From 8b417dd143a02900f8ba06510d7ffa3039f15be8 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jul 2013 19:38:54 +0200 Subject: [PATCH 1/4] proxy.cgi: Re-apply accidentially removed changes. Removed in dfee7582f9b386126fcaa6c8cdcb98677e34f5b4, originally introduced in 49c7cb232870cce6986f93bb6fc3b6dbf643ec07. --- html/cgi-bin/proxy.cgi | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 76d52b425..870042ae5 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3071,6 +3071,12 @@ icp_port 0 END ; + + # Include file with user defined settings. + if (-e "/etc/squid/squid.conf.pre.local") { + print FILE "include /etc/squid/squid.conf.pre.local\n\n"; + } + print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}"; if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" } if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } From 25848b36da1363f46ad85570501e6aff7a3eec1e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jul 2013 19:42:53 +0200 Subject: [PATCH 2/4] squidclamav: Fix permissions of /etc/squidclamav.conf. The file must not be executable, but writeable by anybody in the group nobody. --- lfs/squidclamav | 3 ++- src/paks/squidclamav/update.sh | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lfs/squidclamav b/lfs/squidclamav index 79bf5d010..7d9e6afec 100644 --- a/lfs/squidclamav +++ b/lfs/squidclamav @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make install - install -v -m 755 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf + install -v -m 664 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf + chown -v root:nobody /etc/squidclamav.conf install -v -m 644 $(DIR_SRC)/config/backup/includes/squidclamav /var/ipfire/backup/addons/includes/squidclamav chmod 755 /srv/web/ipfire/html/clwarn.cgi @rm -rf $(DIR_APP) diff --git a/src/paks/squidclamav/update.sh b/src/paks/squidclamav/update.sh index 4b542164e..c7380d9c7 100644 --- a/src/paks/squidclamav/update.sh +++ b/src/paks/squidclamav/update.sh @@ -41,6 +41,10 @@ if [ "$VERSION" -lt "16" ]; then -e "s/^#squid_port 3128/squid_port 800/g" \ -e "s/^#trust_cache 1/trust_cache 1/g" -i /etc/squidclamav.conf + # Fix permissions. + chmod 664 /etc/squidclamav.conf + chown root.nobody /etc/squidclamav.conf + # Regenerate configuration files. perl /srv/web/ipfire/cgi-bin/proxy.cgi fi From cfab012b143b6aaf7f181243c96616e060c08d05 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 16 Jul 2013 19:46:29 +0200 Subject: [PATCH 3/4] squidclamav: Fix indentation of update script. --- src/paks/squidclamav/update.sh | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/paks/squidclamav/update.sh b/src/paks/squidclamav/update.sh index c7380d9c7..43760856c 100644 --- a/src/paks/squidclamav/update.sh +++ b/src/paks/squidclamav/update.sh @@ -28,25 +28,26 @@ extract_files VERSION=$(cat /opt/pakfire/db/installed/meta-squidclamav | grep Release | cut -d" " -f2) if [ "$VERSION" -gt "10" ]; then - restore_backup ${NAME} + restore_backup ${NAME} fi if [ "$VERSION" -lt "11" ]; then - sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf + sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf fi if [ "$VERSION" -lt "16" ]; then - sed -e "s/proxy none//g" -i /etc/squidclamav.conf - sed -e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \ - -e "s/^#squid_port 3128/squid_port 800/g" \ - -e "s/^#trust_cache 1/trust_cache 1/g" -i /etc/squidclamav.conf + sed -i /etc/squidclamav.conf \ + -e "s/proxy none//g" \ + -e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \ + -e "s/^#squid_port 3128/squid_port 800/g" \ + -e "s/^#trust_cache 1/trust_cache 1/g" - # Fix permissions. - chmod 664 /etc/squidclamav.conf - chown root.nobody /etc/squidclamav.conf + # Fix permissions. + chmod 664 /etc/squidclamav.conf + chown root.nobody /etc/squidclamav.conf - # Regenerate configuration files. - perl /srv/web/ipfire/cgi-bin/proxy.cgi + # Regenerate configuration files. + perl /srv/web/ipfire/cgi-bin/proxy.cgi fi /etc/init.d/squid restart From 9c55c65e050d60c2604490247a4f7ccb0b0032b5 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 16 Jul 2013 22:58:13 +0200 Subject: [PATCH 4/4] dnsforward: add config to iso and updater. --- config/backup/include | 1 + config/rootfiles/common/configroot | 2 ++ config/rootfiles/core/71/filelists/files | 1 + lfs/configroot | 4 ++-- 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/config/backup/include b/config/backup/include index 8463a8949..c863a0e56 100644 --- a/config/backup/include +++ b/config/backup/include @@ -14,6 +14,7 @@ /etc/ssh/ssh_host* /var/ipfire/auth/users /var/ipfire/dhcp/* +/var/ipfire/dnsforward/* /var/ipfire/main/* /var/ipfire/outgoing/groups /var/ipfire/outgoing/macgroups diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index 3910b36a7..cd33ec496 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -30,6 +30,8 @@ var/ipfire/dmzholes #var/ipfire/dmzholes/config var/ipfire/dns #var/ipfire/dns/settings +var/ipfire/dnsforward +#var/ipfire/dnsforward/config var/ipfire/ethernet #var/ipfire/ethernet/aliases #var/ipfire/ethernet/known_nics diff --git a/config/rootfiles/core/71/filelists/files b/config/rootfiles/core/71/filelists/files index 9dd0e30ed..c7df219c6 100644 --- a/config/rootfiles/core/71/filelists/files +++ b/config/rootfiles/core/71/filelists/files @@ -19,6 +19,7 @@ srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/pppsetup.cgi srv/web/ipfire/cgi-bin/wirelessclient.cgi +var/ipfire/dnsforward/config var/ipfire/general-functions.pl var/ipfire/langs var/ipfire/backup/include diff --git a/lfs/configroot b/lfs/configroot index 1f84a1691..118523685 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -50,7 +50,7 @@ $(TARGET) : @$(PREBUILD) # Create all directories - for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dmzholes dns \ + for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dmzholes dns dnsforward \ ethernet extrahd/bin fwlogs isdn key langs logging mac main menu.d modem net-traffic \ net-traffic/templates nfs optionsfw outgoing/bin outgoing/groups outgoing/groups/ipgroups \ outgoing/groups/macgroups ovpn patches pakfire portfw ppp private proxy/advanced/cre \ @@ -63,7 +63,7 @@ $(TARGET) : # Touch empty files for i in auth/users backup/include.user backup/exclude.user \ certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \ - dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dmzholes/config dns/settings ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ + dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dmzholes/config dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings fwlogs/ipsettings fwlogs/portsettings \ isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings outgoing/settings outgoing/rules \ ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \