ipcop-announce — Announcement mailinglist for the IPCop project.

[IPCop-Announce] [2.1] release of IPCop v2.1.9

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.1.9 is released

v2.1.9 is an UPDATE only, *NO* installation files.
To install from scratch you will need to install v2.1.8 first,
and then upgrade to v2.1.9.

This update fixes a problem when RED connection is DHCP.
A renewed lease was reported as a new connection, causing unnecessary
restart of services like IPsec, proxy.


Updates
75f61a9130f873bb505b96c49f090c2a  ipcop-2.1.9-update.i486.tgz.gpg

[IPCop-Announce] [2.1] release of IPCop v2.1.8

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.1.8 is released

v2.1.8 can be installed using the installation images or as an update 
from version 2.1.7.

This update is just regular maintenance with updates to software
used in IPCop.

Updates
d5664aa8e9d4e47d99f84df1cca2ae3c  ipcop-2.1.8-update.i486.tgz.gpg

Installation
1394a7bd4e5c6fe8db70007278826101  ipcop-2.1.8-install-cd.i486.iso
62d071a896353b4a5cae3befeca74df3  ipcop-2.1.8-install-netboot.i486.tgz
e6bee5e24eeb3467c3701817ec5b30de  ipcop-2.1.8-install-usb-fdd.i486.img.gz
f342ef0d3a581f052642c34db2b1c72e  ipcop-2.1.8-install-usb-hdd.i486.img.gz

[IPCop-Announce] [2.1] release of IPCop v2.1.7

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.1.7 is released

v2.1.7 can be installed using the installation images or as an update 
from version 2.1.6.

v2.1.7 fixes PPPoE dialup.

Updates
5b208708350ddaae9950590feca50af1  ipcop-2.1.7-update.i486.tgz.gpg

Installation
ceccdf54ac20a3dd11a51c7c077099ba  ipcop-2.1.7-install-cd.i486.iso
7004a77d22bcc07f9f501100becd4467  ipcop-2.1.7-install-netboot.i486.tgz
a02afed2003ccb5af942fb298cf8c488  ipcop-2.1.7-install-usb-fdd.i486.img.gz
abd554d54ce01873897d1cb0819db08e  ipcop-2.1.7-install-usb-hdd.i486.img.gz

[IPCop-Announce] [2.1] release of IPCop v2.1.6

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.1.6 is released

v2.1.6 can be installed using the installation images or as an update 
from version 2.1.5.
You need to reboot to use the new kernel after upgrading to 2.1.6.

In addition to several updates to software used in IPCop,
v2.1.6 updates the bash shell to the latest version.

Updates
a1bced8061b1cc78bbf8e4ef3523abcf  ipcop-2.1.6-update.i486.tgz.gpg

Installation
d572a21b20765f9dc485082fc94e7d50  ipcop-2.1.6-install-cd.i486.iso
ff2268a39e6eff467960f729bf5059e4  ipcop-2.1.6-install-netboot.i486.tgz
d415fbd96f189e50bf1297b2e9f66efc  ipcop-2.1.6-install-usb-fdd.i486.img.gz
413116e5a85dcd2c1d4844ee44df298f  ipcop-2.1.6-install-usb-hdd.i486.img.gz

[IPCop-Announce] [2.1] release of IPCop v2.1.5

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.1.5 is released

v2.1.5 can be installed using the installation images or as an update 
from version 2.1.4.
You need to reboot to use the new kernel after upgrading to 2.1.5.

In addition to several updates to software used in IPCop,
v2.1.5 adds CA certificates to better support SSL/TLS email.

Updates
8d75d010b364c9d9b51a56f617a6b996  ipcop-2.1.5-update.i486.tgz.gpg

Installation
c122aefe36d4dffbfbf15a37fbea6de9  ipcop-2.1.5-install-cd.i486.iso
14710b4a95b645834eceb11226c83af5  ipcop-2.1.5-install-netboot.i486.tgz
715a1c76dafe23e8336672b9275a5ad9  ipcop-2.1.5-install-usb-fdd.i486.img.gz
5a223e1a8a406cb6dc7458a8defb04f6  ipcop-2.1.5-install-usb-hdd.i486.img.gz

[IPCop-Announce] [2.1] release of IPCop v2.1.4

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.1.4 is released

v2.1.4 is an UPDATE only, *NO* installation files.
To install from scratch you will need to install v2.1.1 first,
and then upgrade to v2.1.2, v2.1.3 and v2.1.4.

This update upgrades the OpenSSL library everybody is talking about.


Updates
e464823b30194d718c8a8b7c14d3057a  ipcop-2.1.4-update.i486.tgz.gpg

[IPCop-Announce] [2.1] release of IPCop v2.1.3

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.1.3 is released

v2.1.3 is an UPDATE only, *NO* installation files.
To install from scratch you will need to install v2.1.1 first,
and then upgrade to v2.1.2 and v2.1.3.

This update is just regular maintenance with updates to software
used in IPCop.


Updates
45a1e952e171b796da32fdb8fe174827  ipcop-2.1.3-update.i486.tgz.gpg

[IPCop-Announce] [2.1] release of IPCop v2.1.2

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.1.2 is released

v2.1.2 is an UPDATE only, *NO* installation files.
To install from scratch you will need to install v2.1.1 first,
and then upgrade to v2.1.2.

In addition to a few updates to software used in IPCop,
v2.1.2 fixes some issues with the web proxy.


Updates
59fc3629319026e6fe7035dafd6fc638  ipcop-2.1.2-update.i486.tgz.gpg

[IPCop-Announce] [2.0] release of IPCop v2.1.1

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.1.1 is released

v2.1.1 can be installed using the installation images or as an update 
from version 2.0.6.
The update comes in 2 parts, 2.1.0 first, followed by 2.1.1.
You need to reboot to use the new kernel after upgrading to 2.1.1.

In addition to many updates to software used in IPCop,
v2.1.1 adds URL filtering.

The installation manuals are 'work in progress' and not yet complete.

Online English admin manual: http://www.ipcop.org/2.0.0/en/admin/html
Online German admin manual: http://www.ipcop.org/2.0.0/de/admin/html
Online Spanish admin manual: http://www.ipcop.org/2.0.0/es/admin/html


Updates
adcffd9281bf3345474a19ad3f03562b  ipcop-2.1.0-update.i486.tgz.gpg
2e47d2da09c13051d6f49435adc96d05  ipcop-2.1.1-update.i486.tgz.gpg

Installation
2c15ea4805f3be71c9b388274ecef6b8  ipcop-2.1.1-install-cd.i486.iso
a864a5a500d3570a702d15224228991c  ipcop-2.1.1-install-netboot.i486.tgz
3a4c4ec96bb5d225f1cfb390e366f7cf  ipcop-2.1.1-install-usb-fdd.i486.img.gz
7d4256ed1d7a8708ab9469a1904a55cc  ipcop-2.1.1-install-usb-hdd.i486.img.gz
1b27f2b832972210084e9c37e3b8414a  ipcop-2.1.1-install-usb-zip.i486.img.gz

[IPCop-Announce] [2.0] release of IPCop v2.0.6

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.0.6 is released

v2.0.6 is an UPDATE only, *NO* installation files.
To install from scratch you will need to install v2.0.3 first,
upgrade to v2.0.4, v2.0.5 and then upgrade to v2.0.5.

v2.0.6 fixes the /var/log symlink for flash installations.


Updates
c4276df999d2c834fd214b7d6654ca28  ipcop-2.0.6-update.i486.tgz.gpg

[IPCop-Announce] [2.0] release of IPCop v2.0.5

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.0.5 is released

v2.0.5 is an UPDATE only, *NO* installation files.
To install from scratch you will need to install v2.0.3 first,
upgrade to v2.0.4 and then upgrade to v2.0.5

v2.0.5 fixes the 'update is old' information message
and updates the timezone database.


Updates
853b6d12793ea479440547c827e0c63a  ipcop-2.0.5-update.i486.tgz.gpg

[IPCop-Announce] [2.0] release of IPCop v2.0.4

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.0.4 is released

  v2.0.4 is an UPDATE only, *NO* installation files.
  To install from scratch you will need to install v2.0.3 first and then
  upgrade to v2.0.4.

  v2.0.4 fixes some non working dynamic DNS updaters.


