aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/lightsquid/lightsquid.xml4
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php2
-rw-r--r--config/pfblockerng/pfblockerng.inc99
-rwxr-xr-xconfig/postfix/postfix_queue.php2
-rwxr-xr-xconfig/sarg/sarg_realtime.php2
-rw-r--r--config/siproxd.inc1
-rw-r--r--config/siproxd.xml2
-rwxr-xr-xconfig/snort/snort.inc2
-rwxr-xr-xconfig/snort/snort.xml2
-rwxr-xr-xconfig/squid3/34/squid.inc138
-rw-r--r--config/squid3/34/squid.xml7
-rwxr-xr-xconfig/squid3/34/squid_antivirus.xml1
-rw-r--r--config/squid3/34/squid_clwarn.php95
-rw-r--r--config/squidGuard-devel/squidguard_configurator.inc6
-rw-r--r--config/squidGuard/squidguard.xml2
-rw-r--r--config/squidGuard/squidguard_configurator.inc60
-rw-r--r--config/suricata/suricata_global.php4
-rw-r--r--config/systempatches/system_patches.php2
-rw-r--r--config/systempatches/systempatches.xml2
19 files changed, 328 insertions, 105 deletions
diff --git a/config/lightsquid/lightsquid.xml b/config/lightsquid/lightsquid.xml
index 203cff68..8b5b9ae9 100644
--- a/config/lightsquid/lightsquid.xml
+++ b/config/lightsquid/lightsquid.xml
@@ -186,8 +186,8 @@
<input type="submit" name="Submit" value="Refresh full">
<br> Press button for start background refresh (this take some time).
<br> <span style="color: rgb(153, 51, 0);"> Note after installation:
- <br> On the first - enable log in squid package with "/var/squid/logs" path.
- <br> On the second - press Refresh button for create lightsquid reports, else you will have error diagnostic page.</span>
+ <br> Firstly - enable log in squid package with "/var/squid/logs" path.
+ <br> Secondly - press Refresh button to create lightsquid reports, else you will have an error diagnostic page.</span>
</description>
<type>select</type>
<value>lhp_none</value>
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 12ce01d0..8703d2da 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -601,7 +601,7 @@ function useproxy_changed(obj) {
<td width="78%" class="vtable">
<select name="server" id="server" class="formselect" onchange="server_changed()">
<?php foreach($ras_server as & $server): ?>
- <option value="<?=$server['sindex'];?>"><?=$server['name'];?></option>
+ <option value="<?=$server['index'];?>"><?=$server['name'];?></option>
<?php endforeach; ?>
</select>
</td>
diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc
index bc2ccfe1..86052f6b 100644
--- a/config/pfblockerng/pfblockerng.inc
+++ b/config/pfblockerng/pfblockerng.inc
@@ -240,6 +240,101 @@ function pfb_create_suppression_file() {
}
+// IPv6 Range to CIDR function used courtesey from:
+// https://github.com/stilez/pfsense-leases/blob/50cc0fa81dba5fe91bcddaea016c245d1b8479cc/etc/inc/util.inc
+function ip_range_to_subnet_array_temp2($ip1, $ip2) {
+
+ if (is_ipaddrv4($ip1) && is_ipaddrv4($ip2)) {
+ $proto = 'ipv4'; // for clarity
+ $bits = 32;
+ $ip1bin = decbin(ip2long32($ip1));
+ $ip2bin = decbin(ip2long32($ip2));
+ } elseif (is_ipaddrv6($ip1) && is_ipaddrv6($ip2)) {
+ $proto = 'ipv6';
+ $bits = 128;
+ $ip1bin = Net_IPv6::_ip2Bin($ip1);
+ $ip2bin = Net_IPv6::_ip2Bin($ip2);
+ } else
+ return array();
+
+ // it's *crucial* that binary strings are guaranteed the expected length; do this for certainty even though for IPv6 it's redundant
+ $ip1bin = str_pad($ip1bin, $bits, '0', STR_PAD_LEFT);
+ $ip2bin = str_pad($ip2bin, $bits, '0', STR_PAD_LEFT);
+
+ if ($ip1bin === $ip2bin)
+ return array($ip1 . '/' . $bits);
+
+ if (strcmp($ip1bin, $ip2bin) > 0)
+ list ($ip1bin, $ip2bin) = array($ip2bin, $ip1bin); // swap contents of ip1 <= ip2
+
+ $rangesubnets = array();
+ $netsize = 0;
+
+ do {
+ // at loop start, $ip1 is guaranteed strictly less than $ip2 (important for edge case trapping and preventing accidental binary wrapround)
+ // which means the assignments $ip1 += 1 and $ip2 -= 1 will always be "binary-wrapround-safe"
+
+ // step #1 if start ip (as shifted) ends in any '1's, then it must have a single cidr to itself (any cidr would include the '0' below it)
+
+ if (substr($ip1bin, -1, 1) == '1') {
+ // the start ip must be in a separate one-IP cidr range
+ $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize);
+ $rangesubnets[$new_subnet_ip] = $bits - $netsize;
+ $n = strrpos($ip1bin, '0'); //can't be all 1's
+ $ip1bin = ($n == 0 ? '' : substr($ip1bin, 0, $n)) . '1' . str_repeat('0', $bits - $n - 1); // BINARY VERSION OF $ip1 += 1
+ }
+
+ // step #2, if end ip (as shifted) ends in any zeros then that must have a cidr to itself (as cidr cant span the 1->0 gap)
+
+ if (substr($ip2bin, -1, 1) == '0') {
+ // the end ip must be in a separate one-IP cidr range
+ $new_subnet_ip = substr($ip2bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize);
+ $rangesubnets[$new_subnet_ip] = $bits - $netsize;
+ $n = strrpos($ip2bin, '1'); //can't be all 0's
+ $ip2bin = ($n == 0 ? '' : substr($ip2bin, 0, $n)) . '0' . str_repeat('1', $bits - $n - 1); // BINARY VERSION OF $ip2 -= 1
+ // already checked for the edge case where end = start+1 and start ends in 0x1, above, so it's safe
+ }
+
+ // this is the only edge case arising from increment/decrement.
+ // it happens if the range at start of loop is exactly 2 adjacent ips, that spanned the 1->0 gap. (we will have enumerated both by now)
+
+ if (strcmp($ip2bin, $ip1bin) < 0)
+ continue;
+
+ // step #3 the start and end ip MUST now end in '0's and '1's respectively
+ // so we have a non-trivial range AND the last N bits are no longer important for CIDR purposes.
+
+ $shift = $bits - max(strrpos($ip1bin, '0'), strrpos($ip2bin, '1')); // num of low bits which are '0' in ip1 and '1' in ip2
+ $ip1bin = str_repeat('0', $shift) . substr($ip1bin, 0, $bits - $shift);
+ $ip2bin = str_repeat('0', $shift) . substr($ip2bin, 0, $bits - $shift);
+ $netsize += $shift;
+ if ($ip1bin === $ip2bin) {
+ // we're done.
+ $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize);
+ $rangesubnets[$new_subnet_ip] = $bits - $netsize;
+ continue;
+ }
+
+ // at this point there's still a remaining range, and either startip ends with '1', or endip ends with '0'. So repeat cycle.
+ } while (strcmp($ip1bin, $ip2bin) < 0);
+
+ // subnets are ordered by bit size. Re sort by IP ("naturally") and convert back to IPv4/IPv6
+
+ ksort($rangesubnets, SORT_STRING);
+ $out = array();
+
+ foreach ($rangesubnets as $ip => $netmask) {
+ if ($proto == 'ipv4') {
+ $i = str_split($ip, 8);
+ $out[] = implode('.', array( bindec($i[0]),bindec($i[1]),bindec($i[2]),bindec($i[3]))) . '/' . $netmask;
+ } else
+ $out[] = Net_IPv6::compress(Net_IPv6::_bin2Ip($ip)) . '/' . $netmask;
+ }
+
+ return $out;
+}
+
+
# Main pfBlockerNG Function
function sync_package_pfblockerng($cron = "") {
@@ -1280,7 +1375,7 @@ function sync_package_pfblockerng($cron = "") {
foreach ($url_list as $line) {
# Network range 192.168.0.0-192.168.0.254
if (preg_match($pfb['range'],$line,$matches)) {
- $a_cidr = ip_range_to_subnet_array($matches[1],$matches[2]);
+ $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]);
if (!empty($a_cidr)) {
foreach ($a_cidr as $cidr) {
$new_file .= preg_replace($pfb_ipreg,'',$cidr) . "\n";
@@ -1498,7 +1593,7 @@ function sync_package_pfblockerng($cron = "") {
}
# Network range 192.168.0.0-192.168.0.254
elseif (preg_match($pfb['range'],$line,$matches)) {
- $a_cidr = ip_range_to_subnet_array($matches[1],$matches[2]);
+ $a_cidr = ip_range_to_subnet_array_temp2($matches[1],$matches[2]);
if (!empty($a_cidr)) {
foreach ($a_cidr as $cidr) {
$new_file .= preg_replace($pfb_ipreg, '',$cidr) . "\n";
diff --git a/config/postfix/postfix_queue.php b/config/postfix/postfix_queue.php
index 1db2b8e2..a737340e 100755
--- a/config/postfix/postfix_queue.php
+++ b/config/postfix/postfix_queue.php
@@ -227,7 +227,7 @@ else{
//prevent multiple instances
if ($('run').value=="show queue" || loop== 'running'){
$('run').value="running...";
- $('search_help').innerHTML ="<br><strong>You can change options while running.<br>To Stop seach, change update frequency to Never.</strong>";
+ $('search_help').innerHTML ="<br><strong>You can change options while running.<br>To Stop search, change update frequency to Never.</strong>";
var q_args=loopSelected('qshape');
var pars = 'cmd='+$('cmd').options[$('cmd').selectedIndex].value;
var pars = pars + '&qshape='+q_args;
diff --git a/config/sarg/sarg_realtime.php b/config/sarg/sarg_realtime.php
index 81ea0a79..c5d926e5 100755
--- a/config/sarg/sarg_realtime.php
+++ b/config/sarg/sarg_realtime.php
@@ -220,7 +220,7 @@ else{
//prevent multiple instances
if ($('run').value=="show log" || loop== 'running'){
$('run').value="running...";
- $('search_help').innerHTML ="<br><strong>You can change options while running.<br>To Stop seach, change update frequency to Never.</strong>";
+ $('search_help').innerHTML ="<br><strong>You can change options while running.<br>To Stop search, change update frequency to Never.</strong>";
var axel = Math.random() + "";
var num = axel * 1000000000000000000;
var q_args=loopSelected('qshape');
diff --git a/config/siproxd.inc b/config/siproxd.inc
index 7e72c868..d76f79d3 100644
--- a/config/siproxd.inc
+++ b/config/siproxd.inc
@@ -29,6 +29,7 @@
if(!function_exists("filter_configure"))
require_once("filter.inc");
+require_once("service-utils.inc");
// Check to find out on which system the package is running
if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") {
diff --git a/config/siproxd.xml b/config/siproxd.xml
index 27d00f32..dd833629 100644
--- a/config/siproxd.xml
+++ b/config/siproxd.xml
@@ -37,7 +37,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>siproxdsettings</name>
