--- /dev/null
+/etc/raddb
--- /dev/null
+/var/ipfire/guardian/guardian.conf
+/var/ipfire/guardian/guardian.ignore
+/var/ipfire/guardian/settings
+/var/ipfire/guardian/ignored
--- /dev/null
+/etc/libvirt
-/etc/nginx/nginx.conf
+/etc/nginx
<Plugin interface>
Interface "lo"
- Interface "ipsec1"
- Interface "ipsec2"
- Interface "ipsec3"
+ Interface "/[0-9]*phys$/"
+ Interface "/^macvtap[0-9]*$/"
+ Interface "/^vnet[0-9]*$/"
IgnoreSelected true
</Plugin>
34,DNS (TCP),53,TCP,,0
19,FTPS data,989,TCP,BLANK,0
5,SMTP,25,TCP,BLANK,0
+35,Submission (TCP),587,TCP,BLANK,0
+36,SSMTP,465,TCP,BLANK,0
+++ /dev/null
-# The machines IP address that is visable to the internet
-# If this is left undefined, then guardian will attempt to get the information
-# from ifconfig, as long as it has an interface to use. This would be useful
-# for people on ppp links, or dhcp machines, or if you are lazy :)
-# HostIpAddr
-
-# Here we define the interface which we will use to guess the IP address, and
-# block incoming offending packets. This is the only option that is required
-# for guardian to run. If the rest are undefined, guardian will use the default.
-Interface ppp0
-
-# The last octet of the ip address, which gives us the gateway address.
-HostGatewayByte 1
-
-# Guardian's log file
-LogFile /var/log/guardian/guardian.log
-
-# Snort's alert file. This can be the snort.alert file, or a syslog file
-# There might be some snort alerts that get logged to syslog which guardian
-# might not see..
-AlertFile /var/log/snort/alert
-
-# The list of ip addresses to ignore
-IgnoreFile /var/ipfire/guardian/guardian.ignore
-
-# This is a list of IP addresses on the current host, in case there is more
-# than one. If this file doesn't exist, then it will assume you want to run
-# with the default setup (machine's ip address, and broadcast/network).
-TargetFile /var/ipfire/guardian/guardian.target
-
-# The time in seconds to keep a host blocked. If undefined, it defaults to
-# 99999999, which basicly disables the feature.
-TimeLimit 86400
--- /dev/null
+lastaction
+ /usr/bin/guardianctrl logrotate &>/dev/null
+endscript
+
+/var/log/guardian/guardian.log {
+ weekly
+ rotate 4
+ copytruncate
+ compress
+ notifempty
+ missingok
+}
+++ /dev/null
-#!/usr/bin/perl
-# based on V 1.7 guardian enhanced for IPFire and snort 2.8
-# Read the readme file for changes
-#
-# Enhanced for IPFire by IPFire Team
-# Added Portscan detection for non syslog system
-# Added SSH-Watch for SSH-Bruteforce Attacks
-# An suppected IP will be blocked on all interfaces
-
-$OS=`uname`;
-chomp $OS;
-print "OS shows $OS\n";
-
-require 'getopts.pl';
-
-&Getopts ('hc:d');
-if (defined($opt_h)) {
- print "Guardian v1.7 \n";
- print "guardian.pl [-hd] <-c config>\n";
- print " -h shows help\n";
- print " -d run in debug mode (doesn't fork, output goes to STDOUT)\n";
- print " -c specifiy a configuration file other than the default (/etc/guardian.conf)\n";
- exit;
-}
-&load_conf;
-&sig_handler_setup;
-
-print "My ip address and interface are: $hostipaddr $interface\n";
-
-if ($hostipaddr !~ /\d+\.\d+\.\d+\.\d+/) {
- print "This ip address is bad : $hostipaddr\n";
- die "I need a good host ipaddress\n";
-}
-
-$networkaddr = $hostipaddr;
-$networkaddr =~ s/\d+$/0/;
-$gatewayaddr = `cat /var/ipfire/red/remote-ipaddress 2>/dev/null`;
-$broadcastaddr = $hostipaddr;
-$broadcastaddr =~ s/\d+$/255/;
-&build_ignore_hash;
-
-print "My gatewayaddess is: $gatewayaddr\n";
-
-# This is the target hash. If a packet was destened to any of these, then the
-# sender of that packet will get denied, unless it is on the ignore list..
-
-%targethash = ( "$networkaddr" => 1,
- "$broadcastaddr" => 1,
- "0" => 1, # This is what gets sent to &checkem if no
- # destination was found.
- "$hostipaddr" => 1);
-
-&get_aliases;
-
-%sshhash = ();
-
-if ( -e $targetfile ) {
- &load_targetfile;
-}
-
-if (!defined($opt_d)) {
- print "Becoming a daemon..\n";
- &daemonize;
-} else { print "Running in debug mode..\n"; }
-
-open (ALERT, $alert_file) or die "can't open alert file: $alert_file: $!\n";
-seek (ALERT, 0, 2); # set the position to EOF.
-# this is the same as a tail -f :)
-$counter=0;
-open (ALERT2, "/var/log/messages" ) or die "can't open /var/log/messages: $!\n";
-seek (ALERT2, 0, 2); # set the position to EOF.
-# this is the same as a tail -f :)
-
-for (;;) {
- sleep 1;
- if (seek(ALERT,0,1)){
- while (<ALERT>) {
- chop;
- if (defined($opt_d)) {
- print "$_\n";
- }
- if (/\[\*\*\]\s+(.*)\s+\[\*\*\]/){
- $type=$1;
- }
- if (/(\d+\.\d+\.\d+\.\d+):\d+ -\> (\d+\.\d+\.\d+\.\d+):\d+/) {
- &checkem ($1, $2, $type);
- }
- if (/(\d+\.\d+\.\d+\.\d+)+ -\> (\d+\.\d+\.\d+\.\d+)+/) {
- &checkem ($1, $2, $type);
- }
- }
- }
-
- sleep 1;
- if (seek(ALERT2,0,1)){
- while (<ALERT2>) {
- chop;
- if ($_=~/.*sshd.*Failed password for .* from.*/) {
- my @array=split(/ /,$_);
- my $temp = "";
- if ( $array[11] eq "port" ) {
- $temp = $array[10];
- } elsif ( $array[11] eq "from" ) {
- $temp = $array[12];
- } else {
- $temp = $array[11];
- }
- &checkssh ($temp, "possible SSH-Bruteforce Attack");}
-
- # This should catch Bruteforce Attacks with enabled preauth
- if ($_ =~ /.*sshd.*Received disconnect from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):.*\[preauth\]/) {
- &checkssh ($1, "possible SSH-Bruteforce Attack, failed preauth");}
- }
- }
-
-# Run this stuff every 30 seconds..
- if ($counter == 30) {
- &remove_blocks; # This might get moved elsewhere, depending on how much load
- # it puts on the system..
- &check_log_name;
- $counter=0;
- } else {
- $counter=$counter+1;
- }
-}
-
-sub check_log_name {
- my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,
- $atime,$mtime,$ctime,$blksize,$blocks) = stat($alert_file);
- if ($size < $previous_size) { # The filesize is smaller than last
- close (ALERT); # we checked, so we need to reopen it
- open (ALERT, "$alert_file"); # This should still work in our main while
- $previous_size=$size; # loop (I hope)
- write_log ("Log filename changed. Reopening $alert_file\n");
- } else {
- $previous_size=$size;
- }
-}
-
-
-sub checkem {
- my ($source, $dest,$type) = @_;
- my $flag=0;
-
- return 1 if ($source eq $hostipaddr);
- # this should prevent is from nuking ourselves
-
- return 1 if ($source eq $gatewayaddr); # or our gateway
- if ($ignore{$source} == 1) { # check our ignore list..
- &write_log("$source\t$type\n");
- &write_log("Ignoring attack because $source is in my ignore list\n");
- return 1;
- }
-
-# if the offending packet was sent to us, the network, or the broadcast, then
- if ($targethash{$dest} == 1) {
- &ipchain ($source, $dest, $type);
- }
-# you will see this if the destination was not in the $targethash, and the
-# packet was not ignored before the target check..
- else {
- &write_log ("Odd.. source = $source, dest = $dest - No action done.\n");
- if (defined ($opt_d)) {
- foreach $key (keys %targethash) {
- &write_log ("targethash{$key} = $targethash{$key}\n");
- }
- }
- }
-}
-
-sub checkssh {
- my ($source,$type) = @_;
- my $flag=0;
-
- return 1 if ($source eq $hostipaddr);
- # this should prevent is from nuking ourselves
-
- return 1 if ($source eq $gatewayaddr); # or our gateway
-
- return 0 if ($sshhash{$source} > 4); # allready blocked
-
- if ( ($ignore{$source} == 1) ){
- &write_log("Ignoring attack because $source is in my ignore list\n");
- return 1;
- }
-
- if ($sshhash{$source} == 4 ) {
- &write_log ("source = $source, blocking for ssh attack.\n");
- &ipchain ($source, "", $type);
- $sshhash{$source} = $sshhash{$source}+1;
- return 0;
- }
-
- if ($sshhash{$source} eq "" ){
- $sshhash{$source} = 1;
- &write_log ("SSH Attack = $source, ssh count only $sshhash{$source} - No action done.\n");
- return 0;
- }
-
- $sshhash{$source} = $sshhash{$source}+1;
- &write_log ("SSH Attack = $source, ssh count only $sshhash{$source} - No action done.\n");
-}
-
-sub ipchain {
- my ($source, $dest, $type) = @_;
- &write_log ("$source\t$type\n");
- if ($hash{$source} eq "") {
- &write_log ("Running '$blockpath $source $interface'\n");
- system ("$blockpath $source $interface");
- $hash{$source} = time() + $TimeLimit;
- } else {
-# We have already blocked this one, but snort detected another attack. So
-# we should update the time blocked..
- $hash{$source} = time() + $TimeLimit;
- }
-}
-
-sub build_ignore_hash {
-# This would cause is to ignore all broadcasts if it
-# got set.. However if unset, then the attacker could spoof the packet to make
-# it look like it came from the network, and a reply to the spoofed packet
-# could be seen if the attacker were on the local network.
-# $ignore{$networkaddr}=1;
-
-# same thing as above, just with the broadcast instead of the network.