  Updates
  10691d0d4adce25373653bc475883625 ipcop-2.0.4-update.i486.tgz.gpg

[IPCop-Announce] [2.0] release of IPCop v2.0.3

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.0.3 is released

v2.0.3 can be installed using the installation images or as an update 
from version 2.0.2.
You need to reboot to use the new kernel after upgrading to 2.0.3.

In addition to many updates to software used in IPCop,
v2.0.3 adds TLS support for sendEmail, wget and out of kernel e1000e and 
igb network drivers.
Traffic accounting with detail level High is disabled, use Low instead.


Online English installation manual: 
http://www.ipcop.org/2.0.0/en/install/html
Online German installation manual: 
http://www.ipcop.org/2.0.0/de/install/html
The installation manuals are 'work in progress' and not yet complete.

Online English admin manual: http://www.ipcop.org/2.0.0/en/admin/html
Online German admin manual: http://www.ipcop.org/2.0.0/de/admin/html


Noteworthy:
- the GUI uses 8443 instead of 445.
- SSH uses 8022 instead of 222.
- access to IPCop and to the internet from internal networks (aka
Green, Blue, Orange) is very much different. Spend some time with the
various options you will find under "Firewall Settings" and the online
admin manual.
- Several translations are complete, other languages are work in progress.
- backups from 1.4-series can not be used.
- addons made for the 1.4-series will not work.


Updates
573783809a5cc46b4a589b32b6cededf  ipcop-2.0.3-update.i486.tgz.gpg

Installation
a7db3c0f9fbc37085ac5a0c44b19412f  ipcop-2.0.3-install-avmdrv.i486.tgz
665e4835b2ee3d16795982b767063983  ipcop-2.0.3-install-cd.i486.iso
e38e08d63108c9f444e20935c50e03fd  ipcop-2.0.3-install-netboot.i486.tgz
1d7ade672e20d0e116d004c92d62c30d  ipcop-2.0.3-install-usb-fdd.i486.img.gz
def8b51a1db68254d7885022a68115b1  ipcop-2.0.3-install-usb-hdd.i486.img.gz
ee8141912ee00e839f8928ab8179ce7a  ipcop-2.0.3-install-usb-zip.i486.img.gz

[IPCop-Announce] [2.0] release of IPCop v2.0.2

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.0.2 is released

v2.0.2 can be installed using the installation images or as an update 
from version 2.0.1.
You need to reboot to use the new kernel after upgrading to 2.0.2.

In addition to a few updates to software used in IPCop,
v2.0.2 fixes creating CA certificate which did not correctly work in 2.0.1.


Online English installation manual: 
http://www.ipcop.org/2.0.0/en/install/html
Online German installation manual: 
http://www.ipcop.org/2.0.0/de/install/html
The installation manuals are 'work in progress' and not yet complete.

Online English admin manual: http://www.ipcop.org/2.0.0/en/admin/html
Online German admin manual: http://www.ipcop.org/2.0.0/de/admin/html


Noteworthy:
- the GUI uses 8443 instead of 445.
- SSH uses 8022 instead of 222.
- access to IPCop and to the internet from internal networks (aka
Green, Blue, Orange) is very much different. Spend some time with the
various options you will find under "Firewall Settings" and the online
admin manual.
- Several translations are complete, other languages are work in progress.
- backups from 1.4-series can not be used.
- addons made for the 1.4-series will not work.


Updates
a67ee1732ef83e47c280171135272973  ipcop-2.0.2-update.i486.tgz.gpg

Installation
7c745ce011c8ce991197a0161b85e652  ipcop-2.0.2-install-cd.i486.iso
110768eae38b6525eec4a7eef4c510a0  ipcop-2.0.2-install-netboot.i486.tgz
f95d2fbbdc61739fc4e4edf9f1241571  ipcop-2.0.2-install-usb-fdd.i486.img.gz
c7d3a244707b2e5f7e5694c507eb1257  ipcop-2.0.2-install-usb-hdd.i486.img.gz
cb483b897d5b85fd4456ba09ea5d3b3f  ipcop-2.0.2-install-usb-zip.i486.img.gz
4da8540656f7239a8e4799b5f69750fe  ipcop-2.0.2-install-avmdrv.i486.tgz

[IPCop-Announce] [2.0] release of IPCop v2.0.1

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 2.0.1 is released

v2.0.1 is an UPDATE only, *NO* installation files.
To install from scratch you will need to install v2.0.0 first and then
upgrade to v2.0.1.

In addition to the usual updates to software used in IPCop, v2.0.1 adds:
  firewall logging to the log summary,
  Classroom Extensions (CRE) to the proxy,
  translations across several languages.


Updates
074f332919571586c5fe58fbcda9d4d6  ipcop-2.0.1-update.i486.tgz.gpg

[IPCop-Announce] [2.0] release of IPCop v2.0.0

[Announcement m. f. t. I. project. <ipc...@li...>]

Dear all,


I'll make this as short as possible. IPCop v2.0.0 is released.
Thanks to those who have given valuable input during the development cycle.
Special thanks to Mario, never giving up and always prepared to run yet 
another test, I guess by now he is able to install IPCop blind-folded, 
also special thanks to Tom, always giving feedback and ideas.


Enjoy...

Olaf

===================================

IPCop 2.0.0 is released

v2.0.0 can be installed using the installation images or as an update 
from version 1.9.20.

For those familiar with earlier IPCop versions, IPCop v2 is different.
Read the manuals to get an overview.
Online English installation manual: 
http://www.ipcop.org/2.0.0/en/install/html
Online German installation manual: 
http://www.ipcop.org/2.0.0/de/install/html
The installation manuals are 'work in progress' and not yet complete.

Online English admin manual: http://www.ipcop.org/2.0.0/en/admin/html
Online German admin manual: http://www.ipcop.org/2.0.0/de/admin/html


Noteworthy:
- the GUI uses 8443 instead of 445.
- SSH uses 8022 instead of 222.
- access to IPCop and to the internet from internal networks (aka
Green, Blue, Orange) is very much different. Spend some time with the
various options you will find under "Firewall Settings" and the online
admin manual.
- Danish, Dutch, English, French, German, Greek, Italian, 
Latino-American Spanish,
Russian, Spanish and Turkish translations are complete,
other languages are work in progress.
- backups from 1.4-series can not be used.
- addons made for the 1.4-series will not work.


Updates
add370e02b70f3b65c5f6c3dffa64a97  ipcop-2.0.0-update.i486.tgz.gpg

Installation
0128c026dc00d3039355880683fad9bf  ipcop-2.0.0-install-cd.i486.iso
7ed2fb9e034a866057489d9debd94f17  ipcop-2.0.0-install-netboot.i486.tgz
e51cd651a7ee92c5f83ee4161784b3fe  ipcop-2.0.0-install-usb-fdd.i486.img.gz
d94985ebf9ce839c2a44c51e6e078871  ipcop-2.0.0-install-usb-hdd.i486.img.gz
386098f63ddf05dfeab0dc1380e3aba6  ipcop-2.0.0-install-usb-zip.i486.img.gz

[IPCop-Announce] [2.0] release of v1.9.20, SVN #5823

[Announcement m. f. t. I. project. <ipc...@li...>]

Dear all,


the v1.9.20 installation files for testing IPCop on x86 machines are
available for download on SourceForge:
http://sourceforge.net/projects/ipcop/files/IPCop%20Test%20Versions/IPCop%201.9.20

For those currently running 1.9.19, an update is possible via the IPCop GUI.


v1.9.20 is the first release candidate for v2.0.0, upgrades will be 
possible using the upgrade procedure.
Currently known to not work is usb-modeswitch.
Please read the release-notes below for more information.


Happy testing ...

Olaf


===================================

IPCop 1.9.20 is released

v1.9.20 is v2.0.0 release candidate 1.
The next version will be either v1.9.21 or v2.0.0 depending on the
number of modifications in the next 4-6 weeks.