- <version>0.8.0_2 pkg v1.0.1</version>
+ <version>0.8.0_2 pkg v1.0.2</version>
<title>siproxd: Settings</title>
<include_file>/usr/local/pkg/siproxd.inc</include_file>
<aftersaveredirect>/pkg_edit.php?xml=siproxd.xml&amp;id=0</aftersaveredirect>
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index ed1e64be..bec163d7 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -3094,7 +3094,7 @@ function snort_deinstall() {
log_error(gettext("[Snort] Snort package uninstall in progress..."));
/* Remove our rc.d startup shell script */
- unlink_if_exists("{$rcdir}snort_pkg.sh");
+ unlink_if_exists("{$rcdir}snort.sh");
/* Make sure all active Snort processes are terminated */
/* Log a message only if a running process is detected */
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index fd0a8d41..fb23997c 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.9.7.0</version>
- <title>Services:2.9.7.0 pkg v3.2.1</title>
+ <title>Services:2.9.7.0 pkg v3.2.2</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc
index 0e5a173c..ddea98f4 100755
--- a/config/squid3/34/squid.inc
+++ b/config/squid3/34/squid.inc
@@ -42,13 +42,8 @@ if(!function_exists("filter_configure"))
require_once("filter.inc");
$shortcut_section = "squid";
-if (is_dir('/usr/pbi/squid-' . php_uname("m"))) {
- define('SQUID_BASE', '/usr/pbi/squid-' . php_uname("m"));
- define('SQUID_LOCALBASE', SQUID_BASE . "/local");
-} else {
- define('SQUID_BASE', '/usr/local');
- define('SQUID_LOCALBASE', '/usr/local');
-}
+define('SQUID_BASE', '/usr/pbi/squid-' . php_uname("m"));
+define('SQUID_LOCALBASE', SQUID_BASE . "/local");
define('SQUID_CONFBASE', SQUID_LOCALBASE .'/etc/squid');
define('SQUID_CONFFILE', SQUID_CONFBASE . '/squid.conf');
@@ -174,7 +169,7 @@ function squid_install_command() {
$settingsgen = $config['installedpackages']['squid']['config'][0];
if (file_exists("/usr/local/pkg/check_ip.php"))
- rename("/usr/local/pkg/check_ip.php",SQUID_LOCALBASE . "/libexec/squid/check_ip.php");
+ rename("/usr/local/pkg/check_ip.php",SQUID_BASE . "/bin/check_ip.php");
/* Set storage system */
if ($g['platform'] == "nanobsd") {
$config['installedpackages']['squidcache']['config'][0]['harddisk_cache_system'] = 'null';
@@ -407,6 +402,24 @@ function squid_before_form_general(&$pkg) {
for ($i = 0; $i < count($values) - 1; $i++)
$field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]);
}
+function squid_validate_antivirus($post, &$input_errors) {
+ global $config;
+ if ($post['enable']=="on"){
+ if($post['squidclamav'] && preg_match("/(\S+proxy.domain\S+)/",$post['squidclamav'],$a_match)){
+ $input_errors[] ="Squidclamav warns redirect points to sample config domain ({$a_match[1]})";
+ $input_errors[] ="Change redirect info on 'squidclamav.conf' field to pfsense gui or an external host. ";
+ }
+ if($post['c-icap_conf']) {
+ if( !preg_match("/squid_clamav/",$post['c-icap_conf'])){
+ $input_errors[] ="c-icap Squidclamav service definition is no present.";
+ $input_errors[] ="Add 'Service squid_clamav squidclamav.so'(without quotes) to 'c-icap.conf' field in order to get it working.";
+ }
+ if (preg_match("/(Manager:Apassword\S+)/",$post['c-icap_conf'],$c_match)){
+ $input_errors[] ="Remove ldap configuration'{$c_match[1]}' from 'c-icap.conf' field.";
+ }
+ }
+ }
+}
function squid_validate_general($post, &$input_errors) {
global $config;
@@ -613,7 +626,7 @@ function squid_validate_traffic($post, &$input_errors) {
}
function squid_validate_reverse($post, &$input_errors) {
-
+ global $config;
if(!empty($post['reverse_ip'])) {
$reverse_ip = explode(";", ($post['reverse_ip']));
foreach ($reverse_ip as $reip) {
@@ -626,13 +639,20 @@ function squid_validate_reverse($post, &$input_errors) {
$input_errors[] = 'The field \'external FQDN\' must contain a valid domain name';
$port = trim($post['reverse_http_port']);
+ preg_match("/(\d+)/",`sysctl net.inet.ip.portrange.first`,$portrange);
if (!empty($port) && !is_port($port))
$input_errors[] = 'The field \'reverse HTTP port\' must contain a valid port number';
-
+ if (!empty($port) && is_port($port) && $port < $portrange[1]){
+ $input_errors[] = "The field 'reverse HTTP port' must contain a port number higher than net.inet.ip.portrange.first sysctl value({$portrange[1]}).";
+ $input_errors[] = "To listen on low ports, change portrange.first sysctl value to 0 on system tunable options and restart squid daemon.";
+ }
$port = trim($post['reverse_https_port']);
