'[IPCop-Announce] Announce of IPCop 1.4.11 release'


List:       ipcop-announce
Subject:    [IPCop-Announce] Announce of IPCop 1.4.11 release
From:       "Announcement mailinglist for the IPCop project." <ipcop-announce () lists ! sourcefo
Date:       2006-08-23 22:22:06
Message-ID: 072a01c6c702$91d7aa50$f9b5a8c0 () pii350
[Download RAW message or body]

IPCop v1.4.11 has been released with small changes in ids.cgi, vnpmain.cgi
from  1.4.11rc1.

As usual, this version can be installed as an update from previous v1.4.10
versions or with a ready-to-go ISO for a fresh install.
What is newer is that it could now be installed from usb key (or usb-zib) or
from a pxe package.

To install the update, it is necessary that kernel 2.4.31 is running.
Kernel 2.4.29 is suppressed during the update to let free space for a new
kernel on next release.
Reboot is necessary after the update to use a patched 2.4.31 kernel.

md5sums
1d8a85c96bd5cc69a751c5291410b0c2  ipcop-fcdsl-1.4.11.i386.tgz
0655e93bd948bbe2086cfb30b675a78a  ipcop-install-cd-1.4.11.i386.iso
a3a75d98b13e6d87a93429f512a79967  ipcop-install-pxe-1.4.11.i386.tgz
29b4a1afd0bd6680263e2c487b553036  ipcop-install-usb-fdd-1.4.11.i386.img.gz
c3214288c1988dd413d886fa34d38524  ipcop-install-usb-hdd-1.4.11.i386.img.gz
6cb619eae99b207c773dff677f43697e  ipcop-install-usb-zip-1.4.11.i386.img.gz
4770ba892d5c3564c6905abda76af866  ipcop-sources-1.4.11.tgz
398881cd06240d49eb7da182fd304684  ipcop-packages-cd-1.4.11.i386.iso
1e414e0f27aace4218e5ca305bf2a3b8  ipcop-update-1.4.11.i386.tgz.gpg

Three different usb images are available to boot from usb during install as
some bios may boot with one format and not others:
- fdd is an unpartionned usb key
- hdd is partionned like an hard disk
- zip is partionned like a zip (work with real usb zip device too)

- pxe is a package ready to use for pxe boot (instructions inside)

- packages-cd is a collection of all packages sources used to build i386
version

fcdsl package did not change in 1.4.11 from 1.4.10

Install from an usb device is supported, install to an usb device is not yet
supported
makeflash is still the only supported way to install to a flash memory
connected to an IDE interface.

To copy an usb image to an usb key (minimal size 64 MB), under linux, read
what letter the system give to that key ( cat /proc/partitions | grep sd )
and copy to that device with zcat (the-file) >/dev/sd(letter) without a
partition number. Don't forget the '>' or the output will go to the console.

To copy under Windows, you could uncompress the file and use winimage
(shareware).

If you want to use previous .dat from 'new backup', during install, you
can't restore from floppy or a newer backup.key will be made (rendering old
.dat unusable or you need to replace by hand the backup key).
You have to restore from usb key or http server and supply the backup key
crypted and the backup password used to crypt the key (the file with
backup.<hostname>.key is the key crypted, backup.key is the key not crypted
only available inside IPCop).
During installation, the .dat name used to restore have to be in the form
<hostname>.dat

If you only have backup.key uncrypted copied before 1.4.11 allow a secure
way to export the key, you could crypt the key with
 openssl enc -a -e -aes256 -salt -pass 'pass:<mypassword>' -in
<yourpath>/backup.key -out <yourpath>backup.<hostname>.key

Here is the summary of the too long changes from 1.4.10 to 1.4.11

Web interface
backup.cgi
- new backup supporting usb key, unencrypted backup removed for security
reason
- export of backup.key
 key is crypted wit a 'backup' password needed for reinstall,
 hostname is include in the exported key file
- backup .dat
 now include hostname and the timestamp of the backup
 before to reinstall, remove timestamp to the file name you want to use to
restore
 a comment field is available for each backup
 the comment will be restored on backup upload (if available)
- floppy backup
 display used sized,
 check that backup is not too big
 directly display errors if any (bad floppy)

ddns
- fix typo in local IP network address to fetch real public IP (sf1369617)
- fix GET string during fetch real public IP (sf1396470) and use proxy
settings
- add cjb.net, everydns.net providers and remove hn.org
- move freedns and regfish to https exchanges
- change URL for zoneedit

connections.cgi
- Fix icmp bug (sf1373594)
- add sorting & filtering of the table
- fix minor xhtml compliance issues

