}elsif($val eq 'BLUE'){
return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
}elsif($val eq 'RED'){
- return "0.0.0.0/0 -o $con";
+ return "0.0.0.0/0";
}elsif($val =~ /OpenVPN/i){
return "$ovpnsettings{'DOVPN_SUBNET'}";
}elsif($val =~ /IPsec/i){
return ;
}
}
+sub get_interface
+{
+ my $net=shift;
+ if($net eq "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"){
+ return "$netsettings{'GREEN_DEV'}";
+ }
+ if($net eq "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"){
+ return "$netsettings{'ORANGE_DEV'}";
+ }
+ if($net eq "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"){
+ return "$netsettings{'BLUE_DEV'}";
+ }
+ if($net eq "0.0.0.0/0"){
+ return "$netsettings{'RED_DEV'}";
+ }
+ return "";
+}
sub get_net_ip
{
my $val=shift;
# address. Otherwise, we assume that it is an IP address.
if ($key ~~ ["src_addr", "tgt_addr"]) {
if (&General::validmac($value)) {
- push(@ret, "-m mac --mac-source $value");
+ push(@ret, ["-m mac --mac-source $value", ""]);
} else {
- push(@ret, $value);
+ push(@ret, [$value, ""]);
}
# If a default network interface (GREEN, BLUE, etc.) is selected, we
my $external_interface = &get_external_interface();
my $network_address = &get_std_net_ip($value, $external_interface);
+
if ($network_address) {
- push(@ret, $network_address);
+ my $interface = &get_interface($network_address);
+ push(@ret, [$network_address, $interface]);
}
# Custom networks.
} elsif ($key ~~ ["cust_net_src", "cust_net_tgt", "Custom Network"]) {
my $network_address = &get_net_ip($value);
if ($network_address) {
- push(@ret, $network_address);
+ push(@ret, [$network_address, ""]);
}
# Custom hosts.
} elsif ($key ~~ ["cust_host_src", "cust_host_tgt", "Custom Host"]) {
my $host_address = &get_host_ip($value, $type);
if ($host_address) {
- push(@ret, $host_address);
+ push(@ret, [$host_address, ""]);
}
# OpenVPN networks.
} elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) {
my $network_address = &get_ovpn_net_ip($value, 1);
if ($network_address) {
- push(@ret, $network_address);
+ push(@ret, [$network_address, ""]);
}
# OpenVPN hosts.
} elsif ($key ~~ ["ovpn_host_src", "ovpn_host_tgt", "OpenVPN static host"]) {
my $host_address = &get_ovpn_host_ip($value, 33);
if ($host_address) {
- push(@ret, $host_address);
+ push(@ret, [$host_address, ""]);
}
# OpenVPN N2N.
} elsif ($key ~~ ["ovpn_n2n_src", "ovpn_n2n_tgt", "OpenVPN N-2-N"]) {
my $network_address = &get_ovpn_n2n_ip($value, 11);
if ($network_address) {
- push(@ret, $network_address);
+ push(@ret, [$network_address, ""]);
}
# IPsec networks.
} elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) {
my $network_address = &get_ipsec_net_ip($value, 11);
if ($network_address) {
- push(@ret, $network_address);
+ push(@ret, [$network_address, ""]);
}
# The firewall's own IP addresses.
} elsif ($key ~~ ["ipfire", "ipfire_src"]) {
# ALL
if ($value eq "ALL") {
- push(@ret, "0/0");
+ push(@ret, ["0/0", ""]);
# GREEN
} elsif ($value eq "GREEN") {
- push(@ret, $netsettings{"GREEN_ADDRESS"});
+ push(@ret, [$netsettings{"GREEN_ADDRESS"}, ""]);
# BLUE
} elsif ($value eq "BLUE") {
- push(@ret, $netsettings{"BLUE_ADDRESS"});
+ push(@ret, [$netsettings{"BLUE_ADDRESS"}, ""]);
# ORANGE
} elsif ($value eq "ORANGE") {
- push(@ret, $netsettings{"ORANGE_ADDRESS"});
+ push(@ret, [$netsettings{"ORANGE_ADDRESS"}, ""]);
# RED
} elsif ($value ~~ ["RED", "RED1"]) {
my $address = &get_external_address();
if ($address) {
- push(@ret, $address);
+ push(@ret, [$address, ""]);
}
# Aliases
} else {
my $alias = &get_alias($value);
if ($alias) {
- push(@ret, $alias);
+ push(@ret, [$alias, ""]);
}
}
# If nothing was selected, we assume "any".
} else {
- push(@ret, "0/0");
+ push(@ret, ["0/0", ""]);
}
return @ret;
}
}
+ # Concurrent connection limit
+ my @ratelimit_options = ();
+ if ($$hash{$key}[32] eq 'ON') {
+ my $conn_limit = $$hash{$key}[33];
+
+ if ($conn_limit ge 1) {
+ push(@ratelimit_options, ("-m", "connlimit"));
+
+ # Use the the entire source IP address
+ push(@ratelimit_options, "--connlimit-saddr");
+ push(@ratelimit_options, ("--connlimit-mask", "32"));
+
+ # Apply the limit
+ push(@ratelimit_options, ("--connlimit-upto", $conn_limit));
+ }
+ }
+
+ # Ratelimit
+ if ($$hash{$key}[34] eq 'ON') {
+ my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
+
+ if ($rate_limit) {
+ push(@ratelimit_options, ("-m", "limit"));
+ push(@ratelimit_options, ("--limit", $rate_limit));
+ }
+ }
+
# Check which protocols are used in this rule and so that we can
# later group rules by protocols.
my @protocols = &get_protocols($hash, $key);
next unless ($src);
# Sanitize source.
- my $source = $src;
+ my $source = @$src[0];
if ($source ~~ @ANY_ADDRESSES) {
$source = "";
}
+ my $source_intf = @$src[1];
+
foreach my $dst (@destinations) {
# Skip invalid rules.
next unless (defined $dst);
next if (!$dst || ($dst eq "none"));
# Sanitize destination.
- my $destination = $dst;
+ my $destination = @$dst[0];
if ($destination ~~ @ANY_ADDRESSES) {
$destination = "";
}
+ my $destination_intf = @$dst[1];
+
# Array with iptables arguments.
my @options = ();
push(@source_options, ("-s", $source));
}
+ if ($source_intf) {
+ push(@source_options, ("-i", $source_intf));
+ }
+
# Prepare destination options.
my @destination_options = ();
if ($destination) {
push(@destination_options, ("-d", $destination));
}
+ if ($destination_intf) {
+ push(@destination_options, ("-o", $destination_intf));
+ }
+
# Add time constraint options.
push(@options, @time_options);
+ # Add ratelimiting option
+ push(@options, @ratelimit_options);
+
my $firewall_is_in_source_subnet = 1;
if ($source) {
$firewall_is_in_source_subnet = &firewall_is_in_subnet($source);
# Make port-forwardings useable from the internal networks.
my @internal_addresses = &fwlib::get_internal_firewall_ip_addresses(1);
unless ($nat_address ~~ @internal_addresses) {
- &add_dnat_mangle_rules($nat_address, @nat_options);
+ &add_dnat_mangle_rules($nat_address, $source_intf, @nat_options);
}
push(@nat_options, @source_options);
}
}
}
+ #Reload firewall.local if present
+ if ( -f '/etc/sysconfig/firewall.local'){
+ run("/etc/sysconfig/firewall.local reload");
+ }
}
# Formats the given timestamp into the iptables format which is "hh:mm" UTC.
sub add_dnat_mangle_rules {
my $nat_address = shift;
+ my $interface = shift;
my @options = @_;
my $mark = 0;
next unless (exists $defaultNetworks{$zone . "_NETADDRESS"});
next unless (exists $defaultNetworks{$zone . "_NETMASK"});
+ next if ($interface && $interface ne $defaultNetworks{$zone . "_DEV"});
+
my @mangle_options = @options;
my $netaddress = $defaultNetworks{$zone . "_NETADDRESS"};
#usr/share/locale/zh_TW/LC_MESSAGES/bash.mo
#usr/share/man/man1/bash.1
#usr/share/man/man1/bashbug.1
+#usr/share/locale/af
+#usr/share/locale/af/LC_MESSAGES
+#usr/share/locale/af/LC_MESSAGES/bash.mo
+#usr/share/locale/bg/LC_MESSAGES/bash.mo
+#usr/share/locale/ca/LC_MESSAGES/bash.mo
+#usr/share/locale/cs/LC_MESSAGES/bash.mo
+#usr/share/locale/da/LC_MESSAGES/bash.mo
+#usr/share/locale/de/LC_MESSAGES/bash.mo
+#usr/share/locale/el/LC_MESSAGES/bash.mo
+#usr/share/locale/en@boldquot
+#usr/share/locale/en@boldquot/LC_MESSAGES
+#usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo
+#usr/share/locale/en@quot/LC_MESSAGES/bash.mo
+#usr/share/locale/eo/LC_MESSAGES/bash.mo
+#usr/share/locale/es/LC_MESSAGES/bash.mo
+#usr/share/locale/et/LC_MESSAGES/bash.mo
+#usr/share/locale/fi/LC_MESSAGES/bash.mo
+#usr/share/locale/fr/LC_MESSAGES/bash.mo
+#usr/share/locale/ga/LC_MESSAGES/bash.mo
+#usr/share/locale/gl/LC_MESSAGES/bash.mo
+#usr/share/locale/hr/LC_MESSAGES/bash.mo
+#usr/share/locale/hu/LC_MESSAGES/bash.mo
+#usr/share/locale/id/LC_MESSAGES/bash.mo
+#usr/share/locale/it/LC_MESSAGES/bash.mo
+#usr/share/locale/ja/LC_MESSAGES/bash.mo
+#usr/share/locale/lt/LC_MESSAGES/bash.mo
+#usr/share/locale/nl/LC_MESSAGES/bash.mo
+#usr/share/locale/pl/LC_MESSAGES/bash.mo
+#usr/share/locale/pt_BR/LC_MESSAGES/bash.mo
+#usr/share/locale/ro/LC_MESSAGES/bash.mo
+#usr/share/locale/ru/LC_MESSAGES/bash.mo
+#usr/share/locale/sk/LC_MESSAGES/bash.mo
+#usr/share/locale/sl/LC_MESSAGES/bash.mo
+#usr/share/locale/sr
+#usr/share/locale/sr/LC_MESSAGES
+#usr/share/locale/sr/LC_MESSAGES/bash.mo
+#usr/share/locale/sv/LC_MESSAGES/bash.mo
+#usr/share/locale/tr/LC_MESSAGES/bash.mo
+#usr/share/locale/uk/LC_MESSAGES/bash.mo
--- /dev/null
+../../../common/bash
\ No newline at end of file
--- /dev/null
+../../../common/dnsmasq
\ No newline at end of file
--- /dev/null
+etc/system-release
+etc/issue
+etc/rc.d/init.d/firewall
+etc/rc.d/init.d/network
+srv/web/ipfire/cgi-bin/firewall.cgi
+srv/web/ipfire/cgi-bin/fwhosts.cgi
+srv/web/ipfire/cgi-bin/urlfilter.cgi
+usr/lib/firewall/firewall-lib.pl
+usr/lib/firewall/rules.pl
+var/ipfire/langs
--- /dev/null
+../../../common/readline
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+# Remove old core updates from pakfire cache to save space...
+core=84
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+/etc/init.d/dnsmasq stop
+
+# Remove old files
+
+# Extract files
+extract_files
+
+# Start services
+/etc/init.d/dnsmasq start
+
+# Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+sync
+
+# This update need a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Don't report the exitcode last command
+exit 0
--- /dev/null
+boot/config.txt
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/ovpn
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+boot/config.txt
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/ovpn
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+../../../common/bash
\ No newline at end of file
--- /dev/null
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/logs.cgi/ids.dat
+srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/cgi-bin/urlfilter.cgi
+var/ipfire/general-functions.pl
--- /dev/null
+../../../common/findutils
\ No newline at end of file
--- /dev/null
+../../../common/squid
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+# Remove old core updates from pakfire cache to save space...
+core=83
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+
+# Remove old files
+
+# Extract files
+extract_files
+
+# reload init because glibc/linker changed
+telinit -u
+
+# Start services
+
+# Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+sync
+
+# This update need a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Don't report the exitcode last command
+exit 0
\$("#TIME_CONSTRAINTS").toggle();
});
+ // Limit concurrent connections per ip
+ if(!\$("#USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP").attr("checked")) {
+ \$("#LIMIT_CON").hide();
+ }
+ \$("#USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP").change(function() {
+ \$("#LIMIT_CON").toggle();
+ });
+
+ // Rate-limit new connections
+ if(!\$("#USE_RATELIMIT").attr("checked")) {
+ \$("#RATELIMIT").hide();
+ }
+ \$("#USE_RATELIMIT").change(function() {
+ \$("#RATELIMIT").toggle();
+ });
+
// Automatically select radio buttons when corresponding
// dropdown menu changes.