if (!empty($port) && !is_port($port))
$input_errors[] = 'The field \'reverse HTTPS port\' must contain a valid port number';
-
+ if (!empty($port) && is_port($port) && $port < $portrange[1]){
+ $input_errors[] = "The field 'reverse HTTPS port' must contain a port number higher than net.inet.ip.portrange.first sysctl value({$portrange[1]}).";
+ $input_errors[] = "To listen on low ports, change portrange.first sysctl value to 0 on system tunable options and restart squid daemon.";
+ }
if ($post['reverse_ssl_cert'] == 'none')
$input_errors[] = 'A valid certificate for the external interface must be selected';
@@ -940,7 +960,12 @@ function squid_resync_general() {
}
$icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0);
$dns_v4_first= ($settings['dns_v4_first'] == "on" ? "on" : "off" );
- $pidfile = "{$g['varrun_path']}/squid.pid";
+ $piddir="{$g['varrun_path']}/squid";
+ $pidfile = "{$piddir}/squid.pid";
+ if (!is_dir($piddir)){
+ make_dirs($piddir);
+ squid_chown_recursive($piddir, 'proxy', 'wheel');
+ }
$language = ($settings['error_language'] ? $settings['error_language'] : 'en');
$icondir = SQUID_CONFBASE . '/icons';
$hostname = ($settings['visible_hostname'] ? $settings['visible_hostname'] : 'localhost');
@@ -1325,35 +1350,6 @@ function squid_resync_antivirus(){
}
if (is_array($config['installedpackages']['squid']))
$squid_config=$config['installedpackages']['squid']['config'][0];
- $clwarn="clwarn.cgi.en_EN";
- if (preg_match("/de/i",$squid_config['error_language']))
- $clwarn="clwarn.cgi.de_DE";
- if (preg_match("/ru/i",$squid_config['error_language']))
- $clwarn="clwarn.cgi.ru_RU";
- if (preg_match("/fr/i",$squid_config['error_language']))
- $clwarn="clwarn.cgi.fr_FR";
- if (preg_match("/pt_br/i",$squid_config['error_language']))
- $clwarn="clwarn.cgi.pt_BR";
- $clwarn_file="/usr/local/www/clwarn.cgi";
- copy(SQUID_LOCALBASE."/libexec/squidclamav/{$clwarn}",$clwarn_file);
-
- #fix perl path on clwarn.cgi
- $clwarn_file_new=file_get_contents($clwarn_file);
- $c_pattern[]="@/usr/\S+/perl@";
- $c_replacement[]=SQUID_BASE."/bin/perl";
- /*$c_pattern[]="@redirect \S+/clwarn.cgi@";
- $gui_proto=$config['system']['webgui']['protocol'];
- $gui_port=$config['system']['webgui']['port'];
- if($gui_port == "") {
- $gui_port($gui_proto == "http"?"80":"443");
- }
- $c_replacement[]=SQUID_LOCALBASE."redirect {$gui_proto}://127.0.0.1:{$gui_port}/clwarn.cgi";
- */
- $clwarn_file_new=preg_replace($c_pattern, $c_replacement,$clwarn_file_new);
- file_put_contents($clwarn_file, $clwarn_file_new,LOCK_EX);
-
- #fix clwarn.cgi file permission
- chmod($clwarn_file,0755);
$conf = <<< EOF
icap_enable on
@@ -1364,11 +1360,10 @@ icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
-icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
-icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
-
-adaptation_access service_req allow all
-adaptation_access service_resp allow all
+icap_service service_avi_req reqmod_precache icap://[::1]:1344/squid_clamav bypass=off
+adaptation_access service_avi_req allow all
+icap_service service_avi_resp respmod_precache icap://[::1]:1344/squid_clamav bypass=on
+adaptation_access service_avi_resp allow all
EOF;
#check if icap is enabled on rc.conf.local
@@ -1395,29 +1390,41 @@ EOF;
if (file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.default")){
$sample_file=file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.default");
$clamav_m[0]="@/var/run/clamav/clamd.ctl@";
+ $clamav_m[1]="@cgi-bin/clwarn.cgi@";
$clamav_r[0]="/var/run/clamav/clamd.sock";
+ $clamav_r[1]="squid_clwarn.php";
file_put_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample",preg_replace($clamav_m,$clamav_r,$sample_file),LOCK_EX);
}
#c-icap.conf
if (!file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample"))
if (file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.default")){
$sample_file=file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.default");
- if (! preg_match ("/squidclamav/"))
- $sample_file.="\nService squidclamav squidclamav.so\n";
-
- file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample",$sample_file,LOCK_EX);
+ if (! preg_match("/squid_clamav/",$sample_file))
+ $sample_file.="\nService squid_clamav squidclamav.so\n";
+ $cicap_m[0]="@Manager:Apassword\S+@";
+ $cicap_r[0]="";
+ file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample",preg_replace($cicap_m,$cicap_r,$sample_file),LOCK_EX);
}
