IPCop 1.4.13 est sortie

[Gesp]

Cette mise à jour est essentiellement une mise à jour de certains programmes, la correction de bugs et la mise à jour de certains pilotes. Vous êtes encouragés à mettre à jour depuis les versions précédentes aussi rapidement que vous le pouvez.

IPCop v1.4.13 est inchangé par rapport à 1.4.13rc1.

Comme d'habitude, cette version peut être installée comme une mise à jour des versions précédentes ou à partir d'une iso ou d'image usb bootable pour une installation nouvelle.

La mise à jour est découpé en 2 parties pour des contraintes de taille sur les petites configurations et 1.4.12 n'est qu'une étape intermédiaire.

Installer les 2 mises à jour et rebooter obligatoirement pour utiliser le nouveau noyau.
Le noyau linux-2.4.34 est fourni. Cette mise à jour du noyau peut occasionner des problèmes avec certains add-on qui ne sont pas encore compilés pur ce nouveau noyau.

L'iso pour alpha est fournie à nouveau en version 1.4.13 mais peu de test ont été fait dessus.
Il est prévu qu'à partir de 1.4.13 la version alpha soit publiée en même temps que la version 386.
Aucune mise à jour depuis la version 1.4.0 ne sera publiée, l'écart est trop important. Faire une sauvegarde et réinstaller.

Les fichiers sont disponibles sur le paquet IPCop

si vous voulez compiler depuis les sources, un nouveau paquet .tar.bz2 rassemble toutes les sources externes à IPCop. Vous n'avez pas besoin de charger ce fichier depuis sourceforge manuellement.
./make.sh getothersrc fera cela pour vous, vérifiera l'intégrité du fichier chargé et décompresse l'ensemble dans le répertoire cache.

Voici un résumé des changements que je m'abstiendrais de traduire
Installation
- fix initrd not build with raid device
- allow to pass parameters on boot line to the installer:
swapfilesize and lang parameters are implemented
- split the boot information page in three nice pages
- add memtest option on cd or pxe boot
- fix memory requirement on network install. This is now 12MB like with cd install

Building
- rename big package with all external sources package from source to othersrc
name. This is no more an iso, just a tar.bz2 that will be uncompressed on
cache directory when loaded with ./make.sh getothersrc
- changes files names with $VERSION always in second position to sort in
http://prdownloads.sourceforge.net/ipcop (SF make this directory no more
reachable actually)
- backport KVER trick from 1.5 so that we no more need to adjust src/ROOTFILES
every time kernel version is upgraded.
- compilation work again on alpha but testing is needed
- rename cache/iptables-fixed to iptables-fixed-for-1.4 to prevent conflict when same cache is used with both versions
- strace is compiled but not include (could be used in ./make.sh shell or copied manually)
- exclude blue drivers from drivers.img, this let 250kB free to include new drivers for install from green card
- kbd gzip files without timestamp, files are smaller and md5 no more vary at each compilation
Due to the very small gain, modified files are not include in update (only on new install)

Add Bulgarian, Catalan and Urdu langs to web interface

Update apache to 1.3.37
Update dhcp to 3.0.5
Update e1000 driver to 7.3.15 (out of kernel version)
Update fcron to 3.0.1, this should allow to reset cron timestamp when the clock
is set back from the future.
Update gnupg to 1.4.6 CVE-2006-{6169,6235}, don't link with libusb
Patch gzip for CVE-2006-433{4,5,6,7,8}
Update openssh to 4.5p1 (update sshd_config to listen to IPv4 only with
'AddressFamily inet')
Update openssl to 0.9.7l CVE-2006-{2937,2940,3738,4339,4343}
Upgrade pulsar driver to 4.0.22 (There is a new function that display line
speed, snr and attenuation just after sync)
Update rp-pppoe to 3.8 (now pppoe change UID to nobody after start)
Patch tar for CVE-2006-6097 (remove GNUTYPE_NAMES support)
Update tg3 to 3.66d (out of kernel version)
Upgrade unicorn to 0.9.3 (support new pci card)
Add velocityget driver (VIA gigabit driver)
Upgrade wireless_tools to 28
Enable wanpipe with 2.3.4-3 version (S514 should work now with one setting,
S518 should work in the futur)

Upgrade linux kernel to 2.4.34+Wireless Extension 18
- remove compilation timestamp include in source code of some modules,
- gzip modules without timestamp,
This make everyone that compile same sources to produce exactly same modules
with same md5

Fix crash in restartsquid depending of vpn configuration SF # 1545498
- writehasharray was allowed to write empty line.