-# $ignore{$broadcastaddr}=1;
- my $count =0;
- $ignore{$gatewayaddr}=1;
- $ignore{$hostipaddr}=1;
- if ($ignorefile ne "") {
- open (IGNORE, $ignorefile);
- while (<IGNORE>) {
- $_=~ s/\s+$//;
- chomp;
- next if (/\#/); #skip comments
- next if (/^\s*$/); # and blank lines
- $ignore{$_}=1;
- $count++;
- }
- close (IGNORE);
- &write_log("Loaded $count addresses from $ignorefile\n");
- } else {
- &write_log("No ignore file was loaded!\n");
- }
-}
-
-sub load_conf {
- if ($opt_c eq "") {
- $opt_c = "/etc/guardian.conf";
- }
-
- if (! -e $opt_c) {
- die "Need a configuration file.. please use to the -c option to name a configuration file\n";
- }
-
- open (CONF, $opt_c) or die "Cannot read the config file $opt_c, $!\n";
- while (<CONF>) {
- chop;
- next if (/^\s*$/); #skip blank lines
- next if (/^#/); # skip comment lines
- if (/LogFile\s+(.*)/) {
- $logfile = $1;
- }
- if (/Interface\s+(.*)/) {
- $interface = $1;
- if ( $interface eq "" ) {
- $interface = `cat /var/ipfire/ethernet/settings | grep RED_DEV | cut -d"=" -f2`;
- }
- }
- if (/AlertFile\s+(.*)/) {
- $alert_file = $1;
- }
- if (/IgnoreFile\s+(.*)/) {
- $ignorefile = $1;
- }
- if (/TargetFile\s+(.*)/) {
- $targetfile = $1;
- }
- if (/TimeLimit\s+(.*)/) {
- $TimeLimit = $1;
- }
- if (/HostIpAddr\s+(.*)/) {
- $hostipaddr = $1;
- }
- if (/HostGatewayByte\s+(.*)/) {
- $hostgatewaybyte = $1;
- }
- }
-
- if ($alert_file eq "") {
- print "Warning! AlertFile is undefined.. Assuming /var/log/snort.alert\n";
- $alert_file="/var/log/snort.alert";
- }
- if ($hostipaddr eq "") {
- print "Warning! HostIpAddr is undefined! Attempting to guess..\n";
- $hostipaddr = `cat /var/ipfire/red/local-ipaddress`;
- print "Got it.. your HostIpAddr is $hostipaddr\n";
- }
- if ($ignorefile eq "") {
- print "Warning! IgnoreFile is undefined.. going with default ignore list (hostname and gateway)!\n";
- }
- if ($hostgatewaybyte eq "") {
- print "Warning! HostGatewayByte is undefined.. gateway will not be in ignore list!\n";
- }
- if ($logfile eq "") {
- print "Warning! LogFile is undefined.. Assuming debug mode, output to STDOUT\n";
- $opt_d = 1;
- }
- if (! -w $logfile) {
- print "Warning! Logfile is not writeable! Engaging debug mode, output to STDOUT\n";
- $opt_d = 1;
- }
-
- foreach $mypath (split (/:/, $ENV{PATH})) {
- if (-x "$mypath/guardian_block.sh") {
- $blockpath = "$mypath/guardian_block.sh";
- }
- if (-x "$mypath/guardian_unblock.sh") {
- $unblockpath = "$mypath/guardian_unblock.sh";
- }
- }
-
- if ($blockpath eq "") {
- print "Error! Could not find guardian_block.sh. Please consult the README. \n";
- exit;
- }
- if ($unblockpath eq "") {
- print "Warning! Could not find guardian_unblock.sh. Guardian will not be\n";
- print "able to remove blocked ip addresses. Please consult the README file\n";
- }
- if ($TimeLimit eq "") {
- print "Warning! Time limit not defined. Defaulting to absurdly long time limit\n";
- $TimeLimit = 999999999;
- }
-}
-
-sub write_log {
- my $message = $_[0];
- my $date = localtime();
- if (defined($opt_d)) { # we are in debug mode, and not daemonized
- print STDOUT $message;
- } else {
- open (LOG, ">>$logfile");
- print LOG $date.": ".$message;
- close (LOG);
- }
-}
-
-sub daemonize {
- my ($home);
- if (fork()) {
-# parent
- exit(0);
- } else {
-# child
- &write_log ("Guardian process id $$\n");
- $home = (getpwuid($>))[7] || die "No home directory!\n";
- chdir($home); # go to my homedir
- setpgrp(0,0); # become process leader
- close(STDOUT);
- close(STDIN);
- close(STDERR);
- print "Testing...\n";
- }
-}
-
-sub sig_handler_setup {
- $SIG{INT} = \&clean_up_and_exit; # kill -2
- $SIG{TERM} = \&clean_up_and_exit; # kill -9
- $SIG{QUIT} = \&clean_up_and_exit; # kill -3
-# $SIG{HUP} = \&flush_and_reload; # kill -1
-}
-
-sub remove_blocks {
- my $source;
- my $time = time();
- foreach $source (keys %hash) {
- if ($hash{$source} < $time) {
- &call_unblock ($source, "expiring block of $source\n");
- delete ($hash{$source});
- }
- }
-}
-
-sub call_unblock {
- my ($source, $message) = @_;
- &write_log ("$message");
- system ("$unblockpath $source $interface");
-}
-
-sub clean_up_and_exit {
- my $source;
- &write_log ("received kill sig.. shutting down\n");
- foreach $source (keys %hash) {
- &call_unblock ($source, "removing $source for shutdown\n");
- }
- exit;
-}
-
-sub load_targetfile {
- my $count = 0;
- open (TARG, "$targetfile") or die "Cannot open $targetfile\n";
- while (<TARG>) {
- chop;
- next if (/\#/); #skip comments
- next if (/^\s*$/); # and blank lines
- $targethash{$_}=1;
- $count++;
- }
- close (TARG);
- print "Loaded $count addresses from $targetfile\n";
-}
-
-sub get_aliases {
- my $ip;
- print "Scanning for aliases on $interface and add them to the target hash...";
-
- open (IFCONFIG, "/sbin/ip addr show $interface |");
- my @lines = <IFCONFIG>;
- close(IFCONFIG);
-
- foreach $line (@lines) {
- if ( $line =~ /inet (\d+\.\d+\.\d+\.\d+)/) {
- $ip = $1;
- print " got $ip on $interface ... ";
- $targethash{'$ip'} = "1";
- }
- }
-
- print "done \n";
-}
+++ /dev/null
-#!/bin/sh
-
-# this is a sample block script for guardian. This should work with ipchains.
-# This command gets called by guardian as such:
-# guardian_block.sh <source_ip> <interface>
-# and the script will issue a command to block all traffic from that source ip
-# address. The logic of weither or not it is safe to block that address is
-# done inside guardian itself.
-source=$1
-interface=$2
-
-/sbin/iptables -I GUARDIAN -s $source -i $interface -j DROP
+++ /dev/null
-#!/bin/sh
-
-# this is a sample unblock script for guardian. This should work with ipchains.
-# This command gets called by guardian as such:
-# unblock.sh <source_ip> <interface>
-# and the script will issue a command to remove the block that was created with # block.sh address.
-source=$1
-interface=$2
-
-/sbin/iptables -D GUARDIAN -s $source -i $interface -j DROP
HostnameLookups off
AddHandler cgi-script .cgi
EnableSendfile Off
+
+# Always unset HTTP_PROXY variable, https://httpoxy.org
+RequestHeader unset Proxy early
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.14.64 Kernel Configuration
+# Linux/arm 3.14.73 Kernel Configuration
#
CONFIG_ARM=y
CONFIG_SYS_SUPPORTS_APM_EMULATION=y
# CONFIG_SENSORS_APDS990X is not set
# CONFIG_HMC6352 is not set
CONFIG_DS1682=m
-CONFIG_BMP085=y
+CONFIG_BMP085=m
CONFIG_BMP085_I2C=m
CONFIG_PCH_PHUB=m
CONFIG_USB_SWITCH_FSA9480=m
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.14.64 Kernel Configuration
+# Linux/arm 3.14.73 Kernel Configuration
#
CONFIG_ARM=y
CONFIG_MIGHT_HAVE_PCI=y
# CONFIG_HMC6352 is not set
CONFIG_DS1682=m
CONFIG_ARM_CHARLCD=y
-CONFIG_BMP085=y
+CONFIG_BMP085=m
CONFIG_BMP085_I2C=m
# CONFIG_PCH_PHUB is not set
CONFIG_USB_SWITCH_FSA9480=m
CONFIG_USB_ISP1362_HCD=m
CONFIG_USB_FUSBH200_HCD=m
CONFIG_USB_FOTG210_HCD=m
-# CONFIG_USB_OHCI_HCD is not set
+CONFIG_USB_OHCI_HCD=y
+CONFIG_USB_OHCI_HCD_OMAP3=y
+CONFIG_USB_OHCI_HCD_PCI=y
+CONFIG_USB_OHCI_HCD_PLATFORM=y
CONFIG_USB_UHCI_HCD=y
CONFIG_USB_UHCI_SUPPORT_NON_PCI_HC=y
CONFIG_USB_UHCI_PLATFORM=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.14.64 Kernel Configuration
+# Linux/arm 3.14.73 Kernel Configuration
#
CONFIG_ARM=y
CONFIG_SYS_SUPPORTS_APM_EMULATION=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.64 Kernel Configuration
+# Linux/x86 3.14.73 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
# CONFIG_HMC6352 is not set
CONFIG_DS1682=m
CONFIG_VMWARE_BALLOON=m
-CONFIG_BMP085=y
+CONFIG_BMP085=m
CONFIG_BMP085_I2C=m
CONFIG_PCH_PHUB=m
CONFIG_USB_SWITCH_FSA9480=m
CONFIG_CRYPTO_DEV_GEODE=m
CONFIG_CRYPTO_DEV_HIFN_795X=m
CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y
-CONFIG_CRYPTO_DEV_CCP=y
-CONFIG_CRYPTO_DEV_CCP_DD=m
-CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
+# CONFIG_CRYPTO_DEV_CCP is not set
CONFIG_ASYMMETRIC_KEY_TYPE=m
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
CONFIG_PUBLIC_KEY_ALGO_RSA=m
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.64 Kernel Configuration
+# Linux/x86 3.14.73 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
# CONFIG_HMC6352 is not set
CONFIG_DS1682=m
CONFIG_VMWARE_BALLOON=m
-CONFIG_BMP085=y
+CONFIG_BMP085=m
CONFIG_BMP085_I2C=m
CONFIG_PCH_PHUB=m
CONFIG_USB_SWITCH_FSA9480=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
CONFIG_CRYPTO_DEV_GEODE=m
-CONFIG_CRYPTO_DEV_CCP=y
-CONFIG_CRYPTO_DEV_CCP_DD=m
-CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
+# CONFIG_CRYPTO_DEV_CCP is not set
CONFIG_ASYMMETRIC_KEY_TYPE=m
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
CONFIG_PUBLIC_KEY_ALGO_RSA=m
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.64 Kernel Configuration
+# Linux/x86 3.14.73 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
# CONFIG_HMC6352 is not set
CONFIG_DS1682=m
CONFIG_VMWARE_BALLOON=m
-CONFIG_BMP085=y
+CONFIG_BMP085=m
CONFIG_BMP085_I2C=m
CONFIG_PCH_PHUB=m
CONFIG_USB_SWITCH_FSA9480=m
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
-CONFIG_CRYPTO_DEV_CCP=y
-CONFIG_CRYPTO_DEV_CCP_DD=m
-CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
+# CONFIG_CRYPTO_DEV_CCP is not set
CONFIG_ASYMMETRIC_KEY_TYPE=m
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
CONFIG_PUBLIC_KEY_ALGO_RSA=m
--- /dev/null
+$subservices->{'65.guardian'} = {
+ 'caption' => $Lang::tr{'guardian'},
+ 'uri' => '/cgi-bin/guardian.cgi',
+ 'title' => "$Lang::tr{'guardian'}",
+ 'enabled' => '1',
+ };
--- /dev/null
+KERNEL=="kvm", GROUP="kvm", MODE="0660"
+KERNEL=="vhost-net", GROUP="kvm", MODE="0660", TAG+="uaccess", OPTIONS+="static_node=vhost-net"
#usr/include/acl
#usr/include/acl/libacl.h
#usr/include/sys/acl.h
-#usr/lib/libacl.a
#usr/lib/libacl.la
usr/lib/libacl.so
usr/lib/libacl.so.1
usr/lib/libacl.so.1.1.0
-#usr/libexec/libacl.a
-#usr/libexec/libacl.la
-usr/libexec/libacl.so
-#usr/man/man1/chacl.1
-#usr/man/man1/getfacl.1
-#usr/man/man1/setfacl.1
-#usr/man/man3/acl_add_perm.3
-#usr/man/man3/acl_calc_mask.3
-#usr/man/man3/acl_check.3
-#usr/man/man3/acl_clear_perms.3
-#usr/man/man3/acl_cmp.3
-#usr/man/man3/acl_copy_entry.3
-#usr/man/man3/acl_copy_ext.3
-#usr/man/man3/acl_copy_int.3
-#usr/man/man3/acl_create_entry.3
-#usr/man/man3/acl_delete_def_file.3
-#usr/man/man3/acl_delete_entry.3
-#usr/man/man3/acl_delete_perm.3
-#usr/man/man3/acl_dup.3
-#usr/man/man3/acl_entries.3
-#usr/man/man3/acl_equiv_mode.3
-#usr/man/man3/acl_error.3
-#usr/man/man3/acl_extended_fd.3
-#usr/man/man3/acl_extended_file.3
-#usr/man/man3/acl_free.3
-#usr/man/man3/acl_from_mode.3
-#usr/man/man3/acl_from_text.3
-#usr/man/man3/acl_get_entry.3
-#usr/man/man3/acl_get_fd.3
-#usr/man/man3/acl_get_file.3
-#usr/man/man3/acl_get_perm.3
-#usr/man/man3/acl_get_permset.3
-#usr/man/man3/acl_get_qualifier.3
-#usr/man/man3/acl_get_tag_type.3
-#usr/man/man3/acl_init.3
-#usr/man/man3/acl_set_fd.3
-#usr/man/man3/acl_set_file.3
-#usr/man/man3/acl_set_permset.3
-#usr/man/man3/acl_set_qualifier.3
-#usr/man/man3/acl_set_tag_type.3
-#usr/man/man3/acl_size.3
-#usr/man/man3/acl_to_any_text.3
-#usr/man/man3/acl_to_text.3
-#usr/man/man3/acl_valid.3
-#usr/man/man5/acl.5
#usr/share/doc/acl
#usr/share/doc/acl/CHANGES.gz
#usr/share/doc/acl/COPYING
+#usr/share/doc/acl/COPYING.LGPL
#usr/share/doc/acl/PORTING
#usr/share/doc/acl/README
#usr/share/locale/de/LC_MESSAGES/acl.mo
#usr/share/locale/gl/LC_MESSAGES/acl.mo
#usr/share/locale/pl/LC_MESSAGES/acl.mo
#usr/share/locale/sv/LC_MESSAGES/acl.mo
+#usr/share/man/man1/chacl.1
+#usr/share/man/man1/getfacl.1
+#usr/share/man/man1/setfacl.1
+#usr/share/man/man3/acl_add_perm.3
+#usr/share/man/man3/acl_calc_mask.3
+#usr/share/man/man3/acl_check.3
+#usr/share/man/man3/acl_clear_perms.3
+#usr/share/man/man3/acl_cmp.3
+#usr/share/man/man3/acl_copy_entry.3
+#usr/share/man/man3/acl_copy_ext.3
+#usr/share/man/man3/acl_copy_int.3
+#usr/share/man/man3/acl_create_entry.3
+#usr/share/man/man3/acl_delete_def_file.3
+#usr/share/man/man3/acl_delete_entry.3
+#usr/share/man/man3/acl_delete_perm.3
+#usr/share/man/man3/acl_dup.3
+#usr/share/man/man3/acl_entries.3
+#usr/share/man/man3/acl_equiv_mode.3
+#usr/share/man/man3/acl_error.3
+#usr/share/man/man3/acl_extended_fd.3
+#usr/share/man/man3/acl_extended_file.3
+#usr/share/man/man3/acl_extended_file_nofollow.3
+#usr/share/man/man3/acl_free.3
+#usr/share/man/man3/acl_from_mode.3
+#usr/share/man/man3/acl_from_text.3
+#usr/share/man/man3/acl_get_entry.3
+#usr/share/man/man3/acl_get_fd.3
+#usr/share/man/man3/acl_get_file.3
+#usr/share/man/man3/acl_get_perm.3
+#usr/share/man/man3/acl_get_permset.3
+#usr/share/man/man3/acl_get_qualifier.3
+#usr/share/man/man3/acl_get_tag_type.3
+#usr/share/man/man3/acl_init.3
+#usr/share/man/man3/acl_set_fd.3
+#usr/share/man/man3/acl_set_file.3
+#usr/share/man/man3/acl_set_permset.3
+#usr/share/man/man3/acl_set_qualifier.3
+#usr/share/man/man3/acl_set_tag_type.3
+#usr/share/man/man3/acl_size.3
+#usr/share/man/man3/acl_to_any_text.3
+#usr/share/man/man3/acl_to_text.3
+#usr/share/man/man3/acl_valid.3
+#usr/share/man/man5/acl.5
etc/rc.d/init.d/fireinfo
etc/rc.d/init.d/firewall
etc/rc.d/init.d/firstsetup
+#etc/rc.d/init.d/freeradius
etc/rc.d/init.d/fsresize
etc/rc.d/init.d/functions
#etc/rc.d/init.d/gnump3d
+#etc/rc.d/init.d/guardian
etc/rc.d/init.d/halt
#etc/rc.d/init.d/haproxy
#etc/rc.d/init.d/hostapd
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
+#etc/rc.d/init.d/networking/red.up/35-guardian
etc/rc.d/init.d/networking/red.up/40-ipac
etc/rc.d/init.d/networking/red.up/50-ipsec
etc/rc.d/init.d/networking/red.up/50-ovpn
#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/altera-stapl
#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/altera-stapl/altera-stapl.ko
#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/bmp085-i2c.ko
+#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/bmp085.ko
#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/cb710
#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/cb710/cb710.ko
#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/ds1682.ko
#lib/modules/KVER-ipfire-multi/kernel/drivers/misc/altera-stapl
#lib/modules/KVER-ipfire-multi/kernel/drivers/misc/altera-stapl/altera-stapl.ko
#lib/modules/KVER-ipfire-multi/kernel/drivers/misc/bmp085-i2c.ko
+#lib/modules/KVER-ipfire-multi/kernel/drivers/misc/bmp085.ko
#lib/modules/KVER-ipfire-multi/kernel/drivers/misc/ds1682.ko
#lib/modules/KVER-ipfire-multi/kernel/drivers/misc/dummy-irq.ko
#lib/modules/KVER-ipfire-multi/kernel/drivers/misc/eeprom
#var/ipfire/menu.d/EX-apcupsd.menu
#var/ipfire/menu.d/EX-asterisk.menu
#var/ipfire/menu.d/EX-bluetooth.menu
+#var/ipfire/menu.d/EX-guardian.menu
#var/ipfire/menu.d/EX-imspector.menu
#var/ipfire/menu.d/EX-mpfire.menu
#var/ipfire/menu.d/EX-samba.menu
#usr/share/man/man3/CURLOPT_NOPROGRESS.3
#usr/share/man/man3/CURLOPT_NOPROXY.3
#usr/share/man/man3/CURLOPT_NOSIGNAL.3
+#usr/share/man/man3/CURLOPT_CONNECT_TO.3
#usr/share/man/man3/CURLOPT_OPENSOCKETDATA.3
#usr/share/man/man3/CURLOPT_OPENSOCKETFUNCTION.3
#usr/share/man/man3/CURLOPT_PASSWORD.3
#usr/share/man/man3/CURLOPT_STREAM_DEPENDS.3
#usr/share/man/man3/CURLOPT_STREAM_DEPENDS_E.3
#usr/share/man/man3/CURLOPT_STREAM_WEIGHT.3
+#usr/share/man/man3/CURLOPT_TCP_FASTOPEN.3
#usr/share/man/man3/CURLOPT_TCP_KEEPALIVE.3
#usr/share/man/man3/CURLOPT_TCP_KEEPIDLE.3
#usr/share/man/man3/CURLOPT_TCP_KEEPINTVL.3