\$("select").change(function() {
#check if we have an identical rule already
if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
foreach my $key (sort keys %configinputfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
+ eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31],$configinputfw{$key}[32],$configinputfw{$key}[33],$configinputfw{$key}[34],$configinputfw{$key}[35],$configinputfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
$fwdfwsettings{'oldrulenumber'}=$maxkey;
foreach my $key (sort keys %configinputfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
+ eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31],$configinputfw{$key}[32],$configinputfw{$key}[33],$configinputfw{$key}[34],$configinputfw{$key}[35],$configinputfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
}
}
}
#check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'} ) {
if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$errormessage='';
$fwdfwsettings{'nosave2'} = 'on';
my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
foreach my $key (sort keys %configoutgoingfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
+ eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31],$configoutgoingfw{$key}[32],$configoutgoingfw{$key}[33],$configoutgoingfw{$key}[34],$configoutgoingfw{$key}[35],$configoutgoingfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
$fwdfwsettings{'oldrulenumber'}=$maxkey;
foreach my $key (sort keys %configoutgoingfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
+ eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31],$configoutgoingfw{$key}[32],$configoutgoingfw{$key}[33],$configoutgoingfw{$key}[34],$configoutgoingfw{$key}[35],$configoutgoingfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
}
}
}
#check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'} ) {
if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'nosave2'} = 'on';
$errormessage='';
if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
#check if we have an identical rule already
foreach my $key (sort keys %configfwdfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31],$configfwdfw{$key}[32],$configfwdfw{$key}[33],$configfwdfw{$key}[34],$configfwdfw{$key}[35],$configfwdfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
$fwdfwsettings{'oldrulenumber'}=$maxkey;
foreach my $key (sort keys %configfwdfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
+ eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31],$configfwdfw{$key}[32],$configfwdfw{$key}[33],$configfwdfw{$key}[34],$configfwdfw{$key}[35],$configfwdfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
}
}
}
#check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}){
if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'nosave2'} = 'on';
$errormessage='';
}
}
+ #check max concurrent connections per ip address
+ if ($fwdfwsettings{'LIMIT_CON_CON'} eq 'ON'){
+ if (!($fwdfwsettings{'concon'} =~ /^(\d+)$/)) {
+ $errormessage.=$Lang::tr{'fwdfw err concon'};
+ }
+ }else{
+ $fwdfwsettings{'concon'}='';
+ }
+ #check ratelimit value
+ if ($fwdfwsettings{'RATE_LIMIT'} eq 'ON'){
+ if (!($fwdfwsettings{'ratecon'} =~ /^(\d+)$/)) {
+ $errormessage.=$Lang::tr{'fwdfw err ratecon'};
+ }
+ }else{
+ $fwdfwsettings{'ratecon'}='';
+ }
#increase counters
if (!$errormessage){
if ($fwdfwsettings{'nosave2'} ne 'on'){
END
foreach my $network (sort keys %defaultNetworks)
{
- next if($defaultNetworks{$network}{'NAME'} eq "RED" && $srctgt eq 'src');
next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
print "<option value='$defaultNetworks{$network}{'NAME'}'";
print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $defaultNetworks{$network}{'NAME'});
$fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order
$fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29];
$fwdfwsettings{'dnatport'} = $hash{$key}[30];
+ $fwdfwsettings{'LIMIT_CON_CON'} = $hash{$key}[32];
+ $fwdfwsettings{'concon'} = $hash{$key}[33];
+ $fwdfwsettings{'RATE_LIMIT'} = $hash{$key}[34];
+ $fwdfwsettings{'ratecon'} = $hash{$key}[35];
+ $fwdfwsettings{'RATETIME'} = $hash{$key}[36];
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
$checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
$checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
$checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED';
+ $checked{'LIMIT_CON_CON'}{$fwdfwsettings{'LIMIT_CON_CON'}} = 'CHECKED';
+ $checked{'RATE_LIMIT'}{$fwdfwsettings{'RATE_LIMIT'}} = 'CHECKED';
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
$selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
$selected{'dnat'}{$fwdfwsettings{'dnat'}} ='selected';
$selected{'snat'}{$fwdfwsettings{'snat'}} ='selected';
+ $selected{'RATETIME'}{$fwdfwsettings{'RATETIME'}} ='selected';
}
}
$fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
$fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
$fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
$fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'};
+ $fwdfwsettings{'oldconcon'}=$fwdfwsettings{'LIMIT_CON_CON'};
+ $fwdfwsettings{'olduseratelimit'}=$fwdfwsettings{'RATE_LIMIT'};
+ $fwdfwsettings{'olduseratelimitamount'}=$fwdfwsettings{'ratecon'};
+ $fwdfwsettings{'oldratelimittime'}=$fwdfwsettings{'RATETIME'};
+
#check if manual ip (source) is orange network
if ($fwdfwsettings{'grp1'} eq 'src_addr'){
my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
$fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
$fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
$fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
+ $fwdfwsettings{'oldconcon'}=$fwdfwsettings{'LIMIT_CON_CON'};
#check if manual ip (source) is orange network
if ($fwdfwsettings{'grp1'} eq 'src_addr'){
my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
</table>
</td>
</tr>
+ <tr>
+ <td width='1%'>
+ <input type='checkbox' name='LIMIT_CON_CON' id="USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP" value='ON' $checked{'LIMIT_CON_CON'}{'ON'}>
+ </td>
+ <td>$Lang::tr{'fwdfw limitconcon'}</td>
+ </tr>
+ <tr id="LIMIT_CON">
+ <td colspan='2'>
+ <table width='66%' border='0'>
+ <tr>
+ <td width="20em"> </td>
+ <td>$Lang::tr{'fwdfw maxconcon'}: <input type='text' name='concon' size='2' value="$fwdfwsettings{'concon'}"></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width='1%'>
+ <input type='checkbox' name='RATE_LIMIT' id="USE_RATELIMIT" value='ON' $checked{'RATE_LIMIT'}{'ON'}>
+ </td>
+ <td>$Lang::tr{'fwdfw ratelimit'}</td>
+ </tr>
+ <tr id="RATELIMIT">
+ <td colspan='2'>
+ <table width='66%' border='0'>
+ <tr>
+ <td width="20em"> </td>
+ <td>$Lang::tr{'fwdfw numcon'}: <input type='text' name='ratecon' size='2' value="$fwdfwsettings{'ratecon'}"> /
+ <select name='RATETIME' style='width:100px;'>
+ <option value='second' $selected{'RATETIME'}{'second'}>$Lang::tr{'age second'}</option>
+ <option value='minute' $selected{'RATETIME'}{'minute'}>$Lang::tr{'minute'}</option>
+ <option value='hour' $selected{'RATETIME'}{'hour'}>$Lang::tr{'hour'}</option>
+ </select>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
</table>
<br>
END
<input type='hidden' name='oldorange' value='$fwdfwsettings{'oldorange'}' />
<input type='hidden' name='oldnat' value='$fwdfwsettings{'oldnat'}' />
<input type='hidden' name='oldruletype' value='$fwdfwsettings{'oldruletype'}' />
+ <input type='hidden' name='oldconcon' value='$fwdfwsettings{'oldconcon'}' />
<input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
</table></form>
END
$$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
$$hash{$key}[30] = $fwdfwsettings{'dnatport'};
$$hash{$key}[31] = $fwdfwsettings{'nat'};
+ $$hash{$key}[32] = $fwdfwsettings{'LIMIT_CON_CON'};
+ $$hash{$key}[33] = $fwdfwsettings{'concon'};
+ $$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
+ $$hash{$key}[35] = $fwdfwsettings{'ratecon'};
+ $$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
&General::writehasharray("$config", $hash);
}else{
foreach my $key (sort {$a <=> $b} keys %$hash){
$$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
$$hash{$key}[30] = $fwdfwsettings{'dnatport'};
$$hash{$key}[31] = $fwdfwsettings{'nat'};
+ $$hash{$key}[32] = $fwdfwsettings{'LIMIT_CON_CON'};
+ $$hash{$key}[33] = $fwdfwsettings{'concon'};
+ $$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
+ $$hash{$key}[35] = $fwdfwsettings{'ratecon'};
+ $$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
last;
}
}
$errormessage=$errormessage.$Lang::tr{'fwhost err sub32'};
}
if($fwhostsettings{'error'} ne 'on'){
- #check if we use one of ipfire's networks (green,orange,blue)
- if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && ($fwhostsettings{'IP'} eq $ownnet{'GREEN_NETADDRESS'} && $fwhostsettings{'SUBNET'} eq $ownnet{'GREEN_NETMASK'}))
- {
- $errormessage=$errormessage.$Lang::tr{'ccd err green'}."<br>";
- $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
- if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
- }
- if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && ($fwhostsettings{'IP'} eq $ownnet{'ORANGE_NETADDRESS'} && $fwhostsettings{'SUBNET'} eq $ownnet{'ORANGE_NETMASK'}))
- {
- $errormessage=$errormessage.$Lang::tr{'ccd err orange'}."<br>";
- $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
- if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
- }
- if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && ($fwhostsettings{'IP'} eq $ownnet{'BLUE_NETADDRESS'} && $fwhostsettings{'SUBNET'} eq $ownnet{'BLUE_NETMASK'}))
- {
- $errormessage=$errormessage.$Lang::tr{'ccd err blue'}."<br>";
- $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
- if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
- }
- if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && ($fwhostsettings{'IP'} eq $ownnet{'RED_NETADDRESS'} && $fwhostsettings{'SUBNET'} eq $ownnet{'RED_NETMASK'}))
- {
- $errormessage=$errormessage.$Lang::tr{'ccd err red'}."<br>";
- $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
- if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
- }
+ my $fullip="$fwhostsettings{'IP'}/".&General::iporsubtocidr($fwhostsettings{'SUBNET'});
+ $errormessage=$errormessage.&General::checksubnets($fwhostsettings{'HOSTNAME'},$fullip,"");
}
#only check plausi when no error till now
if (!$errormessage){
&plausicheck("editnet");
}
- #check if network ip is part of an already used one
- if(&checksubnet(\%customnetwork))
- {
- $errormessage=$errormessage.$Lang::tr{'fwhost err partofnet'};
- $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
- }
if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newnet'} ne 'on' && $errormessage)
{
$fwhostsettings{'actualize'} = '';
$customnetwork{$key}[3] = $fwhostsettings{'orgnetremark'};
&General::writehasharray("$confignet", \%customnetwork);
undef %customnetwork;
- }
+ }
if (!$errormessage){
-
&General::readhasharray("$confignet", \%customnetwork);
if ($fwhostsettings{'ACTION'} eq 'updatenet'){
if ($fwhostsettings{'update'} == '0'){
&General::writehasharray("$fwconfiginp", \%fwinp);
}
}
- }
+ }
my $key = &General::findhasharraykey (\%customnetwork);
foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";}
$fwhostsettings{'SUBNET'} = &General::iporsubtocidr($fwhostsettings{'SUBNET'});
}
&addnet;
&viewtablenet;
- }else {
+ }else{
+ $fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
&addnet;
&viewtablenet;
}
$tdcolor="<font style='color: $Header::colourblue;'>$c</font>";
return $tdcolor;
}
-
+ if ("$sip/$scidr" eq "0.0.0.0/0"){
+ $tdcolor="<font style='color: $Header::colourred;'>$c</font>";
+ return $tdcolor;
+ }
#Check if IP is part of OpenVPN N2N subnet
foreach my $key (sort keys %ccdhost){
if ($ccdhost{$key}[3] eq 'net'){
&General::readhash("${General::swroot}/vpn/settings",\%hash);
return $hash{'RW_NET'};
}
+ if ($name eq 'RED'){
+ return "0.0.0.0/0";
+ }
}
}
sub decrease
END
;
if ($sid ne "n/a") {
- print "<a href='http://www.snort.org/search/sid/$sid' ";
+ print "<a href='https://www.snort.org/rule_docs/$sid' ";
print "target='_blank'>$sid</a></td>\n";
} else {
print $sid;
print FILE "\n";
}
+ open (PORTS,"$acl_ports_ssl");
+ my @ssl_ports = <PORTS>;
+ close PORTS;
+
+ if (@ssl_ports) {
+ foreach (@ssl_ports) {
+ print FILE "acl SSL_ports port $_";
+ }
+ }
+
+ open (PORTS,"$acl_ports_safe");
+ my @safe_ports = <PORTS>;
+ close PORTS;
+
+ if (@safe_ports) {
+ foreach (@safe_ports) {
+ print FILE "acl Safe_ports port $_";
+ }
+ }
+
+ print FILE <<END
+
+acl IPFire_http port $http_port
+acl IPFire_https port $https_port
+acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
+acl IPFire_networks src "$acl_src_subnets"
+acl IPFire_servers dst "$acl_src_subnets"
+acl IPFire_green_network src $green_cidr
+acl IPFire_green_servers dst $green_cidr
+END
+ ;
+ if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
+ if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
+ if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
+ if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
+ if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
+ if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
+ print FILE <<END
+acl CONNECT method CONNECT
+END
+ ;
+
if ($proxysettings{'CACHE_SIZE'} > 0) {
print FILE <<END
maximum_object_size $proxysettings{'MAX_SIZE'} KB
print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
}
-open (PORTS,"$acl_ports_ssl");
-my @ssl_ports = <PORTS>;
-close PORTS;
-
-if (@ssl_ports) {
- foreach (@ssl_ports) {
- print FILE "acl SSL_ports port $_";
- }
-}
-
-open (PORTS,"$acl_ports_safe");
-my @safe_ports = <PORTS>;
-close PORTS;
-
-if (@safe_ports) {
- foreach (@safe_ports) {
- print FILE "acl Safe_ports port $_";
- }
-}
-
- print FILE <<END
-
-acl IPFire_http port $http_port
-acl IPFire_https port $https_port
-acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
-acl IPFire_networks src "$acl_src_subnets"
-acl IPFire_servers dst "$acl_src_subnets"
-acl IPFire_green_network src $green_cidr
-acl IPFire_green_servers dst $green_cidr
-END
- ;
- if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
- if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
- if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
- if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
- if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
- if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
- print FILE <<END
-acl CONNECT method CONNECT
-END
- ;
-
if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
print FILE <<END
close FILE;
system("rm -f $dbdir/$besettings{'BE_NAME'}/*.db");
- system("/usr/sbin/squidGuard -c $editdir/install.conf -C all");
+ system("/usr/bin/squidGuard -c $editdir/install.conf -C all");
system("chmod a+w $dbdir/$besettings{'BE_NAME'}/*.db");
&readblockcategories;
sub writeconfigfile
{
- my $executables = "\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
- my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$";
- my $archives = "\\.\(bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
+ my $executables = "/[^/]*\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
+ my $audiovideo = "/[^/]*\\.\(aiff|asf|avi|dif|divx|flv|mkv|mov|movie|mp3|mp4|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$";
+ my $archives = "/[^/]*\\.\(7z|bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
my $ident = " anonymous";
if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
{
print FILE " # rewrite safesearch\n";
- print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|frghp|froogle)\\?)(.*)(\\bsafe=\\w+)(.*)\@\\1\\3safe=strict\\5\@i\n";
- print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|frghp|froogle)\\?)(.*)\@\\1safe=strict\\\&\\3\@i\n";
+ print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|nwshp|frghp|froogle)\\?)(.*)(\\bsafe=\\w+)(.*)\@\\1\\3safe=strict\\5\@i\n";
+ print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|nwshp|frghp|froogle)\\?)(.*)\@\\1safe=strict\\\&\\3\@i\n";
print FILE " s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W)(.*)(\\bvm=\\w+)(.*)\@\\1\\2vm=r\\4\@i\n";
print FILE " s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W.*)\@\\1\\\&vm=r\@i\n";
print FILE " s@(.*\\Walltheweb\\.com/customize\\?)(.*)(\\bcopt_offensive=\\w+)(.*)\@\\1\\2copt_offensive=on\\4\@i\n";
+ print FILE " s@(.*\\Wbing\\.\\w+/)(.*)(\\badlt=\\w+)(.*)\@\\1\\2adlt=strict\\4\@i\n";
+ print FILE " s@(.*\\Wbing\\.\\w+/.*)\@\\1\\\&adlt=strict\@i\n";
}
print FILE "}\n\n";
'fwdfw dnat porterr' => 'Für NAT-Regeln muss ein einzelner Port oder Portbereich angegeben werden.',
'fwdfw dnat porterr2' => 'Externer Port (NAT) darf nur angegeben werden, wenn ein Ziel-Port definiert ist.',
'fwdfw edit' => 'Bearbeiten',
+'fwdfw err concon' => 'Ungültige Zahl für gleichzeitige Verbindungen',
'fwdfw err nosrc' => 'Keine Quelle ausgewählt',
'fwdfw err nosrcip' => 'Bitte Quell-IP-Adresse angeben',
'fwdfw err notgt' => 'Kein Ziel ausgewählt',
'fwdfw err notgtip' => 'Bitte Ziel-IP-Adresse angeben',
'fwdfw err prot_port' => 'Bei dem gewählten Protokoll sind Quell- und Zielport nicht erlaubt',
'fwdfw err prot_port1' => 'Bei Nutzung von Quell- oder Zielport muss als Protokoll TCP oder UDP gewählt werden.',
+'fwdfw err ratecon' => 'Ungültiger Wert bei Anzahl der Verbindungen für Ratenlimitierung',
'fwdfw err remark' => 'Die Bemerkung enthält ungültige Zeichen',
'fwdfw err ruleexists' => 'Eine identische Regel existiert bereits',
'fwdfw err same' => 'Quelle und Ziel sind identisch',
'fwdfw hint mac' => 'Sie nutzen MAC-Adressen in der Zielgruppe. Diese werden bei der Regelerstellung übersprungen.',