dhcp.cgi
- change duplicate dhcp fixed lease detection (Tapani suggestion)
- highlight duplicate MACs
- new option need to be created no space 'code nnn=xyz'
- allow more char in rootpath/filename options (sf1365534)

gui.cgi
- fix minor xhtml compliance issues

ids.cgi
- fix save that erase update signature date
- fix stop of ids in 1.4.11rc1

portfw.cgi
- fix destination range check (sf1226089)

password.cgi
- have an uniform policy in setup and web GUI
  space, ' and " are not allowed
  6 characters password is the minimal length in both interfaces

pppsetup.cgi
- fix minor xhtml compliance issues

proxy.cgi
- use the proxy port number set in web interface
- support squid extension_methods
- add an option to repair the cache
- fix 'flush cache' option

shutdown.cgi
- allow a programmed shutdown/reboot

update.cgi
- include version number in update log message

VPN
- fix minor xhtml compliance issues
- fix CRL dir and filename
- move randfile and cakey.pem out of /var/ipcop/ca to remove warnings (need
to include in upgrade)
- add leftid/rightid parameters to extend interoperability with other peers
- remove 'raw' debug option, not usable (too much data)
- add overridemtu option
- allow %defaultroute as local name for this side of VPN (sf1418529)
- correctly enable creation of Roadwarriors (sf1436828)
- add subjectAltName (rfe sf1365911)
- add a pkcs12 import while creating a connection
- allow use of DN,FQDN,IP for authentication (sf #1418533)
- compression+vhost can work together: disable check
- set compression off by default for better compatibilty
- Fix unneeded test preventing using more than once a cert (sf1171139)
- add aggressive mode option (rfe sf1359865)
- PFS advanced option was not cleared when saving params in basic GUI
- Integrate vpn-watch from Daniel Berlin (used for net-to-net only)
- Fix certificate export with IE and Opera, now the box to register to disk
really open
- Check the subjectaltname field and filter error output
 With access on vpn configuration page controlled by admin password, it
 was possible to include html code in this field
 html code was executed because of error display without filtering of
subjectaltname.


Connection
- fix reconnection done even in manual and pure RED setting
- fix Ping disable option only working correctly with RED interface up (SF
1373822)
- restart squid during rc.updatered (should fix sf1077113)
- allow selection of only pap or only chap with fritzdsl to be effective

Various
- fix 'single' mode booting used for password recovery (sf1349440)
- fix kernel displaying inexistant partitions with unpartionned fat device
 (integrated in 2.4.33)
- fix syslogd and klogd users and start now syslogd as syslogd uid

Building
- support build from precompiled toolchain package
 - to work with very old or brand new distribution
 - to spare build time
 - package available when the building machine is a i586 or a i686
 You can upload the corresponding prebuild toolchain with
./make.sh gettoolchain
 If you want to build your own package, do
./make.sh clean && ./make.sh toolchain
- supply a collection of all needed packages sources used to build in an
.iso
- split compilation log in differents stages log files
- strip from chrooted /tool/strip
- initrd is rebuild every time the installer is more recent
- during compilation, disable ipsec.secrets generation to workaround with a
  kernel >2.6.11.x on the running machine for a potential empty entropy pool
  problem
- at the end, move .iso and *.tgz from build/install to root dir instead of
coyping to save place on disk

Support Latin-2 for rrdtool
Upgraded packages
 - dhcp-3.0.4,
 - dnsmasq-2.33 and remove ipv6 support we don't use,
 - gnupg-1.4.5 and trim unused features,
 - hdparm-6.6 (mainly support ATA7 detection),
 - iana-etc 2.10,
 - iptables-1.3.5,(pool extension no more available,string extension is
reverted to code in v1.3.3)
 - ipac-ng-1.31,
 - libpng-1.2.12,
 - squid-2.5.STABLE14 plus patch,
 - openswan-1.0.10,
 - vlan.1.9. (cosmetic)
Fix openssl compiled previously for 486 (sf bug #1363150)

Add Afrikaans,Gujarati,Japanese,Persian (Farsi),Slovak langages to web
interface and installer

Installation
- support installation from usb key
- support restoration from usb key and network (http/ftp)
- display version on first screen message
- no more need of scsi floppy to support scsi cdrom/disk when not booting
from floppy
- explain 'no echo for password' message
- use syslinux-3.11
- fill URL box with http:// as it may not easy to type : on unmapped
keyboard
- keep the URL in case the file is not found (easier to understand what was
previously wrong)
- Fix SiS965L chipset detection
- Fix mptscsih configuration during install

Please report any problems in IPCop sourceforge bug tracking system or on
devel list.

Gilles


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
IPCop-Announce mailing list
IPCop-Announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-announce
Configure | About | News | Add a list | Sponsored by KoreLogic