#usr/share/man/man3/curl_multi_remove_handle.3
#usr/share/man/man3/curl_multi_setopt.3
#usr/share/man/man3/curl_multi_socket.3
+#usr/share/man/man3/curl_multi_socket_all.3
#usr/share/man/man3/curl_multi_socket_action.3
#usr/share/man/man3/curl_multi_strerror.3
#usr/share/man/man3/curl_multi_timeout.3
usr/bin/acpi_listen
usr/sbin/acpid
#usr/sbin/kacpimon
-#usr/share/doc/acpid
-#usr/share/doc/acpid/COPYING
-#usr/share/doc/acpid/Changelog
-#usr/share/doc/acpid/README
-#usr/share/doc/acpid/TESTPLAN
-#usr/share/doc/acpid/TODO
+#usr/share/doc/acpid-2.0.26
+#usr/share/doc/acpid-2.0.26/COPYING
+#usr/share/doc/acpid-2.0.26/Changelog
+#usr/share/doc/acpid-2.0.26/README
+#usr/share/doc/acpid-2.0.26/TESTPLAN
+#usr/share/doc/acpid-2.0.26/TODO
#usr/share/man/man8/acpi_listen.8
#usr/share/man/man8/acpid.8
#usr/share/man/man8/kacpimon.8
etc/rc.d/init.d/fireinfo
etc/rc.d/init.d/firewall
etc/rc.d/init.d/firstsetup
+#etc/rc.d/init.d/freeradius
etc/rc.d/init.d/fsresize
etc/rc.d/init.d/functions
#etc/rc.d/init.d/gnump3d
+#etc/rc.d/init.d/guardian
etc/rc.d/init.d/halt
#etc/rc.d/init.d/haproxy
#etc/rc.d/init.d/hostapd
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
+#etc/rc.d/init.d/networking/red.up/35-guardian
etc/rc.d/init.d/networking/red.up/40-ipac
etc/rc.d/init.d/networking/red.up/50-ipsec
etc/rc.d/init.d/networking/red.up/50-ovpn
#lib/modules/KVER-ipfire/kernel/drivers/misc/altera-stapl
#lib/modules/KVER-ipfire/kernel/drivers/misc/altera-stapl/altera-stapl.ko
#lib/modules/KVER-ipfire/kernel/drivers/misc/bmp085-i2c.ko
+#lib/modules/KVER-ipfire/kernel/drivers/misc/bmp085.ko
#lib/modules/KVER-ipfire/kernel/drivers/misc/cb710
#lib/modules/KVER-ipfire/kernel/drivers/misc/cb710/cb710.ko
#lib/modules/KVER-ipfire/kernel/drivers/misc/cs5535-mfgpt.ko
#usr/bin/bsdcpio
+#usr/bin/bsdcat
#usr/bin/bsdtar
#usr/include/archive.h
#usr/include/archive_entry.h
#usr/lib/libarchive.la
#usr/lib/libarchive.so
#usr/lib/libarchive.so.13
-#usr/lib/libarchive.so.13.1.2
+#usr/lib/libarchive.so.13.2.1
#usr/lib/pkgconfig/libarchive.pc
#usr/share/man/man1/bsdcpio.1
+#usr/share/man/man1/bsdcat.1
#usr/share/man/man1/bsdtar.1
#usr/share/man/man3/archive_entry.3
#usr/share/man/man3/archive_entry_acl.3
#usr/share/man/man3/archive_entry_stat.3
#usr/share/man/man3/archive_entry_time.3
#usr/share/man/man3/archive_read.3
+#usr/share/man/man3/archive_read_add_passphrase.3
#usr/share/man/man3/archive_read_data.3
#usr/share/man/man3/archive_read_disk.3
#usr/share/man/man3/archive_read_extract.3
#usr/share/man/man3/archive_write_new.3
#usr/share/man/man3/archive_write_open.3
#usr/share/man/man3/archive_write_set_options.3
+#usr/share/man/man3/archive_write_set_passphrase.3
#usr/share/man/man3/libarchive.3
#usr/share/man/man3/libarchive_changes.3
#usr/share/man/man3/libarchive_internals.3
-#lib/libcap.a
lib/libcap.so
lib/libcap.so.1
lib/libcap.so.2
-lib/libcap.so.2.24
+lib/libcap.so.2.25
lib/security/pam_cap.so
sbin/capsh
sbin/getcap
sbin/getpcaps
sbin/setcap
#usr/include/sys/capability.h
+usr/lib/libcap.so
#usr/lib/pkgconfig/libcap.pc
#usr/share/man/man1/capsh.1
#usr/share/man/man3/cap_clear.3
#usr/man/man4/atmsigd.conf.4
#usr/man/man7/qos.7
#usr/man/man7/sap.7
+#usr/man/man8
#usr/man/man8/atmaddr.8
#usr/man/man8/atmarp.8
#usr/man/man8/atmarpd.8
#usr/lib/libpcre.la
usr/lib/libpcre.so
usr/lib/libpcre.so.1
-usr/lib/libpcre.so.1.2.6
+usr/lib/libpcre.so.1.2.7
+#usr/lib/libpcre16.la
+usr/lib/libpcre16.so
+usr/lib/libpcre16.so.0
+usr/lib/libpcre16.so.0.2.7
+#usr/lib/libpcre32.la
+usr/lib/libpcre32.so
+usr/lib/libpcre32.so.0
+usr/lib/libpcre32.so.0.0.7
#usr/lib/libpcrecpp.la
usr/lib/libpcrecpp.so
usr/lib/libpcrecpp.so.0
#usr/lib/libpcreposix.la
usr/lib/libpcreposix.so
usr/lib/libpcreposix.so.0
-usr/lib/libpcreposix.so.0.0.3
+usr/lib/libpcreposix.so.0.0.4
#usr/lib/pkgconfig/libpcre.pc
+#usr/lib/pkgconfig/libpcre16.pc
+#usr/lib/pkgconfig/libpcre32.pc
#usr/lib/pkgconfig/libpcrecpp.pc
#usr/lib/pkgconfig/libpcreposix.pc
-#usr/share/doc/pcre
-#usr/share/doc/pcre/AUTHORS
-#usr/share/doc/pcre/COPYING
-#usr/share/doc/pcre/ChangeLog
-#usr/share/doc/pcre/LICENCE
-#usr/share/doc/pcre/NEWS
-#usr/share/doc/pcre/README
-#usr/share/doc/pcre/html
-#usr/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt
-#usr/share/doc/pcre/html/README.txt
-#usr/share/doc/pcre/html/index.html
-#usr/share/doc/pcre/html/pcre-config.html
-#usr/share/doc/pcre/html/pcre.html
-#usr/share/doc/pcre/html/pcre16.html
-#usr/share/doc/pcre/html/pcre32.html
-#usr/share/doc/pcre/html/pcre_assign_jit_stack.html
-#usr/share/doc/pcre/html/pcre_compile.html
-#usr/share/doc/pcre/html/pcre_compile2.html
-#usr/share/doc/pcre/html/pcre_config.html
-#usr/share/doc/pcre/html/pcre_copy_named_substring.html
-#usr/share/doc/pcre/html/pcre_copy_substring.html
-#usr/share/doc/pcre/html/pcre_dfa_exec.html
-#usr/share/doc/pcre/html/pcre_exec.html
-#usr/share/doc/pcre/html/pcre_free_study.html
-#usr/share/doc/pcre/html/pcre_free_substring.html
-#usr/share/doc/pcre/html/pcre_free_substring_list.html
-#usr/share/doc/pcre/html/pcre_fullinfo.html
-#usr/share/doc/pcre/html/pcre_get_named_substring.html
-#usr/share/doc/pcre/html/pcre_get_stringnumber.html
-#usr/share/doc/pcre/html/pcre_get_stringtable_entries.html
-#usr/share/doc/pcre/html/pcre_get_substring.html
-#usr/share/doc/pcre/html/pcre_get_substring_list.html
-#usr/share/doc/pcre/html/pcre_jit_exec.html
-#usr/share/doc/pcre/html/pcre_jit_stack_alloc.html
-#usr/share/doc/pcre/html/pcre_jit_stack_free.html
-#usr/share/doc/pcre/html/pcre_maketables.html
-#usr/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html
-#usr/share/doc/pcre/html/pcre_refcount.html
-#usr/share/doc/pcre/html/pcre_study.html
-#usr/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html
-#usr/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html
-#usr/share/doc/pcre/html/pcre_version.html
-#usr/share/doc/pcre/html/pcreapi.html
-#usr/share/doc/pcre/html/pcrebuild.html
-#usr/share/doc/pcre/html/pcrecallout.html
-#usr/share/doc/pcre/html/pcrecompat.html
-#usr/share/doc/pcre/html/pcrecpp.html
-#usr/share/doc/pcre/html/pcredemo.html
-#usr/share/doc/pcre/html/pcregrep.html
-#usr/share/doc/pcre/html/pcrejit.html
-#usr/share/doc/pcre/html/pcrelimits.html
-#usr/share/doc/pcre/html/pcrematching.html
-#usr/share/doc/pcre/html/pcrepartial.html
-#usr/share/doc/pcre/html/pcrepattern.html
-#usr/share/doc/pcre/html/pcreperform.html
-#usr/share/doc/pcre/html/pcreposix.html
-#usr/share/doc/pcre/html/pcreprecompile.html
-#usr/share/doc/pcre/html/pcresample.html
-#usr/share/doc/pcre/html/pcrestack.html
-#usr/share/doc/pcre/html/pcresyntax.html
-#usr/share/doc/pcre/html/pcretest.html
-#usr/share/doc/pcre/html/pcreunicode.html
-#usr/share/doc/pcre/pcre-config.txt
-#usr/share/doc/pcre/pcre.txt
-#usr/share/doc/pcre/pcregrep.txt
-#usr/share/doc/pcre/pcretest.txt
+#usr/share/doc/pcre-pcre-8.39
+#usr/share/doc/pcre-pcre-8.39/AUTHORS
+#usr/share/doc/pcre-pcre-8.39/COPYING
+#usr/share/doc/pcre-pcre-8.39/ChangeLog
+#usr/share/doc/pcre-pcre-8.39/LICENCE
+#usr/share/doc/pcre-pcre-8.39/NEWS
+#usr/share/doc/pcre-pcre-8.39/README
+#usr/share/doc/pcre-pcre-8.39/html
+#usr/share/doc/pcre-pcre-8.39/html/NON-AUTOTOOLS-BUILD.txt
+#usr/share/doc/pcre-pcre-8.39/html/README.txt