'fwdfw iface' => 'Interface',
'fwdfw ipsec network' => 'IPsec-Netzwerke:',
+'fwdfw limitconcon' => 'Beschränke gleichzeitige Verbindungen je IP-Adresse',
'fwdfw log' => 'Log',
'fwdfw log rule' => 'Logging aktivieren',
'fwdfw man port' => 'Port(s):',
'fwdfw many' => 'Diverse',
+'fwdfw maxconcon' => 'Max. gleichzeitige Verbindungen',
'fwdfw menu' => 'Firewall',
'fwdfw movedown' => 'Herunter',
'fwdfw moveup' => 'Herauf',
'fwdfw natport used' => 'Der eingegebene Port wird bereits von einer anderen DNAT-Regel benutzt.',
'fwdfw newrule' => 'Neue Regel erstellen',
+'fwdfw numcon' => 'Anzahl der Verbindungen',
'fwdfw p2p txt' => 'P2P-Netzwerke erlauben/verbieten.',
'fwdfw pol allow' => 'Zugelassen',
'fwdfw pol block' => 'Blockiert',
'fwdfw pol title' => 'Standardverhalten der Firewall',
'fwdfw prot41' => 'IPv6 Encapsulation (Protokoll 41)',
'fwdfw prot41 short' => 'IPv6 Encap',
+'fwdfw ratelimit' => 'Ratenlimitierung für neue Verbindungen',
'fwdfw red' => 'ROT',
'fwdfw reread' => 'Änderungen übernehmen',
'fwdfw rule action' => 'Regelaktion:',
'fwhost err remark' => 'Ungültige Bemerkung. Erlaubte Zeichen: Klein- und Großbuchstaben, Bindestrich, Unterstrich, Runde Klammern, Semikolon, Punkt.',
'fwhost err srv exists' => 'Ein Service mit diesem Namen existiert bereits',
'fwhost err srvexist' => 'Dieser Dienst ist bereits in der Gruppe',
-'fwhost err sub32' => 'Bitte einen einzelnen Host hinzufügen, keine Netzwerke',
+'fwhost err sub32' => 'Bitte Netzwerke hinzufügen, keinen einzelnen Host',
'fwhost green' => 'Grün',
'fwhost hint' => 'Hinweis',
'fwhost hosts' => 'Firewall-Hosts',
'fwdfw dnat porterr' => 'You have to select a single port or portrange (tcp/udp) for NAT',
'fwdfw dnat porterr2' => 'Cannot use external port (NAT) when no destination port is defined.',
'fwdfw edit' => 'Edit',
+'fwdfw err concon' => 'Invalid number for concurrent connections',
'fwdfw err nosrc' => 'No source selected.',
'fwdfw err nosrcip' => 'Please provide a source IP address.',
'fwdfw err notgt' => 'No destination selected.',
'fwdfw err notgtip' => 'Please provide a destination IP address.',
'fwdfw err prot_port' => 'Source- or targetport are not allowed with selected protocol',
'fwdfw err prot_port1' => 'When using Source- or targetport you have to select TCP or UDP for protocol',
+'fwdfw err ratecon' => 'Invalid value for connections in Rate-limit',
'fwdfw err remark' => 'Invalid characters in remark.',
'fwdfw err ruleexists' => 'This rule already exists.',
'fwdfw err same' => 'Source and destination are identical.',
'fwdfw hint mac' => 'The destination group contains MAC addresses, which will be skipped during rule creation.',
'fwdfw iface' => 'Interface',
'fwdfw ipsec network' => 'IPsec networks:',
+'fwdfw limitconcon' => 'Limit concurrent connections per IP address',
'fwdfw log' => 'Log',
'fwdfw log rule' => 'Log rule',
'fwdfw man port' => 'Port(s):',
'fwdfw many' => 'Many',
+'fwdfw maxconcon' => 'Max. concurrent connections',
'fwdfw menu' => 'Firewall',
'fwdfw movedown' => 'Move down',
'fwdfw moveup' => 'Move up',
'fwdfw natport used' => 'The given port for NAPT is already in use by an other DNAT rule.',
'fwdfw newrule' => 'New rule',
+'fwdfw numcon' => 'Number of connections',
'fwdfw p2p txt' => 'Grant/deny access to P2P networks.',
'fwdfw pol allow' => 'Allowed',
'fwdfw pol block' => 'Blocked',
'fwdfw pol title' => 'Default firewall behaviour',
'fwdfw prot41' => 'IPv6 Encapsulation (Protocol 41)',
'fwdfw prot41 short' => 'IPv6 Encap',
+'fwdfw ratelimit' => 'Rate-limit new connections',
'fwdfw red' => 'RED',
'fwdfw reread' => 'Apply changes',
'fwdfw rule action' => 'Rule action:',
'fwhost err remark' => 'Invalid remark. Allowed characters: Upper- and lowercase letters, digits, space, dash, braces, semicolon, pipe and dot.',
'fwhost err srv exists' => 'A service with the same name already exists',
'fwhost err srvexist' => 'This service already exists in the group',
-'fwhost err sub32' => 'Please add a single host, not a network.',
+'fwhost err sub32' => 'Please add a network, not a single host',
'fwhost green' => 'Green',
'fwhost hint' => 'Note',
'fwhost hosts' => 'Firewall Hosts',
'swap usage per' => 'Swap usage per',
'system' => 'System',
'system graphs' => 'System Graphs',
-'system has hwrng' => 'This system has got a hardware random number generator.',
-'system has rdrand' => 'This system has got support for Intel(R) RDRAND.',
+'system has hwrng' => 'This system has a hardware random number generator.',
+'system has rdrand' => 'This system has support for Intel(R) RDRAND.',
'system information' => 'System Information',
'system log viewer' => 'System Log Viewer',
'system logs' => 'System Logs',
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
sed -e "s/filename, RTLD_LAZY/filename, RTLD_NOW/" \
-i $(DIR_APP)/builtins/enable.def
- for i in $$(seq 1 26); do \
+ for i in $$(seq 1 27); do \
cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash/bash43-$$(printf "%03d" "$${i}") || exit 1; \
done
include Config
-VER = 2.71
+VER = 2.72
THISAPP = dnsmasq-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9e2e4d59c75e71ee3ca817ff0f9be69e
+$(DL_FILE)_MD5 = 0256e0a71e27c8d8a5c89a0d18f3cfe2
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-support-nettle-3.0.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.70-Add-support-to-read-ISC-DHCP-lease-file.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.72rc2-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \
-e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
-e 's|/\* #define HAVE_DNSSEC \*/|#define HAVE_DNSSEC|g' \
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh966775.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh966778.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh970090.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1008310.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1022022.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1091162.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1098050.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1133809-1.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1133809-2.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch
include Config
-VER = 3.4.5
+VER = 3.4.7
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a831efb36cfbaa419f8dc7a43cba72c9
+$(DL_FILE)_MD5 = 74677634121649ccb87a5655fcd4298d
install : $(TARGET)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = squid-accounting
-PAK_VER = 2
+PAK_VER = 3
DEPS = "perl-DBI perl-DBD-SQLite perl-File-ReadBackwards perl-PDF-API2 sendEmail"
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.15" # Version number
-CORE="82" # Core Level (Filename)
-PAKFIRE_CORE="82" # Core Level (PAKFIRE)
+CORE="84" # Core Level (Filename)
+PAKFIRE_CORE="83" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
boot_mesg "Setting up firewall"
iptables_init
evaluate_retval
-
- # run local firewall configuration, if present
- if [ -x /etc/sysconfig/firewall.local ]; then
- /etc/sysconfig/firewall.local start
- fi
;;
reload|up)
boot_mesg "Reloading firewall"
iptables_red_up
evaluate_retval
-
- # run local firewall configuration, if present
- if [ -x /etc/sysconfig/firewall.local ]; then
- /etc/sysconfig/firewall.local reload
- fi
;;
down)
boot_mesg "Disabling firewall access to RED"
evaluate_retval
;;
restart)
- # run local firewall configuration, if present
- if [ -x /etc/sysconfig/firewall.local ]; then
- /etc/sysconfig/firewall.local stop
- fi
$0 start
;;
*)
init_networking() {
/etc/rc.d/init.d/dnsmasq start
- /etc/rc.d/init.d/static-routes start
}
DO="${1}"
if [ -n "${1}" ]; then
ALL=0
- for i in green red blue orange; do
+ for i in green red blue orange; do
eval "${i}=0"
done
else
rm -f /var/ipfire/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
[ "$AUTOCONNECT" == "off" ] || /etc/rc.d/init.d/networking/red start
fi
- fi
+ fi
+
+ /etc/rc.d/init.d/static-routes start
;;
stop)
chmod 644 /var/ipfire/accounting/acct.db
chown nobody.nobody /var/ipfire/accounting/acct.db
fi
+#Set right permissions of directory /srv/web/ipfire/html/accounting
+chown -R nobody.nobody /srv/web/ipfire/html/accounting
+chmod 755 -R /srv/web/ipfire/html/accounting
rm -f /var/ipfire/accounting/dbinstall.pl
/usr/local/bin/update-lang-cache
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 3.2
+Patch-ID: bash32-052
+
+Bug-Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+Under certain circumstances, bash will execute user code while processing the
+environment for exported function definitions.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-3.2.51/builtins/common.h 2006-03-06 09:38:44.000000000 -0500
+--- builtins/common.h 2014-09-16 19:08:02.000000000 -0400
+***************
+*** 34,37 ****
+--- 34,39 ----
+
+ /* Flags for describe_command, shared between type.def and command.def */
++ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */
++ #define SEVAL_ONECMD 0x100 /* only allow a single command */
+ #define CDESC_ALL 0x001 /* type -a */
+ #define CDESC_SHORTDESC 0x002 /* command -V */
+*** ../bash-3.2.51/builtins/evalstring.c 2008-11-15 17:47:04.000000000 -0500
+--- builtins/evalstring.c 2014-09-16 19:08:02.000000000 -0400
+***************
+*** 235,238 ****
+--- 235,246 ----
+ struct fd_bitmap *bitmap;
+
++ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++ {
++ internal_warning ("%s: ignoring function definition attempt", from_file);
++ should_jump_to_top_level = 0;
++ last_result = last_command_exit_value = EX_BADUSAGE;
++ break;
++ }
++
+ bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+ begin_unwind_frame ("pe_dispose");
+***************
+*** 292,295 ****
+--- 300,306 ----
+ dispose_fd_bitmap (bitmap);
+ discard_unwind_frame ("pe_dispose");
++
++ if (flags & SEVAL_ONECMD)
++ break;
+ }
+ }
+*** ../bash-3.2.51/variables.c 2008-11-15 17:15:06.000000000 -0500
+--- variables.c 2014-09-16 19:10:39.000000000 -0400
+***************
+*** 319,328 ****
+ strcpy (temp_string + char_index + 1, string);
+
+! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+!
+! /* Ancient backwards compatibility. Old versions of bash exported
+! functions like name()=() {...} */
+! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
+! name[char_index - 2] = '\0';
+
+ if (temp_var = find_function (name))
+--- 319,326 ----
+ strcpy (temp_string + char_index + 1, string);
+
+! /* Don't import function names that are invalid identifiers from the
+! environment. */
+! if (legal_identifier (name))
+! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+
+ if (temp_var = find_function (name))
+***************
+*** 333,340 ****
+ else
+ report_error (_("error importing function definition for `%s'"), name);
+-
+- /* ( */
+- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+- name[char_index - 2] = '('; /* ) */
+ }
+ #if defined (ARRAY_VARS)
+--- 331,334 ----
+*** ../bash-3.2/patchlevel.h Thu Apr 13 08:31:04 2006
+--- patchlevel.h Mon Oct 16 14:22:54 2006
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 51
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 52
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 3.2
+Patch-ID: bash32-053
+
+Bug-Reported-by: Tavis Ormandy <taviso () cmpxchg8b com>
+Bug-Reference-ID:
+Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch:
+
+*** ../bash-3.2.52/parse.y 2008-04-29 21:24:55.000000000 -0400
+--- parse.y 2014-09-25 16:18:41.000000000 -0400
+***************
+*** 2504,2507 ****
+--- 2504,2509 ----
+ word_desc_to_read = (WORD_DESC *)NULL;
+
++ eol_ungetc_lookahead = 0;
++
+ last_read_token = '\n';
+ token_to_read = '\n';
+*** ../bash-3.2.52/y.tab.c 2006-09-25 08:15:16.000000000 -0400
+--- y.tab.c 2014-09-25 20:28:17.000000000 -0400
+***************
+*** 3833,3836 ****
+--- 3833,3838 ----
+ word_desc_to_read = (WORD_DESC *)NULL;
+
++ eol_ungetc_lookahead = 0;
++
+ last_read_token = '\n';
+ token_to_read = '\n';
+*** ../bash-3.2/patchlevel.h Thu Apr 13 08:31:04 2006
+--- patchlevel.h Mon Oct 16 14:22:54 2006
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 52
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 53
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-027
+
+Bug-Reported-by: Florian Weimer <fweimer@redhat.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+This patch changes the encoding bash uses for exported functions to avoid
+clashes with shell variables and to avoid depending only on an environment
+variable's contents to determine whether or not to interpret it as a shell
+function.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3.26/variables.c 2014-09-25 23:02:18.000000000 -0400
+--- variables.c 2014-09-27 20:52:04.000000000 -0400
+***************
+*** 84,87 ****
+--- 84,92 ----
+ #define ifsname(s) ((s)[0] == 'I' && (s)[1] == 'F' && (s)[2] == 'S' && (s)[3] == '\0')
+
++ #define BASHFUNC_PREFIX "BASH_FUNC_"
++ #define BASHFUNC_PREFLEN 10 /* == strlen(BASHFUNC_PREFIX */
++ #define BASHFUNC_SUFFIX "%%"
++ #define BASHFUNC_SUFFLEN 2 /* == strlen(BASHFUNC_SUFFIX) */
++
+ extern char **environ;
+
+***************
+*** 280,284 ****
+ static void dispose_temporary_env __P((sh_free_func_t *));
+
+! static inline char *mk_env_string __P((const char *, const char *));
+ static char **make_env_array_from_var_list __P((SHELL_VAR **));
+ static char **make_var_export_array __P((VAR_CONTEXT *));
+--- 285,289 ----
+ static void dispose_temporary_env __P((sh_free_func_t *));
+
+! static inline char *mk_env_string __P((const char *, const char *, int));
+ static char **make_env_array_from_var_list __P((SHELL_VAR **));
+ static char **make_var_export_array __P((VAR_CONTEXT *));
+***************
+*** 350,369 ****
+ /* If exported function, define it now. Don't import functions from
+ the environment in privileged mode. */
+! if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
+ {
+ string_length = strlen (string);
+! temp_string = (char *)xmalloc (3 + string_length + char_index);
+
+! strcpy (temp_string, name);
+! temp_string[char_index] = ' ';
+! strcpy (temp_string + char_index + 1, string);
+
+ /* Don't import function names that are invalid identifiers from the
+ environment, though we still allow them to be defined as shell
+ variables. */
+! if (legal_identifier (name))
+! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+
+! if (temp_var = find_function (name))
+ {
+ VSETATTR (temp_var, (att_exported|att_imported));
+--- 355,385 ----
+ /* If exported function, define it now. Don't import functions from
+ the environment in privileged mode. */
+! if (privmode == 0 && read_but_dont_execute == 0 &&
+! STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) &&
+! STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) &&
+! STREQN ("() {", string, 4))
+ {
++ size_t namelen;
++ char *tname; /* desired imported function name */
++
++ namelen = char_index - BASHFUNC_PREFLEN - BASHFUNC_SUFFLEN;
++
++ tname = name + BASHFUNC_PREFLEN; /* start of func name */
++ tname[namelen] = '\0'; /* now tname == func name */
++
+ string_length = strlen (string);
+! temp_string = (char *)xmalloc (namelen + string_length + 2);
+
+! memcpy (temp_string, tname, namelen);
+! temp_string[namelen] = ' ';
+! memcpy (temp_string + namelen + 1, string, string_length + 1);
+
+ /* Don't import function names that are invalid identifiers from the
+ environment, though we still allow them to be defined as shell
+ variables. */
+! if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname)))
+! parse_and_execute (temp_string, tname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+
+! if (temp_var = find_function (tname))
+ {
+ VSETATTR (temp_var, (att_exported|att_imported));
+***************
+*** 378,383 ****
+ }
+ last_command_exit_value = 1;
+! report_error (_("error importing function definition for `%s'"), name);
+ }
+ }
+ #if defined (ARRAY_VARS)
+--- 394,402 ----
+ }
+ last_command_exit_value = 1;
+! report_error (_("error importing function definition for `%s'"), tname);
+ }
++
++ /* Restore original suffix */
++ tname[namelen] = BASHFUNC_SUFFIX[0];
+ }
+ #if defined (ARRAY_VARS)
+***************
+*** 2955,2959 ****
+
+ INVALIDATE_EXPORTSTR (var);
+! var->exportstr = mk_env_string (name, value);
+
+ array_needs_making = 1;
+--- 2974,2978 ----
+
+ INVALIDATE_EXPORTSTR (var);
+! var->exportstr = mk_env_string (name, value, 0);
+
+ array_needs_making = 1;
+***************
+*** 3853,3871 ****
+
+ static inline char *
+! mk_env_string (name, value)
+ const char *name, *value;
+ {
+! int name_len, value_len;
+! char *p;
+
+ name_len = strlen (name);
+ value_len = STRLEN (value);
+! p = (char *)xmalloc (2 + name_len + value_len);
+! strcpy (p, name);
+! p[name_len] = '=';
+ if (value && *value)
+! strcpy (p + name_len + 1, value);
+ else
+! p[name_len + 1] = '\0';
+ return (p);
+ }
+--- 3872,3911 ----
+
+ static inline char *
+! mk_env_string (name, value, isfunc)
+ const char *name, *value;
++ int isfunc;
+ {
+! size_t name_len, value_len;
+! char *p, *q;
+
+ name_len = strlen (name);
+ value_len = STRLEN (value);
+!
+! /* If we are exporting a shell function, construct the encoded function
+! name. */
+! if (isfunc && value)
+! {
+! p = (char *)xmalloc (BASHFUNC_PREFLEN + name_len + BASHFUNC_SUFFLEN + value_len + 2);
+! q = p;
+! memcpy (q, BASHFUNC_PREFIX, BASHFUNC_PREFLEN);
+! q += BASHFUNC_PREFLEN;
+! memcpy (q, name, name_len);
+! q += name_len;
+! memcpy (q, BASHFUNC_SUFFIX, BASHFUNC_SUFFLEN);
+! q += BASHFUNC_SUFFLEN;
+! }
+! else
+! {
+! p = (char *)xmalloc (2 + name_len + value_len);
+! memcpy (p, name, name_len);
+! q = p + name_len;
+! }
+!
