From: Announcement m. f. t. I. project.
<ipc...@li...> - 2007-01-15 23:44:51
|
IPCop is a friendly firewall solution protecting networks running on linux. It will be geared towards home and SOHO users. Interface is task based. Hardware requirement could be very minimal and grow with services used. This release update a few tools due to security issues, fix bugs and update some drivers. You are encouraged to update from previous releases as soon as you can. IPCop v1.4.13 is released inchanged from 1.4.13rc1. As usual, this version can be installed as an update from previous v1.4.x versions or with a ready-to-go ISO or usb bootable images for a fresh install. Update is split in two parts due to space limits on small configurations. Install the two updates and reboot mandatory. Kernel-2.4.34 is provided. This kernel update may cause trouble with unofficial add-ons not compiled for this kernel. An iso for alpha is provided again for 1.4.13 release. It is intended that starting from 1.4.13, alpha version will be released in the same timing as i386 version. No update from alpha v1.4.0 version will be published as the gap is too much important. You would have to backup and install again. Files are available on 'IPCop' package at https://sourceforge.net/project/showfiles.php?group_id=40604 If you want to compile from sources, a new .tgz is supplied that gathered all external sources from Ipcop. You don't need to load that package from sourceforge on your own. On a new CVS tree, ./make.sh getothersrc will do that for you and check file integrity before to untar all sources packages in cache directory. md5sums e24f5723a267c327e2240a34b33f4e72 ipcop-1.4.12-update.i386.tgz.gpg 2e318e3d7aeffa8d208f3d34f23985cd ipcop-1.4.13-update.i386.tgz.gpg 1136d7089780bb13ef94ee541f535939 ipcop-1.4.13-fcdsl.i386.tgz 760448fcb78fce2fb09eac2d42d99434 ipcop-1.4.13-install-cd.i386.iso b5804e91a9e6ae60f7a6d078c6c0e852 ipcop-1.4.13-install-pxe.i386.tgz 02a4aecc802bde1cbf98ed1eecabbbc5 ipcop-1.4.13-install-usb-fdd.i386.img.gz 68117aec6bff42ef735d915e0d9858f9 ipcop-1.4.13-install-usb-hdd.i386.img.gz 02c55db115e88f669c39dbcb6984e154 ipcop-1.4.13-install-usb-zip.i386.img.gz e3b71a0a391f43aa55ea216bfdb9fe08 ipcop-1.4.13-othersrc.tar.bz2 31606992a72fea290ad13e41e7bcda3b ipcop-1.4.13-othersrc.tar.bz2.md5 a9cc96e2ba0b83b25b6338e00c7c0b15 ipcop-1.4.13-sources.tgz Three different usb images are available to boot from usb as some bios may boot with one format and not others: - fdd is an unpartionned usb key - hdd is partionned like an hard disk - zip is partionned like a zip (work with real usb zip device too) - pxe is a package ready to use for pxe boot (instructions inside) Please report any problems in bug tracking system or on devel list. Summary of changes Installation - fix initrd not build with raid device - allow to pass parameters on boot line to the installer: swapfilesize and lang parameters are implemented - split the boot information page in three nice pages - add memtest option on cd or pxe boot - fix memory requirement on network install. This is now 12MB like with cd install Building - rename big package with all external sources package from source to othersrc name. This is no more an iso, just a tar.bz2 that will be uncompressed on cache directory when loaded with ./make.sh getothersrc - changes files names with $VERSION always in second position to sort in http://prdownloads.sourceforge.net/ipcop (SF make this directory no more reachable actually) - backport KVER trick from 1.5 so that we no more need to adjust src/ROOTFILES every time kernel version is upgraded. - compilation work again on alpha but testing is needed - rename cache/iptables-fixed to iptables-fixed-for-1.4 to prevent conflict when same cache is used with both versions - strace is compiled but not include (could be used in ./make.sh shell or copied manually) - exclude blue drivers from drivers.img, this let 250kB free to include new drivers for install from green card - kbd gzip files without timestamp, files are smaller and md5 no more vary at each compilation Due to the very small gain, modified files are not include in update (only on new install) Add Bulgarian, Catalan and Urdu langs to web interface Update apache to 1.3.37 Update dhcp to 3.0.5 Update e1000 driver to 7.3.15 (out of kernel version) Update fcron to 3.0.1, this should allow to reset cron timestamp when the clock is set back from the future. Update gnupg to 1.4.6 CVE-2006-{6169,6235}, don't link with libusb Patch gzip for CVE-2006-433{4,5,6,7,8} Update openssh to 4.5p1 (update sshd_config to