+#usr/share/doc/pcre-pcre-8.39/html/index.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre-config.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre16.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre32.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_assign_jit_stack.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_compile.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_compile2.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_config.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_copy_named_substring.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_copy_substring.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_dfa_exec.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_exec.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_free_study.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_free_substring.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_free_substring_list.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_fullinfo.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_get_named_substring.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_get_stringnumber.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_get_stringtable_entries.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_get_substring.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_get_substring_list.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_jit_exec.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_jit_stack_alloc.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_jit_stack_free.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_maketables.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_pattern_to_host_byte_order.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_refcount.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_study.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_utf16_to_host_byte_order.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_utf32_to_host_byte_order.html
+#usr/share/doc/pcre-pcre-8.39/html/pcre_version.html
+#usr/share/doc/pcre-pcre-8.39/html/pcreapi.html
+#usr/share/doc/pcre-pcre-8.39/html/pcrebuild.html
+#usr/share/doc/pcre-pcre-8.39/html/pcrecallout.html
+#usr/share/doc/pcre-pcre-8.39/html/pcrecompat.html
+#usr/share/doc/pcre-pcre-8.39/html/pcrecpp.html
+#usr/share/doc/pcre-pcre-8.39/html/pcredemo.html
+#usr/share/doc/pcre-pcre-8.39/html/pcregrep.html
+#usr/share/doc/pcre-pcre-8.39/html/pcrejit.html
+#usr/share/doc/pcre-pcre-8.39/html/pcrelimits.html
+#usr/share/doc/pcre-pcre-8.39/html/pcrematching.html
+#usr/share/doc/pcre-pcre-8.39/html/pcrepartial.html
+#usr/share/doc/pcre-pcre-8.39/html/pcrepattern.html
+#usr/share/doc/pcre-pcre-8.39/html/pcreperform.html
+#usr/share/doc/pcre-pcre-8.39/html/pcreposix.html
+#usr/share/doc/pcre-pcre-8.39/html/pcreprecompile.html
+#usr/share/doc/pcre-pcre-8.39/html/pcresample.html
+#usr/share/doc/pcre-pcre-8.39/html/pcrestack.html
+#usr/share/doc/pcre-pcre-8.39/html/pcresyntax.html
+#usr/share/doc/pcre-pcre-8.39/html/pcretest.html
+#usr/share/doc/pcre-pcre-8.39/html/pcreunicode.html
+#usr/share/doc/pcre-pcre-8.39/pcre-config.txt
+#usr/share/doc/pcre-pcre-8.39/pcre.txt
+#usr/share/doc/pcre-pcre-8.39/pcregrep.txt
+#usr/share/doc/pcre-pcre-8.39/pcretest.txt
#usr/share/man/man1/pcre-config.1
#usr/share/man/man1/pcregrep.1
#usr/share/man/man1/pcretest.1
usr/lib/libpopt.so
usr/lib/libpopt.so.0
usr/lib/libpopt.so.0.0.0
-#usr/man/man3/popt.3
+#usr/lib/pkgconfig/popt.pc
+#usr/share/man/man3/popt.3
-bin/groups
bin/login
bin/passwd
bin/su
#etc/.pwd.lock
#etc/default
+#etc/default/useradd
etc/limits
etc/login.access
etc/login.defs
#etc/passwd-
etc/shadow
#etc/shadow-
-lib/libshadow.so.0
-lib/libshadow.so.0.0.0
+sbin/nologin
#usr/bin/chage
#usr/bin/chfn
#usr/bin/chsh
#usr/bin/faillog
#usr/bin/gpasswd
#usr/bin/lastlog
+#usr/bin/newgidmap
#usr/bin/newgrp
+#usr/bin/newuidmap
#usr/bin/sg
-#usr/lib/libshadow.a
-#usr/lib/libshadow.la
#usr/lib/libshadow.so
-#usr/man/man1/chage.1
-#usr/man/man1/chfn.1
-#usr/man/man1/chsh.1
-#usr/man/man1/expiry.1
-#usr/man/man1/gpasswd.1
-#usr/man/man1/login.1
-#usr/man/man1/newgrp.1
-#usr/man/man1/passwd.1
-#usr/man/man1/sg.1
-#usr/man/man1/su.1
-#usr/man/man3/getspnam.3
-#usr/man/man3/shadow.3
-#usr/man/man5/faillog.5
-#usr/man/man5/gshadow.5
-#usr/man/man5/limits.5
-#usr/man/man5/login.access.5
-#usr/man/man5/login.defs.5
-#usr/man/man5/passwd.5
-#usr/man/man5/porttime.5
-#usr/man/man5/shadow.5
-#usr/man/man5/suauth.5
-#usr/man/man8
-#usr/man/man8/chpasswd.8
-#usr/man/man8/faillog.8
-#usr/man/man8/groupadd.8
-#usr/man/man8/groupdel.8
-#usr/man/man8/groupmod.8
-#usr/man/man8/grpck.8
-#usr/man/man8/grpconv.8
-#usr/man/man8/grpunconv.8
-#usr/man/man8/lastlog.8
-#usr/man/man8/logoutd.8
-#usr/man/man8/newusers.8
-#usr/man/man8/nologin.8
-#usr/man/man8/pwck.8
-#usr/man/man8/pwconv.8
-#usr/man/man8/pwunconv.8
-#usr/man/man8/useradd.8
-#usr/man/man8/userdel.8
-#usr/man/man8/usermod.8
-#usr/man/man8/vigr.8
-#usr/man/man8/vipw.8
#usr/sbin/chgpasswd
usr/sbin/chpasswd
usr/sbin/groupadd
usr/sbin/groupdel
+usr/sbin/groupmems
usr/sbin/groupmod
#usr/sbin/grpck
usr/sbin/grpconv
#usr/sbin/grpunconv
#usr/sbin/logoutd
#usr/sbin/newusers
-#usr/sbin/nologin
#usr/sbin/pwck
usr/sbin/pwconv
#usr/sbin/pwunconv
usr/sbin/usermod
#usr/sbin/vigr
#usr/sbin/vipw
+#usr/share/man/man1/chage.1
+#usr/share/man/man1/chfn.1
+#usr/share/man/man1/chsh.1
+#usr/share/man/man1/expiry.1
+#usr/share/man/man1/gpasswd.1
+#usr/share/man/man1/login.1
+#usr/share/man/man1/newgidmap.1
+#usr/share/man/man1/newgrp.1
+#usr/share/man/man1/newuidmap.1
+#usr/share/man/man1/passwd.1
+#usr/share/man/man1/sg.1
+#usr/share/man/man1/su.1
+#usr/share/man/man3/shadow.3
+#usr/share/man/man5/faillog.5
+#usr/share/man/man5/gshadow.5
+#usr/share/man/man5/limits.5
+#usr/share/man/man5/login.access.5
+#usr/share/man/man5/login.defs.5
+#usr/share/man/man5/porttime.5
+#usr/share/man/man5/shadow.5
+#usr/share/man/man5/suauth.5
+#usr/share/man/man5/subgid.5
+#usr/share/man/man5/subuid.5
+#usr/share/man/man8/chgpasswd.8
+#usr/share/man/man8/chpasswd.8
+#usr/share/man/man8/faillog.8
+#usr/share/man/man8/groupadd.8
+#usr/share/man/man8/groupdel.8
+#usr/share/man/man8/groupmems.8
+#usr/share/man/man8/groupmod.8
+#usr/share/man/man8/grpck.8
+#usr/share/man/man8/grpconv.8
+#usr/share/man/man8/grpunconv.8
+#usr/share/man/man8/lastlog.8
+#usr/share/man/man8/logoutd.8
+#usr/share/man/man8/newusers.8
+#usr/share/man/man8/nologin.8
+#usr/share/man/man8/pwck.8
+#usr/share/man/man8/pwconv.8
+#usr/share/man/man8/pwunconv.8
+#usr/share/man/man8/useradd.8
+#usr/share/man/man8/userdel.8
+#usr/share/man/man8/usermod.8
+#usr/share/man/man8/vigr.8
+#usr/share/man/man8/vipw.8
#usr/include/snort/dynamic_output/snort_debug.h
#usr/include/snort/dynamic_output/stream_api.h
#usr/include/snort/dynamic_preproc
-#usr/include/snort/dynamic_preproc/appId.h
#usr/include/snort/dynamic_preproc/bitop.h
#usr/include/snort/dynamic_preproc/cpuclock.h
#usr/include/snort/dynamic_preproc/file_api.h
#usr/include/snort/dynamic_preproc/mpse_methods.h
#usr/include/snort/dynamic_preproc/obfuscation.h
#usr/include/snort/dynamic_preproc/packet_time.h
+#usr/include/snort/dynamic_preproc/perf_indicators.h
#usr/include/snort/dynamic_preproc/preprocids.h
#usr/include/snort/dynamic_preproc/profiler.h
#usr/include/snort/dynamic_preproc/segment_mem.h
#usr/share/doc/snort/README.reload
#usr/share/doc/snort/README.reputation
#usr/share/doc/snort/README.sensitive_data
+#usr/share/doc/snort/README.session
#usr/share/doc/snort/README.sfportscan
#usr/share/doc/snort/README.sip
#usr/share/doc/snort/README.ssh
srv/web/ipfire/cgi-bin/firewall.cgi
srv/web/ipfire/cgi-bin/fwhosts.cgi
srv/web/ipfire/cgi-bin/geoip-block.cgi
+#srv/web/ipfire/cgi-bin/guardian.cgi
srv/web/ipfire/cgi-bin/gpl.cgi
srv/web/ipfire/cgi-bin/gui.cgi
srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
usr/bin/which
-#usr/info/which.info
-#usr/man/man1/which.1
+#usr/share/info/which.info
+#usr/share/man/man1/which.1
usr/bin/acpi_listen