+ //check squidclamav files until pbis are gone(https://redmine.pfsense.org/issues/4197)
+ $ln_icap= array('bin/c-icap','bin/c-icap-client','c-icap-config','c-icap-libicapapi-config','c-icap-stretch','lib/c_icap','share/c_icap','etc/c-icap');
+ foreach ($ln_icap as $ln){
+ if (!file_exists("/usr/local/{$ln}") && file_exists(SQUID_LOCALBASE."/{$ln}"))
+ symlink(SQUID_LOCALBASE."/{$ln}","/usr/local/{$ln}");
+ }
+ if (!file_exists("/usr/local/lib/libicapapi.so.3") && file_exists(SQUID_LOCALBASE."/lib/libicapapi.so.3.0.5"))
+ symlink(SQUID_LOCALBASE."/lib/libicapapi.so.3.0.5","/usr/local/lib/libicapapi.so.3");
+
$loadsample=0;
if ($antivirus_config['squidclamav'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")){
- $config['installedpackages']['squidantivirus']['config'][0]['squidclamav']=base64_encode(file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample"));
+ $config['installedpackages']['squidantivirus']['config'][0]['squidclamav']=base64_encode(str_replace( "\r", "",file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")));
$loadsample++;
}
if ($antivirus_config['c-icap_conf'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample")){
- $config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']=base64_encode(file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample"));
+ $config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']=base64_encode(str_replace( "\r", "",file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample")));
$loadsample++;
}
- if ($antivirus_config['squidclamav'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.default")){
- $config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']=base64_encode(file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.default"));
+ if ($antivirus_config['c-icap_magic'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.sample")){
+ $config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']=base64_encode(str_replace( "\r", "",file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.sample")));
$loadsample++;
}
if($loadsample > 0){
@@ -1462,11 +1469,29 @@ EOF;
$sample_file=file_get_contents($c_icap_rcfile);
$cicapm[0]="@c_icap_user=.*}@";
$cicapr[0]='c_icap_user="clamav"}';
+ $cicapm[1]="@/usr/local@";
+ $cicapr[1]=SQUID_LOCALBASE;
file_put_contents($c_icap_rcfile,preg_replace($cicapm,$cicapr,$sample_file),LOCK_EX);
}
mwexec_bg("/usr/local/etc/rc.d/c-icap start");
}
- #check clamav
+ #check clamav/freshclam
+ $rc_files=array("clamav-freshclam","clamav-clamd");
+ $clamm[0]="@/usr/local/(bin|sbin)@";
+ $clamm[1]="@/local/(bin|sbin)@";
+ $clamm[2]="@/usr/local/etc@";
+ $clamm[3]="@enable:=NO@";
+ $clamr[0]=SQUID_BASE."/bin";
+ $clamr[1]="/bin";
+ $clamr[2]=SQUID_LOCALBASE."/etc";
+ $clamr[3]="enable:=YES";
+ foreach ($rc_files as $rc_file){
+ $clamav_rcfile="/usr/local/etc/rc.d/{$rc_file}";
+ if (file_exists($clamav_rcfile)){
+ $sample_file=file_get_contents($clamav_rcfile);
+ file_put_contents($clamav_rcfile,preg_replace($clamm,$clamr,$sample_file),LOCK_EX);
+ }
+ }
if (is_process_running("clamd"))
mwexec_bg("/usr/local/etc/rc.d/clamav-clamd reload");
else
@@ -1738,7 +1763,7 @@ function squid_resync_auth() {
$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n";
break;
case 'cp':
- $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n";
+ $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_BASE . "/bin/check_ip.php\n";
$conf .= "acl password external check_cp\n";
break;
case 'msnt':
@@ -2272,6 +2297,7 @@ function squid_write_rcfile() {
$rc = array();
$rc['file'] = 'squid.sh';
$rc['start'] = <<<EOD
+#sysctl net.inet.ip.portrange.reservedhigh=0
if [ -z "`ps auxw | grep "[s]quid "|awk '{print $2}'`" ];then
{$squid_base}/sbin/squid -f {$squid_conffile_var}
fi
diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml
index 970f093e..86d135ff 100644
--- a/config/squid3/34/squid.xml
+++ b/config/squid3/34/squid.xml
@@ -46,7 +46,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>squid</name>
- <version>3.4.9</version>
+ <version>3.4.10_2 pkg 0.2.6</version>
<title>Proxy server: General settings</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<menu>
@@ -239,6 +239,11 @@
<item>https://packages.pfsense.org/packages/config/squid3/34/squid_log_parser.php</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_clwarn.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
<item>https://packages.pfsense.org/packages/config/squid3/34/pkg_squid.inc</item>
