Merge branch 'next' into fifteen

2026-04-09 18:45:54 +02:00 · 2013-10-14 14:12:04 +02:00
parent 5b0bc4ca3d 8dc177053f
commit 568438067c
14 changed files with 72 additions and 15 deletions
--- a/config/rootfiles/oldcore/73/update.sh
+++ b/config/rootfiles/oldcore/73/update.sh
@@ -42,6 +42,15 @@ done
 #Extract files
 extract_files

+if [ -e "/var/ipfire/proxy/enable" ] || [ -e "/var/ipfire/proxy/enable_blue" ]; then
+	(
+		eval $(/usr/local/bin/readhash /var/ipfire/proxy/advanced/settings)
+
+		TRANSPARENT_PORT="$(( ${PROXY_PORT} + 1 ))"
+		echo "TRANSPORT_PORT=${TRANSPARENT_PORT}" >> /var/ipfire/proxy/advanced/settings
+	)
+fi
+
 # Regenerate squid configuration files.
 /srv/web/ipfire/cgi-bin/proxy.cgi

--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -549,6 +549,8 @@ WARNING: untranslated string: Set time on boot
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: age second
 WARNING: untranslated string: age seconds
 WARNING: untranslated string: age shour
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -551,6 +551,8 @@ WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: age second
 WARNING: untranslated string: age seconds
 WARNING: untranslated string: age shour
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -552,6 +552,8 @@ WARNING: translation string unused: year-graph
 WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: advproxy cache-digest
+WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: age second
 WARNING: untranslated string: age seconds
 WARNING: untranslated string: age shour
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -549,6 +549,8 @@ WARNING: untranslated string: Set time on boot
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: age second
 WARNING: untranslated string: age seconds
 WARNING: untranslated string: age shour
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -543,6 +543,8 @@ WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: age second
 WARNING: untranslated string: age seconds
 WARNING: untranslated string: age shour
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -555,6 +555,8 @@ WARNING: translation string unused: xtaccess bad transfert
 WARNING: translation string unused: year-graph
 WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
+WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: bytes
 WARNING: untranslated string: dnsforward
 WARNING: untranslated string: dnsforward add a new entry
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -13,6 +13,8 @@
 ############################################################################
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
+< advproxy errmsg proxy ports equal
+< advproxy proxy port transparent
 < age second
 < age seconds
 < age shour
@@ -414,6 +416,8 @@
 ############################################################################
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
+< advproxy errmsg proxy ports equal
+< advproxy proxy port transparent
 < age second
 < age seconds
 < age shour
@@ -808,6 +812,8 @@
 ############################################################################
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
+< advproxy errmsg proxy ports equal
+< advproxy proxy port transparent
 < age second
 < age seconds
 < age shour
@@ -1178,6 +1184,8 @@
 < Add a route
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
+< advproxy errmsg proxy ports equal
+< advproxy proxy port transparent
 < age second
 < age seconds
 < age shour
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -195,6 +195,7 @@ $proxysettings{'ENABLE_BLUE'} = 'off';
 $proxysettings{'TRANSPARENT'} = 'off';
 $proxysettings{'TRANSPARENT_BLUE'} = 'off';
 $proxysettings{'PROXY_PORT'} = '800';
+$proxysettings{'TRANSPARENT_PORT'} = '3128';
 $proxysettings{'VISIBLE_HOSTNAME'} = '';
 $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
 $proxysettings{'ADMIN_PASSWORD'} = '';
@@ -212,7 +213,7 @@ $proxysettings{'LOGGING'} = 'off';
 $proxysettings{'CACHEMGR'} = 'off';
 $proxysettings{'LOGQUERY'} = 'off';
 $proxysettings{'LOGUSERAGENT'} = 'off';
-$proxysettings{'FILEDESCRIPTORS'} = '4096';
+$proxysettings{'FILEDESCRIPTORS'} = '16384';
 $proxysettings{'CACHE_MEM'} = '2';
 $proxysettings{'CACHE_SIZE'} = '50';
 $proxysettings{'MAX_SIZE'} = '4096';
@@ -359,6 +360,15 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 		$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
 		goto ERROR;
 	}
+	if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'})))
+	{
+		$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
+		goto ERROR;
+	}
+	if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) {
+		$errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'};
+		goto ERROR;
+	}
 	if (!($proxysettings{'UPSTREAM_PROXY'} eq ''))
 	{
 		my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
@@ -956,8 +966,8 @@ print <<END
 <tr>
 	<td class='base'>$Lang::tr{'advproxy transparent on'} <font color="$Header::colourgreen">Green</font>:</td>
 	<td><input type='checkbox' name='TRANSPARENT' $checked{'TRANSPARENT'}{'on'} /></td>
-	<td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
-	<td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
+	<td width='25%' class='base'>$Lang::tr{'advproxy proxy port transparent'}:</td>
+	<td width='30%'><input type='text' name='TRANSPARENT_PORT' value='$proxysettings{'TRANSPARENT_PORT'}' size='5' /></td>
 </tr>
 <tr>
 END
@@ -969,7 +979,8 @@ if ($netsettings{'BLUE_DEV'}) {
 	print "<td colspan='2'>&nbsp;</td>";
 }
 print <<END
-	<td colspan='2'>&nbsp;</td>
+	<td class='base'>$Lang::tr{'advproxy visible hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td><input type='text' name='VISIBLE_HOSTNAME' value='$proxysettings{'VISIBLE_HOSTNAME'}' /></td>
 </tr>
 <tr>
 END
@@ -3078,17 +3089,27 @@ END
 	}

 	print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
-	if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" }
 	if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
 	print FILE "\n";