usr/sbin/acpid
#usr/sbin/kacpimon
-#usr/share/doc/acpid
-#usr/share/doc/acpid/COPYING
-#usr/share/doc/acpid/Changelog
-#usr/share/doc/acpid/README
-#usr/share/doc/acpid/TESTPLAN
-#usr/share/doc/acpid/TODO
+#usr/share/doc/acpid-2.0.26
+#usr/share/doc/acpid-2.0.26/COPYING
+#usr/share/doc/acpid-2.0.26/Changelog
+#usr/share/doc/acpid-2.0.26/README
+#usr/share/doc/acpid-2.0.26/TESTPLAN
+#usr/share/doc/acpid-2.0.26/TODO
#usr/share/man/man8/acpi_listen.8
#usr/share/man/man8/acpid.8
#usr/share/man/man8/kacpimon.8
etc/rc.d/init.d/fireinfo
etc/rc.d/init.d/firewall
etc/rc.d/init.d/firstsetup
+#etc/rc.d/init.d/freeradius
etc/rc.d/init.d/fsresize
etc/rc.d/init.d/functions
#etc/rc.d/init.d/gnump3d
+#etc/rc.d/init.d/guardian
etc/rc.d/init.d/halt
#etc/rc.d/init.d/haproxy
#etc/rc.d/init.d/hostapd
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
+#etc/rc.d/init.d/networking/red.up/35-guardian
etc/rc.d/init.d/networking/red.up/40-ipac
etc/rc.d/init.d/networking/red.up/50-ipsec
etc/rc.d/init.d/networking/red.up/50-ovpn
#lib/modules/KVER-ipfire/kernel/drivers/misc/altera-stapl
#lib/modules/KVER-ipfire/kernel/drivers/misc/altera-stapl/altera-stapl.ko
#lib/modules/KVER-ipfire/kernel/drivers/misc/bmp085-i2c.ko
+#lib/modules/KVER-ipfire/kernel/drivers/misc/bmp085.ko
#lib/modules/KVER-ipfire/kernel/drivers/misc/cb710
#lib/modules/KVER-ipfire/kernel/drivers/misc/cb710/cb710.ko
#lib/modules/KVER-ipfire/kernel/drivers/misc/cs5535-mfgpt.ko
--- /dev/null
+../../../common/acl
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-kirkwood
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-multi
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-rpi
\ No newline at end of file
--- /dev/null
+../../../common/ddns
\ No newline at end of file
--- /dev/null
+etc/system-release
+etc/issue
+etc/collectd.conf
+etc/httpd/conf/global.conf
+etc/rc.d/init.d/snort
+opt/pakfire/lib/functions.sh
+srv/web/ipfire/cgi-bin/ids.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/cgi-bin/logs.cgi/log.dat
+srv/web/ipfire/html/themes/ipfire/include/functions.pl
+srv/web/ipfire/html/themes/ipfire/include/js/refreshInetInfo.js
+var/ipfire/langs
+var/ipfire/fwhosts/customservices.default
+var/ipfire/updatexlrator/bin/download
--- /dev/null
+../../../../common/i586/acpid
\ No newline at end of file
--- /dev/null
+../../../../common/i586/linux
\ No newline at end of file
--- /dev/null
+../../../common/iputils
\ No newline at end of file
--- /dev/null
+../../../common/libarchive
\ No newline at end of file
--- /dev/null
+../../../common/libcap
\ No newline at end of file
--- /dev/null
+../../../common/ntp
\ No newline at end of file
--- /dev/null
+../../../common/openssh
\ No newline at end of file
--- /dev/null
+../../../common/pcre
\ No newline at end of file
--- /dev/null
+../../../common/popt
\ No newline at end of file
--- /dev/null
+../../../common/screen
\ No newline at end of file
--- /dev/null
+../../../common/shadow
\ No newline at end of file
--- /dev/null
+../../../common/snort
\ No newline at end of file
--- /dev/null
+../../../common/wget
\ No newline at end of file
--- /dev/null
+../../../common/which
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/acpid
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/linux
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2016 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+function find_device() {
+ local mountpoint="${1}"
+
+ local root
+ local dev mp fs flags rest
+ while read -r dev mp fs flags rest; do
+ # Skip unwanted entries
+ [ "${dev}" = "rootfs" ] && continue
+
+ if [ "${mp}" = "${mountpoint}" ] && [ -b "${dev}" ]; then
+ root="$(basename "${dev}")"
+ break
+ fi
+ done < /proc/mounts
+
+ # Get the actual device from the partition that holds /
+ while [ -n "${root}" ]; do
+ if [ -e "/sys/block/${root}" ]; then
+ echo "${root}"
+ return 0
+ fi
+
+ # Remove last character
+ root="${root::-1}"
+ done
+
+ return 1
+}
+
+
+core=104
+
+function exit_with_error() {
+ # Set last succesfull installed core.
+ echo $(($core-1)) > /opt/pakfire/db/core/mine
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: $1"
+ exit $2
+}
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+#
+# Do some sanity checks.
+case $(uname -r) in
+ *-ipfire* )
+ # Ok.
+ ;;
+ * )
+ exit_with_error "ERROR cannot update. No IPFire Kernel." 1
+ ;;
+esac
+
+
+#
+#
+KVER="xxxKVERxxx"
+
+# Check diskspace on root
+ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $ROOTSPACE -lt 100000 ]; then
+ exit_with_error "ERROR cannot update because not enough free space on root." 2
+ exit 2
+fi
+
+echo
+echo Update Kernel to $KVER ...
+#
+# Remove old kernel, configs, initrd, modules, dtb's ...
+#
+rm -rf /boot/System.map-*
+rm -rf /boot/config-*
+rm -rf /boot/ipfirerd-*
+rm -rf /boot/initramfs-*
+rm -rf /boot/vmlinuz-*
+rm -rf /boot/uImage-ipfire-*
+rm -rf /boot/zImage-ipfire-*
+rm -rf /boot/uInit-ipfire-*
+rm -rf /boot/dtb-*-ipfire-*
+rm -rf /lib/modules
+
+case "$(uname -m)" in
+ armv*)
+ # Backup uEnv.txt if exist
+ if [ -e /boot/uEnv.txt ]; then
+ cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
+ fi
+
+ # work around the u-boot folder detection bug
+ mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood
+ mkdir -pv /boot/dtb-$KVER-ipfire-multi
+ touch /boot/uImage-ipfire-kirkwood
+ touch /boot/zImage-ipfire-multi
+ touch /boot/uIinit-ipfire-kirkwood
+ touch /boot/uIinit-ipfire-multi
+ ;;
+esac
+
+# Stop services
+/etc/init.d/collectd stop
+/etc/init.d/snort stop
+/etc/init.d/squid stop
+/etc/init.d/dnsmasq stop
+/etc/init.d/sshd stop
+/etc/init.d/ipsec stop
+/etc/init.d/apache stop
+
+# Extract files
+tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
+
+# Update customservices
+cp /var/ipfire/fwhosts/customservices /var/ipfire/fwhosts/customservices.old
+echo 35,Submission (TCP),587,TCP,BLANK,0 >> /var/ipfire/fwhosts/customservices
+echo 36,SSMTP,465,TCP,BLANK,0 >> /var/ipfire/fwhosts/customservices
+
+# Remove some old files
+rm -f /bin/groups /lib/libshadow.so.0*
+
+# update linker config
+ldconfig
+
+# Check diskspace on boot
+BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $BOOTSPACE -lt 1000 ]; then
+ case $(uname -r) in
+ *-ipfire-kirkwood )
+ # Special handling for old kirkwood images.
+ # (install only kirkwood kernel)
+ rm -rf /boot/*
+ # work around the u-boot folder detection bug
+ mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood
+ tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \
+ --numeric-owner -C / --wildcards 'boot/*-kirkwood*'
+ ;;
+ * )
+ /etc/init.d/apache start
+ exit_with_error "FATAL-ERROR space run out on boot. System is not bootable..." 4
+ ;;
+ esac
+fi
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+#
+# Start services
+#
+/etc/init.d/collectd start
+/etc/init.d/apache start
+/etc/init.d/dnsmasq start
+/etc/init.d/sshd start
+/etc/init.d/squid start
+/etc/init.d/snort start
+if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
+ /etc/init.d/ipsec start
+fi
+
+# Delete old QoS enabled indicator
+rm -f /var/ipfire/qos/enable
+
+# Upadate Kernel version uEnv.txt
+if [ -e /boot/uEnv.txt ]; then
+ sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
+fi
+
+# call user update script (needed for some arm boards)
+if [ -e /boot/pakfire-kernel-update ]; then
+ /boot/pakfire-kernel-update ${KVER}
+fi
+
+case "$(uname -m)" in
+ i?86)
+ # Force (re)install pae kernel if pae is supported
+ rm -rf /opt/pakfire/db/installed/meta-linux-pae
+ if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
+ ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: WARNING not enough space for pae kernel."