setup
- fix new netcard allocation once an RED ethernet interface has been up.
RED_DEV interface was not set down by rc.netaddress.down. So rmmod RED_DRIVER
fail to unload the driver.
- stop firewall after rc.netaddress.down call to allow start just after

amedynusbadsl
- fix rc.amenynusbadsl start as detection based on 'ADSL USB modem' only detect
the modem plugged in and not if the module is loaded or not
- support '103 MADSLU' modem
- remove speedtouch support with this module, this may be confusing

rc.connectioncheck
- refresh ppp/secrets when switching to another profile sf #1557321

rc.netaddress.up rc.network
- shift firewall start from rc.network to rc.netaddress.up to fix SF #1565164 bug
This allow to update ORANGE and BLUE specific rules when those interfaces
are added/removed

rc.red
- fix a warning on atm module cleanup
- on stop, only stop a 'RED is modem' interface when 'RED is modem' is selected
- add support of wanpipe-serial
- wanpipe-adsl is not yet ready

general-functions.pl
- add 'use Net::SSLeay;' so that addons could call FetchPublicIP
- add NextIP function

aliases.cgi
- fix setaliases when toggling enable/disable button and alias name was blank
- fix status checkbox on the editing page always enabled from an existing entry
(sf #1611456)

connections.cgi
- Give color priority to vpn over red, green, blue, orange.
- fix gre protocol display
Output from ip_conn_track_gre (patch iptables 1.3.5?) changed
by removing some fields (protocol & version).

ddns.cgi
- Support namecheap.com, RegisterFly.com and dnsmadeeasy service providers
- Fix selfhost.de mandatory fields and log message
- make OVH use same code as others and use https

dhcp.vgi
- transmit the hostname to reuse it as a 'comment' in newly created fixed lease
- enhance the determination for IP address used while importing a fixed lease
- RFE #1572801, allow all combination of array, record in option definition
- fix : it was possible to update an option definition with a false definition
- fix : it was possible to add more than one option per option definition.

ids.cgi
- handle error message from rules update
Allow to read the error message when refreshing the rules at a too short
intervale time. After downloading rules, a delay is instaured before next
download is open. Display this message that is more explicit (but in english).

pppsetup.cgi
- add wanpipe-adsl and wanpipe-serial interface
wanpipe-serial should work with S514

proxy.cgi
- add missing check for LOGGING input
- add an option to allow real separation from BLUE to GREEN when used as
transparent proxy

shutdown.cgi
On some fast machines, there was not enought time to change to index.cgi before
apache has been shut down. Handle that a different way. Start the helper in
background and make the helper slower than the page to refresh.

status.cgi
- fix disk usage display when the devicename is to long

vpnmain.cgi
- allow more characters in the PSK. Only the single quote cannot be used
(sf#1556707)

wireless.cgi
Add a pale grey add image to represent disabled state.

All pages
Log when referer is bad on web interface

VPN
- warn 'vpn incompatible use of defaultroute' as local VPN hostname breaks
Net2Net with PSK sf#1548065
- vpn-watch: --rereadsecrets is necessary with shared keys
- vpn-watch: Handle the case where the 'pipe' had been left alone for some
reason

[Franck78]

Un problème a été découvert ces derniers jours sur SNORT:
(voir l'avis)
http://www.cert-ist.com/fra/ressources/ ... niersavis/

Ne pouvant pas lire l'avis en ce moment (en résumé: déni de service=>100%cpu occupée), je suggère que snort soit désactivé jusqu'a la mise à jour (IPCop 1.4.14) qui ne saurait tarder!

Cela n'enlève en rien la forte recommendation de passer en 1.4.13 ASAP

Franck

[joebar]

Bonjour,


Serait-il possible de fournir les linux-header du noyau 2.4.34 ou alors compiler les vmware tools pour ce noyau ?? ca me permettrais d'upgrader mon ipcop en vmware en 1.4.13. Il manque en effet les drivers vmxnet ...

merci

[Gesp]

Pour les entêtes du noyau, tu as cela dans le paquet toolchain sauf que ce sont encore les entêtes du noyau 2.4.31, vu que cela suffit pour compiler le reste.

Qu'est-ce qu'il te faudrait?

[joebar]

Salut Gesp,

J'ai bien téléchargé l'archive ipcop-1.4.13-othersrc.tar.bz2, récupéré les sources du noyau 2.4.34, mais j'ai un soucis de compilation sur mon ipcop de dev à la compilation des modules des vmware tools :

Code: Tout sélectionner

root@ipcop:~ # vmware-config-tools.pl
It looks like you are trying to run this program in a remote session. This
program will temporarily shut down your network connection, so you should only
run it from a local console session. Are you SURE you want to continue?
[no] yes


Stopping VMware Tools services in the virtual machine:
   Guest operating system daemon:                                      done
Trying to find a suitable vmhgfs module for your running kernel.