-	if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
-		print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
-		if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') { print FILE " transparent" }
+	if ($proxysettings{'TRANSPARENT'} eq 'on') {
+		print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
 		if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
 		print FILE "\n";
 	}

+	if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') {
+		print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
+		if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
+		print FILE "\n";
+
+		if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
+			print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
+			if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
+			print FILE "\n";
+		}
+	}
+
 	if ($proxysettings{'CACHE_SIZE'} > 0)
 	{
 		print FILE "\n";
@@ -3457,7 +3478,7 @@ END
 	# Check if squidclamav is enabled.
 	if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') {
 		print FILE "\n#Settings for squidclamav:\n";
-		print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'} transparent\n";
+		print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n";
 		print FILE "acl purge method PURGE\n";
 		print FILE "http_access deny to_localhost\n";
 		print FILE "http_access allow localhost\n";
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -243,6 +243,7 @@
 'advproxy errmsg password length 1' => 'Passwort muss mindestens',
 'advproxy errmsg password length 2' => ' Zeichen enthalten',
 'advproxy errmsg passwords different' => 'Passwörter stimmen nicht überein',
+'advproxy errmsg proxy ports equal' => 'Der Proxy-Port darf nicht identisch mit dem transparenten Port sein.',
 'advproxy errmsg radius port' => 'Ungültige RADIUS Portnummer',
 'advproxy errmsg radius secret' => 'Shared Secret erforderlich',
 'advproxy errmsg radius server' => 'Ungültige IP-Adresse für den RADIUS-Server',
@@ -280,6 +281,7 @@
 'advproxy on' => 'Proxy an',
 'advproxy privacy' => 'Datenschutz',
 'advproxy proxy port' => 'Proxy-Port',
+'advproxy proxy port transparent' => 'Transparenter Port',
 'advproxy ram cache size' => 'Cachegröße im Arbeitsspeicher (MB)',
 'advproxy redirector children' => 'Anzahl der Filterprozesse',
 'advproxy reset' => 'Zurücksetzen',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -243,6 +243,7 @@
 'advproxy errmsg password length 1' => 'Password must have at least ',
 'advproxy errmsg password length 2' => ' characters',
 'advproxy errmsg passwords different' => 'Passwords don\'t match',
+'advproxy errmsg proxy ports equal' => 'The proxy port and the transparent port cannot be equal.',
 'advproxy errmsg radius port' => 'Invalid RADIUS port number',
 'advproxy errmsg radius secret' => 'RADIUS shared secret required',
 'advproxy errmsg radius server' => 'Invalid IP address for RADIUS Server',
@@ -280,6 +281,7 @@
 'advproxy on' => 'Proxy on',
 'advproxy privacy' => 'Privacy',
 'advproxy proxy port' => 'Proxy port',
+'advproxy proxy port transparent' => 'Transparent port',
 'advproxy ram cache size' => 'Memory cache size (MB)',
 'advproxy redirector children' => 'Number of filter processes',
 'advproxy reset' => 'Reset',
--- a/lfs/apache2
+++ b/lfs/apache2
@@ -98,6 +98,9 @@ ifeq "$(PASS)" "C"
 	chmod -R 755 /srv/web/ipfire/cgi-bin
 	chmod -R 644 /srv/web/ipfire/html
 	chmod 755 /srv/web/ipfire/html /srv/web/ipfire/html/{index.cgi,redirect.cgi,dial.cgi,images,include,themes,themes/*,themes/*/*}
+
+	# Reset permissions of redirect templates directories
+	find /srv/web/ipfire/html/redirect-templates -type d | xargs chmod -v 755
 else
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_DL)/httpd-2.2.2-config-1.patch
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@

 include Config

-VER        = 3.3.8
+VER        = 3.3.9

 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = 6a8fa0075f2fbdd899ac4c9d95fe67cb
+$(DL_FILE)_MD5 = 6c4ba0d63c3a6d94de2da689f361cdab

 install : $(TARGET)

@@ -114,7 +114,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--enable-cache-digests \
 		--enable-forw-via-db \
 		--enable-htcp \
-		--enable-ipf-transparent \
+		--enable-linux-netfilter \
 		--enable-kill-parent-hack \
 		--disable-wccpv2 \
 		--enable-icap-client \
--- a/src/initscripts/init.d/squid
+++ b/src/initscripts/init.d/squid
@@ -15,8 +15,8 @@ transparent() {
 		eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)

 		# If the proxy port is not set we set the default to 800.
-		if [ -z $PROXY_PORT ]; then
-			PROXY_PORT=800
+		if [ -z "${TRANSPARENT_PORT}" ]; then
+			TRANSPARENT_PORT=800
 		fi

 		LOCALIP=`cat /var/ipfire/red/local-ipaddress | tr -d \n`
@@ -43,7 +43,7 @@ transparent() {
 		
 		iptables -t nat -A SQUID -i $1 -p tcp -d $LOCALIP --dport 80 -j RETURN
 		
-		iptables -t nat -A SQUID -i $1 -p tcp --dport 80 -j REDIRECT --to-port $PROXY_PORT
+		iptables -t nat -A SQUID -i $1 -p tcp --dport 80 -j REDIRECT --to-port "${TRANSPARENT_PORT}"
 }

 case "$1" in