+ else
+ echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
+ echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ fi
+ fi
+ ;;
+esac
+#
+# After pakfire has ended run it again and update the lists and do upgrade
+#
+echo '#!/bin/bash' > /tmp/pak_update
+echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update
+echo ' sleep 1' >> /tmp/pak_update
+echo 'done' >> /tmp/pak_update
+echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update
+echo ' sleep 1' >> /tmp/pak_update
+echo 'done' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
+echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub/uboot config"' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update
+echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update
+echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
+#
+killall -KILL pak_update
+chmod +x /tmp/pak_update
+/tmp/pak_update &
+
+sync
+
+# This update need a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+sync
+
+# Don't report the exitcode last command
+exit 0
--- /dev/null
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+../../../common/curl
\ No newline at end of file
--- /dev/null
+../../../common/dnsmasq
\ No newline at end of file
--- /dev/null
+etc/raddb
+#etc/raddb/README.rst
+#etc/raddb/certs
+#etc/raddb/certs/Makefile
+#etc/raddb/certs/README
+#etc/raddb/certs/bootstrap
+#etc/raddb/certs/ca.cnf
+#etc/raddb/certs/client.cnf
+#etc/raddb/certs/passwords.mk
+#etc/raddb/certs/server.cnf
+#etc/raddb/certs/xpextensions
+#etc/raddb/clients.conf
+#etc/raddb/dictionary
+#etc/raddb/hints
+#etc/raddb/huntgroups
+#etc/raddb/mods-available
+#etc/raddb/mods-available/README.rst
+#etc/raddb/mods-available/always
+#etc/raddb/mods-available/attr_filter
+#etc/raddb/mods-available/cache
+#etc/raddb/mods-available/cache_eap
+#etc/raddb/mods-available/chap
+#etc/raddb/mods-available/counter
+#etc/raddb/mods-available/cui
+#etc/raddb/mods-available/date
+#etc/raddb/mods-available/detail
+#etc/raddb/mods-available/detail.example.com
+#etc/raddb/mods-available/detail.log
+#etc/raddb/mods-available/dhcp
+#etc/raddb/mods-available/dhcp_sqlippool
+#etc/raddb/mods-available/digest
+#etc/raddb/mods-available/dynamic_clients
+#etc/raddb/mods-available/eap
+#etc/raddb/mods-available/echo
+#etc/raddb/mods-available/etc_group
+#etc/raddb/mods-available/exec
+#etc/raddb/mods-available/expiration
+#etc/raddb/mods-available/expr
+#etc/raddb/mods-available/files
+#etc/raddb/mods-available/idn
+#etc/raddb/mods-available/inner-eap
+#etc/raddb/mods-available/ippool
+#etc/raddb/mods-available/krb5
+#etc/raddb/mods-available/ldap
+#etc/raddb/mods-available/linelog
+#etc/raddb/mods-available/logintime
+#etc/raddb/mods-available/mac2ip
+#etc/raddb/mods-available/mac2vlan
+#etc/raddb/mods-available/mschap
+#etc/raddb/mods-available/ntlm_auth
+#etc/raddb/mods-available/opendirectory
+#etc/raddb/mods-available/otp
+#etc/raddb/mods-available/pam
+#etc/raddb/mods-available/pap
+#etc/raddb/mods-available/passwd
+#etc/raddb/mods-available/perl
+#etc/raddb/mods-available/preprocess
+#etc/raddb/mods-available/python
+#etc/raddb/mods-available/radutmp
+#etc/raddb/mods-available/realm
+#etc/raddb/mods-available/redis
+#etc/raddb/mods-available/rediswho
+#etc/raddb/mods-available/replicate
+#etc/raddb/mods-available/rest
+#etc/raddb/mods-available/smbpasswd
+#etc/raddb/mods-available/smsotp
+#etc/raddb/mods-available/soh
+#etc/raddb/mods-available/sometimes
+#etc/raddb/mods-available/sql
+#etc/raddb/mods-available/sqlcounter
+#etc/raddb/mods-available/sqlippool
+#etc/raddb/mods-available/sradutmp
+#etc/raddb/mods-available/unix
+#etc/raddb/mods-available/unpack
+#etc/raddb/mods-available/utf8
+#etc/raddb/mods-available/wimax
+#etc/raddb/mods-available/yubikey
+#etc/raddb/mods-config
+#etc/raddb/mods-config/README.rst
+#etc/raddb/mods-config/attr_filter
+#etc/raddb/mods-config/attr_filter/access_challenge
+#etc/raddb/mods-config/attr_filter/access_reject
+#etc/raddb/mods-config/attr_filter/accounting_response
+#etc/raddb/mods-config/attr_filter/post-proxy
+#etc/raddb/mods-config/attr_filter/pre-proxy
+#etc/raddb/mods-config/files
+#etc/raddb/mods-config/files/accounting
+#etc/raddb/mods-config/files/authorize
+#etc/raddb/mods-config/files/pre-proxy
+#etc/raddb/mods-config/perl
+#etc/raddb/mods-config/perl/example.pl
+#etc/raddb/mods-config/preprocess
+#etc/raddb/mods-config/preprocess/hints
+#etc/raddb/mods-config/preprocess/huntgroups
+#etc/raddb/mods-config/python
+#etc/raddb/mods-config/python/example.py
+#etc/raddb/mods-config/python/radiusd.py
+#etc/raddb/mods-config/sql
+#etc/raddb/mods-config/sql/counter
+#etc/raddb/mods-config/sql/counter/mysql
+#etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf
+#etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf
+#etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf
+#etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf
+#etc/raddb/mods-config/sql/counter/postgresql
+#etc/raddb/mods-config/sql/counter/postgresql/dailycounter.conf
+#etc/raddb/mods-config/sql/counter/postgresql/expire_on_login.conf
+#etc/raddb/mods-config/sql/counter/postgresql/monthlycounter.conf
+#etc/raddb/mods-config/sql/counter/postgresql/noresetcounter.conf
+#etc/raddb/mods-config/sql/counter/sqlite
+#etc/raddb/mods-config/sql/counter/sqlite/dailycounter.conf
+#etc/raddb/mods-config/sql/counter/sqlite/expire_on_login.conf
+#etc/raddb/mods-config/sql/counter/sqlite/monthlycounter.conf
+#etc/raddb/mods-config/sql/counter/sqlite/noresetcounter.conf
+#etc/raddb/mods-config/sql/cui
+#etc/raddb/mods-config/sql/cui/mysql
+#etc/raddb/mods-config/sql/cui/mysql/queries.conf
+#etc/raddb/mods-config/sql/cui/mysql/schema.sql
+#etc/raddb/mods-config/sql/cui/postgresql
+#etc/raddb/mods-config/sql/cui/postgresql/queries.conf
+#etc/raddb/mods-config/sql/cui/postgresql/schema.sql
+#etc/raddb/mods-config/sql/cui/sqlite
+#etc/raddb/mods-config/sql/cui/sqlite/queries.conf
+#etc/raddb/mods-config/sql/cui/sqlite/schema.sql
+#etc/raddb/mods-config/sql/ippool
+#etc/raddb/mods-config/sql/ippool-dhcp
+#etc/raddb/mods-config/sql/ippool-dhcp/mysql
+#etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
+#etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql
+#etc/raddb/mods-config/sql/ippool-dhcp/sqlite
+#etc/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf
+#etc/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql
+#etc/raddb/mods-config/sql/ippool/mysql
+#etc/raddb/mods-config/sql/ippool/mysql/queries.conf
+#etc/raddb/mods-config/sql/ippool/mysql/schema.sql
+#etc/raddb/mods-config/sql/ippool/postgresql
+#etc/raddb/mods-config/sql/ippool/postgresql/queries.conf
+#etc/raddb/mods-config/sql/ippool/postgresql/schema.sql
+#etc/raddb/mods-config/sql/ippool/sqlite
+#etc/raddb/mods-config/sql/ippool/sqlite/queries.conf
+#etc/raddb/mods-config/sql/ippool/sqlite/schema.sql
+#etc/raddb/mods-config/sql/main
+#etc/raddb/mods-config/sql/main/mysql
+#etc/raddb/mods-config/sql/main/mysql/extras
+#etc/raddb/mods-config/sql/main/mysql/extras/wimax
+#etc/raddb/mods-config/sql/main/mysql/extras/wimax/queries.conf
+#etc/raddb/mods-config/sql/main/mysql/extras/wimax/schema.sql
+#etc/raddb/mods-config/sql/main/mysql/queries.conf
+#etc/raddb/mods-config/sql/main/mysql/schema.sql
+#etc/raddb/mods-config/sql/main/mysql/setup.sql
+#etc/raddb/mods-config/sql/main/ndb
+#etc/raddb/mods-config/sql/main/ndb/README
+#etc/raddb/mods-config/sql/main/ndb/schema.sql
+#etc/raddb/mods-config/sql/main/ndb/setup.sql
+#etc/raddb/mods-config/sql/main/postgresql
+#etc/raddb/mods-config/sql/main/postgresql/extras
+#etc/raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql
+#etc/raddb/mods-config/sql/main/postgresql/extras/update_radacct_group.sql
+#etc/raddb/mods-config/sql/main/postgresql/extras/voip-postpaid.conf
+#etc/raddb/mods-config/sql/main/postgresql/queries.conf
+#etc/raddb/mods-config/sql/main/postgresql/schema.sql
+#etc/raddb/mods-config/sql/main/postgresql/setup.sql
+#etc/raddb/mods-config/sql/main/sqlite
+#etc/raddb/mods-config/sql/main/sqlite/queries.conf
+#etc/raddb/mods-config/sql/main/sqlite/schema.sql
+#etc/raddb/mods-config/unbound
+#etc/raddb/mods-enabled
+#etc/raddb/mods-enabled/always
+#etc/raddb/mods-enabled/attr_filter
+#etc/raddb/mods-enabled/cache_eap
+#etc/raddb/mods-enabled/chap
+#etc/raddb/mods-enabled/detail
+#etc/raddb/mods-enabled/detail.log
+#etc/raddb/mods-enabled/dhcp
+#etc/raddb/mods-enabled/digest
