[IPCop-Announce] Announce of IPCop 1.4.13 release

[Announcement m. f. t. I. project. <ipc...@li...>]

IPCop is a friendly firewall solution protecting  networks running on linux.
It will be geared towards home and SOHO users. Interface is task based.
Hardware requirement could be very minimal and grow with services used.

This release update a few tools due to security issues, fix bugs and update
some
drivers. You are encouraged to update from previous releases as soon as you
can.

IPCop v1.4.13 is released inchanged from 1.4.13rc1.

As usual, this version can be installed as an update from previous v1.4.x
 versions or with a ready-to-go ISO or usb bootable images for a fresh
install.

Update is split in two parts due to space limits on small configurations.
Install the two updates and reboot mandatory.
Kernel-2.4.34 is provided. This kernel update may cause trouble with
unofficial
add-ons not compiled for this kernel.

An iso for alpha is provided again for 1.4.13 release.
It is intended that starting from 1.4.13, alpha version will be released in
the
same timing as i386 version. No update from alpha v1.4.0 version will be
published as the gap is too much important. You would have to backup and
install again.

Files are available on 'IPCop' package at
https://sourceforge.net/project/showfiles.php?group_id=40604

If you want to compile from sources, a new .tgz is supplied that gathered
all
external sources from Ipcop.
You don't need to load that package from sourceforge on your own. On a new
CVS
tree, ./make.sh getothersrc will do that for you and check file integrity
before
to untar all sources packages in cache directory.


md5sums
e24f5723a267c327e2240a34b33f4e72  ipcop-1.4.12-update.i386.tgz.gpg
2e318e3d7aeffa8d208f3d34f23985cd  ipcop-1.4.13-update.i386.tgz.gpg

1136d7089780bb13ef94ee541f535939  ipcop-1.4.13-fcdsl.i386.tgz

760448fcb78fce2fb09eac2d42d99434  ipcop-1.4.13-install-cd.i386.iso
b5804e91a9e6ae60f7a6d078c6c0e852  ipcop-1.4.13-install-pxe.i386.tgz
02a4aecc802bde1cbf98ed1eecabbbc5  ipcop-1.4.13-install-usb-fdd.i386.img.gz
68117aec6bff42ef735d915e0d9858f9  ipcop-1.4.13-install-usb-hdd.i386.img.gz
02c55db115e88f669c39dbcb6984e154  ipcop-1.4.13-install-usb-zip.i386.img.gz

e3b71a0a391f43aa55ea216bfdb9fe08  ipcop-1.4.13-othersrc.tar.bz2
31606992a72fea290ad13e41e7bcda3b  ipcop-1.4.13-othersrc.tar.bz2.md5
a9cc96e2ba0b83b25b6338e00c7c0b15  ipcop-1.4.13-sources.tgz

Three different usb images are available to boot from usb as some bios may
boot
 with one format and not others:
- fdd is an unpartionned usb key
- hdd is partionned like an hard disk
- zip is partionned like a zip (work with real usb zip device too)

- pxe is a package ready to use for pxe boot (instructions inside)

Please report any problems in bug tracking system or on devel list.

Summary of changes
Installation
- fix initrd not build with raid device
- allow to pass parameters on boot line to the installer:
  swapfilesize and lang parameters are implemented
- split the boot information page in three nice pages
- add memtest option on cd or pxe boot
- fix memory requirement on network install. This is now 12MB like with cd
install

Building
- rename big package with all external sources package from source to
othersrc
  name. This is no more an iso, just a tar.bz2 that will be uncompressed on
  cache directory when loaded with ./make.sh getothersrc
- changes files names with $VERSION always in second position to sort in
  http://prdownloads.sourceforge.net/ipcop (SF make this directory no more
  reachable actually)
- backport KVER trick from 1.5 so that we no more need to adjust
src/ROOTFILES
  every time kernel version is upgraded.
- compilation work again on alpha but testing is needed
- rename cache/iptables-fixed to iptables-fixed-for-1.4 to prevent conflict
when same cache is used with both versions
- strace is compiled but not include (could be used in ./make.sh shell or
copied manually)
- exclude blue drivers from drivers.img, this let 250kB free to include new
drivers for install from green card
- kbd gzip files without timestamp, files are smaller and md5 no more vary
at each compilation
  Due to the very small gain, modified files are not include in update (only
on new install)

Add Bulgarian, Catalan and Urdu langs to web interface

Update apache to 1.3.37
Update dhcp to 3.0.5
Update e1000 driver to 7.3.15 (out of kernel version)
Update fcron to 3.0.1, this should allow to reset cron timestamp when the
clock
  is set back from the future.
Update gnupg to 1.4.6 CVE-2006-{6169,6235}, don't link with libusb
Patch gzip for CVE-2006-433{4,5,6,7,8}
Update openssh to 4.5p1 (update sshd_config to listen to IPv4 only with
 'AddressFamily inet')
Update openssl to 0.9.7l CVE-2006-{2937,2940,3738,4339,4343}
Upgrade pulsar driver to 4.0.22 (There is a new function that display line
 speed, snr and attenuation just after sync)
Update rp-pppoe to 3.8 (now pppoe change UID to nobody after start)
Patch tar for CVE-2006-6097 (remove GNUTYPE_NAMES support)
Update tg3 to 3.66d (out of kernel version)
Upgrade unicorn to 0.9.3 (support new pci card)
Add velocityget driver (VIA gigabit driver)
Upgrade wireless_tools to 28
Enable wanpipe with 2.3.4-3 version (S514 should work now with one setting,
 S518 should work in the futur)

Upgrade linux kernel to 2.4.34+Wireless Extension 18
- remove compilation timestamp include in source code of some modules,
- gzip modules without timestamp,
This make everyone that compile same sources to produce exactly same modules
 with same md5

Fix crash in restartsquid depending of vpn configuration SF # 1545498
- writehasharray was allowed to write empty line.

setup
- fix new netcard allocation once an RED ethernet interface has been up.
  RED_DEV interface was not set down by rc.netaddress.down. So rmmod
RED_DRIVER
  fail to unload the driver.
- stop firewall after rc.netaddress.down call to allow start just after

amedynusbadsl
- fix rc.amenynusbadsl start as detection based on 'ADSL USB modem' only
detect
  the modem plugged in and not if the module is loaded or not
- support '103 MADSLU' modem
- remove speedtouch support with this module, this may be confusing

rc.connectioncheck
- refresh ppp/secrets when switching to another profile sf #1557321

rc.netaddress.up rc.network
- shift firewall start from rc.network to rc.netaddress.up to fix SF
#1565164 bug
  This allow to update ORANGE and BLUE specific rules when those interfaces
  are added/removed

rc.red
- fix a warning on atm module cleanup
- on stop, only stop a 'RED is modem' interface when 'RED is modem' is
selected
- add support of wanpipe-serial
- wanpipe-adsl is not yet ready

general-functions.pl
- add 'use Net::SSLeay;' so that addons could call FetchPublicIP
- add NextIP function

aliases.cgi
- fix setaliases when toggling enable/disable button and alias name was
blank
- fix status checkbox on the editing page always enabled from an existing
entry
 (sf #1611456)

connections.cgi
- Give color priority to vpn over red, green, blue, orange.
- fix gre protocol display
Output from ip_conn_track_gre (patch iptables 1.3.5?) changed
by removing some fields (protocol & version).

ddns.cgi
- Support namecheap.com, RegisterFly.com and dnsmadeeasy service providers
- Fix selfhost.de mandatory fields and log message
- make OVH use same code as others and use https

dhcp.vgi
- transmit the hostname to reuse it as a 'comment' in newly created fixed
lease
- enhance the determination for IP address used while importing a fixed
lease
- RFE #1572801, allow all combination of array, record in option definition
- fix : it was possible to update an option definition with a false
definition
- fix : it was possible to add more than one option per option definition.

ids.cgi
- handle error message from rules update
Allow to read the error message when refreshing the rules at a too short
 intervale time. After downloading rules, a delay is instaured before next
 download is open. Display this message that is more explicit (but in
english).

pppsetup.cgi
- add wanpipe-adsl and wanpipe-serial interface
  wanpipe-serial should work with S514

proxy.cgi
- add missing check for LOGGING input
- add an option to allow real separation from BLUE to GREEN when used as
  transparent proxy

shutdown.cgi
On some fast machines, there was not enought time to change to index.cgi
before
 apache has been shut down. Handle that a different way. Start the helper in
 background and make the helper slower than the page to refresh.

status.cgi
- fix disk usage display when the devicename is to long

vpnmain.cgi
- allow more characters in the PSK. Only the single quote cannot be used
 (sf#1556707)

wireless.cgi
Add a pale grey add image to represent disabled state.

All pages
Log when referer is bad on web interface

VPN
- warn 'vpn incompatible use of defaultroute' as local VPN hostname breaks
  Net2Net with PSK sf#1548065
- vpn-watch: --rereadsecrets is necessary with shared keys
- vpn-watch: Handle the case where the 'pipe' had been left alone for some
reason

Nota bene :
IPCop 1.4.11 release nnounce did not reach marc archive system for unknow
reason but is readable on www.ipcop.org or on sourceforge maling list
archive
http://sourceforge.net/mailarchive/forum.php?thread_id=30330058&forum_id=2904