diff --git a/config/squid3/34/squid_antivirus.xml b/config/squid3/34/squid_antivirus.xml
index 2afb1ff1..c722598d 100755
--- a/config/squid3/34/squid_antivirus.xml
+++ b/config/squid3/34/squid_antivirus.xml
@@ -151,6 +151,7 @@
</field>
</fields>
<custom_php_validation_command>
+ squid_validate_antivirus($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
squid_resync();
diff --git a/config/squid3/34/squid_clwarn.php b/config/squid3/34/squid_clwarn.php
new file mode 100644
index 00000000..0bd97d58
--- /dev/null
+++ b/config/squid3/34/squid_clwarn.php
@@ -0,0 +1,95 @@
+<?php
+/* ========================================================================== */
+/*
+ squid_clwarn.php
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2015 Marcello Coutinho
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+$VERSION = '6.10';
+ $url = $_REQUEST['url'];
+$virus=($_REQUEST['virus']?$_REQUEST['virus']:$_REQUEST['malware']);
+$source = preg_replace("@/-@","",$_REQUEST['source']);
+$user = $_REQUEST['user'];
+
+
+$TITLE_VIRUS = "SquidClamAv $VERSION: Virus detected!";
+$subtitle = 'Virus name';
+$errorreturn = 'This file cannot be downloaded.';
+$urlerror = 'contains a virus';
+if (preg_match("/Safebrowsing/",$virus)) {
+ $TITLE_VIRUS = "SquidClamAv $VERSION: Unsafe Browsing detected";
+ $subtitle = 'Malware / pishing type';
+ $urlerror = 'is listed as suspicious';
+ $errorreturn = 'This page can not be displayed';
+}
+
+# Remove clamd infos
+$vp[0]="/stream: /";
+$vp[1]="/ FOUND/";
+$vr[0]="";
+$vr[1]="";
+
+$virus = preg_replace($vp,$vr,$virus);
+
+
+?>
+<style type="text/css">
+ .visu {
+ border:1px solid #C0C0C0;
+ color:#FFFFFF;
+ position: relative;
+ min-width: 13em;
+ max-width: 52em;
+ margin: 4em auto;
+ border: 1px solid ThreeDShadow;
+ border-radius: 10px;
+ padding: 3em;
+ -moz-padding-start: 30px;
+ background-color: #8b0000;
+}
+.visu h2, .visu h3, .visu h4 {
+ font-size:130%;
+ font-family:"times new roman", times, serif;
+ font-style:normal;
+ font-weight:bolder;
+}
+</style>
+ <div class="visu">
+ <h2><?=$TITLE_VIRUS?></h2>
+ <hr>
+ <p>
+ The requested URL <?=$url?> <?=$urlerror?><br>
+ <?=$subtitle?>: <?=$virus?>
+ <p>
+ <?=$errorreturn?>
+ <p>
+ Origin: <?=$source?> / <?=$user?>
+ <p>
+ <hr>
+ <font color="blue"> Powered by <a href="http://squidclamav.darold.net/">SquidClamAv <?=$VERSION?></a>.</font>
+ </div>
diff --git a/config/squidGuard-devel/squidguard_configurator.inc b/config/squidGuard-devel/squidguard_configurator.inc
index a48426bb..ff2b9f2c 100644
--- a/config/squidGuard-devel/squidguard_configurator.inc
+++ b/config/squidGuard-devel/squidguard_configurator.inc
@@ -93,10 +93,10 @@ define('CONFIG_SG_HEADER', "
# squid config options
# ------------------------------------------------------------------------------
define('REDIRECTOR_OPTIONS_REM', '# squidGuard options');
-define('REDIRECTOR_PROGRAM_OPT', 'redirect_program');
-define('REDIRECT_BYPASS_OPT', 'redirector_bypass');
+define('REDIRECTOR_PROGRAM_OPT', 'url_rewrite_program');
+define('REDIRECT_BYPASS_OPT', 'url_rewrite_bypass');
define('REDIRECT_CHILDREN_OPT', 'url_rewrite_children');
-define('REDIRECTOR_PROCESS_COUNT', '5'); # redirector processes count will started
+define('REDIRECTOR_PROCESS_COUNT', '16 startup=8 idle=4 concurrency=0'); # redirector processes count will started
# ------------------------------------------------------------------------------
# squidguard config options
diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml
index 62882539..3a77edf3 100644
--- a/config/squidGuard/squidguard.xml
+++ b/config/squidGuard/squidguard.xml
@@ -6,7 +6,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>squidguardgeneral</name>
- <version>1.4_4 pkg v.1.9.6</version>
+ <version>1.4_4 pkg v.1.9.8</version>
<title>Proxy filter SquidGuard: General settings</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<!-- Installation -->
diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc
index 006cf083..d3448c5d 100644
--- a/config/squidGuard/squidguard_configurator.inc
+++ b/config/squidGuard/squidguard_configurator.inc
@@ -2081,8 +2081,8 @@ function squidguard_blacklist_update_start($url_filename)
function squidguard_blacklist_update_cancel()
{
# kill script and SG update process
- mwexec("kill `ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}'`");
- mwexec("kill `ps auxwwww | grep 'squidGuard -c .* -C all' | grep -v 'grep' | awk '{print $2}'`");