Installation files for a new install and upgrade files for 1.9.18
are available.
You need to reboot to use the new kernel after upgrading to 1.9.20.
Due to a change in the naming of logfile archives, browsing through
archived logs created before you upgrade, is not possible.


If you want to help, you can do so by testing and reporting any issues
you should find. Reports should go to the ipcop-devel mailing list.
Make sure that reports are verbose! also specify the exact version you
have been testing, either 1.9.20 or SVN version number if you are building
IPCop by yourself.
A simple "xyz does not work" will get you nowhere! and is more than likely
to be ignored.


For those familiar with earlier IPCop versions, IPCop v2 is different.

Noteworthy:
- the GUI uses 8443 instead of 445.
- SSH uses 8022 instead of 222.
- access to IPCop and to the internet from internal networks (aka
Green, Blue, Orange) is very much different. Spend some time with the
various options you will find under "Firewall Settings" and the online
admin manual.
- Danish, Dutch, English, French, German, Greek, Italian, 
Latino-American Spanish,
Russian, Spanish and Turkish translations are complete,
other languages are work in progress.
- backups from 1.4-series can not be used.


Online English installation manual: 
http://www.ipcop.org/2.0.0/en/install/html
Online German installation manual: 
http://www.ipcop.org/2.0.0/de/install/html
The installation manuals are 'work in progress' and not yet complete.

Online English admin manual: http://www.ipcop.org/2.0.0/en/admin/html
Online German admin manual: http://www.ipcop.org/2.0.0/de/admin/html


Updates
f59f323d4d4a8a2d6c2f4a19fa9720f0  ipcop-1.9.20-update.i486.tgz.gpg

Installation
d5a1562bbebf751ba72281a72055f8a6  ipcop-1.9.20-install-cd.i486.iso
c6afbcdbb2e5313ee205a038d120db94  ipcop-1.9.20-install-netboot.i486.tgz
9e3d907e2e2008aa0944ed942255885e  ipcop-1.9.20-install-usb-fdd.i486.img.gz
43bbac77843f6465debf4c9f9344333a  ipcop-1.9.20-install-usb-hdd.i486.img.gz
93a16865e6170bd6cec9c40315c89f67  ipcop-1.9.20-install-usb-zip.i486.img.gz

[IPCop-Announce] Announce of IPCop 1.4.21 release

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 1.4.21 is released

This is a maintenance release to fix the few issues after 1.4.19/1.4.20
release.
There was an incomplete HTML::Parser update that broke the update download
button for machines installed before 1.4.20.

The second fix is in vpn-watch to make it work with host with aliases.

The third fix is a perl security update that include now patches for
CVE-{2005-3962,2007-5116,2008-1927} borrowed from Red Hat.

There is a space limit on /boot with machine without IDE (so with scsi, sata
and raid controller drivers). An initrd is used in that case, that require
more space on /boot than with IDE disk.

As it was explained on 1.4.18 and 1.4.20 release, in the scsi/sata/raid
case, you need to select a kernel type to be keept on the machine, the other
kernel type being erased.
With only one cpu without hyper-threading, you should select mono-processor
kernel.
With one or more core and with hyper-threading, you should select smp
kernel.
The kernel selection is made on the update page.

With machines installed since 1.4.18 release, this issue is solved by giving
a bigger (10 MB) /boot size at installation.

If you don't see 1.4.20 update registered on installed update, that should
be that installation of 1.4.20 update has aborted. You should select the
kernel type as explained above and install 1.4.20 update again.

As there is only minimal changes on 1.4.21, I will release only the update
and sources package:
5f727d741f4856a9165cb6f75f8e082c  ipcop-1.4.21-sources.tgz
9ce08ba7c4ddcd4110c9785404b0c52a  ipcop-1.4.21-update.i386.tgz.gpg

You could still install from 1.4.20 (where there is no problem with
HTML::Parser) and update to 1.4.21.

Gilles

[IPCop-Announce] Announce of IPCop 1.4.19 / 1.4.20 release

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 1.4.19 / 1.4.20 is released

Update is splitted in two part because of a kernel update to accomodate free
space limitation.
1.4.19 contain some packages updates, most notabily a dnsmasq update to be
immune on recent dns advisory.
1.4.20 install the second part of the kernel update and configure the new
kernel.
1.4.19 could be installed separately from 1.4.20. A reboot is not needed
after 1.4.19 installation.

Concerning the dns issue, see more details in
http://www.heise-online.co.uk/news/DNS-security-problem-details-released--/111145
It is very likely anyone need to a patch without waiting and our is in
1.4.19 for
dnsmasq.
The dns server you use need to be patched too or you may switch to opendns.

You need to reboot to use the new kernel after 1.4.20 installation.

Updates
be875f7491117174fccded3fec4be9bf  ipcop-1.4.19-update.i386.tgz.gpg
fe1eb0fd1c22e30fe5595a168f096305  ipcop-1.4.20-update.i386.tgz.gpg
816e96dccd712d0482e1924560f3db10  ipcop-avmdrv-2.4.36-1.i386.tgz.gpg

Installation
2032842766045da0feb7fbb4fe9d5956  ipcop-1.4.20-install-cd.i386.iso
ea6266f4a312a5db31f17d7d75856378  ipcop-1.4.20-install-pxe.i386.tgz
bd9ac9e8e29133ad9945fabedb47e4a0  ipcop-1.4.20-install-usb-fdd.i386.img.gz
15686fcc165fefd127786deb85cb39a7  ipcop-1.4.20-install-usb-hdd.i386.img.gz
55e2baac23c5d176723d874b3c007ddc  ipcop-1.4.20-install-usb-zip.i386.img.gz
To copy an usb image to a key, on linux, use zcat <thefile.img.gz>
>/dev/sd<x>,
x being the letter given to the key, be carefull to not choose the harddisk.

Sources
47b820fc1c28f2b1865ede8a3f0015fe  ipcop-1.4.20-sources.tgz
External sources packages (./make.sh getothersrc could do that for you)
938e4ffda38dac874a12e6f0e9d7dd0d  ipcop-1.4.20-othersrc.tar.bz2
412de52fc0bde67613d8e460003a1c68  ipcop-1.4.20-othersrc.tar.bz2.md5

I will publish only binaries for x86 for 1.4.20 unless requested
If you use the alpha port, please report. I had not feedback until now.
I have work on a ppc port but it is not totally ready.

The new kernel contain :
- a new security protection against against null pointer dereference
( mmap_min_addr=4096)
- some new nic drivers skge sky2 sc92031 atl1 atl2
- improved support in some IDE or sata driver
Please report success/failure for nic and disk controllers detection.
Silan sc92031 driver should recognize RslTek 8139D card.
It's a patch I have made and I need to know if everything is right.
Original driver has some bugs I try to fix.

As usual, this version can be installed as an update from previous v1.4.x
versions or with a ready-to-go ISO or usb bootable images for a fresh
install.
ipcop-avmdrv-2.4.36-1.i386.tgz.gpg is needed to install for avm drivers
users.

The date on the machine where the update is installed has to be good.
If date is in the past, signature is considered in the futur and update will
refuse to install.
You would have only the 'This is not an authorized update' message warning
on web interface.

