From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu, 14 Oct 2010 06:29:18 +0000 (+0200)
Subject: Merge branch 'next' of ssh://arne_f@git.ipfire.org/pub/git/ipfire-2.x into next
X-Git-Tag: v2.9-beta1~48^2~5^2~2^2~60
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=a4aae93d9616aff917de21317a917246f9417b07;hp=e21bd39e1271891eb3105e980c85bdd72306ccbd

Merge branch 'next' of ssh://arne_f@git.ipfire.org/pub/git/ipfire-2.x into next

Conflicts:
	doc/packages-list.txt
---

diff --git a/config/guardian/guardian.pl b/config/guardian/guardian.pl
index 0c37c34f4f..c7fd5f8656 100644
--- a/config/guardian/guardian.pl
+++ b/config/guardian/guardian.pl
@@ -50,6 +50,8 @@ print "My gatewayaddess is: $gatewayaddr\n";
 			# destination was found.
 	"$hostipaddr" => 1);
 
+&get_aliases;
+
 %sshhash = ();
 
 if ( -e $targetfile ) {
@@ -186,8 +188,8 @@ sub ipchain {
 	my ($source, $dest, $type) = @_;
 	&write_log ("$source\t$type\n");
 	if ($hash{$source} eq "") {
-		&write_log ("Running '$blockpath $source'\n");
-		system ("$blockpath $source");
+		&write_log ("Running '$blockpath $source $interface'\n");
+		system ("$blockpath $source $interface");
 		$hash{$source} = time() + $TimeLimit;
 	} else {
 # We have already blocked this one, but snort detected another attack. So
@@ -244,6 +246,9 @@ sub load_conf {
 		}
 		if (/Interface\s+(.*)/) {
 			$interface = $1;
+			if ( $interface eq "" ) {
+				$interface = `cat /var/ipfire/ethernet/settings | grep RED_DEV | cut -d"=" -f2`;
+			}
 		}
 		if (/AlertFile\s+(.*)/) {
 			$alert_file = $1;
@@ -265,16 +270,13 @@ sub load_conf {
 		}
 	}
 
-	if ($interface eq "") {
-		die "Fatal! Interface is undefined.. Please define it in $opt_o with keyword Interface\n";
-	}
 	if ($alert_file eq "") {
 		print "Warning! AlertFile is undefined.. Assuming /var/log/snort.alert\n";
 		$alert_file="/var/log/snort.alert";
 	}
 	if ($hostipaddr eq "") {
 		print "Warning! HostIpAddr is undefined! Attempting to guess..\n";
-		$hostipaddr = &get_ip($interface);
+		$hostipaddr = `cat /var/ipfire/red/local-ipaddress`;
 		print "Got it.. your HostIpAddr is $hostipaddr\n";
 	}
 	if ($ignorefile eq "") {
@@ -345,30 +347,9 @@ sub daemonize {
 	}
 }
 
-sub get_ip {
-	my ($interface) = $_[0];
-	my $ip;
-	open (IFCONFIG, "/bin/netstat -iee |grep $interface -A7 |");
-	while (<IFCONFIG>) {
-		if ($OS eq "FreeBSD") {
-			if (/inet (\d+\.\d+\.\d+\.\d+)/) {
-				$ip = $1;
-			}
-		}
-		if ($OS eq "Linux") {
-			if (/inet addr:(\d+\.\d+\.\d+\.\d+)/) {
-				$ip = $1;
-			}
-		}
-	}
-	close (IFCONFIG);
-
-	if ($ip eq "") { die "Couldn't figure out the ip address\n"; }
-		$ip;
-	}
-
 sub sig_handler_setup {
-	$SIG{TERM} = \&clean_up_and_exit; # kill
+	$SIG{INT} = \&clean_up_and_exit; # kill -2
+	$SIG{TERM} = \&clean_up_and_exit; # kill -9
 	$SIG{QUIT} = \&clean_up_and_exit; # kill -3
 #  $SIG{HUP} = \&flush_and_reload; # kill -1
 }
@@ -387,7 +368,7 @@ sub remove_blocks {
 sub call_unblock {
 	my ($source, $message) = @_;
 	&write_log ("$message");
-	system ("$unblockpath $source");
+	system ("$unblockpath $source $interface");
 }
 
 sub clean_up_and_exit {
@@ -412,3 +393,22 @@ sub load_targetfile {
 	close (TARG);
 	print "Loaded $count addresses from $targetfile\n";
 }
+
+sub get_aliases {
+	my $ip;
+	print "Scanning for aliases on $interface and add them to the target hash...";
+
+	open (IFCONFIG, "/sbin/ip addr show $interface |");
+	my @lines = <IFCONFIG>;
+	close(IFCONFIG);
+
+	foreach $line (@lines) {
+		if ( $line =~ /inet (\d+\.\d+\.\d+\.\d+)/) {
+			$ip = $1;
+			print " got $ip on $interface ... ";
+			$targethash{'$ip'} = "1";
+		}
+	}
+
+	print "done \n";
+}
\ No newline at end of file
diff --git a/config/guardian/guardian_block.sh b/config/guardian/guardian_block.sh
index 0a44325f18..a8331faaa1 100644
--- a/config/guardian/guardian_block.sh
+++ b/config/guardian/guardian_block.sh
@@ -2,10 +2,11 @@
 
