();
@@ -1419,7 +1440,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
$vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
# Store our configuration
- &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ &writesettings();
# Write the OpenVPN server configuration
&writeserverconf();
@@ -1596,7 +1617,6 @@ END
$cahash{$key}[0] = $cgiparams{'CA_NAME'};
$cahash{$key}[1] = $casubject;
&General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
-# system('/usr/local/bin/ipsecctrl', 'R');
UPLOADCA_ERROR:
@@ -1652,22 +1672,15 @@ END
foreach my $key (keys %confighash) {
my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
if (grep(/: OK/, @test)) {
- # Delete connection
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'D', $key);
-# }
unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
delete $confighash{$key};
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-# &writeipsecfiles();
}
}
unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
delete $cahash{$cgiparams{'KEY'}};
&General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
-# system('/usr/local/bin/ipsecctrl', 'R');
} else {
$errormessage = $Lang::tr{'invalid key'};
}
@@ -1710,7 +1723,6 @@ END
unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
delete $cahash{$cgiparams{'KEY'}};
&General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
-# system('/usr/local/bin/ipsecctrl', 'R');
}
} else {
$errormessage = $Lang::tr{'invalid key'};
@@ -1978,7 +1990,7 @@ END
$vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
$vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
$vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
- &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ &writesettings();
# Replace empty strings with a .
(my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
@@ -2178,10 +2190,6 @@ END
ROOTCERT_SUCCESS:
&General::system("chmod", "600", "${General::swroot}/ovpn/certs/serverkey.pem");
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'S');
-# }
###
### Enable/Disable connection
@@ -3238,19 +3246,9 @@ END
if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
$confighash{$cgiparams{'KEY'}}[0] = 'on';
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- #&writeserverconf();
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
-# }
} else {
$confighash{$cgiparams{'KEY'}}[0] = 'off';
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-# }
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- #&writeserverconf();
}
} else {
$errormessage = $Lang::tr{'invalid key'};
diff --git a/lfs/fireinfo b/lfs/fireinfo
index 629626d1e9..b8727c7787 100644
--- a/lfs/fireinfo
+++ b/lfs/fireinfo
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.2.0
+VER = 2.2.1
THISAPP = fireinfo-v$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 765a483359a9061df8e8a60c90b851900e14ca4229ff8554f54ada661ef59b97e1c7bb1b6a4767ec5ce9fa813fa3d45576e69e3efe1793a9b9d341de1c3818f6
+$(DL_FILE)_BLAKE2 = f811c8acf078c6fcb27305f0a6b81429862ad9631699e50ee0e4b2e713c8e1a745ba453783422598b818da59fd4d9e96be395884a7fccd7bcda0e64c7cd8d692
install : $(TARGET)
@@ -70,15 +70,9 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-
- # Apply upstream patches
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/fireinfo-2.2.0-python-3.8.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/fireinfo-system-blacklist-jetways-product-uuid.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/fireinfo-system-ignore-when-the-serial-number-is-ssn.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch
-
cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch b/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch
deleted file mode 100644
index 0799ecce5b..0000000000
--- a/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From e3e68b9baa9723916b1999394432e9ad260cfaa2 Mon Sep 17 00:00:00 2001
-From: Michael Tremer <michael.tremer@ipfire.org>
-Date: Sat, 1 Jul 2023 09:08:48 +0000
-Subject: [PATCH] virt: Fix off-by-one error when detecting hypervisor
-
-Reported-by: Mauro Condarelli <mc5686@mclink.it>
-Fixes: #13155 - _fireinfo.detect_hypervisor() rises Segmentation fault
-Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
----
- src/_fireinfo/fireinfo.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/_fireinfo/fireinfo.c b/src/_fireinfo/fireinfo.c
-index 1d3f424..18edf34 100644
---- a/src/_fireinfo/fireinfo.c