+! q[0] = '=';
+ if (value && *value)
+! memcpy (q + 1, value, value_len + 1);
+ else
+! q[1] = '\0';
+!
+ return (p);
+ }
+***************
+*** 3953,3957 ****
+ using the cached exportstr... */
+ list[list_index] = USE_EXPORTSTR ? savestring (value)
+! : mk_env_string (var->name, value);
+
+ if (USE_EXPORTSTR == 0)
+--- 3993,3997 ----
+ using the cached exportstr... */
+ list[list_index] = USE_EXPORTSTR ? savestring (value)
+! : mk_env_string (var->name, value, function_p (var));
+
+ if (USE_EXPORTSTR == 0)
+*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 26
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 27
+
+ #endif /* _PATCHLEVEL_H_ */
+++ /dev/null
-From cdb755c5f16a6768c3e8b1f345fe15fc9244228d Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Wed, 18 Jun 2014 20:52:53 +0100
-Subject: [PATCH] Fix FTBFS with Nettle-3.0.
-
----
- CHANGELOG | 3 +++
- src/dnssec.c | 18 ++++++++++++------
- 2 files changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/src/dnssec.c b/src/dnssec.c
-index 2ffb75d..69bfc29 100644
---- a/src/dnssec.c
-+++ b/src/dnssec.c
-@@ -28,6 +28,12 @@
- #include <nettle/nettle-meta.h>
- #include <nettle/bignum.h>
-
-+/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
-+ to detect Nettle-3, and invoke the backwards compatibility mode. */
-+#ifdef dsa_params_init
-+#include <nettle/dsa-compat.h>
-+#endif
-+
-
- #define SERIAL_UNDEF -100
- #define SERIAL_EQ 0
-@@ -121,8 +127,8 @@ static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char
- return 1;
- }
-
--static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
-- unsigned char *digest, int algo)
-+static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
-+ unsigned char *digest, int algo)
- {
- unsigned char *p;
- size_t exp_len;
-@@ -173,8 +179,8 @@ static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned
- return 0;
- }
-
--static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
-- unsigned char *digest, int algo)
-+static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
-+ unsigned char *digest, int algo)
- {
- unsigned char *p;
- unsigned int t;
-@@ -293,10 +299,10 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
- switch (algo)
- {
- case 1: case 5: case 7: case 8: case 10:
-- return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
-+ return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
-
- case 3: case 6:
-- return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
-+ return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
-
- #ifndef NO_NETTLE_ECC
- case 13: case 14:
---
-1.7.10.4
-
+++ /dev/null
-From 063efb330a3f341c2548e2cf1f67f83e49cd6395 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Tue, 17 Jun 2014 19:49:31 +0100
-Subject: [PATCH] Build config: add -DNO_GMP for use with nettle/mini-gmp
-
----
- Makefile | 2 +-
- bld/pkg-wrapper | 9 +++++++--
- src/config.h | 7 +++++++
- src/dnssec.c | 3 ++-
- 4 files changed, 17 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index c58b50b..17eeb27 100644
---- a/Makefile
-+++ b/Makefile
-@@ -61,7 +61,7 @@ lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CON
- lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1`
- nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed`
- nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed`
--gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --copy -lgmp`
-+gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
- sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
- version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
-
-diff --git a/bld/pkg-wrapper b/bld/pkg-wrapper
-index 9f9332d..0ddb678 100755
---- a/bld/pkg-wrapper
-+++ b/bld/pkg-wrapper
-@@ -11,9 +11,14 @@ in=`cat`
-
- if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
- echo $in | grep $search >/dev/null 2>&1; then
--
-+# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP
- if [ $op = "--copy" ]; then
-- pkg="$*"
-+ if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
-+ echo $in | grep $pkg >/dev/null 2>&1; then
-+ pkg=""
-+ else
-+ pkg="$*"
-+ fi
- elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
- pkg=`$pkg --static $op $*`
-diff --git a/src/config.h b/src/config.h
-index 2155544..ee6d218 100644
---- a/src/config.h
-+++ b/src/config.h
-@@ -105,6 +105,8 @@ HAVE_AUTH
- define this to include the facility to act as an authoritative DNS
- server for one or more zones.
-
-+HAVE_DNSSEC
-+ include DNSSEC validator.
-
- NO_IPV6
- NO_TFTP
-@@ -118,6 +120,11 @@ NO_AUTH
- which are enabled by default in the distributed source tree. Building dnsmasq
- with something like "make COPTS=-DNO_SCRIPT" will do the trick.
-
-+NO_NETTLE_ECC
-+ Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions.
-+NO_GMP
-+ Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.
-+
- LEASEFILE
- CONFFILE
- RESOLVFILE
-diff --git a/src/dnssec.c b/src/dnssec.c
-index 44d626b..2ffb75d 100644
---- a/src/dnssec.c
-+++ b/src/dnssec.c
-@@ -26,7 +26,8 @@
- # include <nettle/ecc-curve.h>
- #endif
- #include <nettle/nettle-meta.h>
--#include <gmp.h>
-+#include <nettle/bignum.h>
-+
-
- #define SERIAL_UNDEF -100
- #define SERIAL_EQ 0
---
-1.7.10.4
-
diff --git a/Makefile b/Makefile
-index 292c8bd..5e0cdbe 100644
+index 58a7975..616c6b7 100644
--- a/Makefile
+++ b/Makefile
@@ -69,7 +69,7 @@ objs = cache.o rfc1035.o util.o option.o forward.o network.o \
dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \
-- domain.o dnssec.o blockdata.o
-+ domain.o dnssec.o blockdata.o isc.o
+- domain.o dnssec.o blockdata.o tables.o loop.o
++ domain.o dnssec.o blockdata.o tables.o loop.o isc.o
hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
dns-protocol.h radv-protocol.h ip6addr.h
diff --git a/src/cache.c b/src/cache.c
-index 5cec918..1f5657f 100644
+index 2c3a498..77a7046 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -17,7 +17,7 @@
cache_hash(crec);
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
-index 1c96a0e..156ac9a 100644
+index f4a89fc..a448ec4 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
-@@ -934,6 +934,11 @@ int main (int argc, char **argv)
+@@ -940,6 +940,11 @@ int main (int argc, char **argv)
poll_resolv(0, daemon->last_resolv != 0, now);
daemon->last_resolv = now;
if (FD_ISSET(piperead, &rset))
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index 3032546..a40b2a9 100644
+index e74b15a..4a35168 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
-@@ -1447,3 +1447,8 @@ void slaac_add_addrs(struct dhcp_lease *lease, time_t now, int force);
- time_t periodic_slaac(time_t now, struct dhcp_lease *leases);
+@@ -1463,9 +1463,13 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases);
void slaac_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface, struct dhcp_lease *leases);
#endif
-+
+
+/* isc.c */
+#ifdef HAVE_ISC_READER
+void load_dhcp(time_t now);
+#endif
++
+ /* loop.c */
+ #ifdef HAVE_LOOP
+ void loop_send_probes();
+ int detect_loop(char *query, int type);
+ #endif
+-
diff --git a/src/isc.c b/src/isc.c
new file mode 100644
index 0000000..5106442
+
+#endif
diff --git a/src/option.c b/src/option.c
-index daa728f..d16c982 100644
+index 45d8875..29c9ee5 100644
--- a/src/option.c
+++ b/src/option.c
-@@ -1642,7 +1642,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+@@ -1669,7 +1669,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
ret_err(_("bad MX target"));
break;
--- /dev/null
+diff -Nrup a/malloc/malloc.c b/malloc/malloc.c
+--- a/malloc/malloc.c 2013-09-23 17:08:33.698331221 -0400
++++ b/malloc/malloc.c 2013-09-23 21:04:25.901270645 -0400
+@@ -3879,6 +3879,13 @@ public_mEMALIGn(size_t alignment, size_t
+ /* Otherwise, ensure that it is at least a minimum chunk size */
+ if (alignment < MINSIZE) alignment = MINSIZE;
+
++ /* Check for overflow. */
++ if (bytes > SIZE_MAX - alignment - MINSIZE)
++ {
++ __set_errno (ENOMEM);
++ return 0;
++ }
++
+ arena_get(ar_ptr, bytes + alignment + MINSIZE);
+ if(!ar_ptr)
+ return 0;
+@@ -3924,6 +3931,13 @@ public_vALLOc(size_t bytes)
+
+ size_t pagesz = mp_.pagesize;
+
++ /* Check for overflow. */
++ if (bytes > SIZE_MAX - pagesz - MINSIZE)
++ {
++ __set_errno (ENOMEM);
++ return 0;
++ }
++
+ __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
+ __const __malloc_ptr_t)) =
+ force_reg (__memalign_hook);
+@@ -3975,6 +3989,13 @@ public_pVALLOc(size_t bytes)
+ size_t page_mask = mp_.pagesize - 1;
+ size_t rounded_bytes = (bytes + page_mask) & ~(page_mask);
+
++ /* Check for overflow. */
++ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE)
++ {
++ __set_errno (ENOMEM);
++ return 0;
++ }
++
+ __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
+ __const __malloc_ptr_t)) =
+ force_reg (__memalign_hook);
--- /dev/null
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 81e928a..05883bd 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -832,8 +832,13 @@ gaih_inet (const char *name, const struct gaih_service *service,
+ while (!no_more)
+ {
+ no_data = 0;
+- nss_gethostbyname4_r fct4
+- = __nss_lookup_function (nip, "gethostbyname4_r");
++ nss_gethostbyname4_r fct4 = NULL;
++
++ /* gethostbyname4_r sends out parallel A and AAAA queries and
++ is thus only suitable for PF_UNSPEC. */
++ if (req->ai_family == PF_UNSPEC)
++ fct4 = __nss_lookup_function (nip, "gethostbyname4_r");
++
+ if (fct4 != NULL)
+ {
+ int herrno;
--- /dev/null
+commit 362b47fe09ca9a928d444c7e2f7992f7f61bfc3e
+Author: Maxim Kuvyrkov <maxim@kugelworks.com>
+Date: Tue Dec 24 09:44:50 2013 +1300
+
+ Fix race in free() of fastbin chunk: BZ #15073
+
+ Perform sanity check only if we have_lock. Due to lockless nature of fastbins
+ we need to be careful derefencing pointers to fastbin entries (chunksize(old)
+ in this case) in multithreaded environments.
+
+ The fix is to add have_lock to the if-condition checks. The rest of the patch
+ only makes code more readable.
+
+ * malloc/malloc.c (_int_free): Perform sanity check only if we
+ have_lock.
+
+diff --git a/malloc/malloc.c b/malloc/malloc.c
+index b1668b5..5e419ad 100644
+--- a/malloc/malloc.c
++++ b/malloc/malloc.c
+@@ -3783,25 +3783,29 @@ _int_free(mstate av, mchunkptr p, int have_lock)
+ fb = &fastbin (av, idx);
+
+ #ifdef ATOMIC_FASTBINS
+- mchunkptr fd;
+- mchunkptr old = *fb;
++ /* Atomically link P to its fastbin: P->FD = *FB; *FB = P; */
++ mchunkptr old = *fb, old2;
+ unsigned int old_idx = ~0u;
+ do
+ {
+- /* Another simple check: make sure the top of the bin is not the
+- record we are going to add (i.e., double free). */
++ /* Check that the top of the bin is not the record we are going to add
++ (i.e., double free). */
+ if (__builtin_expect (old == p, 0))
+ {
+ errstr = "double free or corruption (fasttop)";
+ goto errout;
+ }
+- if (old != NULL)
++ /* Check that size of fastbin chunk at the top is the same as
++ size of the chunk that we are adding. We can dereference OLD
++ only if we have the lock, otherwise it might have already been
++ deallocated. See use of OLD_IDX below for the actual check. */
++ if (have_lock && old != NULL)
+ old_idx = fastbin_index(chunksize(old));
+- p->fd = fd = old;
++ p->fd = old2 = old;
+ }
+- while ((old = catomic_compare_and_exchange_val_rel (fb, p, fd)) != fd);
++ while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2)) != old2);
+
+- if (fd != NULL && __builtin_expect (old_idx != idx, 0))
++ if (have_lock && old != NULL && __builtin_expect (old_idx != idx, 0))
+ {
+ errstr = "invalid fastbin entry (free)";
+ goto errout;
--- /dev/null
+commit cf26a0cb6a0bbaca46a01ddad6662e5e5159a32a
+Author: Siddhesh Poyarekar <siddhesh@redhat.com>
+Date: Thu May 15 12:33:11 2014 +0530
+
+ Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (BZ #16849)
+
+ getaddrinfo correctly returns EAI_AGAIN for AF_INET and AF_INET6
+ queries. For AF_UNSPEC however, an older change
+ (a682a1bf553b1efe4dbb03207fece5b719cec482) broke the check and due to
+ that the returned error was EAI_NONAME.
+
+ This patch fixes the check so that a non-authoritative not-found is
+ returned as EAI_AGAIN to the user instead of EAI_NONAME.
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 6258330..8f392b9 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -867,8 +867,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
+ if (status != NSS_STATUS_TRYAGAIN
+ || rc != ERANGE || herrno != NETDB_INTERNAL)
+ {
+- if (status == NSS_STATUS_TRYAGAIN
+- && herrno == TRY_AGAIN)
++ if (herrno == TRY_AGAIN)
+ no_data = EAI_AGAIN;
+ else
+ no_data = herrno == NO_DATA;
--- /dev/null
+2014-08-21 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #17187]
+ * iconv/gconv_trans.c (struct known_trans, search_tree, lock,
+ trans_compare, open_translit, __gconv_translit_find):
+ Remove module loading code.