 # this is a sample block script for guardian. This should work with ipchains. 
 # This command gets called by guardian as such:
-#  guardian_block.sh <source_ip>
+#  guardian_block.sh <source_ip> <interface>
 # and the script will issue a command to block all traffic from that source ip
 # address. The logic of weither or not it is safe to block that address is
 # done inside guardian itself.
 source=$1
+interface=$2
 
-/sbin/iptables -I GUARDIANINPUT -s $source -j DROP
+/sbin/iptables -I GUARDIAN -s $source -i $interface -j DROP
diff --git a/config/guardian/guardian_unblock.sh b/config/guardian/guardian_unblock.sh
index e0d3b5d481..315d771951 100644
--- a/config/guardian/guardian_unblock.sh
+++ b/config/guardian/guardian_unblock.sh
@@ -2,8 +2,9 @@
 
 # this is a sample unblock script for guardian. This should work with ipchains. 
 # This command gets called by guardian as such:
-#  unblock.sh <source_ip>
+#  unblock.sh <source_ip> <interface>
 # and the script will issue a command to remove the block that was created with # block.sh address. 
 source=$1
+interface=$2
 
-/sbin/iptables -D GUARDIANINPUT -s $source -j DROP
+/sbin/iptables -D GUARDIAN -s $source -i $interface -j DROP
diff --git a/doc/packages-list.txt b/doc/packages-list.txt
index dac3ba473d..4d9d11e9b6 100644
--- a/doc/packages-list.txt
+++ b/doc/packages-list.txt
@@ -160,6 +160,7 @@
 * igb-2.3.4-kmod-2.6.32.24-ipfire-xen
 * igmpproxy-0.1
 * imspector-0.9
+* imspector-20101008
 * inetutils-1.4.2
 * ipaddr-1.2
 * iperf-2.0.4
@@ -316,6 +317,7 @@
 * rsync-3.0.7
 * rtorrent-0.8.6
 * samba-3.5.5
+* samba-3.5.6
 * sane-1.0.19
 * screen-4.0.3
 * sdparm-1.01
@@ -330,7 +332,7 @@
 * spandsp-0.0.6pre12
 * splix-2.0.0-rc2
 * sqlite-3.6.10
-* squid-2.7.STABLE9
+* squid-3.1.8
 * squidGuard-1.4.1
 * squidclamav-5.4
 * sshfs-fuse-2.2
@@ -373,6 +375,7 @@
 * vnstat-1.6
 * vnstati-beta3
 * vsftpd-2.1.2
+* vsftpd-2.2.2
 * w_scan-20080105
 * watchdog-5.9
 * wget-1.10.2
diff --git a/html/cgi-bin/outgoinggrp.cgi b/html/cgi-bin/outgoinggrp.cgi
index f99468e4fc..a00db2a741 100644
--- a/html/cgi-bin/outgoinggrp.cgi
+++ b/html/cgi-bin/outgoinggrp.cgi
@@ -137,7 +137,7 @@ $ipgroupcontent =~ s/\n/<br \/>/g;
 &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall ip groups'});
 
 print <<END
-<a name="outgoing showipgroup"</a>
+<a name="outgoing showipgroup"></a>
 <br />
 <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showipgroup'>
 <table width='95%' cellspacing='0'>
@@ -214,7 +214,7 @@ $macgroupcontent =~ s/\n/<br \/>/g;
 &Header::openbox('100%', 'center', $Lang::tr{'outgoing firewall mac groups'});
 