-+++ b/src/_fireinfo/fireinfo.c
-@@ -32,8 +32,8 @@ enum hypervisors {
- HYPER_KVM,
- HYPER_MSHV,
- HYPER_VMWARE,
-+ // Must always be last
- HYPER_OTHER,
-- HYPER_LAST /* for loop - must be last*/
- };
-
- const char *hypervisor_ids[] = {
-@@ -157,7 +157,7 @@ int detect_hypervisor(int *hypervisor) {
- *hypervisor = HYPER_OTHER;
-
- if (*sig.text) {
-- for (int id = HYPER_NONE + 1; id < HYPER_LAST; id++) {
-+ for (int id = HYPER_NONE + 1; id < HYPER_OTHER; id++) {
- if (strcmp(hypervisor_ids[id], sig.text) == 0) {
- *hypervisor = id;
- break;
---
-2.39.2
-
diff --git a/src/patches/fireinfo/fireinfo-2.2.0-python-3.8.patch b/src/patches/fireinfo/fireinfo-2.2.0-python-3.8.patch
deleted file mode 100644
index ca0e6843b9..0000000000
--- a/src/patches/fireinfo/fireinfo-2.2.0-python-3.8.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 1d70d3cbf7e1fe1e1f0760e9a79e520e416519fe Mon Sep 17 00:00:00 2001
-From: Michael Tremer <michael.tremer@ipfire.org>
-Date: Tue, 18 May 2021 13:40:51 +0000
-Subject: [PATCH] python: Fix linking against Python 3.8
-
-Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index ede2cb6..6efe73c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -91,7 +91,7 @@ AC_SUBST([OUR_LDFLAGS], $with_ldflags)
-
- # Python
- AM_PATH_PYTHON([3.7])
--PKG_CHECK_MODULES([PYTHON_DEVEL], [python-${PYTHON_VERSION}])
-+PKG_CHECK_MODULES([PYTHON_DEVEL], [python-${PYTHON_VERSION}-embed python-${PYTHON_VERSION}])
-
- AC_CONFIG_FILES([
- Makefile
---
-2.20.1
-
diff --git a/src/patches/fireinfo/fireinfo-system-blacklist-jetways-product-uuid.patch b/src/patches/fireinfo/fireinfo-system-blacklist-jetways-product-uuid.patch
deleted file mode 100644
index f604d84330..0000000000
--- a/src/patches/fireinfo/fireinfo-system-blacklist-jetways-product-uuid.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 33be9aa38d65dace9a61247f41ac3627a6750cce Mon Sep 17 00:00:00 2001
-From: Michael Tremer <michael.tremer@ipfire.org>
-Date: Fri, 8 Jul 2022 08:30:55 +0000
-Subject: [PATCH] system: Blacklist Jetway's product UUID
-
-Fixes: #12896
-Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
----
- src/fireinfo/system.py | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
-index 4c0b0a3..c9c81b1 100644
---- a/src/fireinfo/system.py
-+++ b/src/fireinfo/system.py
-@@ -51,6 +51,9 @@ INVALID_ID_STRINGS = (
- "03000200-0400-0500-0006-000700080009",
- "11111111-1111-1111-1111-111111111111",
- "0000000", "00000000",
-+
-+ # Jetway gives all systems the same product UUID
-+ "3b903780-4f79-1018-816e-aeb2724778a7",
- )
-
- INVALID_ID_STRINGS_EXACT_MATCH = (
---
-2.30.2
-
diff --git a/src/patches/fireinfo/fireinfo-system-ignore-when-the-serial-number-is-ssn.patch b/src/patches/fireinfo/fireinfo-system-ignore-when-the-serial-number-is-ssn.patch
deleted file mode 100644
index 611bc98ce4..0000000000
--- a/src/patches/fireinfo/fireinfo-system-ignore-when-the-serial-number-is-ssn.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 4d74466456c0824663e10881f9deabcd1f4d32c3 Mon Sep 17 00:00:00 2001
-From: Michael Tremer <michael.tremer@ipfire.org>
-Date: Fri, 8 Jul 2022 08:31:25 +0000
-Subject: [PATCH] system: Ignore when the serial number is "SSN"
-
-Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
----
- src/fireinfo/system.py | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
-index c9c81b1..9edc345 100644
---- a/src/fireinfo/system.py
-+++ b/src/fireinfo/system.py
-@@ -44,7 +44,7 @@ INVALID_ID_STRINGS = (
- "EVAL",
- "Not Applicable",
- "None", "empty",
-- "Serial", "System Serial Number",
-+ "Serial", "System Serial Number", "SSN",
- "XXXXX",
- "01010101-0101-0101-0101-010101010101",
- "00020003-0004-0005-0006-000700080009",
-@@ -272,7 +272,9 @@ class System(object, metaclass=Singleton):
- if not ids:
- root_disk_serial = self.root_disk_serial
- if root_disk_serial and not root_disk_serial.startswith("QM000"):
-- ids.append(root_disk_serial)
-+ # Skip any invalid IDs
-+ if not root_disk_serial in INVALID_ID_STRINGS:
-+ ids.append(root_disk_serial)
-
- # As last resort, we use the UUID from pakfire.
- if not ids:
---
-2.30.2
-
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-08-30 17:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-08-30 17:51 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 18b67efc6fc7414ab7a2d4865357e70c0b1da314 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox