LanTian 发表于 2007-12-6 10:46:14

IPCop 1.4.18发布

Update is splitted in two part to accomodate free space limitation related to the numerous new packages added since the recent releases.
A way to recover some free spaces has been created, allowing to select one of the two 'kernel type' installed ( monoprocessor or smp kernel).
After 1.4.17 installation, Use the 'Refresh update list' button to see the new update page. If you see a red section on disk usage, you need to select a 'kernel type'. That will free space on /dev/root and /boot partitions. On next reboot, you will need to select again the kernel on the grub boot menu if another line than the first was selected.
Limit for red warning is 20 MB free on /dev/root and 1 MB on /boot.
Any scsi disk with two kernel versions (2.4.31 and 2.4.34) and 2 kernel types has filled the /boot partition. Starting from 1.4.18, /boot partition size will be increased from 8 to 10 MB.

Some changes has been introduced since rc2 related to ntp (fix ntp user with ntpdate), squid upgraded to 2.6.STABLE17, timezone upgraded to tzdata2007i, snort rules permissions again.
If you have installed 1.4.17rc / 1.4.18rc2, you need now to apply finale 1.4.18 update to take the last changes and you could now do that from web interface.

Most of the work made on 1.4.17 / 1.4.18 are bug fixes and update interface changes.

As usual, this version can be installed as an update from previous v1.4.x versions or with a ready-to-go ISO or usb bootable images for a fresh install.

Please report any problems in bug tracking system or on devel list.
You have to subscribe on all ipcop lists to be allowed to send messages.

On system log, update section no more work.
Change in home/httpd/cgi-bin/logs.cgi/log.dat
'installpackage' => '(installpackage\[.*\])'
to be
'installpackage' => '(installpackage)'

By design, the last update could now always be reinstalled. So check on top left the version displayed instead of attempting to install again.

Files are available on 'IPCop' package at Sourceforge

For 386 machines
a19b781eff5923168f0a73736d3a0e33 ipcop-1.4.17-update.i386.tgz.gpg
268aa583a8adf763468b4dad179c3423 ipcop-1.4.18-update.i386.tgz.gpg
Replace fcdsl package (same content)
2d95c6a0c5f78ab3c5e0e55f4494f25f ipcop-avmdrv-2.4.34-1.i386.tgz.gpg

fbef594fa8912a46f15854e4f8214a2d ipcop-1.4.18-install-cd.i386.iso
eebee4b26c02367df0cb11338699bf47 ipcop-1.4.18-install-pxe.i386.tgz
bfa3639917c5de9760f947e44d7f879b ipcop-1.4.18-install-usb-fdd.i386.img.gz
c2f93fd2a2110c6f15ad796c0436bbc3 ipcop-1.4.18-install-usb-hdd.i386.img.gz
8109dfcc6863c9b867eeb6f2fcc620b2 ipcop-1.4.18-install-usb-zip.i386.img.gz


For alpha machines
6a4a610e3ab07815e7ec26f11b3d1888 ipcop-1.4.17-update.alpha.tgz.gpg
e0e781d30acea9e6dfb4d65a2fd5e182 ipcop-1.4.18-update.alpha.tgz.gpg

0065045ed4983fad364d4559e091679c ipcop-1.4.18-install-cd.alpha.iso

IPCop sources
ae952b2c119c49324e34bc1bbe19d837 ipcop-1.4.18-sources.tgz
External sources packages (needed only if you want to compile from sources)
5084a2025a0036ce145385a0758355e0 ipcop-1.4.18-othersrc.tar.bz2
f454a07ccf4afc783f24819347910572 ipcop-1.4.18-othersrc.tar.bz2.md5   
Changes summary

Upgrade
- apache-1.3.39 CVE-2007-3304
- e1000 to 7.6.12
- eciadsl-0.12
- ethtool-6
- dhcp to 3.0.6
- libpcap to 0.9.7
- tcpdump to 3.9.7 CVE-2007-3798
- ntp to 4.2.4p4
- openssh to 4.6p1
- openssl to 0.9.7m CVE2007-5135
- pcre-7.4 CVE-2007-16{59,60,61,62}, CVE-2007-47{66,67,68}
- r1000 to 1.07 (support RTL8168CP)
- squid-2.6.STABLE17 (fix access to some http server)
- tzdata2007i (updated timezone)
- wanpipe to 2.3.4-3

Restore previous e100 version include in kernel (with e100 name)
Add e100-3.5.17 under e100new name (fix previous problem with 3.5.14) and
should work better with vlan.
Both e100 and e100new are available from setup menu

New drivers
- 3w-9xxx scsi driver for 95xx chip
- bnx2 v1.5.10c (Broadcom NetXtreme II)
- (patched) usbserial kernel module for 3G modems
Some manual hacking still needed.
Better integration should be include on next release.

dhcp.cgi
Self defined options weren't anymore usable, not recognized as options but
as parameters. Change the test to determine that correctly.

dynsdns
- add dyndns providers editdns.net and strato.com
- write a new state file in /var/log/dyndns for fetch IP.
Used in index.cgi and for fetch IP wait counter.
Counter is not longer in settings file to avoid writes on CF systems.

fcdsl package
- name changed to avmdrv name
name include the kernel version wich need to run during install and a
revision number that will be increased on each release against the same
kernel.
Package now install from update page and is signed with gpg.
Previous way to install is still there and will be removed on 1.4.19
Content of package is unchanged from 1.4.13

floppy backup
- test available size on harddisk before to test backup size
- Fix ipcopbackup when floppy controller is not disabled on mainboard
and you attempt to use usb floppy. As a side effect, this will make
ipcopbackup work on the second floppy of a mainboard if the first floppy
has no media inserted.

gui.cgi
check WINDOWWITHHOSTNAME and REFRESHINDEX values range
Include /etc/issue in initrd
This allow to clean up libsmooth from SLOGAN and VERSION

header.pl
validator.w3.org now want


kernel 2.4.34
- fix atm module when clip is not loaded CVE2007-5087
- patch ppp_async to fix failure during usage with 3G modems

ntp
- fix missing patch at ntpdate to drop root to ntp user

setreservedport
- read now ssh port value instead of always using 222

rc.red
- rc.red now return an error in case a bad argument has been used instead of
returning every time 0
- fix default route not removed on setting change from web interface
Main problem should have been with static IP and another default route
defined but not used because the first default route set has not been
removed.

rc.updatered
- more efficient locking system with dhcp client sending up and new in mostly
same time as down resulting sometime in interface down at the end

setup
- setup really has no more VERSION include during compilation
VERSION appear previously on some windows title
- NIC attribution
During card attribution, led card will blink (if supported by the card/ethtool)

snort
Fix web-misc.rules rights on 1.4.16 fresh install
Fix the 255 snort failure message when restarting orange interface.
Fix URL to load rules for snort-2.6 as finally a 2.6 branch has been created
Fix /etc/snort/rules rights on fresh install

update.cgi and installpackage
- allow to select a kernel type (monoprocessor/smp) to recover free space on
rootfs 'small disk) or /boot partitions (scsi disk).
Selecting a kernel type will be needed to install 1.4.19 update :
* when available space on root partition is less than 20 MB
* when a scsi disk is installed because /boot partition is too small
No problem to keep monoprocessor and smp kernels on bigger and non scsi disks
- warn for low free space on /dev/root and /boot with a red section
- check available size on disk before untarring
On low space disk, this prevent to partially only rewrite any updated file
(this could have broken any updated file)
- use sync on various step of unpackaging to be really able to use freed space.
- change the update installation to be in 2 step
* first step, update is loaded and checked, information and signature are
displayed
* second step, update is installed
- allow to apply same package more than once.
This is intended to ease life of rc tester, so they could apply final update
if a change happen bewteen rc and official release.
- installed updated are displayed on reverse order (most recent on top)
- you could now directly download a _published_ update from sourceforge
This workaround the problem with Firefox, a gpg file and Sourceforge.

VPN
ipsecctrl
Fix some memory not freed
Allow start and stop of ipsec on call with the syntax
S connection-number
D connection-number
when it is the first (S) or last (D)

vpn-watch
- fix due to bind-9.4.0 upgrade (add -t A to retrieve only A records)

wanpipe
- workaround the unresolved symbols when this protocol selection is used
--protocol=PPP,CHDLC,ADSL by enabling all protocols

Various
- add a script that properly allow to replace NIC drivers live without
rebooting : setting network down, reloading drivers and setting network up.
- add a script that allow to restart apache from the GUI without a blank page


Compilation
- hack some packages code so the compilation timestamp is the release date
This result that every person compiling has same same md5 for apache, eciadsl,
python
- stop on depmod error (that had happen with wanpipe)

Installer
- now on http/ftp install using 'probe' button allow to skip the NIC found and
probe again. This is important as this NIC will be green/eth0 and code
actually does not allow to reaffect the green card.

Installation on flash disk
Use last Mario Zimmermann changes
- work on 2 and 4 GB disks
- shift graphs on ram disk to minimize write on disk

出来转转 发表于 2007-12-9 21:31:03

兄弟动作还真快, 昨天我才在SF发现的。呵呵谢谢推广。顶起!

edchild 发表于 2007-12-12 20:53:07

IPCOP在性能和稳定性方面是一流的

就是防火墙功能没有达到我的要求

而且安装插件时,比较多的情况下是不兼容的

mazz66 发表于 2008-1-28 18:29:14

用了几天了 正在看看
页: [1]
查看完整版本: IPCop 1.4.18发布