+
+diff --git a/iconv/gconv_trans.c b/iconv/gconv_trans.c
+index 1e25854..d71c029 100644
+--- a/iconv/gconv_trans.c
++++ b/iconv/gconv_trans.c
+@@ -238,181 +238,11 @@ __gconv_transliterate (struct __gconv_step *step,
+ return __GCONV_ILLEGAL_INPUT;
+ }
+
+-
+-/* Structure to represent results of found (or not) transliteration
+- modules. */
+-struct known_trans
+-{
+- /* This structure must remain the first member. */
+- struct trans_struct info;
+-
+- char *fname;
+- void *handle;
+- int open_count;
+-};
+-
+-
+-/* Tree with results of previous calls to __gconv_translit_find. */
+-static void *search_tree;
+-
+-/* We modify global data. */
+-__libc_lock_define_initialized (static, lock);
+-
+-
+-/* Compare two transliteration entries. */
+-static int
+-trans_compare (const void *p1, const void *p2)
+-{
+- const struct known_trans *s1 = (const struct known_trans *) p1;
+- const struct known_trans *s2 = (const struct known_trans *) p2;
+-
+- return strcmp (s1->info.name, s2->info.name);
+-}
+-
+-
+-/* Open (maybe reopen) the module named in the struct. Get the function
+- and data structure pointers we need. */
+-static int
+-open_translit (struct known_trans *trans)
+-{
+- __gconv_trans_query_fct queryfct;
+-
+- trans->handle = __libc_dlopen (trans->fname);
+- if (trans->handle == NULL)
+- /* Not available. */
+- return 1;
+-
+- /* Find the required symbol. */
+- queryfct = __libc_dlsym (trans->handle, "gconv_trans_context");
+- if (queryfct == NULL)
+- {
+- /* We cannot live with that. */
+- close_and_out:
+- __libc_dlclose (trans->handle);
+- trans->handle = NULL;
+- return 1;
+- }
+-
+- /* Get the context. */
+- if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames)
+- != 0)
+- goto close_and_out;
+-
+- /* Of course we also have to have the actual function. */
+- trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans");
+- if (trans->info.trans_fct == NULL)
+- goto close_and_out;
+-
+- /* Now the optional functions. */
+- trans->info.trans_init_fct =
+- __libc_dlsym (trans->handle, "gconv_trans_init");
+- trans->info.trans_context_fct =
+- __libc_dlsym (trans->handle, "gconv_trans_context");
+- trans->info.trans_end_fct =
+- __libc_dlsym (trans->handle, "gconv_trans_end");
+-
+- trans->open_count = 1;
+-
+- return 0;
+-}
+-
+-
+ int
+ internal_function
+ __gconv_translit_find (struct trans_struct *trans)
+ {
+- struct known_trans **found;
+- const struct path_elem *runp;
+- int res = 1;
+-
+- /* We have to have a name. */
+- assert (trans->name != NULL);
+-
+- /* Acquire the lock. */
+- __libc_lock_lock (lock);
+-
+- /* See whether we know this module already. */
+- found = __tfind (trans, &search_tree, trans_compare);
+- if (found != NULL)
+- {
+- /* Is this module available? */
+- if ((*found)->handle != NULL)
+- {
+- /* Maybe we have to reopen the file. */
+- if ((*found)->handle != (void *) -1)
+- /* The object is not unloaded. */
+- res = 0;
+- else if (open_translit (*found) == 0)
+- {
+- /* Copy the data. */
+- *trans = (*found)->info;
+- (*found)->open_count++;
+- res = 0;
+- }
+- }
+- }
+- else
+- {
+- size_t name_len = strlen (trans->name) + 1;
+- int need_so = 0;
+- struct known_trans *newp;
+-
+- /* We have to continue looking for the module. */
+- if (__gconv_path_elem == NULL)
+- __gconv_get_path ();
+-
+- /* See whether we have to append .so. */
+- if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0)
+- need_so = 1;
+-
+- /* Create a new entry. */
+- newp = (struct known_trans *) malloc (sizeof (struct known_trans)
+- + (__gconv_max_path_elem_len
+- + name_len + 3)
+- + name_len);
+- if (newp != NULL)
+- {
+- char *cp;
+-
+- /* Clear the struct. */
+- memset (newp, '\0', sizeof (struct known_trans));
+-
+- /* Store a copy of the module name. */
+- newp->info.name = cp = (char *) (newp + 1);
+- cp = __mempcpy (cp, trans->name, name_len);
+-
+- newp->fname = cp;
+-
+- /* Search in all the directories. */
+- for (runp = __gconv_path_elem; runp->name != NULL; ++runp)
+- {
+- cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name),
+- trans->name, name_len);
+- if (need_so)
+- memcpy (cp, ".so", sizeof (".so"));
+-
+- if (open_translit (newp) == 0)
+- {
+- /* We found a module. */
+- res = 0;
+- break;
+- }
+- }
+-
+- if (res)
+- newp->fname = NULL;
+-
+- /* In any case we'll add the entry to our search tree. */
+- if (__tsearch (newp, &search_tree, trans_compare) == NULL)
+- {
+- /* Yickes, this should not happen. Unload the object. */
+- res = 1;
+- /* XXX unload here. */
+- }
+- }
+- }
+-
+- __libc_lock_unlock (lock);
+-
+- return res;
++ /* This function always fails. Transliteration module loading is
++ not implemented. */
++ return 1;
+ }
+--
+1.9.3
+
--- /dev/null
+commit 585367266923156ac6fb789939a923641ba5aaf4
+Author: Florian Weimer <fweimer@redhat.com>
+Date: Wed May 28 14:05:03 2014 +0200
+
+ manual: Update the locale documentation
+
+commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3
+Author: Florian Weimer <fweimer@redhat.com>
+Date: Mon May 12 15:24:12 2014 +0200
+
+ _nl_find_locale: Improve handling of crafted locale names [BZ #17137]
+
+ Prevent directory traversal in locale-related environment variables
+ (CVE-2014-0475).
+
+commit d183645616b0533b3acee28f1a95570bffbdf50f
+Author: Florian Weimer <fweimer@redhat.com>
+Date: Wed May 28 14:41:52 2014 +0200
+
+ setlocale: Use the heap for the copy of the locale argument
+
+ This avoids alloca calls with potentially large arguments.
+
+diff -pruN glibc-2.18/locale/findlocale.c glibc-2.18.patched/locale/findlocale.c
+--- glibc-2.18/locale/findlocale.c 2013-08-11 04:22:55.000000000 +0530
++++ glibc-2.18.patched/locale/findlocale.c 2014-08-26 16:14:50.403253778 +0530
+@@ -17,6 +17,7 @@
+ 02111-1307 USA. */
+
+ #include <assert.h>
++#include <errno.h>
+ #include <locale.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -57,6 +58,45 @@ struct loaded_l10nfile *_nl_locale_file_
+
+ const char _nl_default_locale_path[] attribute_hidden = LOCALEDIR;
+
++/* Checks if the name is actually present, that is, not NULL and not
++ empty. */
++static inline int
++name_present (const char *name)
++{
++ return name != NULL && name[0] != '\0';
++}
++
++/* Checks that the locale name neither extremely long, nor contains a
++ ".." path component (to prevent directory traversal). */
++static inline int
++valid_locale_name (const char *name)
++{
++ /* Not set. */
++ size_t namelen = strlen (name);
++ /* Name too long. The limit is arbitrary and prevents stack overflow
++ issues later. */
++ if (__builtin_expect (namelen > 255, 0))
++ return 0;
++ /* Directory traversal attempt. */
++ static const char slashdot[4] = {'/', '.', '.', '/'};
++ if (__builtin_expect (memmem (name, namelen,
++ slashdot, sizeof (slashdot)) != NULL, 0))
++ return 0;
++ if (namelen == 2 && __builtin_expect (name[0] == '.' && name [1] == '.', 0))
++ return 0;
++ if (namelen >= 3
++ && __builtin_expect (((name[0] == '.'
++ && name[1] == '.'
++ && name[2] == '/')
++ || (name[namelen - 3] == '/'
++ && name[namelen - 2] == '.'
++ && name[namelen - 1] == '.')), 0))
++ return 0;
++ /* If there is a slash in the name, it must start with one. */
++ if (__builtin_expect (memchr (name, '/', namelen) != NULL, 0) && name[0] != '/')
++ return 0;
++ return 1;
++}
+
+ struct __locale_data *
+ internal_function
+@@ -65,7 +105,7 @@ _nl_find_locale (const char *locale_path
+ {
+ int mask;
+ /* Name of the locale for this category. */
+- char *loc_name;
++ char *loc_name = (char *) *name;
+ const char *language;
+ const char *modifier;
+ const char *territory;
+@@ -73,31 +113,39 @@ _nl_find_locale (const char *locale_path
+ const char *normalized_codeset;
+ struct loaded_l10nfile *locale_file;
+
+- if ((*name)[0] == '\0')
++ if (loc_name[0] == '\0')
+ {
+ /* The user decides which locale to use by setting environment
+ variables. */
+- *name = getenv ("LC_ALL");
+- if (*name == NULL || (*name)[0] == '\0')
+- *name = getenv (_nl_category_names.str
++ loc_name = getenv ("LC_ALL");
++ if (!name_present (loc_name))
++ loc_name = getenv (_nl_category_names.str
+ + _nl_category_name_idxs[category]);
+- if (*name == NULL || (*name)[0] == '\0')
+- *name = getenv ("LANG");
++ if (!name_present (loc_name))
++ loc_name = getenv ("LANG");
++ if (!name_present (loc_name))
++ loc_name = (char *) _nl_C_name;
+ }
+
+- if (*name == NULL || (*name)[0] == '\0'
+- || (__builtin_expect (__libc_enable_secure, 0)
+- && strchr (*name, '/') != NULL))
+- *name = (char *) _nl_C_name;
++ /* We used to fall back to the C locale if the name contains a slash
++ character '/', but we now check for directory traversal in
++ valid_locale_name, so this is no longer necessary. */
+
+- if (__builtin_expect (strcmp (*name, _nl_C_name), 1) == 0
+- || __builtin_expect (strcmp (*name, _nl_POSIX_name), 1) == 0)
++ if (__builtin_expect (strcmp (loc_name, _nl_C_name), 1) == 0
++ || __builtin_expect (strcmp (loc_name, _nl_POSIX_name), 1) == 0)
+ {
+ /* We need not load anything. The needed data is contained in
+ the library itself. */
+ *name = (char *) _nl_C_name;
+ return _nl_C[category];
+ }
++ else if (!valid_locale_name (loc_name))
++ {
++ __set_errno (EINVAL);
++ return NULL;
++ }
++
++ *name = loc_name;
+
+ /* We really have to load some data. First we try the archive,
+ but only if there was no LOCPATH environment variable specified. */
+diff -pruN glibc-2.18/locale/setlocale.c glibc-2.18.patched/locale/setlocale.c
+--- glibc-2.18/locale/setlocale.c 2013-08-11 04:22:55.000000000 +0530
++++ glibc-2.18.patched/locale/setlocale.c 2014-08-26 16:14:50.401253764 +0530
+@@ -272,6 +272,8 @@ setlocale (int category, const char *loc
+ of entries of the form `CATEGORY=VALUE'. */
+ const char *newnames[__LC_LAST];
+ struct __locale_data *newdata[__LC_LAST];
++ /* Copy of the locale argument, for in-place splitting. */
++ char *locale_copy = NULL;
+
+ /* Set all name pointers to the argument name. */
+ for (category = 0; category < __LC_LAST; ++category)
+@@ -281,7 +283,13 @@ setlocale (int category, const char *loc
+ if (__builtin_expect (strchr (locale, ';') != NULL, 0))
+ {
+ /* This is a composite name. Make a copy and split it up. */
+- char *np = strdupa (locale);
++ locale_copy = strdup (locale);
++ if (__builtin_expect (locale_copy == NULL, 0))
++ {
++ __libc_rwlock_unlock (__libc_setlocale_lock);
++ return NULL;
++ }
++ char *np = locale_copy;
+ char *cp;
+ int cnt;
+
+@@ -299,6 +307,7 @@ setlocale (int category, const char *loc
+ {
+ error_return:
+ __libc_rwlock_unlock (__libc_setlocale_lock);
++ free (locale_copy);
+
+ /* Bogus category name. */
+ ERROR_RETURN;
+@@ -391,8 +400,9 @@ setlocale (int category, const char *loc
+ /* Critical section left. */
+ __libc_rwlock_unlock (__libc_setlocale_lock);
+
+- /* Free the resources (the locale path variable). */
++ /* Free the resources. */
+ free (locale_path);
++ free (locale_copy);
+
+ return composite;
+ }
+diff -pruN glibc-2.18/localedata/Makefile glibc-2.18.patched/localedata/Makefile
+--- glibc-2.18/localedata/Makefile 2014-08-26 16:15:22.656474571 +0530
++++ glibc-2.18.patched/localedata/Makefile 2014-08-26 16:14:50.403253778 +0530
+@@ -77,7 +77,7 @@ locale_test_suite := tst_iswalnum tst_is
+
+ tests = $(locale_test_suite) tst-digits tst-setlocale bug-iconv-trans \
+ tst-leaks tst-mbswcs6 tst-xlocale1 tst-xlocale2 bug-usesetlocale \
+- tst-strfmon1 tst-sscanf tst-strptime
++ tst-strfmon1 tst-sscanf tst-strptime tst-setlocale3
+ ifeq (yes,$(build-shared))
+ ifneq (no,$(PERL))
+ tests: $(objpfx)mtrace-tst-leaks
+@@ -288,6 +288,7 @@ tst-strfmon1-ENV = $(TEST_MBWC_ENV)
+ tst-strptime-ENV = $(TEST_MBWC_ENV)
+
+ tst-setlocale-ENV = LOCPATH=$(common-objpfx)localedata LC_ALL=ja_JP.EUC-JP
++tst-setlocale3-ENV = LOCPATH=$(common-objpfx)localedata
+
+ bug-iconv-trans-ENV = LOCPATH=$(common-objpfx)localedata
+
+diff -pruN glibc-2.18/localedata/tst-setlocale3.c glibc-2.18.patched/localedata/tst-setlocale3.c
+--- glibc-2.18/localedata/tst-setlocale3.c 1970-01-01 05:30:00.000000000 +0530
++++ glibc-2.18.patched/localedata/tst-setlocale3.c 2014-08-26 16:14:50.403253778 +0530
+@@ -0,0 +1,203 @@
++/* Regression test for setlocale invalid environment variable handling.
++ Copyright (C) 2014 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <locale.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++
++/* The result of setlocale may be overwritten by subsequent calls, so
++ this wrapper makes a copy. */
++static char *
++setlocale_copy (int category, const char *locale)
++{
++ const char *result = setlocale (category, locale);
++ if (result == NULL)
++ return NULL;
++ return strdup (result);
++}
++
++static char *de_locale;
++
++static void
++setlocale_fail (const char *envstring)
++{
++ setenv ("LC_CTYPE", envstring, 1);
++ if (setlocale (LC_CTYPE, "") != NULL)
++ {
++ printf ("unexpected setlocale success for \"%s\" locale\n", envstring);
++ exit (1);
++ }
++ const char *newloc = setlocale (LC_CTYPE, NULL);
++ if (strcmp (newloc, de_locale) != 0)
++ {
++ printf ("failed setlocale call \"%s\" changed locale to \"%s\"\n",
++ envstring, newloc);
++ exit (1);
++ }
++}
++
++static void
++setlocale_success (const char *envstring)
++{
++ setenv ("LC_CTYPE", envstring, 1);
++ char *newloc = setlocale_copy (LC_CTYPE, "");
++ if (newloc == NULL)
++ {
++ printf ("setlocale for \"%s\": %m\n", envstring);
++ exit (1);
++ }
++ if (strcmp (newloc, de_locale) == 0)
++ {
++ printf ("setlocale with LC_CTYPE=\"%s\" left locale at \"%s\"\n",
++ envstring, de_locale);
++ exit (1);
++ }
++ if (setlocale (LC_CTYPE, de_locale) == NULL)
++ {
++ printf ("restoring locale \"%s\" with LC_CTYPE=\"%s\": %m\n",
++ de_locale, envstring);
++ exit (1);
++ }
++ char *newloc2 = setlocale_copy (LC_CTYPE, newloc);
++ if (newloc2 == NULL)
++ {
++ printf ("restoring locale \"%s\" following \"%s\": %m\n",
++ newloc, envstring);
++ exit (1);
++ }
++ if (strcmp (newloc, newloc2) != 0)
++ {
++ printf ("representation of locale \"%s\" changed from \"%s\" to \"%s\"",
++ envstring, newloc, newloc2);
++ exit (1);
++ }
++ free (newloc);
++ free (newloc2);
++
++ if (setlocale (LC_CTYPE, de_locale) == NULL)
++ {
++ printf ("restoring locale \"%s\" with LC_CTYPE=\"%s\": %m\n",
++ de_locale, envstring);
++ exit (1);
++ }
++}
++
++/* Checks that a known-good locale still works if LC_ALL contains a
++ value which should be ignored. */
++static void
++setlocale_ignore (const char *to_ignore)
++{
++ const char *fr_locale = "fr_FR.UTF-8";
++ setenv ("LC_CTYPE", fr_locale, 1);
++ char *expected_locale = setlocale_copy (LC_CTYPE, "");
++ if (expected_locale == NULL)
++ {
++ printf ("setlocale with LC_CTYPE=\"%s\" failed: %m\n", fr_locale);
++ exit (1);
++ }
++ if (setlocale (LC_CTYPE, de_locale) == NULL)
++ {
++ printf ("failed to restore locale: %m\n");
++ exit (1);
++ }
++ unsetenv ("LC_CTYPE");
++
++ setenv ("LC_ALL", to_ignore, 1);
++ setenv ("LC_CTYPE", fr_locale, 1);
++ const char *actual_locale = setlocale (LC_CTYPE, "");
++ if (actual_locale == NULL)
++ {
++ printf ("setlocale with LC_ALL, LC_CTYPE=\"%s\" failed: %m\n",
++ fr_locale);
++ exit (1);
++ }
++ if (strcmp (actual_locale, expected_locale) != 0)
++ {
++ printf ("setlocale under LC_ALL failed: got \"%s\", expected \"%s\"\n",
++ actual_locale, expected_locale);
++ exit (1);
++ }
++ unsetenv ("LC_CTYPE");
++ setlocale_success (fr_locale);
++ unsetenv ("LC_ALL");
++ free (expected_locale);
++}
++
++static int
++do_test (void)
++{
++ /* The glibc test harness sets this environment variable
++ uncondionally. */
++ unsetenv ("LC_ALL");
++
++ de_locale = setlocale_copy (LC_CTYPE, "de_DE.UTF-8");
++ if (de_locale == NULL)
++ {
++ printf ("setlocale (LC_CTYPE, \"de_DE.UTF-8\"): %m\n");
++ return 1;
++ }
++ setlocale_success ("C");
++ setlocale_success ("en_US.UTF-8");
++ setlocale_success ("/en_US.UTF-8");
++ setlocale_success ("//en_US.UTF-8");
++ setlocale_ignore ("");
++
++ setlocale_fail ("does-not-exist");
++ setlocale_fail ("/");
++ setlocale_fail ("/../localedata/en_US.UTF-8");
++ setlocale_fail ("en_US.UTF-8/");
++ setlocale_fail ("en_US.UTF-8/..");
++ setlocale_fail ("en_US.UTF-8/../en_US.UTF-8");
++ setlocale_fail ("../localedata/en_US.UTF-8");
++ {
++ size_t large_length = 1024;
++ char *large_name = malloc (large_length + 1);
++ if (large_name == NULL)
++ {
++ puts ("malloc failure");
++ return 1;
++ }
++ memset (large_name, '/', large_length);
++ const char *suffix = "en_US.UTF-8";
++ strcpy (large_name + large_length - strlen (suffix), suffix);
++ setlocale_fail (large_name);
++ free (large_name);
++ }
++ {
++ size_t huge_length = 64 * 1024 * 1024;
++ char *huge_name = malloc (huge_length + 1);
++ if (huge_name == NULL)
++ {
++ puts ("malloc failure");
++ return 1;
++ }
++ memset (huge_name, 'X', huge_length);
++ huge_name[huge_length] = '\0';
++ /* Construct a composite locale specification. */
++ const char *prefix = "LC_CTYPE=de_DE.UTF-8;LC_TIME=";
++ memcpy (huge_name, prefix, strlen (prefix));
++ setlocale_fail (huge_name);
++ free (huge_name);
++ }
++
++ return 0;
++}
++
++#define TEST_FUNCTION do_test ()
++#include "../test-skeleton.c"
+diff -pruN glibc-2.18/manual/locale.texi glibc-2.18.patched/manual/locale.texi
+--- glibc-2.18/manual/locale.texi 2013-08-11 04:22:55.000000000 +0530
++++ glibc-2.18.patched/manual/locale.texi 2014-08-26 16:14:50.404253785 +0530
+@@ -29,6 +29,7 @@ will follow the conventions preferred by
+ * Setting the Locale:: How a program specifies the locale
+ with library functions.