listen to IPv4 only with 'AddressFamily inet') Update openssl to 0.9.7l CVE-2006-{2937,2940,3738,4339,4343} Upgrade pulsar driver to 4.0.22 (There is a new function that display line speed, snr and attenuation just after sync) Update rp-pppoe to 3.8 (now pppoe change UID to nobody after start) Patch tar for CVE-2006-6097 (remove GNUTYPE_NAMES support) Update tg3 to 3.66d (out of kernel version) Upgrade unicorn to 0.9.3 (support new pci card) Add velocityget driver (VIA gigabit driver) Upgrade wireless_tools to 28 Enable wanpipe with 2.3.4-3 version (S514 should work now with one setting, S518 should work in the futur) Upgrade linux kernel to 2.4.34+Wireless Extension 18 - remove compilation timestamp include in source code of some modules, - gzip modules without timestamp, This make everyone that compile same sources to produce exactly same modules with same md5 Fix crash in restartsquid depending of vpn configuration SF # 1545498 - writehasharray was allowed to write empty line. setup - fix new netcard allocation once an RED ethernet interface has been up. RED_DEV interface was not set down by rc.netaddress.down. So rmmod RED_DRIVER fail to unload the driver. - stop firewall after rc.netaddress.down call to allow start just after amedynusbadsl - fix rc.amenynusbadsl start as detection based on 'ADSL USB modem' only detect the modem plugged in and not if the module is loaded or not - support '103 MADSLU' modem - remove speedtouch support with this module, this may be confusing rc.connectioncheck - refresh ppp/secrets when switching to another profile sf #1557321 rc.netaddress.up rc.network - shift firewall start from rc.network to rc.netaddress.up to fix SF #1565164 bug This allow to update ORANGE and BLUE specific rules when those interfaces are added/removed rc.red - fix a warning on atm module cleanup - on stop, only stop a 'RED is modem' interface when 'RED is modem' is selected - add support of wanpipe-serial - wanpipe-adsl is not yet ready general-functions.pl - add 'use Net::SSLeay;' so that addons could call FetchPublicIP - add NextIP function aliases.cgi - fix setaliases when toggling enable/disable button and alias name was blank - fix status checkbox on the editing page always enabled from an existing entry (sf #1611456) connections.cgi - Give color priority to vpn over red, green, blue, orange. - fix gre protocol display Output from ip_conn_track_gre (patch iptables 1.3.5?) changed by removing some fields (protocol & version). ddns.cgi - Support namecheap.com, RegisterFly.com and dnsmadeeasy service providers - Fix selfhost.de mandatory fields and log message - make OVH use same code as others and use https dhcp.vgi - transmit the hostname to reuse it as a 'comment' in newly created fixed lease - enhance the determination for IP address used while importing a fixed lease - RFE #1572801, allow all combination of array, record in option definition - fix : it was possible to update an option definition with a false definition - fix : it was possible to add more than one option per option definition. ids.cgi - handle error message from rules update Allow to read the error message when refreshing the rules at a too short intervale time. After downloading rules, a delay is instaured before next download is open. Display this message that is more explicit (but in english). pppsetup.cgi - add wanpipe-adsl and wanpipe-serial interface wanpipe-serial should work with S514 proxy.cgi - add missing check for LOGGING input - add an option to allow real separation from BLUE to GREEN when used as transparent proxy shutdown.cgi On some fast machines, there was not enought time to change to index.cgi before apache has been shut down. Handle that a different way. Start the helper in background and make the helper slower than the page to refresh. status.cgi - fix disk usage display when the devicename is to long vpnmain.cgi - allow more characters in the PSK. Only the single quote cannot be used (sf#1556707) wireless.cgi Add a pale grey add image to represent disabled state. All pages Log when referer is bad on web interface VPN - warn 'vpn incompatible use of defaultroute' as local VPN hostname breaks Net2Net with PSK sf#1548065 - vpn-watch: --rereadsecrets is necessary with shared keys - vpn-watch: Handle the case where the 'pipe' had been left alone for some reason Nota bene : IPCop 1.4.11 release nnounce did not reach marc archive system for unknow reason but is readable on www.ipcop.org or on sourceforge maling list archive http://sourceforge.net/mailarchive/forum.php?thread_id=30330058&forum_id=2904 |