From: Michael Tremer Date: Sat, 20 Jul 2013 16:47:36 +0000 (+0200) Subject: Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=6cdde6c0bb08508cbbbc9fe430421098e1e1999f;hp=26dfc86a7be473138c60e1a869e51b30db346a0f Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next --- diff --git a/config/rootfiles/core/72/exclude b/config/rootfiles/core/72/exclude new file mode 100644 index 000000000..321a931ca --- /dev/null +++ b/config/rootfiles/core/72/exclude @@ -0,0 +1,17 @@ +srv/web/ipfire/html/proxy.pac +boot/config.txt +etc/udev/rules.d/30-persistent-network.rules +etc/collectd.custom +etc/shadow +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +var/log/cache +var/updatecache +etc/localtime +var/ipfire/ovpn +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +var/state/dhcp/dhcpd.leases diff --git a/config/rootfiles/core/72/filelists/files b/config/rootfiles/core/72/filelists/files new file mode 100644 index 000000000..efa475945 --- /dev/null +++ b/config/rootfiles/core/72/filelists/files @@ -0,0 +1,3 @@ +etc/system-release +etc/issue +usr/local/bin/openvpnctrl diff --git a/config/rootfiles/core/72/meta b/config/rootfiles/core/72/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/core/72/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/72/update.sh b/config/rootfiles/core/72/update.sh new file mode 100644 index 000000000..f365abb0e --- /dev/null +++ b/config/rootfiles/core/72/update.sh @@ -0,0 +1,62 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2013 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# +# Remove old core updates from pakfire cache to save space... +core=72 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# +#Stop services + + +# +#Extract files +extract_files + + +# +#Start services + +# +#Update Language cache +#perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# +#Finish +/etc/init.d/fireinfo start +sendprofile +#Don't report the exitcode last command +exit 0 + diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index a4953ffe4..5e18d3cb5 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -127,21 +127,6 @@ sub sizeformat{ return("$newsize $units[$i]"); } -sub valid_dns_host { - my $hostname = $_[0]; - unless ($hostname) { return "No hostname"}; - my $res = new Net::DNS::Resolver; - my $query = $res->search("$hostname"); - if ($query) { - foreach my $rr ($query->answer) { - ## Potential bug - we are only looking at A records: - return 0 if $rr->type eq "A"; - } - } else { - return $res->errorstring; - } -} - sub cleanssldatabase { if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) { @@ -982,7 +967,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "persist-key\n"; print SERVERCONF "script-security 2\n"; print SERVERCONF "# IP/DNS for remote Server Gateway\n"; + + if ($cgiparams{'REMOTE'} ne '') { print SERVERCONF "remote $cgiparams{'REMOTE'}\n"; + } + print SERVERCONF "float\n"; print SERVERCONF "# IP adresses of the VPN Subnet\n"; print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; @@ -2339,6 +2328,9 @@ ADV_ERROR: if ($cgiparams{'LOG_VERB'} eq '') { $cgiparams{'LOG_VERB'} = '3'; } + if ($cgiparams{'PMTU_DISCOVERY'} eq '') { + $cgiparams{'PMTU_DISCOVERY'} = 'off'; + } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED'; @@ -3520,6 +3512,14 @@ if ($cgiparams{'TYPE'} eq 'net') { goto VPNCONF_ERROR; } + # Check if the input for the transfer net is valid. + if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){ + $errormessage = $Lang::tr{'ccd err invalidnet'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) { $errormessage = $Lang::tr{'openvpn subnet is used'}; unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; @@ -3603,34 +3603,38 @@ if ($cgiparams{'TYPE'} eq 'net') { } } - if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { + # Check if a remote host/IP has been set for the client. + if ($cgiparams{'REMOTE'} eq '' && $cgiparams{'SIDE'} ne 'server') { $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + + # Check if this is a N2N connection and drop temporary config. if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; } - if ($cgiparams{'REMOTE'}) { + # Check if a remote host/IP has been configured - the field can be empty on the server side. + if ($cgiparams{'REMOTE'} ne '') { + + # Check if the given IP is valid - otherwise check if it is a valid domain. if (! &General::validip($cgiparams{'REMOTE'})) { + + # Check for a valid domain. if (! &General::validfqdn ($cgiparams{'REMOTE'})) { $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + + # Check if this is a N2N connection and drop temporary config. if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; - } else { - if (&valid_dns_host($cgiparams{'REMOTE'})) { - $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}"; - if ($cgiparams{'TYPE'} eq 'net') { - - } - } } } } + if ($cgiparams{'TYPE'} ne 'host') { unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) { $errormessage = $Lang::tr{'local subnet is invalid'}; @@ -4147,6 +4151,9 @@ if ($cgiparams{'TYPE'} eq 'net') { $checked{'MSSFIX'}{'on'} = ''; $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; + if ($cgiparams{'PMTU_DISCOVERY'} eq '') { + $cgiparams{'PMTU_DISCOVERY'} = 'off'; + } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\''; diff --git a/lfs/transmission b/lfs/transmission index b20ae8852..9d5dfa578 100644 --- a/lfs/transmission +++ b/lfs/transmission @@ -24,7 +24,7 @@ include Config -VER = 2.80 +VER = 2.81 THISAPP = transmission-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = transmission -PAK_VER = 7 +PAK_VER = 8 DEPS = "libevent2" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 2bde600d4b0a75d0bd3784550d59a8af +$(DL_FILE)_MD5 = db1ad10ecff07150486dab2365ccb3a8 install : $(TARGET) diff --git a/make.sh b/make.sh index 88af89876..8ca36bf9c 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.13" # Version number -CORE="71" # Core Level (Filename) +CORE="72" # Core Level (Filename) PAKFIRE_CORE="71" # Core Level (PAKFIRE) GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch SLOGAN="www.ipfire.org" # Software slogan