None of the pre-built vmhgfs modules for VMware Tools is suitable for your
running kernel.  Do you want this program to try to build the vmhgfs module for
your system (you need to have a C compiler installed on your system)? [yes]

Using compiler "/usr/bin/gcc". Use environment variable CC to override.

What is the location of the directory of C header files that match your running
kernel? [/usr/src/linux/include]

Extracting the sources of the vmhgfs module.

Building the vmhgfs module.

Using standalone build system.
make: Entering directory `/tmp/vmware-config7/vmhgfs-only'
In file included from /usr/src/linux/include/linux/prefetch.h:13,
                 from /usr/src/linux/include/linux/list.h:6,
                 from /usr/src/linux/include/linux/wait.h:14,
                 from /usr/src/linux/include/linux/fs.h:12,
                 from /usr/src/linux/include/linux/capability.h:17,
                 from /usr/src/linux/include/linux/binfmts.h:5,
                 from /usr/src/linux/include/linux/sched.h:9,
                 from /usr/src/linux/include/linux/mm.h:4,
                 from /usr/src/linux/include/linux/slab.h:14,
                 from /usr/src/linux/include/linux/proc_fs.h:5,
                 from dev.c:16:
/usr/src/linux/include/asm/processor.h:247:1: warning: "EISA_bus" redefined
In file included from /usr/include/linux/modversions.h:138,
                 from driver-config.h:44,
                 from dev.c:13:
/usr/include/linux/modules/i386_ksyms.ver:10:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/prefetch.h:13,
                 from /usr/src/linux/include/linux/list.h:6,
                 from /usr/src/linux/include/linux/module.h:13,
                 from main.h:18,
                 from driver.c:15:
/usr/src/linux/include/asm/processor.h:247:1: warning: "EISA_bus" redefined
In file included from /usr/include/linux/modversions.h:138,
                 from driver-config.h:44,
                 from driver.c:13:
/usr/include/linux/modules/i386_ksyms.ver:10:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/prefetch.h:13,
                 from /usr/src/linux/include/linux/list.h:6,
                 from /usr/src/linux/include/linux/module.h:13,
                 from main.c:17:
/usr/src/linux/include/asm/processor.h:247:1: warning: "EISA_bus" redefined
In file included from /usr/include/linux/modversions.h:138,
                 from driver-config.h:44,
                 from main.c:13:
/usr/include/linux/modules/i386_ksyms.ver:10:1: warning: this is the location of the previous definition
make: Leaving directory `/tmp/vmware-config7/vmhgfs-only'
Unable to make a vmhgfs module that can be loaded in the running kernel:
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol unlock_new_inode_R23182d90
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol fget_R2c14f2c9
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol wake_up_process_Rdaa34de8
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol register_filesystem_Rc82e348f
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol remove_proc_entry_R9283faf9
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol generic_read_dir_Rea819e01
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol zone_table_R0a37f72e
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol d_rehash_R133e0852
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol proc_mkdir_R2f4aaa59
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol fput_R1c96bfe7
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol __free_pages_Rb59f008f
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol proc_root_fs_R1d13a182
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol create_proc_entry_R7dc7764b
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol iget4_locked_Ra6e9f179
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol _alloc_pages_R611fdce6
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol d_alloc_root_R88569f48
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol d_instantiate_Rbb25749c
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol remove_wait_queue_R8bff74ed
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol unregister_filesystem_R900ebc7f
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol add_wait_queue_exclusive_Rcc5ea6fe
/tmp/vmware-config7/vmhgfs.o: /tmp/vmware-config7/vmhgfs.o: unresolved symbol __pollwait_R7a5400f3
/tmp/vmware-config7/vmhgfs.o:
Hint: You are trying to load a module without a GPL compatible license
      and it has unresolved symbols.  The module may be trying to access
      GPLONLY symbols but the problem is more likely to be a coding or
      user error.  Contact the module supplier for assistance, only they
      can help you.

There is probably a slight difference in the kernel configuration between the
set of C header files you specified and your running kernel.  You may want to
rebuild a kernel based on that directory, or specify another directory.

The filesystem driver (vmhgfs module) is used only for the shared folder
feature. The rest of the software provided by VMware Tools is designed to work
independently of this feature.
If you wish to have the shared folders feature, you can install the driver by
running vmware-config-tools.pl again after making sure that gcc, binutils, make
and the kernel sources for your running kernel are installed on your machine.
These packages are available on your distribution's installation CD.
[ Press Enter key to continue ]



J'ai le même problème avec le module réseau vmxnet. Alors qu'avec le 2.4.31 je n'ai eu aucun soucis. Ensuite je copie les modules sur mon ipcop de prod, à la maison bien sur.

Je peut te fournir les archives des modules à compiler si tu veux ...

merci