+ mwexec("/bin/kill `ps auxwwww | /usr/bin/grep '" . SCR_NAME_BLKUPDATE . "' | /usr/bin/grep -v 'grep' | /usr/bin/awk '{print $2}'`");
+ mwexec("/bin/kill `ps auxwwww | /usr/bin/grep 'squidGuard -c .* -C all' | /usr/bin/grep -v 'grep' | /usr/bin/awk '{print $2}'`");
squidguard_ramdisk(false);
squidguard_update_log("Blacklist update terminated by user.", "");
@@ -2102,7 +2102,7 @@ function squidguard_blacklist_update_clearlog()
# -----------------------------------------------------------------------------
function squidguard_blacklist_update_IsStarted()
{
- return exec("ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}' | wc -l | awk '{ print $1 }'");
+ return exec("/bin/ps auxwwww | /usr/bin/grep '" . SCR_NAME_BLKUPDATE . "' | /usr/bin/grep -v 'grep' | /usr/bin/awk '{print $2}' | /usr/bin/wc -l | /usr/bin/awk '{ print $1 }'");
}
# -----------------------------------------------------------------------------
@@ -2126,27 +2126,27 @@ function sg_reconfigure_blacklist($source_filename, $opt = '')
# 2. download
if ($sf[0] === "/") { # local file - example '/tmp/blacklists.tar'
- sg_addlog("sg_reconfigure_blacklist", "Update from file '$sf'.", SQUIDGUARD_INFO);
- squidguard_update_log("Copy archive from file '$sf'");
+ sg_addlog("sg_reconfigure_blacklist", "Update from file '{$sf}'.", SQUIDGUARD_INFO);
+ squidguard_update_log("Copy archive from file '{$sf}'");
if (file_exists($sf)) {
$sf_contents = file_get_contents($sf);
} else {
- sg_addlog("sg_reconfigure_blacklist", "File '$sf' not found.", SQUIDGUARD_ERROR);
- squidguard_update_log("File '$sf' not found.");
+ sg_addlog("sg_reconfigure_blacklist", "File '{$sf}' not found.", SQUIDGUARD_ERROR);
+ squidguard_update_log("File '{$sf}' not found.");
return;
}
}
# from url
else {
- sg_addlog("sg_reconfigure_blacklist", "Download from url '$sf'.", SQUIDGUARD_INFO);
+ sg_addlog("sg_reconfigure_blacklist", "Download from url '{$sf}'.", SQUIDGUARD_INFO);
squidguard_update_log("Start download.");
$sf_contents = sg_uploadfile_from_url($sf, $opt);
}
# 3. update
if (empty($sf_contents)) {
- sg_addlog("sg_reconfigure_blacklist", "Bad content from '$sf'. Terminate.", SQUIDGUARD_ERROR);
- squidguard_update_log("Bad content from '$sf'. Terminate.");
+ sg_addlog("sg_reconfigure_blacklist", "Bad content from '{$sf}'. Terminate.", SQUIDGUARD_ERROR);
+ squidguard_update_log("Bad content from '{$sf}'. Terminate.");
return;
}
@@ -2177,7 +2177,7 @@ function sg_update_blacklist($from_file)
$conf_path = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF;
$blklist_file = SQUIDGUARD_BLK_FILELISTPATH;
- sg_addlog("sg_update_blacklist", "Begin with '$from_file'.", SQUIDGUARD_INFO);
+ sg_addlog("sg_update_blacklist", "Begin with '{$from_file}'.", SQUIDGUARD_INFO);
if (file_exists($from_file)) {
# check work and DB dir's
@@ -2185,20 +2185,20 @@ function sg_update_blacklist($from_file)
if (file_exists($squidguard_config[F_WORKDIR])) $workdir = $squidguard_config[F_WORKDIR];
# delete old tmp dir's
- if (file_exists($tmp_unpack_dir)) mwexec("rm -R $tmp_unpack_dir");
- if (file_exists($arc_db_dir)) mwexec("rm -R $arc_db_dir");
+ if (file_exists($tmp_unpack_dir)) mwexec("/bin/rm -R {$tmp_unpack_dir}");
+ if (file_exists($arc_db_dir)) mwexec("/bin/rm -R {$arc_db_dir}");
squidguard_ramdisk(false);
# create new tmp/arc dir's, use ramdisk for quick operations
squidguard_ramdisk(true);
- mwexec("mkdir -p -m 0755 $tmp_unpack_dir");
- mwexec("mkdir -p -m 0755 $arc_db_dir");
+ mwexec("/bin/mkdir -p -m 0755 {$tmp_unpack_dir}");
+ mwexec("/bin/mkdir -p -m 0755 {$arc_db_dir}");
# 1. unpack archive
squidguard_update_log("Unpack archive");
- mwexec("tar zxvf $from_file -C $tmp_unpack_dir");
+ mwexec("/usr/bin/tar zxvf $from_file -C {$tmp_unpack_dir}");
set_file_access($tmp_unpack_dir, OWNER_NAME, 0755);
- sg_addlog("sg_update_blacklist", "Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", SQUIDGUARD_INFO);
+ sg_addlog("sg_update_blacklist", "Unpack uploaded file '{$from_file}' -> '{$tmp_unpack_dir}'.", SQUIDGUARD_INFO);
# 2. copy blacklist to TempDB base & create entries list
squidguard_update_log("Scan blacklist categories.");
@@ -2211,7 +2211,7 @@ function sg_update_blacklist($from_file)
# move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB)
foreach ($blk_items as $key => $val) {
- $current_dbpath = "$arc_db_dir/$key";
+ $current_dbpath = "{$arc_db_dir}/{$key}";
if (count($val)) {
# make blk_list for config file
$blk_list[$key] = $key;
@@ -2220,9 +2220,9 @@ function sg_update_blacklist($from_file)