Upgrade openssh to 4.7p1
Include lzo binary so, it will match openssl version if openssl is updated
Update dnsmasq to 2.45
Update tzdata to 2008d
Update pcre from 7.4 to 7.7
Update apache to 1.3.41
Upgrade e1000 to 7.6.15.5 solve issue with 7.6.12
Update bzip2 from 1.0.3 to 1.0.5 CVE-2008-1372
Upgrade e2fsprogs from 1.35 to 1.40.11
Update squid to 2.6.STABLE21
Compile r1000 with jumbo frame support
Upgrade bin package to 9.4.2-P1

Changes summary
sysctl.conf
- insert mmap_min_addr=4096 to protect again null pointer on new kernel
  does not hurt on lower kernel than 2.4.36

rc.halt
- no need to source rc.flash.down
- save random seed on halt and use that value at start in rc.sysinit

rc.network
- no need to source rc.netaddress.up

rc.updatered
- use readhash to read dhcpcd info file

rc.sysinit
- include fcron -s 86400 for flash

snort
- modify snort.conf to protect against CVE-2008-1804

updfstab
- remove kudzu keyword from /etc/fstab so mount -t ext2 /dev/floppy
/mnt/floppy work

log.dat
Fix system log section on update

ddns.cgi
- fix for SF Bug 1728880 - comma in password
- changes for regfish, closes #1950435

time.cgi
- update default time servers to include IPCops vendor name.

update.cgi
- Use cleanhtml to fully display gpg signature.
- The new kernel (with same settings) is automaticly selected during update.
- add a protection in update script against installing binary update package
from another arch.
  That would broke any binaries

Various
- add an help message for dummies attempting to compile directly inside
IPCop
- add a script to set grub default booting kernel
- modify detection for Opera 9.50

Compilation
- Automaticly set vdso_enabled=0 when needed to be able to compile our
glibc-3.3 on kernel running after 2.6.17
- uClic : More recent mke2fs use strod and we need to activate
UCLIBC_HAS_FLOATS for that
- Allow toolchain compilation when AS_NEEDED is present inside
/usr/lib/libc.so (binutils patch).
- Enable previously available nic drivers happymeal sungem
- Add new nic drivers skge sky2 sc92031 atl1 atl2
- Patch for improved amd74xx support NForce IDE (MCP51, MCP61, MCP65, MCP67,
MCP73, MCP77) AMD CS5536
- Patch for improved ahci support sata Intel ICH7-M, ICH8, ICH8M,
ICH9/ICH9R, ICH9M, ICH10, Tolapay, VIA MP67, MP73, MP79, MP7B, SiS 966, 968,
Marvel 6145
- Fix file reload on md5 change
- Fix unzip CVE-2008-0888
- Add machine to the iso label and publisher
- Add german install pdf to iso
- Remove no more used CC=KGCC since we drop gcc-2.95.3
- Fix a bug in lfs/bash that replace building machine original /bin/sh when
building toolchain
  This has replaced Ubuntu original link to dash, Ubuntu users could
recreate the link to dash manually if needed.
- Force SHELL to bash during toolchain because some of our script need that
  (brace expansion) on glibc, bzip2 and Ubuntu default link to /bin/sh is
dash
- Force SHELL=/bin/sh in lfs/gcc or it fail to build
- Add a comment that syslinux-3.70 and later can't be compiled because of
our binutil,
  but we still could used precompiled version
- ppc port have been introduced. It does compile but a few work is still
needed.
  parted fail to partition the disk actually.
1.4.20 has been tested to compile (including toolchain compilation) with 32b
distrib on Debian etch, Ubuntu-8.04, Centos-5.1/5.2,Fedora-9 without any
changes.
On 64b distrib, you need to open a linux32 console and load precompiled
toolchain get with ./make.sh gettoolchain


Installer
- not needed to link installer against libpci
- need a link from /proc/mounts to /etc/mtab for more recent e2fsprogs
version
- separate package for disk partitioning utility to spare space on network
and scsi floppies for added drivers
- badblock is available on install (but not yet used)
- Avoid modules.conf is more recent..., if you install now from old version
and update to 1.4.20

Gilles

[IPCop-Announce] Announce of IPCop 1.4.17 / 1.4.18 release

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop 1.4.17 / 1.4.18 is released

Update is splitted in two part to accomodate free space limitation related
to the numerous new packages added since the recent releases.
A way to recover some free spaces has been created, allowing to select one
of the two 'kernel type' installed ( monoprocessor or smp kernel).
After 1.4.17 installation, refresh the update page. If you see a red section
on disk usage, you need to select a 'kernel type'. That will free space on
/dev/root and /boot partitions.
You will need too on next reboot to select again the kernel on the grub boot
menu if another line than the first was selected.
Limit for red warning is 20 MB free on /dev/root and 1 MB on /boot.
Any scsi disk with two kernel versions (2.4.31 and 2.4.34) and 2 kernel
types has filled the /boot partition. Starting from 1.4.18, /boot partition
size will be increased from 8 to 10 MB.

Some changes has been introduced since rc2 related to ntp (fix ntp user with
ntpdate), squid upgraded to 2.6.STABLE17, timezone upgraded to tzdata2007i,
snort rules permissions again.
If you have installed 1.4.17rc / 1.4.18rc2, you need now to apply finale
1.4.18 update to take the last changes and you could now do that from web
interface.

Most of the work made on 1.4.17 / 1.4.18 are bug fixes and update interface
changes.

As usual, this version can be installed as an update from previous v1.4.x
versions or with a ready-to-go ISO or usb bootable images for a fresh
install.

Please report any problems in bug tracking system or on devel list.
You have to subscribe on all ipcop lists to be allowed to send messages.

Files are available on 'IPCop' package at
https://sourceforge.net/project/showfiles.php?group_id=40604

For 386 machines
a19b781eff5923168f0a73736d3a0e33  ipcop-1.4.17-update.i386.tgz.gpg
268aa583a8adf763468b4dad179c3423  ipcop-1.4.18-update.i386.tgz.gpg
Replace fcdsl package (same content)
2d95c6a0c5f78ab3c5e0e55f4494f25f  ipcop-avmdrv-2.4.34-1.i386.tgz.gpg

fbef594fa8912a46f15854e4f8214a2d  ipcop-1.4.18-install-cd.i386.iso
eebee4b26c02367df0cb11338699bf47  ipcop-1.4.18-install-pxe.i386.tgz
bfa3639917c5de9760f947e44d7f879b  ipcop-1.4.18-install-usb-fdd.i386.img.gz
c2f93fd2a2110c6f15ad796c0436bbc3  ipcop-1.4.18-install-usb-hdd.i386.img.gz
8109dfcc6863c9b867eeb6f2fcc620b2  ipcop-1.4.18-install-usb-zip.i386.img.gz


For alpha machines
6a4a610e3ab07815e7ec26f11b3d1888  ipcop-1.4.17-update.alpha.tgz.gpg
e0e781d30acea9e6dfb4d65a2fd5e182  ipcop-1.4.18-update.alpha.tgz.gpg

0065045ed4983fad364d4559e091679c  ipcop-1.4.18-install-cd.alpha.iso

IPCop sources
ae952b2c119c49324e34bc1bbe19d837  ipcop-1.4.18-sources.tgz
External sources packages (needed only if you want to compile from sources)
5084a2025a0036ce145385a0758355e0  ipcop-1.4.18-othersrc.tar.bz2
f454a07ccf4afc783f24819347910572  ipcop-1.4.18-othersrc.tar.bz2.md5

Changes summary

Upgrade
- apache-1.3.39 CVE-2007-3304
- e1000 to 7.6.12
- eciadsl-0.12
- ethtool-6
- dhcp to 3.0.6
- libpcap to 0.9.7
- tcpdump to 3.9.7 CVE-2007-3798
- ntp to 4.2.4p4
- openssh to 4.6p1
- openssl to 0.9.7m CVE2007-5135
- pcre-7.4 CVE-2007-16{59,60,61,62}, CVE-2007-47{66,67,68}
- r1000 to 1.07 (support RTL8168CP)
- squid-2.6.STABLE17 (fix access to some http server)
- tzdata2007i (updated timezone)
- wanpipe to 2.3.4-3

Restore previous e100 version include in kernel (with e100 name)
Add e100-3.5.17 under e100new name (fix previous problem with 3.5.14) and
should work better with vlan.
Both e100 and e100new are available from setup menu

New drivers
- 3w-9xxx scsi driver for 95xx chip
- bnx2 v1.5.10c (Broadcom NetXtreme II)
- (patched) usbserial kernel module for 3G modems
  Some manual hacking still needed.
  Better integration should be include on next release.

dhcp.cgi
Self defined options weren't anymore usable, not recognized as options but
as parameters. Change the test to determine that correctly.

dynsdns
- add dyndns providers editdns.net and strato.com
- write a new state file in /var/log/dyndns for fetch IP.
  Used in index.cgi and for fetch IP wait counter.
  Counter is not longer in settings file to avoid writes on CF systems.