 print <<END
-<a name="outgoing showmacgroup"</a>
+<a name="outgoing showmacgroup"></a>
 <br />
 <form method='post' action='$ENV{'SCRIPT_NAME'}#outgoing showmacgroup'>
 <table width='95%' cellspacing='0'>
diff --git a/html/cgi-bin/urlfilter.cgi b/html/cgi-bin/urlfilter.cgi
index eea32bff22..1bfc0392cd 100644
--- a/html/cgi-bin/urlfilter.cgi
+++ b/html/cgi-bin/urlfilter.cgi
@@ -1213,6 +1213,10 @@ print <<END
 	<td colspan='2'>$Lang::tr{'urlfilter blocked domains'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 	<td colspan='2'>$Lang::tr{'urlfilter blocked urls'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 </tr>
+<tr>
+	<td colspan='2'>$Lang::tr{'urlfilter example'}</td>
+	<td colspan='2'>$Lang::tr{'urlfilter example ads'}</td>
+</tr>
 <tr>
 	<td colspan='2' width='50%'><textarea name='CUSTOM_BLACK_DOMAINS' cols='32' rows='6' wrap='off'>
 END
@@ -1252,6 +1256,10 @@ print <<END
 	<td colspan='2'>$Lang::tr{'urlfilter allowed domains'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 	<td colspan='2'>$Lang::tr{'urlfilter allowed urls'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 </tr>
+<tr>
+	<td colspan='2'>$Lang::tr{'urlfilter example'}</td>
+	<td colspan='2'>$Lang::tr{'urlfilter example ads'}</td>
+</tr>
 <tr>
 	<td colspan='2' width='50%'><textarea name='CUSTOM_WHITE_DOMAINS' cols='32' rows='6' wrap='off'>
 END
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 8a740635a0..f303cfbc2c 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1988,7 +1988,7 @@ END
 	print <<END
 	<table width='100%' cellpadding='0' cellspacing='5' border='0'>
 	<tr><td class='base' width='50%'>$Lang::tr{'use a pre-shared key'}</td>
-	    <td class='base' width='50%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td>
+	    <td class='base' width='50%'><input type='password' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td>
 	</tr>
 	</table>
 END
@@ -2006,7 +2006,7 @@ END
 	<table width='100%' cellpadding='0' cellspacing='5' border='0'>
 	<tr><td width='5%'><input type='radio' name='AUTH' value='psk' $checked{'AUTH'}{'psk'} $pskdisabled/></td>
 	    <td class='base' width='55%'>$Lang::tr{'use a pre-shared key'}</td>
-	    <td class='base' width='40%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' $pskdisabled/></td></tr>
+	    <td class='base' width='40%'><input type='password' name='PSK' size='30' value='$cgiparams{'PSK'}' $pskdisabled/></td></tr>
 	<tr><td colspan='3' bgcolor='#000000'></td></tr>
 	<tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td>
 	    <td class='base'><hr />$Lang::tr{'upload a certificate request'}</td>
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 6b01831d5a..0936af009c 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1886,6 +1886,8 @@
 'urlfilter enable log' => 'Aktiviere Protokoll',
 'urlfilter enable rewrite rules' => 'Aktiviere lokale Dateiumleitung',
 'urlfilter enabled' => 'Aktiviert:',
+'urlfilter example' => 'Beispiel: www.domain.com',
+'urlfilter example ads' => 'Beispiel: www.domain.com/ads/',
 'urlfilter export blacklist' => 'Blacklist exportieren',
 'urlfilter export error' => 'Kann Exportdatei nicht erstellen',
 'urlfilter expressions' => 'Ausdrücke (einen pro Zeile)',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 907de5d800..b35a23a781 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1920,6 +1920,8 @@
 'urlfilter enable log' => 'Enable log',
 'urlfilter enable rewrite rules' => 'Enable local file redirection',
 'urlfilter enabled' => 'Enabled:',
+'urlfilter example' => 'Example: www.domain.com',
+'urlfilter example ads' => 'Example: www.domain.com/ads/',
 'urlfilter export blacklist' => 'Export blacklist',
 'urlfilter export error' => 'Unable to create export file',
 'urlfilter expressions' => 'Expressions (one per line)',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index 8074cd29dc..ca2b9348dc 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -1907,6 +1907,8 @@
 'urlfilter enable log' => 'Activar registro',
 'urlfilter enable rewrite rules' => 'Activar redirección de archivos locales',
 'urlfilter enabled' => 'Activado:',
+'urlfilter example' => 'Ejemplo: www.domain.com',
+'urlfilter example ads' => 'Ejemplo: www.domain.com/ads/',
 'urlfilter export blacklist' => 'Exportar lista negra',
 'urlfilter export error' => 'Imposible crear archivo de exportación',
 'urlfilter expressions' => 'Frases (una por línea)',
diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index 7904bb631d..0179e73da8 100644
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -1916,6 +1916,8 @@
 'urlfilter enable log' => 'Activer log',
 'urlfilter enable rewrite rules' => 'Activer fichier local de redirection',
 'urlfilter enabled' => 'Activé:',
+'urlfilter example' => 'Exemple: www.domain.com',
+'urlfilter example ads' => 'Exemple: www.domain.com/ads/',
 'urlfilter export blacklist' => 'Exporter Blackliste',
 'urlfilter export error' => 'Impossible de créer fichier d\'exportation',
 'urlfilter expressions' => 'Expressions (une par ligne)',
diff --git a/lfs/guardian b/lfs/guardian
index 6cec09bd9d..251a56f2aa 100644
--- a/lfs/guardian
+++ b/lfs/guardian
@@ -30,7 +30,7 @@ THISAPP    = guardian-$(VER)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = guardian
-PAK_VER    = 6
+PAK_VER    = 7
 