+ * Standard Locales:: Locale names available on all systems.
++* Locale Names:: Format of system-specific locale names.
+ * Locale Information:: How to access the information for the locale.
+ * Formatting Numbers:: A dedicated function to format numbers.
+ * Yes-or-No Questions:: Check a Response against the locale.
+@@ -99,14 +100,16 @@ locale named @samp{espana-castellano} to
+ most of Spain.
+
+ The set of locales supported depends on the operating system you are
+-using, and so do their names. We can't make any promises about what
+-locales will exist, except for one standard locale called @samp{C} or
+-@samp{POSIX}. Later we will describe how to construct locales.
+-@comment (@pxref{Building Locale Files}).
++using, and so do their names, except that the standard locale called
++@samp{C} or @samp{POSIX} always exist. @xref{Locale Names}.
++
++In order to force the system to always use the default locale, the
++user can set the @code{LC_ALL} environment variable to @samp{C}.
+
+ @cindex combining locales
+-A user also has the option of specifying different locales for different
+-purposes---in effect, choosing a mixture of multiple locales.
++A user also has the option of specifying different locales for
++different purposes---in effect, choosing a mixture of multiple
++locales. @xref{Locale Categories}.
+
+ For example, the user might specify the locale @samp{espana-castellano}
+ for most purposes, but specify the locale @samp{usa-english} for
+@@ -120,7 +123,7 @@ which locales apply. However, the user
+ for a particular subset of those purposes.
+
+ @node Locale Categories, Setting the Locale, Choosing Locale, Locales
+-@section Categories of Activities that Locales Affect
++@section Locale Categories
+ @cindex categories for locales
+ @cindex locale categories
+
+@@ -128,7 +131,11 @@ The purposes that locales serve are grou
+ that a user or a program can choose the locale for each category
+ independently. Here is a table of categories; each name is both an
+ environment variable that a user can set, and a macro name that you can
+-use as an argument to @code{setlocale}.
++use as the first argument to @code{setlocale}.
++
++The contents of the environment variable (or the string in the second
++argument to @code{setlocale}) has to be a valid locale name.
++@xref{Locale Names}.
+
+ @vtable @code
+ @comment locale.h
+@@ -172,7 +179,7 @@ for affirmative and negative responses.
+ @comment locale.h
+ @comment ISO
+ @item LC_ALL
+-This is not an environment variable; it is only a macro that you can use
++This is not a category; it is only a macro that you can use
+ with @code{setlocale} to set a single locale for all purposes. Setting
+ this environment variable overwrites all selections by the other
+ @code{LC_*} variables or @code{LANG}.
+@@ -225,13 +232,7 @@ The symbols in this section are defined
+ @comment ISO
+ @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+ The function @code{setlocale} sets the current locale for category
+-@var{category} to @var{locale}. A list of all the locales the system
+-provides can be created by running
+-
+-@pindex locale
+-@smallexample
+- locale -a
+-@end smallexample
++@var{category} to @var{locale}.
+
+ If @var{category} is @code{LC_ALL}, this specifies the locale for all
+ purposes. The other possible values of @var{category} specify an
+@@ -256,10 +257,9 @@ is passed in as @var{locale} parameter.
+
+ When you read the current locale for category @code{LC_ALL}, the value
+ encodes the entire combination of selected locales for all categories.
+-In this case, the value is not just a single locale name. In fact, we
+-don't make any promises about what it looks like. But if you specify
+-the same ``locale name'' with @code{LC_ALL} in a subsequent call to
+-@code{setlocale}, it restores the same combination of locale selections.
++If you specify the same ``locale name'' with @code{LC_ALL} in a
++subsequent call to @code{setlocale}, it restores the same combination
++of locale selections.
+
+ To be sure you can use the returned string encoding the currently selected
+ locale at a later time, you must make a copy of the string. It is not
+@@ -275,6 +275,11 @@ for @var{category}.
+ If a nonempty string is given for @var{locale}, then the locale of that
+ name is used if possible.
+
++The effective locale name (either the second argument to
++@code{setlocale}, or if the argument is an empty string, the name
++obtained from the process environment) must be valid locale name.
++@xref{Locale Names}.
++
+ If you specify an invalid locale name, @code{setlocale} returns a null
+ pointer and leaves the current locale unchanged.
+ @end deftypefun
+@@ -328,7 +323,7 @@ locale categories, and future versions o
+ portability, assume that any symbol beginning with @samp{LC_} might be
+ defined in @file{locale.h}.
+
+-@node Standard Locales, Locale Information, Setting the Locale, Locales
++@node Standard Locales, Locale Names, Setting the Locale, Locales
+ @section Standard Locales
+
+ The only locale names you can count on finding on all operating systems
+@@ -362,7 +357,94 @@ with the environment, rather than trying
+ locale explicitly by name. Remember, different machines might have
+ different sets of locales installed.
+
+-@node Locale Information, Formatting Numbers, Standard Locales, Locales
++@node Locale Names, Locale Information, Standard Locales, Locales
++@section Locale Names
++
++The following command prints a list of locales supported by the
++system:
++
++@pindex locale
++@smallexample
++ locale -a
++@end smallexample
++
++@strong{Portability Note:} With the notable exception of the standard
++locale names @samp{C} and @samp{POSIX}, locale names are
++system-specific.
++
++Most locale names follow XPG syntax and consist of up to four parts:
++
++@smallexample
++@var{language}[_@var{territory}[.@var{codeset}]][@@@var{modifier}]
++@end smallexample
++
++Beside the first part, all of them are allowed to be missing. If the
++full specified locale is not found, less specific ones are looked for.
++The various parts will be stripped off, in the following order:
++
++@enumerate
++@item
++codeset
++@item
++normalized codeset
++@item
++territory
++@item
++modifier
++@end enumerate
++
++For example, the locale name @samp{de_AT.iso885915@@euro} denotes a
++German-language locale for use in Austria, using the ISO-8859-15
++(Latin-9) character set, and with the Euro as the currency symbol.
++
++In addition to locale names which follow XPG syntax, systems may
++provide aliases such as @samp{german}. Both categories of names must
++not contain the slash character @samp{/}.
++
++If the locale name starts with a slash @samp{/}, it is treated as a
++path relative to the configured locale directories; see @code{LOCPATH}
++below. The specified path must not contain a component @samp{..}, or
++the name is invalid, and @code{setlocale} will fail.
++
++@strong{Portability Note:} POSIX suggests that if a locale name starts
++with a slash @samp{/}, it is resolved as an absolute path. However,
++the GNU C Library treats it as a relative path under the directories listed
++in @code{LOCPATH} (or the default locale directory if @code{LOCPATH}
++is unset).
++
++Locale names which are longer than an implementation-defined limit are
++invalid and cause @code{setlocale} to fail.
++
++As a special case, locale names used with @code{LC_ALL} can combine
++several locales, reflecting different locale settings for different
++categories. For example, you might want to use a U.S. locale with ISO
++A4 paper format, so you set @code{LANG} to @samp{en_US.UTF-8}, and
++@code{LC_PAPER} to @samp{de_DE.UTF-8}. In this case, the
++@code{LC_ALL}-style combined locale name is
++
++@smallexample
++LC_CTYPE=en_US.UTF-8;LC_TIME=en_US.UTF-8;LC_PAPER=de_DE.UTF-8;@dots{}
++@end smallexample
++
++followed by other category settings not shown here.
++
++@vindex LOCPATH
++The path used for finding locale data can be set using the
++@code{LOCPATH} environment variable. This variable lists the
++directories in which to search for locale definitions, separated by a
++colon @samp{:}.
++
++The default path for finding locale data is system specific. A typical
++value for the @code{LOCPATH} default is:
++
++@smallexample
++/usr/share/locale
++@end smallexample
++
++The value of @code{LOCPATH} is ignored by privileged programs for
++security reasons, and only the default directory is used.
++
++@node Locale Information, Formatting Numbers, Locale Names, Locales
+ @section Accessing Locale Information
+
+ There are several ways to access locale information. The simplest
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-001
-
-Bug-Reported-by: ebb9@byu.net
-Bug-Reference-ID: <45540862.9030900@byu.net>
-Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2006-11/msg00017.html
- http://lists.gnu.org/archive/html/bug-bash/2006-11/msg00016.html
-
-Bug-Description:
-
-In some cases, code that is intended to be used in the presence of multibyte
-characters is called when no such characters are present, leading to incorrect
-display position calculations and incorrect redisplay.
-
-Patch:
-
-*** ../readline-5.2/display.c Thu Sep 14 14:20:12 2006
---- display.c Mon Nov 13 17:55:57 2006
-***************
-*** 2381,2384 ****
---- 2409,2414 ----
- if (end <= start)
- return 0;
-+ if (MB_CUR_MAX == 1 || rl_byte_oriented)
-+ return (end - start);
-
- memset (&ps, 0, sizeof (mbstate_t));
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-002
-
-Bug-Reported-by: Magnus Svensson <msvensson@mysql.com>
-Bug-Reference-ID: <45BDC44D.80609@mysql.com>
-Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2007-01/msg00002.html
-
-Bug-Description:
-
-Readline neglects to reallocate the array it uses to keep track of wrapped
-screen lines when increasing its size. This will eventually result in
-segmentation faults when given sufficiently long input.
-
-Patch:
-
-*** ../readline-5.2-patched/display.c Thu Sep 14 14:20:12 2006
---- display.c Fri Feb 2 20:23:17 2007
-***************
-*** 561,574 ****
---- 561,586 ----
- wrap_offset = prompt_invis_chars_first_line = 0;
- }
-
-+ #if defined (HANDLE_MULTIBYTE)
- #define CHECK_INV_LBREAKS() \
- do { \
- if (newlines >= (inv_lbsize - 2)) \
- { \
- inv_lbsize *= 2; \
- inv_lbreaks = (int *)xrealloc (inv_lbreaks, inv_lbsize * sizeof (int)); \
-+ _rl_wrapped_line = (int *)xrealloc (_rl_wrapped_line, inv_lbsize * sizeof (int)); \
- } \
- } while (0)
-+ #else
-+ #define CHECK_INV_LBREAKS() \
-+ do { \
-+ if (newlines >= (inv_lbsize - 2)) \
-+ { \
-+ inv_lbsize *= 2; \
-+ inv_lbreaks = (int *)xrealloc (inv_lbreaks, inv_lbsize * sizeof (int)); \
-+ } \
-+ } while (0)
-+ #endif /* HANDLE_MULTIBYTE */
-
- #if defined (HANDLE_MULTIBYTE)
- #define CHECK_LPOS() \
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-003
-
-Bug-Reported-by: Peter Volkov <torre_cremata@mail.ru>
-Bug-Reference-ID: <1171795523.8021.18.camel@localhost>
-Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-02/msg00054.html
-
-Bug-Description:
-
-When moving the cursor, bash sometimes misplaces the cursor when the prompt
-contains two or more multibyte characters. The particular circumstance that
-uncovered the problem was having the (multibyte) current directory name in
-the prompt string.
-
-Patch:
-
-*** ../readline-5.2.2/display.c Fri Jan 19 13:34:50 2007
---- display.c Sat Mar 10 17:25:44 2007
-***************
-*** 1745,1749 ****
- {
- dpos = _rl_col_width (data, 0, new);
-! if (dpos > prompt_last_invisible) /* XXX - don't use woff here */
- {
- dpos -= woff;
---- 1745,1752 ----
- {
- dpos = _rl_col_width (data, 0, new);
-! /* Use NEW when comparing against the last invisible character in the
-! prompt string, since they're both buffer indices and DPOS is a
-! desired display position. */
-! if (new > prompt_last_invisible) /* XXX - don't use woff here */
- {
- dpos -= woff;
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-004
-
-Bug-Reported-by: Peter Volkov <torre_cremata@mail.ru>
-Bug-Reference-ID: <1173636022.7039.36.camel@localhost>
-Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-03/msg00039.html
-
-Bug-Description:
-
-When restoring the original prompt after finishing an incremental search,
-bash sometimes places the cursor incorrectly if the primary prompt contains
-invisible characters.
-
-Patch:
-
-*** ../readline-5.2.3/display.c Fri Apr 20 13:30:16 2007
---- display.c Fri Apr 20 15:17:01 2007
-***************
-*** 1599,1604 ****
- if (temp > 0)
- {
- _rl_output_some_chars (nfd, temp);
-! _rl_last_c_pos += _rl_col_width (nfd, 0, temp);;
- }
- }
---- 1599,1618 ----
- if (temp > 0)
- {
-+ /* If nfd begins at the prompt, or before the invisible
-+ characters in the prompt, we need to adjust _rl_last_c_pos
-+ in a multibyte locale to account for the wrap offset and
-+ set cpos_adjusted accordingly. */
- _rl_output_some_chars (nfd, temp);
-! if (MB_CUR_MAX > 1 && rl_byte_oriented == 0)
-! {
-! _rl_last_c_pos += _rl_col_width (nfd, 0, temp);
-! if (current_line == 0 && wrap_offset && ((nfd - new) <= prompt_last_invisible))
-! {
-! _rl_last_c_pos -= wrap_offset;
-! cpos_adjusted = 1;
-! }
-! }
-! else
-! _rl_last_c_pos += temp;
- }
- }
-***************
-*** 1608,1613 ****
---- 1622,1639 ----
- if (temp > 0)
- {
-+ /* If nfd begins at the prompt, or before the invisible
-+ characters in the prompt, we need to adjust _rl_last_c_pos
-+ in a multibyte locale to account for the wrap offset and
-+ set cpos_adjusted accordingly. */
- _rl_output_some_chars (nfd, temp);
- _rl_last_c_pos += col_temp; /* XXX */
-+ if (MB_CUR_MAX > 1 && rl_byte_oriented == 0)
-+ {
-+ if (current_line == 0 && wrap_offset && ((nfd - new) <= prompt_last_invisible))
-+ {
-+ _rl_last_c_pos -= wrap_offset;
-+ cpos_adjusted = 1;
-+ }
-+ }
- }
- lendiff = (oe - old) - (ne - new);
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-005
-
-Bug-Reported-by: Thomas Loeber <ifp@loeber1.de>
-Bug-Reference-ID: <200703082223.08919.ifp@loeber1.de>
-Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-03/msg00036.html
-
-Bug-Description:
-
-When rl_read_key returns -1, indicating that readline's controlling terminal
-has been invalidated for some reason (e.g., receiving a SIGHUP), the error
-status was not reported correctly to the caller. This could cause input
-loops.