fcdsl package
- name changed to avmdrv name
  name include the kernel version wich need to run during install and a
  revision number that will be increased on each release against the same
  kernel.
  Package now install from update page and is signed with gpg.
  Previous way to install is still there and will be removed on 1.4.19
  Content of package is unchanged from 1.4.13

floppy backup
- test available size on harddisk before to test backup size
- Fix ipcopbackup when floppy controller is not disabled on mainboard
  and you attempt to use usb floppy. As a side effect, this will make
  ipcopbackup work on the second floppy of a mainboard if the first floppy
  has no media inserted.

gui.cgi
check WINDOWWITHHOSTNAME and REFRESHINDEX values range
Include /etc/issue in initrd
This allow to clean up libsmooth from SLOGAN and VERSION

header.pl
validator.w3.org now want
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

kernel 2.4.34
- fix atm module when clip is not loaded CVE2007-5087
- patch ppp_async to fix failure during usage with 3G modems

ntp
- fix missing patch at ntpdate to drop root to ntp user

setreservedport
- read now ssh port value instead of always using 222

rc.red
- rc.red now return an error in case a bad argument has been used instead of
  returning every time 0
- fix default route not removed on setting change from web interface
  Main problem should have been with static IP and another default route
  defined but not used because the first default route set has not been
  removed.

rc.updatered
- more efficient locking system  with dhcp client sending up and new in
mostly
  same time as down resulting sometime in interface down at the end

setup
- setup really has no more VERSION include during compilation
  VERSION appear previously on some windows title
- NIC attribution
  During card attribution, led card will blink (if supported by the
card/ethtool)

snort
Fix web-misc.rules rights on 1.4.16 fresh install
Fix the 255 snort failure message when restarting orange interface.
Fix URL to load rules for snort-2.6 as finally a 2.6 branch has been created
Fix /etc/snort/rules rights on fresh install

update.cgi and installpackage
- allow to select a kernel type (monoprocessor/smp) to recover free space on
  rootfs 'small disk) or /boot partitions (scsi disk).
  Selecting a kernel type will be needed to install 1.4.19 update :
    * when available space on root partition is less than 20 MB
    * when a scsi disk is installed because /boot partition is too small
  No problem to keep monoprocessor and smp kernels on bigger and non scsi
disks
 - warn for low free space on /dev/root and /boot with a red section
- check available size on disk before untarring
  On low space disk, this prevent to partially only rewrite any updated file
  (this could have broken any updated file)
- use sync on various step of unpackaging to be really able to use freed
space.
- change the update installation to be in 2 step
   * first step, update is loaded and checked, information and signature are
     displayed
   * second step, update is installed
- allow to apply same package more than once.
  This is intended to ease life of rc tester, so they could apply final
update
  if a change happen bewteen rc and official release.
- installed updated are displayed on reverse order (most recent on top)
- you could now directly download a _published_ update from sourceforge
  This workaround the problem with Firefox, a gpg file and Sourceforge.

VPN
ipsecctrl
Fix some memory not freed
Allow start and stop of ipsec on call with the syntax
  S connection-number
  D connection-number
when it is the first (S) or last (D)

vpn-watch
- fix due to bind-9.4.0 upgrade (add -t A to retrieve only A records)

wanpipe
- workaround the unresolved symbols when this protocol selection is used
  --protocol=PPP,CHDLC,ADSL by enabling all protocols

Various
- add a script that properly allow to replace NIC drivers live without
  rebooting : setting network down, reloading drivers and setting network
up.
- add a script that allow to restart apache from the GUI without a blank
page


Compilation
- hack some packages code so the compilation timestamp is the release date
  This result that every person compiling has same same md5 for apache,
eciadsl,
  python
- stop on depmod error (that had happen with wanpipe)

Installer
- now on http/ftp install using 'probe' button allow to skip the NIC found
and
  probe again. This is important as this NIC will be green/eth0 and code
  actually does not allow to reaffect the green card.

Installation on flash disk
Use last Mario Zimmermann changes
- work on 2 and 4 GB disks
- shift graphs on ram disk to minimize write on disk

Gilles

[IPCop-Announce] Announce of IPCop 1.4.16 release

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop v1.4.16 is released.

This release fixes some bugs, update glibc , Net::DNS and capi for security
reasons. Upgraded packages are squid, snort, e100, r1000 and pulsar
glibc is a disputed issue CVE-2007-3508 concerning possibility to exploit
the
 bug.(glibc fix miss on our update information).

As usual, this version can be installed as an update from previous v1.4.x
versions or with a ready-to-go ISO or usb bootable images or pxe for a fresh
install.

Files are available on 'IPCop' package at
https://sourceforge.net/project/showfiles.php?group_id=40604

fcdls package is unchanged from 1.4.15
md5sums
for i386 machines
8802707d7663f32436de78d67bec9d63  ipcop-1.4.16-fcdsl.i386.tgz
c0d326c9e7502d46adfd438ecef6e3ce  ipcop-1.4.16-install-cd.i386.iso
eeb21587413d43f3b444b53c9dd1eac3  ipcop-1.4.16-install-pxe.i386.tgz
b503194f3f30f5fa26579a69354e6e7c  ipcop-1.4.16-install-usb-fdd.i386.img.gz
5f57ac7d80170555c229285ccf9e879e  ipcop-1.4.16-install-usb-hdd.i386.img.gz
116cb6f111a079e97ec50975b335f85b  ipcop-1.4.16-install-usb-zip.i386.img.gz
ed0d15d14dc0facab0a5a427b3a8f1fd  ipcop-1.4.16-update.i386.tgz.gpg

for alpha machines
438fc8c70e32c45d6622bc9b5c49a792  ipcop-1.4.16-update.alpha.tgz.gpg
7f5f8c41b436f89a6610d072ee99ed19  ipcop-1.4.16-install-cd.alpha.iso

sources
7d4e3699726c00686aa786bf0c94581d  ipcop-1.4.16-sources.tgz
c90ab4975d39aba3e10dab4f4a745019  ipcop-1.4.16-othersrc.tar.bz2
d157d1aa367383ea1325db1b33767a70  ipcop-1.4.16-othersrc.tar.bz2.md5

Three different usb images are available to boot from usb as some bios may
boot
 with one format and not others:
- fdd is an unpartionned usb key
- hdd is partionned like an hard disk
- zip is partionned like a zip (work with real usb zip device too)

- pxe is a package ready to use for pxe boot on install (instructions
inside)

To copy an usb image to an usb key (minimal size 64 MB), under linux, read
what letter the system give to that key ( cat /proc/partitions | grep sd )
and copy to that device with zcat (the-file) >/dev/sd(letter) without a
partition number. Don't forget the '>' or the output will go to the console.

To copy under Windows, you could uncompress the file and use winimage
(shareware).

- othersrc package contain all packages out of ipcop sources and is
interesting only for those who want to compile IPCop
You don't need to load directly that file on sourceforge as it is more
 convenient to do that from ipcop sources with './make.sh getothersrc'.
It will load, control file md5 and install packages include on cache
directory.

There has been small changes from 1.4.16rc1:
- bug with name resolution has been fixed,
- new sflogo is include in update,
- glibc is patched against a disputed issue CVE-2007-3508
- Net:DNS is upgraded to 0.60 CVE-2007-3377 CVE-2007-3409
- a few package URL download addresses have been updated for people building
- some unneeded wanpipe samples files are removed
If you install rc1 update or a fresh rc1 installation, you could simply take
all changes from final version with a few commands.
Princip is to revert version to 1.4.15 to be able to apply the 1.4.16 final
update without needing other changes
- revert the version to 1.4.15 on web interface
/bin/sed -i -e "s+= '1.4.*$+= '1.4.15';+" /var/ipcop/general-functions.pl
- copy the update .gpg file in /tmp
cd /tmp
gpg -o /tmp/patch.tar.gz --decrypt ipcop-1.4.*.tgz.gpg
tar zxf /tmp/patch.tar.gz
./setup
- remove the files in /tmp

Please report any problems in bug tracking system or on devel list.
You have to subscribe on all ipcop lists to be able send messages.
We were forced on this restriction because of the numerous spam attempts.