 DEPS       = ""
 
diff --git a/lfs/imspector b/lfs/imspector
index 31e358dcbd..092211bc8c 100644
--- a/lfs/imspector
+++ b/lfs/imspector
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.9
+VER        = 20101008
 
 THISAPP    = imspector-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = imspector
-PAK_VER    = 1
+PAK_VER    = 2
 
 DEPS       = ""
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 626abf7c2b8f15d56df679ad66624575
+$(DL_FILE)_MD5 = 032407bb13ccddb77328f83eded102ee
 
 install : $(TARGET)
 
@@ -77,9 +77,10 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && make install
+	cd $(DIR_SRC)/imspector && make install
 	-mv /usr/etc/imspector /etc/imspector
-	install -v -m 755  $(DIR_CONF)/imspector/imspector.conf /etc/imspector.conf
+	-mv /etc/imspector/imspector /etc/imspector
+	install -v -m 755 $(DIR_CONF)/imspector/imspector.conf /etc/imspector.conf
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/imspector /var/ipfire/backup/addons/includes/imspector
 	chmod 755 /srv/web/ipfire/cgi-bin/imspector.cgi
 	chown nobody:nobody -R /var/log/imspector
diff --git a/lfs/samba b/lfs/samba
index 496a2bf06e..8a354d85df 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.5.5
+VER        = 3.5.6
 
 THISAPP    = samba-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 30
+PAK_VER    = 31
 
 DEPS       = "cups"
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 278728aeeef9db7e27fa6a2ce5b43509
+$(DL_FILE)_MD5 = bf6c09ea497a166df8bd672db1d8da8f
 
 install : $(TARGET)
 
diff --git a/lfs/vsftpd b/lfs/vsftpd
index e4cb67c4e5..d5e809399e 100644
--- a/lfs/vsftpd
+++ b/lfs/vsftpd
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.1.2
+VER        = 2.2.2
 
 THISAPP    = vsftpd-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = vsftpd
-PAK_VER    = 5
+PAK_VER    = 6
 
 DEPS       = ""
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 6a8c8579d50adf0d0fc07226c03bfb52
+$(DL_FILE)_MD5 = 6d6bc136af14c23f8fef6f1a51f55418
 
 install : $(TARGET)
 
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 366ae071c8..f4d5611d36 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -140,8 +140,9 @@ case "$1" in
 	# CUSTOM chains, can be used by the users themselves
 	/sbin/iptables -N CUSTOMINPUT
 	/sbin/iptables -A INPUT -j CUSTOMINPUT
-	/sbin/iptables -N GUARDIANINPUT
-	/sbin/iptables -A INPUT -j GUARDIANINPUT
+	/sbin/iptables -N GUARDIAN
+	/sbin/iptables -A INPUT -j GUARDIAN
+	/sbin/iptables -A FORWARD -j GUARDIAN
 	/sbin/iptables -N CUSTOMFORWARD
 	/sbin/iptables -A FORWARD -j CUSTOMFORWARD
 	/sbin/iptables -N CUSTOMOUTPUT
diff --git a/src/initscripts/init.d/openvmtools b/src/initscripts/init.d/openvmtools
index c1588e1dcb..a3bd0736ec 100755
--- a/src/initscripts/init.d/openvmtools
+++ b/src/initscripts/init.d/openvmtools
@@ -4,9 +4,9 @@
 #
 # Description : init-script for open-vm-tools
 #
-# Authors     : earl
+# Authors     : Jan Paul Tuecking (earl@ipfire.org)
 #
-# Version     : 00.01
+# Version     : 1.00
 #
 # Notes       :
 #
diff --git a/src/initscripts/init.d/vdradmin b/src/initscripts/init.d/vdradmin
index c7a565d0ec..a0858de35f 100644
--- a/src/initscripts/init.d/vdradmin
+++ b/src/initscripts/init.d/vdradmin
@@ -8,7 +8,8 @@
 #
 # Version     : 01.00
 #
-# Notes       :
+# Notes       : Changes in 01.01
+#             : v.2.6.7 needs /var/run/vdradmin dir (earl@ipfire.org)
 #
 ########################################################################
 
@@ -18,6 +19,7 @@
 case "${1}" in
 	start)
 		boot_mesg "Starting VDR Webadministration Tool..."
+		mkdir /var/run/vdradmin -p
 		loadproc /usr/bin/vdradmind > /dev/null
 		evaluate_retval
 		;;