-
-Patch:
-
-*** ../readline-5.2/complete.c Fri Jul 28 11:35:49 2006
---- complete.c Tue Mar 13 08:50:16 2007
-***************
-*** 429,433 ****
- if (c == 'n' || c == 'N' || c == RUBOUT)
- return (0);
-! if (c == ABORT_CHAR)
- _rl_abort_internal ();
- if (for_pager && (c == NEWLINE || c == RETURN))
---- 440,444 ----
- if (c == 'n' || c == 'N' || c == RUBOUT)
- return (0);
-! if (c == ABORT_CHAR || c < 0)
- _rl_abort_internal ();
- if (for_pager && (c == NEWLINE || c == RETURN))
-*** ../readline-5.2/input.c Wed Aug 16 15:15:16 2006
---- input.c Wed May 2 16:07:59 2007
-***************
-*** 514,518 ****
- int size;
- {
-! int mb_len = 0;
- size_t mbchar_bytes_length;
- wchar_t wc;
---- 522,526 ----
- int size;
- {
-! int mb_len, c;
- size_t mbchar_bytes_length;
- wchar_t wc;
-***************
-*** 521,531 ****
- memset(&ps, 0, sizeof (mbstate_t));
- memset(&ps_back, 0, sizeof (mbstate_t));
-!
- while (mb_len < size)
- {
- RL_SETSTATE(RL_STATE_MOREINPUT);
-! mbchar[mb_len++] = rl_read_key ();
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
-
- mbchar_bytes_length = mbrtowc (&wc, mbchar, mb_len, &ps);
- if (mbchar_bytes_length == (size_t)(-1))
---- 529,545 ----
- memset(&ps, 0, sizeof (mbstate_t));
- memset(&ps_back, 0, sizeof (mbstate_t));
-!
-! mb_len = 0;
- while (mb_len < size)
- {
- RL_SETSTATE(RL_STATE_MOREINPUT);
-! c = rl_read_key ();
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
-
-+ if (c < 0)
-+ break;
-+
-+ mbchar[mb_len++] = c;
-+
- mbchar_bytes_length = mbrtowc (&wc, mbchar, mb_len, &ps);
- if (mbchar_bytes_length == (size_t)(-1))
-***************
-*** 565,569 ****
- c = first;
- memset (mb, 0, mlen);
-! for (i = 0; i < mlen; i++)
- {
- mb[i] = (char)c;
---- 579,583 ----
- c = first;
- memset (mb, 0, mlen);
-! for (i = 0; c >= 0 && i < mlen; i++)
- {
- mb[i] = (char)c;
-*** ../readline-5.2/isearch.c Mon Dec 26 17:18:53 2005
---- isearch.c Fri Mar 9 14:30:59 2007
-***************
-*** 328,333 ****
-
- f = (rl_command_func_t *)NULL;
-!
-! /* Translate the keys we do something with to opcodes. */
- if (c >= 0 && _rl_keymap[c].type == ISFUNC)
- {
---- 328,340 ----
-
- f = (rl_command_func_t *)NULL;
-!
-! if (c < 0)
-! {
-! cxt->sflags |= SF_FAILED;
-! cxt->history_pos = cxt->last_found_line;
-! return -1;
-! }
-!
-! /* Translate the keys we do something with to opcodes. */
- if (c >= 0 && _rl_keymap[c].type == ISFUNC)
- {
-*** ../readline-5.2/misc.c Mon Dec 26 17:20:46 2005
---- misc.c Fri Mar 9 14:44:11 2007
-***************
-*** 147,150 ****
---- 147,152 ----
- rl_clear_message ();
- RL_UNSETSTATE(RL_STATE_NUMERICARG);
-+ if (key < 0)
-+ return -1;
- return (_rl_dispatch (key, _rl_keymap));
- }
-*** ../readline-5.2/readline.c Wed Aug 16 15:00:36 2006
---- readline.c Fri Mar 9 14:47:24 2007
-***************
-*** 646,649 ****
---- 669,677 ----
- {
- nkey = _rl_subseq_getchar (cxt->okey);
-+ if (nkey < 0)
-+ {
-+ _rl_abort_internal ();
-+ return -1;
-+ }
- r = _rl_dispatch_subseq (nkey, cxt->dmap, cxt->subseq_arg);
- cxt->flags |= KSEQ_DISPATCHED;
-*** ../readline-5.2/text.c Fri Jul 28 11:55:27 2006
---- text.c Sun Mar 25 13:41:38 2007
-***************
-*** 858,861 ****
---- 864,870 ----
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
-
-+ if (c < 0)
-+ return -1;
-+
- #if defined (HANDLE_SIGNALS)
- if (RL_ISSTATE (RL_STATE_CALLBACK) == 0)
-***************
-*** 1521,1524 ****
---- 1530,1536 ----
- mb_len = _rl_read_mbchar (mbchar, MB_LEN_MAX);
-
-+ if (mb_len <= 0)
-+ return -1;
-+
- if (count < 0)
- return (_rl_char_search_internal (-count, bdir, mbchar, mb_len));
-***************
-*** 1537,1540 ****
---- 1549,1555 ----
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
-
-+ if (c < 0)
-+ return -1;
-+
- if (count < 0)
- return (_rl_char_search_internal (-count, bdir, c));
-*** ../readline-5.2/vi_mode.c Sat Jul 29 16:42:28 2006
---- vi_mode.c Fri Mar 9 15:02:11 2007
-***************
-*** 887,890 ****
---- 887,897 ----
- c = rl_read_key ();
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
-+
-+ if (c < 0)
-+ {
-+ *nextkey = 0;
-+ return -1;
-+ }
-+
- *nextkey = c;
-
-***************
-*** 903,906 ****
---- 910,918 ----
- c = rl_read_key (); /* real command */
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
-+ if (c < 0)
-+ {
-+ *nextkey = 0;
-+ return -1;
-+ }
- *nextkey = c;
- }
-***************
-*** 1225,1236 ****
- _rl_callback_generic_arg *data;
- {
- #if defined (HANDLE_MULTIBYTE)
-! _rl_vi_last_search_mblen = _rl_read_mbchar (_rl_vi_last_search_mbchar, MB_LEN_MAX);
- #else
- RL_SETSTATE(RL_STATE_MOREINPUT);
-! _rl_vi_last_search_char = rl_read_key ();
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
- #endif
-
- _rl_callback_func = 0;
- _rl_want_redisplay = 1;
---- 1243,1262 ----
- _rl_callback_generic_arg *data;
- {
-+ int c;
- #if defined (HANDLE_MULTIBYTE)
-! c = _rl_vi_last_search_mblen = _rl_read_mbchar (_rl_vi_last_search_mbchar, MB_LEN_MAX);
- #else
- RL_SETSTATE(RL_STATE_MOREINPUT);
-! c = rl_read_key ();
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
- #endif
-
-+ if (c <= 0)
-+ return -1;
-+
-+ #if !defined (HANDLE_MULTIBYTE)
-+ _rl_vi_last_search_char = c;
-+ #endif
-+
- _rl_callback_func = 0;
- _rl_want_redisplay = 1;
-***************
-*** 1248,1251 ****
---- 1274,1278 ----
- int count, key;
- {
-+ int c;
- #if defined (HANDLE_MULTIBYTE)
- static char *target;
-***************
-*** 1294,1302 ****
- {
- #if defined (HANDLE_MULTIBYTE)
-! _rl_vi_last_search_mblen = _rl_read_mbchar (_rl_vi_last_search_mbchar, MB_LEN_MAX);
- #else
- RL_SETSTATE(RL_STATE_MOREINPUT);
-! _rl_vi_last_search_char = rl_read_key ();
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
- #endif
- }
---- 1321,1335 ----
- {
- #if defined (HANDLE_MULTIBYTE)
-! c = _rl_read_mbchar (_rl_vi_last_search_mbchar, MB_LEN_MAX);
-! if (c <= 0)
-! return -1;
-! _rl_vi_last_search_mblen = c;
- #else
- RL_SETSTATE(RL_STATE_MOREINPUT);
-! c = rl_read_key ();
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
-+ if (c < 0)
-+ return -1;
-+ _rl_vi_last_search_char = c;
- #endif
- }
-***************
-*** 1468,1471 ****
---- 1501,1507 ----
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
-
-+ if (c < 0)
-+ return -1;
-+
- #if defined (HANDLE_MULTIBYTE)
- if (MB_CUR_MAX > 1 && rl_byte_oriented == 0)
-***************
-*** 1486,1489 ****
---- 1522,1528 ----
- _rl_vi_last_replacement = c = _rl_vi_callback_getchar (mb, MB_LEN_MAX);
-
-+ if (c < 0)
-+ return -1;
-+
- _rl_callback_func = 0;
- _rl_want_redisplay = 1;
-***************
-*** 1517,1520 ****
---- 1556,1562 ----
- _rl_vi_last_replacement = c = _rl_vi_callback_getchar (mb, MB_LEN_MAX);
-
-+ if (c < 0)
-+ return -1;
-+
- return (_rl_vi_change_char (count, c, mb));
- }
-***************
-*** 1651,1655 ****
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
-
-! if (ch < 'a' || ch > 'z')
- {
- rl_ding ();
---- 1693,1697 ----
- RL_UNSETSTATE(RL_STATE_MOREINPUT);
-
-! if (ch < 0 || ch < 'a' || ch > 'z') /* make test against 0 explicit */
- {
- rl_ding ();
-***************
-*** 1703,1707 ****
- return 0;
- }
-! else if (ch < 'a' || ch > 'z')
- {
- rl_ding ();
---- 1745,1749 ----
- return 0;
- }
-! else if (ch < 0 || ch < 'a' || ch > 'z') /* make test against 0 explicit */
- {
- rl_ding ();
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-006
-
-Bug-Reported-by: Peter Volkov <torre_cremata@mail.ru>
-Bug-Reference-ID: <1178376645.9063.25.camel@localhost>
-Bug-Reference-URL: http://bugs.gentoo.org/177095
-
-Bug-Description:
-
-The readline display code miscalculated the screen position when performing
-a redisplay in which the new text occupies more screen space that the old,
-but takes fewer bytes to do so (e.g., when replacing a shorter string
-containing multibyte characters with a longer one containing only ASCII).
-
-Patch:
-
-*** ../readline-5.2/display.c Thu Apr 26 11:38:22 2007
---- display.c Thu Jul 12 23:10:10 2007
-***************
-*** 1519,1527 ****
- /* Non-zero if we're increasing the number of lines. */
- int gl = current_line >= _rl_vis_botlin && inv_botlin > _rl_vis_botlin;
- /* Sometimes it is cheaper to print the characters rather than
- use the terminal's capabilities. If we're growing the number
- of lines, make sure we actually cause the new line to wrap
- around on auto-wrapping terminals. */
-! if (_rl_terminal_can_insert && ((2 * col_temp) >= col_lendiff || _rl_term_IC) && (!_rl_term_autowrap || !gl))
- {
- /* If lendiff > prompt_visible_length and _rl_last_c_pos == 0 and
---- 1568,1596 ----
- /* Non-zero if we're increasing the number of lines. */
- int gl = current_line >= _rl_vis_botlin && inv_botlin > _rl_vis_botlin;
-+ /* If col_lendiff is > 0, implying that the new string takes up more
-+ screen real estate than the old, but lendiff is < 0, meaning that it
-+ takes fewer bytes, we need to just output the characters starting
-+ from the first difference. These will overwrite what is on the
-+ display, so there's no reason to do a smart update. This can really
-+ only happen in a multibyte environment. */
-+ if (lendiff < 0)
-+ {
-+ _rl_output_some_chars (nfd, temp);
-+ _rl_last_c_pos += _rl_col_width (nfd, 0, temp);
-+ /* If nfd begins before any invisible characters in the prompt,
-+ adjust _rl_last_c_pos to account for wrap_offset and set
-+ cpos_adjusted to let the caller know. */
-+ if (current_line == 0 && wrap_offset && ((nfd - new) <= prompt_last_invisible))
-+ {
-+ _rl_last_c_pos -= wrap_offset;
-+ cpos_adjusted = 1;
-+ }
-+ return;
-+ }
- /* Sometimes it is cheaper to print the characters rather than
- use the terminal's capabilities. If we're growing the number
- of lines, make sure we actually cause the new line to wrap
- around on auto-wrapping terminals. */
-! else if (_rl_terminal_can_insert && ((2 * col_temp) >= col_lendiff || _rl_term_IC) && (!_rl_term_autowrap || !gl))
- {
- /* If lendiff > prompt_visible_length and _rl_last_c_pos == 0 and
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-007
-
-Bug-Reported-by: Tom Bjorkholm <tom.bjorkholm@ericsson.com>
-Bug-Reference-ID: <AEA1A32F001C6B4F98614B5B80D7647D01C075E9@esealmw115.eemea.ericsson.se>
-Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2007-04/msg00004.html
-
-
-Bug-Description:
-
-An off-by-one error in readline's input buffering caused readline to drop
-each 511th character of buffered input (e.g., when pasting a large amount
-of data into a terminal window).
-
-Patch:
-
-*** ../readline-5.2/input.c Wed Aug 16 15:15:16 2006
---- input.c Tue Jul 17 09:24:21 2007
-***************
-*** 134,139 ****
-
- *key = ibuffer[pop_index++];
-!
- if (pop_index >= ibuffer_len)
- pop_index = 0;
-
---- 134,142 ----
-
- *key = ibuffer[pop_index++];
-! #if 0
- if (pop_index >= ibuffer_len)
-+ #else
-+ if (pop_index > ibuffer_len)
-+ #endif
- pop_index = 0;
-
-***************
-*** 251,255 ****
- {
- k = (*rl_getc_function) (rl_instream);
-! rl_stuff_char (k);
- if (k == NEWLINE || k == RETURN)
- break;
---- 254,259 ----
- {
- k = (*rl_getc_function) (rl_instream);
-! if (rl_stuff_char (k) == 0)
-! break; /* some problem; no more room */
- if (k == NEWLINE || k == RETURN)
- break;
-***************
-*** 374,378 ****
---- 378,386 ----
- }
- ibuffer[push_index++] = key;
-+ #if 0
- if (push_index >= ibuffer_len)
-+ #else
-+ if (push_index > ibuffer_len)
-+ #endif
- push_index = 0;
-
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-008
-
-Bug-Reported-by: dAniel hAhler <ubuntu@thequod.de>
-Bug-Reference-ID: <4702ED8A.5000503@thequod.de>
-Bug-Reference-URL: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/119938
-
-Bug-Description:
-
-When updating the display after displaying, for instance, a list of possible
-completions, readline will place the cursor at the wrong position if the
-prompt contains invisible characters and a newline.
-
-Patch:
-
-*** ../readline-5.2-patched/display.c Mon Aug 6 14:26:29 2007
---- display.c Wed Oct 10 22:43:58 2007
-***************
-*** 1049,1053 ****
- else
- tx = nleft;
-! if (_rl_last_c_pos > tx)
- {
- _rl_backspace (_rl_last_c_pos - tx); /* XXX */
---- 1049,1053 ----
- else
- tx = nleft;
-! if (tx >= 0 && _rl_last_c_pos > tx)
- {
- _rl_backspace (_rl_last_c_pos - tx); /* XXX */
-***************
-*** 1205,1209 ****
- {
- register char *ofd, *ols, *oe, *nfd, *nls, *ne;
-! int temp, lendiff, wsatend, od, nd;
- int current_invis_chars;
- int col_lendiff, col_temp;
---- 1205,1209 ----
- {
- register char *ofd, *ols, *oe, *nfd, *nls, *ne;
-! int temp, lendiff, wsatend, od, nd, o_cpos;
- int current_invis_chars;
- int col_lendiff, col_temp;
-***************
-*** 1466,1469 ****
---- 1466,1471 ----
- }
-
-+ o_cpos = _rl_last_c_pos;
-+
- /* When this function returns, _rl_last_c_pos is correct, and an absolute
- cursor postion in multibyte mode, but a buffer index when not in a
-***************
-*** 1475,1479 ****
- invisible characters in the prompt string. Let's see if setting this when
- we make sure we're at the end of the drawn prompt string works. */
-! if (current_line == 0 && MB_CUR_MAX > 1 && rl_byte_oriented == 0 && _rl_last_c_pos == prompt_physical_chars)
- cpos_adjusted = 1;
- #endif
---- 1477,1483 ----
- invisible characters in the prompt string. Let's see if setting this when
- we make sure we're at the end of the drawn prompt string works. */
-! if (current_line == 0 && MB_CUR_MAX > 1 && rl_byte_oriented == 0 &&
-! (_rl_last_c_pos > 0 || o_cpos > 0) &&
-! _rl_last_c_pos == prompt_physical_chars)
- cpos_adjusted = 1;
- #endif
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-009
-
-Bug-Reported-by: dAniel hAhler <ubuntu@thequod.de>
-Bug-Reference-ID:
-Bug-Reference-URL:
-
-Bug-Description:
-
-Under some circumstances, readline will incorrectly display a prompt string
-containing invisible characters after the final newline.