 Gilles

[IPCop-Announce] Announce of IPCop 1.4.15 release

[Announcement m. f. t. I. project. <ipc...@li...>]

This release is only bug fixes and completed translations for greek,
spanish, vietnamese langs.
Bugs introduced in 1.4.14 are fixed.

As usual, this version can be installed as an update from previous v1.4.x
 versions or with a ready-to-go ISO or usb bootable images for a fresh
install.

Files are available on 'IPCop' package at <a
href='https://sourceforge.net/project/showfiles.php?group_id=40604'>SF</a>

fcdls package is unchanged from 1.4.14

md5sums
for i386 machines
6e7e1cf908e52eed754c3a3c09fd9f3a  ipcop-1.4.15-fcdsl.i386.tgz
f14707736fec87ec26fc4f8fb471353a  ipcop-1.4.15-install-cd.i386.iso
a7b87fe0a09a13e9d24027efc8c0a028  ipcop-1.4.15-install-pxe.i386.tgz
23b5d6d8ddc7ccc3e9811c742832649c  ipcop-1.4.15-install-usb-fdd.i386.img.gz
eb12ae27751875d5ef428d832c2d1ffa  ipcop-1.4.15-install-usb-hdd.i386.img.gz
fb808ac85cda4be75680d4bfbc030219  ipcop-1.4.15-install-usb-zip.i386.img.gz
246f3c0f58c4c7acdce9ec821a6f53f8  ipcop-1.4.15-update.i386.tgz.gpg

for alpha machines
b208a8b7f9f6c0cc2a0600a8089e4148  ipcop-1.4.15-install-cd.alpha.iso
bb9868954744e7ffd149a63b491c54f6  ipcop-1.4.15-update.alpha.tgz.gpg

sources
964d1f809ff6527a349ce12a16a37cf4  ipcop-1.4.15-sources.tgz

Three different usb images are available to boot from usb as some bios may
boot
 with one format and not others:
- fdd is an unpartionned usb key
- hdd is partionned like an hard disk
- zip is partionned like a zip (work with real usb zip device too)

- pxe is a package ready to use for pxe boot (instructions inside)

- othersrc package is the same as from 1.4.14 to save space and bandwith for
all.

Feedback from users of  alpha architecture version are welcome.

Please report any problems in bug tracking system or on devel list.
You have to subscribe on all ipcop list to be able send messages.
We were forced on this restriction because of the numerous spam attempts.

 Gilles

A good news,
 ipcop-announce on marc is repared and no messages have been lost.

[IPCop-Announce] Announce of IPCop 1.4.14 release

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop v1.4.14 is released.

As usual, this version can be installed as an update from previous v1.4.x
 versions or with a ready-to-go ISO or usb bootable images for a fresh
install.

Main changes are squid-2.6.STABLE9, snort-2.6.1.3, timezone2007c and works
on VPN

There is the usual .gpg update to reach 1.4.14 level and a separate package
for
 those not able to update to 1.4.14 before the US daylight saving time
change
 occuring on March 11.
This ipcop-1.4-tz2007c package could be installed on any 1.4 version
manually
It install only updated timezone files and zdump to control the effect.
It does not change anything else. It is not needed after 1.4.14 update.
Instructions to install this package :
- copy the package to /tmp,
- open with tar zxf ipcop-1.4-tz2007c.<machine>.tgz
- type ./install (with the dot before / )
- erase files on /tmp after

Files are available on 'IPCop' package at
https://sourceforge.net/project/showfiles.php?group_id=40604

fcdls package is unchanged from 1.4.13

Both ipcop-1.4.14-update tgz.gpg for i386 and alpha have been uploaded
twice, the firt version had an incorrect patch information file (you will
only see the problem after update).
So check the md5 of the update and the good md5 for those files is really
what is written there.
I have tested all sourceforge mirror I know and I find only upfr to still
have the bad first file.

md5sums
for i386 machines
3aeb69b83e85610988d8ac9ebbbaf45c  ipcop-1.4.14-update.i386.tgz.gpg
4f6fe0be2dd4efc8be804679ef43e275  ipcop-1.4.14-fcdsl.i386.tgz
9f9d8bd6f7f8e488f0a9513662e9a5cf  ipcop-1.4.14-install-cd.i386.iso
2476425546e635e720485e38efa2064e  ipcop-1.4.14-install-pxe.i386.tgz
a2013df604b166ba53bdbe421d2c6dce  ipcop-1.4.14-install-usb-fdd.i386.img.gz
0008cd06d3a85b732d68c9d8457c7ef9  ipcop-1.4.14-install-usb-hdd.i386.img.gz
c47383dfd9ca55d0f1b305868c809bc7  ipcop-1.4.14-install-usb-zip.i386.img.gz
df4cb03246008c19c445ae4b4473061c  ipcop-1.4-tz2007c.i386.tgz

for alpha machines
e9d804dc3a3ebd22733e2c998caa3b6d  ipcop-1.4.14-update.alpha.tgz.gpg
89025009cc8ab07feaf8becdf60afb47  ipcop-1.4.14-install-cd.alpha.iso
4878b9229a6b5f1d18c00fc2d43d2454  ipcop-1.4-tz2007c.alpha.tgz

sources
7e2c964e44283c40a27fc1a8a550a955  ipcop-1.4.14-sources.tgz
9634d4a523764ab7bf5c018d7cb6c874  ipcop-1.4.14-othersrc.tar.bz2
5d5fdfedb22ee2b1a4cf22c57dc4f360  ipcop-1.4.14-othersrc.tar.bz2.md5

Three different usb images are available to boot from usb as some bios may
boot
 with one format and not others:
- fdd is an unpartionned usb key
- hdd is partionned like an hard disk
- zip is partionned like a zip (work with real usb zip device too)

- pxe is a package ready to use for pxe boot (instructions inside)

- ipcop-1.4-tz2007c.<machine>.tgz is the package that only update timezones

You should not need to load the othersrc package by hand, ./make.sh
getothersrc
do that and control with the md5 that the package is correct.

Please report any problems in bug tracking system or on devel list.
You have to subscribe on all ipcop list to be able send messages.
We were forced on this restriction because of the numerous spam attempts.

 Gilles

Nota
Mailing list archives were unreliable during the last months.
1.4.11 announce never reach marc but reach sourceforge archive
1.4.12/1.4.13 announce never reach both
We will see for 1.4.14

[IPCop-Announce] Announce of IPCop 1.4.13 release

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop is a friendly firewall solution protecting  networks running on linux.
It will be geared towards home and SOHO users. Interface is task based.
Hardware requirement could be very minimal and grow with services used.

This release update a few tools due to security issues, fix bugs and update
some
drivers. You are encouraged to update from previous releases as soon as you
can.

IPCop v1.4.13 is released inchanged from 1.4.13rc1.

As usual, this version can be installed as an update from previous v1.4.x
 versions or with a ready-to-go ISO or usb bootable images for a fresh
install.

Update is split in two parts due to space limits on small configurations.
Install the two updates and reboot mandatory.
Kernel-2.4.34 is provided. This kernel update may cause trouble with
unofficial
add-ons not compiled for this kernel.

An iso for alpha is provided again for 1.4.13 release.
It is intended that starting from 1.4.13, alpha version will be released in
the
same timing as i386 version. No update from alpha v1.4.0 version will be
published as the gap is too much important. You would have to backup and
install again.