# need moving $val['path'] to $current_dbpath
# if $current_dbpath exists, then $val['path'] will created as subdir - !it's worng!
if (file_exists($current_dbpath))
- mwexec("rm -R $current_dbpath");
- mwexec("mv -f {$val['path']}/ $current_dbpath");
- sg_addlog("sg_update_blacklist", "Move {$val['path']}/ -> $current_dbpath.", SQUIDGUARD_INFO);
+ mwexec("/bin/rm -R {$current_dbpath}");
+ mwexec("/bin/mv -f {$val['path']}/ {$current_dbpath}");
+ sg_addlog("sg_update_blacklist", "Move {$val['path']}/ -> {$current_dbpath}.", SQUIDGUARD_INFO);
}
}
set_file_access($arc_db_dir, OWNER_NAME, 0755);
@@ -2242,7 +2242,7 @@ function sg_update_blacklist($from_file)
file_put_contents($blklist_file, $cont);
set_file_access ($blklist_file, OWNER_NAME, 0755);
- sg_addlog("sg_update_blacklist", "Create DB entries list '$blklist_file'.", SQUIDGUARD_INFO);
+ sg_addlog("sg_update_blacklist", "Create DB entries list '{$blklist_file}'.", SQUIDGUARD_INFO);
squidguard_update_log("Found " . count($blk_items) . " items.");
}
@@ -2252,8 +2252,8 @@ function sg_update_blacklist($from_file)
squidguard_update_log("Copy DB to workdir.");
$blklist_file = $arc_db_dir . SQUIDGUARD_BLK_FILELIST;
- mwexec("cp -R -p $arc_db_dir/ $dbhome");
- mwexec("cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR);
+ mwexec("/bin/cp -R -p {$arc_db_dir}/ {$dbhome}");
+ mwexec("/bin/cp -f -p {$blklist_file} " . SQUIDGUARD_WORKDIR);
set_file_access($dbhome, OWNER_NAME, 0755);
squidguard_update_log("Reconfigure Squid proxy.");
@@ -2266,7 +2266,7 @@ function sg_update_blacklist($from_file)
# free ramdisk
squidguard_ramdisk(false);
}
- else sg_addlog("sg_update_blacklist", "File $from_file not found.", SQUIDGUARD_ERROR);
+ else sg_addlog("sg_update_blacklist", "File {$from_file} not found.", SQUIDGUARD_ERROR);
}
# -----------------------------------------------------------------------------
@@ -2382,13 +2382,13 @@ function squidguard_blacklist_restore_arcdb()
if (file_exists($arc_db_dir)) {
conf_mount_rw();
# copy arc blacklist to work DB with permissions
- mwexec("cp -R -p $arc_db_dir/ $dbhome");
+ mwexec("/bin/cp -R -p {$arc_db_dir}/ {$dbhome}");
set_file_access($dbhome, OWNER_NAME, 0755);
- sg_addlog("squidguard_blacklist_restore_arcdb", "Restore blacklist archive from '$arc_db_dir'.", SQUIDGUARD_INFO);
+ sg_addlog("squidguard_blacklist_restore_arcdb", "Restore blacklist archive from '{$arc_db_dir}'.", SQUIDGUARD_INFO);
# generate blacklist files list
$blklist = "";
- $files = scan_dir("$arc_db_dir/");
+ $files = scan_dir("{$arc_db_dir}/");
if ($files) $blklist = implode("\n", $files);
file_put_contents($blklist_file, $blklist);
set_file_access($blklist_file, OWNER_NAME, 0755);
@@ -2401,8 +2401,8 @@ function squidguard_blacklist_restore_arcdb()
conf_mount_ro();
squidguard_update_log("Restore success.");
} else {
- sg_addlog("squidguard_blacklist_restore_arcdb", "File '$arc_db_dir' or '$blklist_file' not found.", SQUIDGUARD_ERROR);
- squidguard_update_log("Restore error: File '$arc_db_dir' or '$blklist_file' not found.");
+ sg_addlog("squidguard_blacklist_restore_arcdb", "File '{$arc_db_dir}' or '{$blklist_file}' not found.", SQUIDGUARD_ERROR);
+ squidguard_update_log("Restore error: File '{$arc_db_dir}' or '{$blklist_file}' not found.");
}
}
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index eb657465..8eea8d2d 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -236,13 +236,13 @@ if ($input_errors)
<tr>
<td valign="top" width="8%"><input name="enable_etopen_rules" type="checkbox" value="on" onclick="enable_et_rules();"
<?php if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']=="on") echo "checked"; ?>/></td>
- <td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " .
+ <td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Suricata rules whose coverage " .
"is more limited than ETPro."); ?></span></td>
</tr>
<tr>
<td valign="top" width="8%"><input name="enable_etpro_rules" type="checkbox" value="on" onclick="enable_pro_rules();"
<?php if ($config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']=="on") echo "checked"; ?>/></td>
- <td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td>
+ <td><span class="vexpl"><?php echo gettext("ETPro for Suricata offers daily updates and extensive coverage of current malware threats."); ?></span></td>
</tr>
<tr>
<td>&nbsp;</td>
diff --git a/config/systempatches/system_patches.php b/config/systempatches/system_patches.php
index 793448d7..43c8c22b 100644
--- a/config/systempatches/system_patches.php
+++ b/config/systempatches/system_patches.php
@@ -160,7 +160,7 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<form action="system_patches.php" method="post" name="iform">
<script type="text/javascript" language="javascript" src="/javascript/row_toggle.js"></script>
-<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if ($savemsg) print_info_box_np($savemsg, "Patches", "Close", false); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="system patches">
<tr><td><div id="mainarea">
<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml
index b9875140..3cc1354a 100644
--- a/config/systempatches/systempatches.xml
+++ b/config/systempatches/systempatches.xml
@@ -40,7 +40,7 @@
<requirements>None</requirements>
<faq>Applies patches supplied by the user to the firewall.</faq>
<name>System Patches</name>
- <version>1.0.2</version>
+ <version>1.0.3</version>
<title>System: Patches</title>
<include_file>/usr/local/pkg/patches.inc</include_file>
<menu>