-
-Patch:
-
-*** ../readline-5.2-patched/display.c 2007-08-25 13:47:08.000000000 -0400
---- display.c 2007-11-10 17:51:29.000000000 -0500
-***************
-*** 392,396 ****
- local_prompt = expand_prompt (p, &prompt_visible_length,
- &prompt_last_invisible,
-! (int *)NULL,
- &prompt_physical_chars);
- c = *t; *t = '\0';
---- 420,424 ----
- local_prompt = expand_prompt (p, &prompt_visible_length,
- &prompt_last_invisible,
-! &prompt_invis_chars_first_line,
- &prompt_physical_chars);
- c = *t; *t = '\0';
-***************
-*** 399,403 ****
- local_prompt_prefix = expand_prompt (prompt, &prompt_prefix_length,
- (int *)NULL,
-! &prompt_invis_chars_first_line,
- (int *)NULL);
- *t = c;
---- 427,431 ----
- local_prompt_prefix = expand_prompt (prompt, &prompt_prefix_length,
- (int *)NULL,
-! (int *)NULL,
- (int *)NULL);
- *t = c;
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-010
-
-Bug-Reported-by: Miroslav Lichvar <mlichvar@redhat.com>
-Bug-Reference-ID: Fri, 02 Nov 2007 14:07:45 +0100
-Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2007-11/msg00000.html
-
-Bug-Description:
-
-In certain cases when outputting characters at the end of the line,
-e.g., when displaying the prompt string, readline positions the cursor
-incorrectly if the prompt string contains invisible characters and the
-text being drawn begins before the last invisible character in the line.
-
-Patch:
-
-*** ../readline-5.2-patched/display.c 2007-08-25 13:47:08.000000000 -0400
---- display.c 2007-11-10 17:51:29.000000000 -0500
-***************
-*** 1566,1574 ****
- else
- {
-- /* We have horizontal scrolling and we are not inserting at
-- the end. We have invisible characters in this line. This
-- is a dumb update. */
- _rl_output_some_chars (nfd, temp);
- _rl_last_c_pos += col_temp;
- return;
- }
---- 1619,1632 ----
- else
- {
- _rl_output_some_chars (nfd, temp);
- _rl_last_c_pos += col_temp;
-+ /* If nfd begins before any invisible characters in the prompt,
-+ adjust _rl_last_c_pos to account for wrap_offset and set
-+ cpos_adjusted to let the caller know. */
-+ if (current_line == 0 && wrap_offset && ((nfd - new) <= prompt_last_invisible))
-+ {
-+ _rl_last_c_pos -= wrap_offset;
-+ cpos_adjusted = 1;
-+ }
- return;
- }
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-011
-
-Bug-Reported-by: Uwe Doering <gemini@geminix.org>
-Bug-Reference-ID: <46F3DD72.2090801@geminix.org>
-Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-09/msg00102.html
-
-Bug-Description:
-
-There is an off-by-one error in the code that buffers characters received
-very quickly in succession, causing characters to be dropped.
-
-Patch:
-
-*** ../readline-5.2-patched/input.c 2007-08-25 13:47:10.000000000 -0400
---- input.c 2007-10-12 22:55:25.000000000 -0400
-***************
-*** 155,159 ****
- pop_index--;
- if (pop_index < 0)
-! pop_index = ibuffer_len - 1;
- ibuffer[pop_index] = key;
- return (1);
---- 155,159 ----
- pop_index--;
- if (pop_index < 0)
-! pop_index = ibuffer_len;
- ibuffer[pop_index] = key;
- return (1);
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-012
-
-Bug-Reported-by: Chet Ramey <chet.ramey@case.edu>
-Bug-Reference-ID:
-Bug-Reference-URL:
-
-Bug-Description:
-
-This updates the options required to create shared libraries on several
-systems, including Mac OS X 10.5 (darwin9.x), FreeBSD, NetBSD, OpenBSD,
-AIX, and HP/UX.
-
-Patch:
-
-*** ../readline-5.2-patched/support/shobj-conf 2006-04-11 09:15:43.000000000 -0400
---- support/shobj-conf 2007-12-06 23:46:41.000000000 -0500
-***************
-*** 11,15 ****
- # chet@po.cwru.edu
-
-! # Copyright (C) 1996-2002 Free Software Foundation, Inc.
- #
- # This program is free software; you can redistribute it and/or modify
---- 11,15 ----
- # chet@po.cwru.edu
-
-! # Copyright (C) 1996-2007 Free Software Foundation, Inc.
- #
- # This program is free software; you can redistribute it and/or modify
-***************
-*** 115,119 ****
- ;;
-
-! freebsd2* | netbsd*)
- SHOBJ_CFLAGS=-fpic
- SHOBJ_LD=ld
---- 115,119 ----
- ;;
-
-! freebsd2*)
- SHOBJ_CFLAGS=-fpic
- SHOBJ_LD=ld
-***************
-*** 126,130 ****
- # FreeBSD-3.x ELF
- freebsd[3-9]*|freebsdelf[3-9]*|freebsdaout[3-9]*|dragonfly*)
-! SHOBJ_CFLAGS=-fpic
- SHOBJ_LD='${CC}'
-
---- 126,130 ----
- # FreeBSD-3.x ELF
- freebsd[3-9]*|freebsdelf[3-9]*|freebsdaout[3-9]*|dragonfly*)
-! SHOBJ_CFLAGS=-fPIC
- SHOBJ_LD='${CC}'
-
-***************
-*** 143,147 ****
-
- # Darwin/MacOS X
-! darwin8*)
- SHOBJ_STATUS=supported
- SHLIB_STATUS=supported
---- 143,147 ----
-
- # Darwin/MacOS X
-! darwin[89]*)
- SHOBJ_STATUS=supported
- SHLIB_STATUS=supported
-***************
-*** 154,158 ****
- SHLIB_LIBSUFF='dylib'
-
-! SHOBJ_LDFLAGS='-undefined dynamic_lookup'
- SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
-
---- 154,158 ----
- SHLIB_LIBSUFF='dylib'
-
-! SHOBJ_LDFLAGS='-dynamiclib -dynamic -undefined dynamic_lookup -arch_only `/usr/bin/arch`'
- SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
-
-***************
-*** 172,176 ****
-
- case "${host_os}" in
-! darwin[78]*) SHOBJ_LDFLAGS=''
- SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
- ;;
---- 172,176 ----
-
- case "${host_os}" in
-! darwin[789]*) SHOBJ_LDFLAGS=''
- SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
- ;;
-***************
-*** 183,187 ****
- ;;
-
-! openbsd*)
- SHOBJ_CFLAGS=-fPIC
- SHOBJ_LD='${CC}'
---- 183,187 ----
- ;;
-
-! openbsd*|netbsd*)
- SHOBJ_CFLAGS=-fPIC
- SHOBJ_LD='${CC}'
-***************
-*** 248,252 ****
- ;;
-
-! aix4.[2-9]*-*gcc*) # lightly tested by jik@cisco.com
- SHOBJ_CFLAGS=-fpic
- SHOBJ_LD='ld'
---- 248,252 ----
- ;;
-
-! aix4.[2-9]*-*gcc*|aix[5-9].*-*gcc*) # lightly tested by jik@cisco.com
- SHOBJ_CFLAGS=-fpic
- SHOBJ_LD='ld'
-***************
-*** 259,263 ****
- ;;
-
-! aix4.[2-9]*)
- SHOBJ_CFLAGS=-K
- SHOBJ_LD='ld'
---- 259,263 ----
- ;;
-
-! aix4.[2-9]*|aix[5-9].*)
- SHOBJ_CFLAGS=-K
- SHOBJ_LD='ld'
-***************
-*** 330,334 ****
- # if you have problems linking here, moving the `-Wl,+h,$@' from
- # SHLIB_XLDFLAGS to SHOBJ_LDFLAGS has been reported to work
-! SHOBJ_LDFLAGS='-shared -Wl,-b -Wl,+s'
-
- SHLIB_XLDFLAGS='-Wl,+h,$@ -Wl,+b,$(libdir)'
---- 330,334 ----
- # if you have problems linking here, moving the `-Wl,+h,$@' from
- # SHLIB_XLDFLAGS to SHOBJ_LDFLAGS has been reported to work
-! SHOBJ_LDFLAGS='-shared -fpic -Wl,-b -Wl,+s'
-
- SHLIB_XLDFLAGS='-Wl,+h,$@ -Wl,+b,$(libdir)'
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-013
-
-Bug-Reported-by: slinkp <stuff@slinkp.com>
-Bug-Reference-ID: <da52a26a-9f38-4861-a918-14d3482b539d@c65g2000hsa.googlegroups.com>
-Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2008-05/msg00085.html
-
-Bug-Description:
-
-The presence of invisible characters in a prompt longer than the screenwidth
-with invisible characters on the first and last prompt lines caused readline
-to place the cursor in the wrong physical location.
-
-Patch:
-
-*** ../readline-5.2-patched/display.c 2007-12-14 21:12:40.000000000 -0500
---- display.c 2008-10-23 09:39:46.000000000 -0400
-***************
-*** 911,914 ****
---- 944,951 ----
- OFFSET (which has already been calculated above). */
-
-+ #define INVIS_FIRST() (prompt_physical_chars > _rl_screenwidth ? prompt_invis_chars_first_line : wrap_offset)
-+ #define WRAP_OFFSET(line, offset) ((line == 0) \
-+ ? (offset ? INVIS_FIRST() : 0) \
-+ : ((line == prompt_last_screen_line) ? wrap_offset-prompt_invis_chars_first_line : 0))
- #define W_OFFSET(line, offset) ((line) == 0 ? offset : 0)
- #define VIS_LLEN(l) ((l) > _rl_vis_botlin ? 0 : (vis_lbreaks[l+1] - vis_lbreaks[l]))
-***************
-*** 945,949 ****
- _rl_last_c_pos > wrap_offset &&
- o_cpos < prompt_last_invisible)
-! _rl_last_c_pos -= wrap_offset;
-
- /* If this is the line with the prompt, we might need to
---- 982,992 ----
- _rl_last_c_pos > wrap_offset &&
- o_cpos < prompt_last_invisible)
-! _rl_last_c_pos -= prompt_invis_chars_first_line; /* XXX - was wrap_offset */
-! else if (linenum == prompt_last_screen_line && prompt_physical_chars > _rl_screenwidth &&
-! (MB_CUR_MAX > 1 && rl_byte_oriented == 0) &&
-! cpos_adjusted == 0 &&
-! _rl_last_c_pos != o_cpos &&
-! _rl_last_c_pos > (prompt_last_invisible - _rl_screenwidth - prompt_invis_chars_first_line))
-! _rl_last_c_pos -= (wrap_offset-prompt_invis_chars_first_line);
-
- /* If this is the line with the prompt, we might need to
-***************
-*** 1205,1209 ****
- {
- register char *ofd, *ols, *oe, *nfd, *nls, *ne;
-! int temp, lendiff, wsatend, od, nd, o_cpos;
- int current_invis_chars;
- int col_lendiff, col_temp;
---- 1264,1268 ----
- {
- register char *ofd, *ols, *oe, *nfd, *nls, *ne;
-! int temp, lendiff, wsatend, od, nd, twidth, o_cpos;
- int current_invis_chars;
- int col_lendiff, col_temp;
-***************
-*** 1221,1225 ****
- temp = _rl_last_c_pos;
- else
-! temp = _rl_last_c_pos - W_OFFSET(_rl_last_v_pos, visible_wrap_offset);
- if (temp == _rl_screenwidth && _rl_term_autowrap && !_rl_horizontal_scroll_mode
- && _rl_last_v_pos == current_line - 1)
---- 1280,1284 ----
- temp = _rl_last_c_pos;
- else
-! temp = _rl_last_c_pos - WRAP_OFFSET (_rl_last_v_pos, visible_wrap_offset);
- if (temp == _rl_screenwidth && _rl_term_autowrap && !_rl_horizontal_scroll_mode
- && _rl_last_v_pos == current_line - 1)
-***************
-*** 1587,1599 ****
- {
- _rl_output_some_chars (nfd + lendiff, temp - lendiff);
-- #if 1
- /* XXX -- this bears closer inspection. Fixes a redisplay bug
- reported against bash-3.0-alpha by Andreas Schwab involving
- multibyte characters and prompt strings with invisible
- characters, but was previously disabled. */
-! _rl_last_c_pos += _rl_col_width (nfd+lendiff, 0, temp-col_lendiff);
-! #else
-! _rl_last_c_pos += _rl_col_width (nfd+lendiff, 0, temp-lendiff);
-! #endif
- }
- }
---- 1648,1660 ----
- {
- _rl_output_some_chars (nfd + lendiff, temp - lendiff);
- /* XXX -- this bears closer inspection. Fixes a redisplay bug
- reported against bash-3.0-alpha by Andreas Schwab involving
- multibyte characters and prompt strings with invisible
- characters, but was previously disabled. */
-! if (MB_CUR_MAX > 1 && rl_byte_oriented == 0)
-! twidth = _rl_col_width (nfd+lendiff, 0, temp-col_lendiff);
-! else
-! twidth = temp - lendiff;
-! _rl_last_c_pos += twidth;
- }
- }
-***************
-*** 1789,1793 ****
- int cpos, dpos; /* current and desired cursor positions */
-
-! woff = W_OFFSET (_rl_last_v_pos, wrap_offset);
- cpos = _rl_last_c_pos;
- #if defined (HANDLE_MULTIBYTE)
---- 1850,1854 ----
- int cpos, dpos; /* current and desired cursor positions */
-
-! woff = WRAP_OFFSET (_rl_last_v_pos, wrap_offset);
- cpos = _rl_last_c_pos;
- #if defined (HANDLE_MULTIBYTE)
-***************
-*** 1803,1807 ****
- prompt string, since they're both buffer indices and DPOS is a
- desired display position. */
-! if (new > prompt_last_invisible) /* XXX - don't use woff here */
- {
- dpos -= woff;
---- 1864,1872 ----
- prompt string, since they're both buffer indices and DPOS is a
- desired display position. */
-! if ((new > prompt_last_invisible) || /* XXX - don't use woff here */
-! (prompt_physical_chars > _rl_screenwidth &&
-! _rl_last_v_pos == prompt_last_screen_line &&
-! wrap_offset != woff &&
-! new > (prompt_last_invisible-_rl_screenwidth-wrap_offset)))
- {
- dpos -= woff;
+++ /dev/null
- READLINE PATCH REPORT
- =====================
-
-Readline-Release: 5.2
-Patch-ID: readline52-014
-
-Bug-Reported-by: Len Lattanzi <llattanzi@apple.com>
-Bug-Reference-ID: <52B1297F-6675-45CC-B63E-24745337D006@apple.com>
-Bug-Reference-URL:
-
-Bug-Description:
-
-On systems where mbrtowc() returns -2 when passed a length argument with
-value 0, when using a multibyte locale, Readline's emacs-mode forward-char
-at the end of a line will leave the point beyond the end of the line.
-
-Patch:
-
-*** ../readline-5.2-patched/mbutil.c 2009-05-29 23:09:26.000000000 -0400
---- mbutil.c 2009-05-29 23:10:12.000000000 -0400
-***************
-*** 78,82 ****
- int seed, count, find_non_zero;
- {
-! size_t tmp;
- mbstate_t ps;
- int point;
---- 78,82 ----
- int seed, count, find_non_zero;
- {
-! size_t tmp, len;
- mbstate_t ps;
- int point;
-***************
-*** 99,103 ****
- while (count > 0)
- {
-! tmp = mbrtowc (&wc, string+point, strlen(string + point), &ps);
- if (MB_INVALIDCH ((size_t)tmp))
- {
---- 99,106 ----
- while (count > 0)
- {
-! len = strlen (string + point);
-! if (len == 0)
-! break;
-! tmp = mbrtowc (&wc, string+point, len, &ps);
- if (MB_INVALIDCH ((size_t)tmp))
- {