Files are available on 'IPCop' package at
https://sourceforge.net/project/showfiles.php?group_id=40604

If you want to compile from sources, a new .tgz is supplied that gathered
all
external sources from Ipcop.
You don't need to load that package from sourceforge on your own. On a new
CVS
tree, ./make.sh getothersrc will do that for you and check file integrity
before
to untar all sources packages in cache directory.


md5sums
e24f5723a267c327e2240a34b33f4e72  ipcop-1.4.12-update.i386.tgz.gpg
2e318e3d7aeffa8d208f3d34f23985cd  ipcop-1.4.13-update.i386.tgz.gpg

1136d7089780bb13ef94ee541f535939  ipcop-1.4.13-fcdsl.i386.tgz

760448fcb78fce2fb09eac2d42d99434  ipcop-1.4.13-install-cd.i386.iso
b5804e91a9e6ae60f7a6d078c6c0e852  ipcop-1.4.13-install-pxe.i386.tgz
02a4aecc802bde1cbf98ed1eecabbbc5  ipcop-1.4.13-install-usb-fdd.i386.img.gz
68117aec6bff42ef735d915e0d9858f9  ipcop-1.4.13-install-usb-hdd.i386.img.gz
02c55db115e88f669c39dbcb6984e154  ipcop-1.4.13-install-usb-zip.i386.img.gz

e3b71a0a391f43aa55ea216bfdb9fe08  ipcop-1.4.13-othersrc.tar.bz2
31606992a72fea290ad13e41e7bcda3b  ipcop-1.4.13-othersrc.tar.bz2.md5
a9cc96e2ba0b83b25b6338e00c7c0b15  ipcop-1.4.13-sources.tgz

Three different usb images are available to boot from usb as some bios may
boot
 with one format and not others:
- fdd is an unpartionned usb key
- hdd is partionned like an hard disk
- zip is partionned like a zip (work with real usb zip device too)

- pxe is a package ready to use for pxe boot (instructions inside)

Please report any problems in bug tracking system or on devel list.

Summary of changes
Installation
- fix initrd not build with raid device
- allow to pass parameters on boot line to the installer:
  swapfilesize and lang parameters are implemented
- split the boot information page in three nice pages
- add memtest option on cd or pxe boot
- fix memory requirement on network install. This is now 12MB like with cd
install

Building
- rename big package with all external sources package from source to
othersrc
  name. This is no more an iso, just a tar.bz2 that will be uncompressed on
  cache directory when loaded with ./make.sh getothersrc
- changes files names with $VERSION always in second position to sort in
  http://prdownloads.sourceforge.net/ipcop (SF make this directory no more
  reachable actually)
- backport KVER trick from 1.5 so that we no more need to adjust
src/ROOTFILES
  every time kernel version is upgraded.
- compilation work again on alpha but testing is needed
- rename cache/iptables-fixed to iptables-fixed-for-1.4 to prevent conflict
when same cache is used with both versions
- strace is compiled but not include (could be used in ./make.sh shell or
copied manually)
- exclude blue drivers from drivers.img, this let 250kB free to include new
drivers for install from green card
- kbd gzip files without timestamp, files are smaller and md5 no more vary
at each compilation
  Due to the very small gain, modified files are not include in update (only
on new install)

Add Bulgarian, Catalan and Urdu langs to web interface

Update apache to 1.3.37
Update dhcp to 3.0.5
Update e1000 driver to 7.3.15 (out of kernel version)
Update fcron to 3.0.1, this should allow to reset cron timestamp when the
clock
  is set back from the future.
Update gnupg to 1.4.6 CVE-2006-{6169,6235}, don't link with libusb
Patch gzip for CVE-2006-433{4,5,6,7,8}
Update openssh to 4.5p1 (update sshd_config to listen to IPv4 only with
 'AddressFamily inet')
Update openssl to 0.9.7l CVE-2006-{2937,2940,3738,4339,4343}
Upgrade pulsar driver to 4.0.22 (There is a new function that display line
 speed, snr and attenuation just after sync)
Update rp-pppoe to 3.8 (now pppoe change UID to nobody after start)
Patch tar for CVE-2006-6097 (remove GNUTYPE_NAMES support)
Update tg3 to 3.66d (out of kernel version)
Upgrade unicorn to 0.9.3 (support new pci card)
Add velocityget driver (VIA gigabit driver)
Upgrade wireless_tools to 28
Enable wanpipe with 2.3.4-3 version (S514 should work now with one setting,
 S518 should work in the futur)

Upgrade linux kernel to 2.4.34+Wireless Extension 18
- remove compilation timestamp include in source code of some modules,
- gzip modules without timestamp,
This make everyone that compile same sources to produce exactly same modules
 with same md5

Fix crash in restartsquid depending of vpn configuration SF # 1545498
- writehasharray was allowed to write empty line.

setup
- fix new netcard allocation once an RED ethernet interface has been up.
  RED_DEV interface was not set down by rc.netaddress.down. So rmmod
RED_DRIVER
  fail to unload the driver.
- stop firewall after rc.netaddress.down call to allow start just after

amedynusbadsl
- fix rc.amenynusbadsl start as detection based on 'ADSL USB modem' only
detect
  the modem plugged in and not if the module is loaded or not
- support '103 MADSLU' modem
- remove speedtouch support with this module, this may be confusing

rc.connectioncheck
- refresh ppp/secrets when switching to another profile sf #1557321

rc.netaddress.up rc.network
- shift firewall start from rc.network to rc.netaddress.up to fix SF
#1565164 bug
  This allow to update ORANGE and BLUE specific rules when those interfaces
  are added/removed

rc.red
- fix a warning on atm module cleanup
- on stop, only stop a 'RED is modem' interface when 'RED is modem' is
selected
- add support of wanpipe-serial
- wanpipe-adsl is not yet ready

general-functions.pl
- add 'use Net::SSLeay;' so that addons could call FetchPublicIP
- add NextIP function

aliases.cgi
- fix setaliases when toggling enable/disable button and alias name was
blank
- fix status checkbox on the editing page always enabled from an existing
entry
 (sf #1611456)

connections.cgi
- Give color priority to vpn over red, green, blue, orange.
- fix gre protocol display
Output from ip_conn_track_gre (patch iptables 1.3.5?) changed
by removing some fields (protocol & version).

ddns.cgi
- Support namecheap.com, RegisterFly.com and dnsmadeeasy service providers
- Fix selfhost.de mandatory fields and log message
- make OVH use same code as others and use https

dhcp.vgi
- transmit the hostname to reuse it as a 'comment' in newly created fixed
lease
- enhance the determination for IP address used while importing a fixed
lease
- RFE #1572801, allow all combination of array, record in option definition
- fix : it was possible to update an option definition with a false
definition
- fix : it was possible to add more than one option per option definition.

ids.cgi
- handle error message from rules update
Allow to read the error message when refreshing the rules at a too short
 intervale time. After downloading rules, a delay is instaured before next
 download is open. Display this message that is more explicit (but in
english).

pppsetup.cgi
- add wanpipe-adsl and wanpipe-serial interface
  wanpipe-serial should work with S514

proxy.cgi
- add missing check for LOGGING input
- add an option to allow real separation from BLUE to GREEN when used as
  transparent proxy

shutdown.cgi
On some fast machines, there was not enought time to change to index.cgi
before
 apache has been shut down. Handle that a different way. Start the helper in
 background and make the helper slower than the page to refresh.

status.cgi
- fix disk usage display when the devicename is to long

vpnmain.cgi
- allow more characters in the PSK. Only the single quote cannot be used
 (sf#1556707)

wireless.cgi
Add a pale grey add image to represent disabled state.

All pages
Log when referer is bad on web interface

VPN
- warn 'vpn incompatible use of defaultroute' as local VPN hostname breaks
  Net2Net with PSK sf#1548065
- vpn-watch: --rereadsecrets is necessary with shared keys
- vpn-watch: Handle the case where the 'pipe' had been left alone for some
reason

Nota bene :
IPCop 1.4.11 release nnounce did not reach marc archive system for unknow
reason but is readable on www.ipcop.org or on sourceforge maling list
archive
http://sourceforge.net/mailarchive/forum.php?thread_id=30330058&forum_id=2904

[IPCop-Announce] Announce of IPCop 1.4.11 release

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop v1.4.11 has been released with small changes in ids.cgi, vnpmain.cgi
from  1.4.11rc1.

As usual, this version can be installed as an update from previous v1.4.10
versions or with a ready-to-go ISO for a fresh install.
What is newer is that it could now be installed from usb key (or usb-zib) or
from a pxe package.

To install the update, it is necessary that kernel 2.4.31 is running.
Kernel 2.4.29 is suppressed during the update to let free space for a new
kernel on next release.
Reboot is necessary after the update to use a patched 2.4.31 kernel.

md5sums
1d8a85c96bd5cc69a751c5291410b0c2  ipcop-fcdsl-1.4.11.i386.tgz
0655e93bd948bbe2086cfb30b675a78a  ipcop-install-cd-1.4.11.i386.iso
a3a75d98b13e6d87a93429f512a79967  ipcop-install-pxe-1.4.11.i386.tgz
29b4a1afd0bd6680263e2c487b553036  ipcop-install-usb-fdd-1.4.11.i386.img.gz
c3214288c1988dd413d886fa34d38524  ipcop-install-usb-hdd-1.4.11.i386.img.gz
6cb619eae99b207c773dff677f43697e  ipcop-install-usb-zip-1.4.11.i386.img.gz
4770ba892d5c3564c6905abda76af866  ipcop-sources-1.4.11.tgz
398881cd06240d49eb7da182fd304684  ipcop-packages-cd-1.4.11.i386.iso
1e414e0f27aace4218e5ca305bf2a3b8  ipcop-update-1.4.11.i386.tgz.gpg

Three different usb images are available to boot from usb during install as
some bios may boot with one format and not others:
- fdd is an unpartionned usb key
- hdd is partionned like an hard disk
- zip is partionned like a zip (work with real usb zip device too)

- pxe is a package ready to use for pxe boot (instructions inside)

- packages-cd is a collection of all packages sources used to build i386
version

fcdsl package did not change in 1.4.11 from 1.4.10

Install from an usb device is supported, install to an usb device is not yet
supported
makeflash is still the only supported way to install to a flash memory
connected to an IDE interface.

To copy an usb image to an usb key (minimal size 64 MB), under linux, read
what letter the system give to that key ( cat /proc/partitions | grep sd )
and copy to that device with zcat (the-file) >/dev/sd(letter) without a
partition number. Don't forget the '>' or the output will go to the console.

To copy under Windows, you could uncompress the file and use winimage
(shareware).

If you want to use previous .dat from 'new backup', during install, you
can't restore from floppy or a newer backup.key will be made (rendering old
.dat unusable or you need to replace by hand the backup key).
You have to restore from usb key or http server and supply the backup key
crypted and the backup password used to crypt the key (the file with
backup.<hostname>.key is the key crypted, backup.key is the key not crypted
only available inside IPCop).
During installation, the .dat name used to restore have to be in the form
<hostname>.dat

If you only have backup.key uncrypted copied before 1.4.11 allow a secure
way to export the key, you could crypt the key with
 openssl enc -a -e -aes256 -salt -pass 'pass:<mypassword>' -in
<yourpath>/backup.key -out <yourpath>backup.<hostname>.key

Here is the summary of the too long changes from 1.4.10 to 1.4.11

Web interface
backup.cgi
- new backup supporting usb key, unencrypted backup removed for security
reason
- export of backup.key
 key is crypted wit a 'backup' password needed for reinstall,
 hostname is include in the exported key file
- backup .dat
 now include hostname and the timestamp of the backup
 before to reinstall, remove timestamp to the file name you want to use to
restore
 a comment field is available for each backup
 the comment will be restored on backup upload (if available)
- floppy backup
 display used sized,
 check that backup is not too big
 directly display errors if any (bad floppy)

ddns
- fix typo in local IP network address to fetch real public IP (sf1369617)
- fix GET string during fetch real public IP (sf1396470) and use proxy
settings
- add cjb.net, everydns.net providers and remove hn.org
- move freedns and regfish to https exchanges
- change URL for zoneedit

connections.cgi
- Fix icmp bug (sf1373594)
- add sorting & filtering of the table
- fix minor xhtml compliance issues

dhcp.cgi
- change duplicate dhcp fixed lease detection (Tapani suggestion)
- highlight duplicate MACs
- new option need to be created no space 'code nnn=xyz'
- allow more char in rootpath/filename options (sf1365534)

gui.cgi
- fix minor xhtml compliance issues

ids.cgi
- fix save that erase update signature date
- fix stop of ids in 1.4.11rc1

portfw.cgi
- fix destination range check (sf1226089)

password.cgi
- have an uniform policy in setup and web GUI
  space, ' and " are not allowed
  6 characters password is the minimal length in both interfaces

pppsetup.cgi
- fix minor xhtml compliance issues

proxy.cgi
- use the proxy port number set in web interface
- support squid extension_methods
- add an option to repair the cache
- fix 'flush cache' option

shutdown.cgi
- allow a programmed shutdown/reboot

update.cgi
- include version number in update log message

VPN
- fix minor xhtml compliance issues
- fix CRL dir and filename
- move randfile and cakey.pem out of /var/ipcop/ca to remove warnings (need
to include in upgrade)
- add leftid/rightid parameters to extend interoperability with other peers
- remove 'raw' debug option, not usable (too much data)
- add overridemtu option
- allow %defaultroute as local name for this side of VPN (sf1418529)
- correctly enable creation of Roadwarriors (sf1436828)
- add subjectAltName (rfe sf1365911)
- add a pkcs12 import while creating a connection
- allow use of DN,FQDN,IP for authentication (sf #1418533)
- compression+vhost can work together: disable check
- set compression off by default for better compatibilty
- Fix unneeded test preventing using more than once a cert (sf1171139)
- add aggressive mode option (rfe sf1359865)
- PFS advanced option was not cleared when saving params in basic GUI
- Integrate vpn-watch from Daniel Berlin (used for net-to-net only)
- Fix certificate export with IE and Opera, now the box to register to disk
really open
- Check the subjectaltname field and filter error output
 With access on vpn configuration page controlled by admin password, it
 was possible to include html code in this field
 html code was executed because of error display without filtering of
subjectaltname.


Connection
- fix reconnection done even in manual and pure RED setting
- fix Ping disable option only working correctly with RED interface up (SF
1373822)
- restart squid during rc.updatered (should fix sf1077113)
- allow selection of only pap or only chap with fritzdsl to be effective

Various
- fix 'single' mode booting used for password recovery (sf1349440)
- fix kernel displaying inexistant partitions with unpartionned fat device
 (integrated in 2.4.33)
- fix syslogd and klogd users and start now syslogd as syslogd uid

Building
- support build from precompiled toolchain package
 - to work with very old or brand new distribution
 - to spare build time
 - package available when the building machine is a i586 or a i686
 You can upload the corresponding prebuild toolchain with
./make.sh gettoolchain
 If you want to build your own package, do
./make.sh clean && ./make.sh toolchain
- supply a collection of all needed packages sources used to build in an
.iso
- split compilation log in differents stages log files
- strip from chrooted /tool/strip
- initrd is rebuild every time the installer is more recent
- during compilation, disable ipsec.secrets generation to workaround with a
  kernel >2.6.11.x on the running machine for a potential empty entropy pool
  problem
- at the end, move .iso and *.tgz from build/install to root dir instead of
coyping to save place on disk

Support Latin-2 for rrdtool
Upgraded packages
 - dhcp-3.0.4,
 - dnsmasq-2.33 and remove ipv6 support we don't use,
 - gnupg-1.4.5 and trim unused features,
 - hdparm-6.6 (mainly support ATA7 detection),
 - iana-etc 2.10,
 - iptables-1.3.5,(pool extension no more available,string extension is
reverted to code in v1.3.3)
 - ipac-ng-1.31,
 - libpng-1.2.12,
 - squid-2.5.STABLE14 plus patch,
 - openswan-1.0.10,
 - vlan.1.9. (cosmetic)
Fix openssl compiled previously for 486 (sf bug #1363150)

Add Afrikaans,Gujarati,Japanese,Persian (Farsi),Slovak langages to web
interface and installer

Installation
- support installation from usb key
- support restoration from usb key and network (http/ftp)
- display version on first screen message
- no more need of scsi floppy to support scsi cdrom/disk when not booting
from floppy
- explain 'no echo for password' message
- use syslinux-3.11
- fill URL box with http:// as it may not easy to type : on unmapped
keyboard
- keep the URL in case the file is not found (easier to understand what was
previously wrong)
- Fix SiS965L chipset detection
- Fix mptscsih configuration during install

Please report any problems in IPCop sourceforge bug tracking system or on
devel list.

Gilles