+#etc/raddb/mods-enabled/dynamic_clients
+#etc/raddb/mods-enabled/eap
+#etc/raddb/mods-enabled/echo
+#etc/raddb/mods-enabled/exec
+#etc/raddb/mods-enabled/expiration
+#etc/raddb/mods-enabled/expr
+#etc/raddb/mods-enabled/files
+#etc/raddb/mods-enabled/linelog
+#etc/raddb/mods-enabled/logintime
+#etc/raddb/mods-enabled/mschap
+#etc/raddb/mods-enabled/ntlm_auth
+#etc/raddb/mods-enabled/pap
+#etc/raddb/mods-enabled/passwd
+#etc/raddb/mods-enabled/preprocess
+#etc/raddb/mods-enabled/radutmp
+#etc/raddb/mods-enabled/realm
+#etc/raddb/mods-enabled/replicate
+#etc/raddb/mods-enabled/soh
+#etc/raddb/mods-enabled/sradutmp
+#etc/raddb/mods-enabled/unix
+#etc/raddb/mods-enabled/unpack
+#etc/raddb/mods-enabled/utf8
+#etc/raddb/panic.gdb
+#etc/raddb/policy.d
+#etc/raddb/policy.d/accounting
+#etc/raddb/policy.d/canonicalization
+#etc/raddb/policy.d/control
+#etc/raddb/policy.d/cui
+#etc/raddb/policy.d/debug
+#etc/raddb/policy.d/dhcp
+#etc/raddb/policy.d/eap
+#etc/raddb/policy.d/filter
+#etc/raddb/policy.d/operator-name
+#etc/raddb/proxy.conf
+#etc/raddb/radiusd.conf
+#etc/raddb/sites-available
+#etc/raddb/sites-available/README
+#etc/raddb/sites-available/buffered-sql
+#etc/raddb/sites-available/challenge
+#etc/raddb/sites-available/channel_bindings
+#etc/raddb/sites-available/check-eap-tls
+#etc/raddb/sites-available/coa
+#etc/raddb/sites-available/control-socket
+#etc/raddb/sites-available/copy-acct-to-home-server
+#etc/raddb/sites-available/decoupled-accounting
+#etc/raddb/sites-available/default
+#etc/raddb/sites-available/dhcp
+#etc/raddb/sites-available/dhcp.relay
+#etc/raddb/sites-available/dynamic-clients
+#etc/raddb/sites-available/example
+#etc/raddb/sites-available/inner-tunnel
+#etc/raddb/sites-available/originate-coa
+#etc/raddb/sites-available/proxy-inner-tunnel
+#etc/raddb/sites-available/robust-proxy-accounting
+#etc/raddb/sites-available/soh
+#etc/raddb/sites-available/status
+#etc/raddb/sites-available/tls
+#etc/raddb/sites-available/virtual.example.com
+#etc/raddb/sites-available/vmps
+#etc/raddb/sites-enabled
+#etc/raddb/sites-enabled/default
+#etc/raddb/sites-enabled/inner-tunnel
+#etc/raddb/templates.conf
+#etc/raddb/trigger.conf
+#etc/raddb/users
+etc/rc.d/init.d/freeradius
+#usr/bin/dhcpclient
+usr/bin/map_unit
+usr/bin/rad_counter
+usr/bin/radattr
+usr/bin/radclient
+usr/bin/radcrypt
+usr/bin/radeapclient
+usr/bin/radlast
+usr/bin/radsniff
+usr/bin/radsqlrelay
+usr/bin/radtest
+usr/bin/radwho
+usr/bin/radzap
+usr/bin/rlm_ippool_tool
+usr/bin/smbencrypt
+#usr/include/freeradius
+#usr/include/freeradius/attributes.h
+#usr/include/freeradius/base64.h
+#usr/include/freeradius/build.h
+#usr/include/freeradius/conf.h
+#usr/include/freeradius/conffile.h
+#usr/include/freeradius/detail.h
+#usr/include/freeradius/event.h
+#usr/include/freeradius/features.h
+#usr/include/freeradius/freeradius.h
+#usr/include/freeradius/hash.h
+#usr/include/freeradius/heap.h
+#usr/include/freeradius/libradius.h
+#usr/include/freeradius/map.h
+#usr/include/freeradius/md4.h
+#usr/include/freeradius/md5.h
+#usr/include/freeradius/missing.h
+#usr/include/freeradius/modcall.h
+#usr/include/freeradius/modules.h
+#usr/include/freeradius/packet.h
+#usr/include/freeradius/rad_assert.h
+#usr/include/freeradius/radius.h
+#usr/include/freeradius/radiusd.h
+#usr/include/freeradius/radpaths.h
+#usr/include/freeradius/radutmp.h
+#usr/include/freeradius/realms.h
+#usr/include/freeradius/rfc2865.h
+#usr/include/freeradius/rfc2866.h
+#usr/include/freeradius/rfc2867.h
+#usr/include/freeradius/rfc2868.h
+#usr/include/freeradius/rfc2869.h
+#usr/include/freeradius/rfc3162.h
+#usr/include/freeradius/rfc3576.h
+#usr/include/freeradius/rfc3580.h
+#usr/include/freeradius/rfc4072.h
+#usr/include/freeradius/rfc4372.h
+#usr/include/freeradius/rfc4603.h
+#usr/include/freeradius/rfc4675.h
+#usr/include/freeradius/rfc4679.h
+#usr/include/freeradius/rfc4818.h
+#usr/include/freeradius/rfc4849.h
+#usr/include/freeradius/rfc5090.h
+#usr/include/freeradius/rfc5176.h
+#usr/include/freeradius/rfc5447.h
+#usr/include/freeradius/rfc5580.h
+#usr/include/freeradius/rfc5607.h
+#usr/include/freeradius/rfc5904.h
+#usr/include/freeradius/rfc6519.h
+#usr/include/freeradius/rfc6572.h
+#usr/include/freeradius/rfc6677.h
+#usr/include/freeradius/rfc6911.h
+#usr/include/freeradius/rfc6929.h
+#usr/include/freeradius/rfc6930.h
+#usr/include/freeradius/rfc7055.h
+#usr/include/freeradius/rfc7155.h
+#usr/include/freeradius/rfc7268.h
+#usr/include/freeradius/rfc7499.h
+#usr/include/freeradius/sha1.h
+#usr/include/freeradius/stats.h
+#usr/include/freeradius/sysutmp.h
+#usr/include/freeradius/tls.h
+#usr/include/freeradius/token.h
+#usr/include/freeradius/udpfromto.h
+#usr/include/freeradius/vqp.h
+#usr/lib/freeradius
+#usr/lib/freeradius/libfreeradius-dhcp.a
+#usr/lib/freeradius/libfreeradius-dhcp.la
+usr/lib/freeradius/libfreeradius-dhcp.so
+#usr/lib/freeradius/libfreeradius-eap.a
+#usr/lib/freeradius/libfreeradius-eap.la
+usr/lib/freeradius/libfreeradius-eap.so
+#usr/lib/freeradius/libfreeradius-radius.a
+#usr/lib/freeradius/libfreeradius-radius.la
+usr/lib/freeradius/libfreeradius-radius.so
+#usr/lib/freeradius/libfreeradius-server.a
+#usr/lib/freeradius/libfreeradius-server.la
+usr/lib/freeradius/libfreeradius-server.so
+#usr/lib/freeradius/proto_dhcp.a
+#usr/lib/freeradius/proto_dhcp.la
+usr/lib/freeradius/proto_dhcp.so
+#usr/lib/freeradius/proto_vmps.a
+#usr/lib/freeradius/proto_vmps.la
+usr/lib/freeradius/proto_vmps.so
+#usr/lib/freeradius/rlm_always.a
+#usr/lib/freeradius/rlm_always.la
+usr/lib/freeradius/rlm_always.so
+#usr/lib/freeradius/rlm_attr_filter.a
+#usr/lib/freeradius/rlm_attr_filter.la
+usr/lib/freeradius/rlm_attr_filter.so
+#usr/lib/freeradius/rlm_cache.a
+#usr/lib/freeradius/rlm_cache.la
+usr/lib/freeradius/rlm_cache.so
+#usr/lib/freeradius/rlm_cache_rbtree.a
+#usr/lib/freeradius/rlm_cache_rbtree.la
+usr/lib/freeradius/rlm_cache_rbtree.so
+#usr/lib/freeradius/rlm_chap.a
+#usr/lib/freeradius/rlm_chap.la
+usr/lib/freeradius/rlm_chap.so
+#usr/lib/freeradius/rlm_counter.a
+#usr/lib/freeradius/rlm_counter.la
+usr/lib/freeradius/rlm_counter.so
+#usr/lib/freeradius/rlm_cram.a
+#usr/lib/freeradius/rlm_cram.la
+usr/lib/freeradius/rlm_cram.so
+#usr/lib/freeradius/rlm_date.a
+#usr/lib/freeradius/rlm_date.la
+usr/lib/freeradius/rlm_date.so
+#usr/lib/freeradius/rlm_detail.a
+#usr/lib/freeradius/rlm_detail.la
+usr/lib/freeradius/rlm_detail.so
+#usr/lib/freeradius/rlm_dhcp.a
+#usr/lib/freeradius/rlm_dhcp.la
+usr/lib/freeradius/rlm_dhcp.so
+#usr/lib/freeradius/rlm_digest.a
+#usr/lib/freeradius/rlm_digest.la
+usr/lib/freeradius/rlm_digest.so
+#usr/lib/freeradius/rlm_dynamic_clients.a
+#usr/lib/freeradius/rlm_dynamic_clients.la
+usr/lib/freeradius/rlm_dynamic_clients.so
+#usr/lib/freeradius/rlm_eap.a
+#usr/lib/freeradius/rlm_eap.la
+usr/lib/freeradius/rlm_eap.so
+#usr/lib/freeradius/rlm_eap_gtc.a
+#usr/lib/freeradius/rlm_eap_gtc.la
+usr/lib/freeradius/rlm_eap_gtc.so
+#usr/lib/freeradius/rlm_eap_leap.a
+#usr/lib/freeradius/rlm_eap_leap.la
+usr/lib/freeradius/rlm_eap_leap.so
+#usr/lib/freeradius/rlm_eap_md5.a
+#usr/lib/freeradius/rlm_eap_md5.la
+usr/lib/freeradius/rlm_eap_md5.so
+#usr/lib/freeradius/rlm_eap_mschapv2.a
+#usr/lib/freeradius/rlm_eap_mschapv2.la
+usr/lib/freeradius/rlm_eap_mschapv2.so
+#usr/lib/freeradius/rlm_eap_peap.a
+#usr/lib/freeradius/rlm_eap_peap.la
+usr/lib/freeradius/rlm_eap_peap.so
+#usr/lib/freeradius/rlm_eap_pwd.a
+#usr/lib/freeradius/rlm_eap_pwd.la
+usr/lib/freeradius/rlm_eap_pwd.so
+#usr/lib/freeradius/rlm_eap_sim.a
+#usr/lib/freeradius/rlm_eap_sim.la
+usr/lib/freeradius/rlm_eap_sim.so
+#usr/lib/freeradius/rlm_eap_tls.a
+#usr/lib/freeradius/rlm_eap_tls.la
+usr/lib/freeradius/rlm_eap_tls.so
+#usr/lib/freeradius/rlm_eap_ttls.a
+#usr/lib/freeradius/rlm_eap_ttls.la
+usr/lib/freeradius/rlm_eap_ttls.so
+#usr/lib/freeradius/rlm_exec.a
+#usr/lib/freeradius/rlm_exec.la
+usr/lib/freeradius/rlm_exec.so
+#usr/lib/freeradius/rlm_expiration.a
+#usr/lib/freeradius/rlm_expiration.la
+usr/lib/freeradius/rlm_expiration.so
+#usr/lib/freeradius/rlm_expr.a
+#usr/lib/freeradius/rlm_expr.la
+usr/lib/freeradius/rlm_expr.so
+#usr/lib/freeradius/rlm_files.a
+#usr/lib/freeradius/rlm_files.la
+usr/lib/freeradius/rlm_files.so
+#usr/lib/freeradius/rlm_ippool.a
+#usr/lib/freeradius/rlm_ippool.la
+usr/lib/freeradius/rlm_ippool.so
+#usr/lib/freeradius/rlm_krb5.a
+#usr/lib/freeradius/rlm_krb5.la
+usr/lib/freeradius/rlm_krb5.so
+#usr/lib/freeradius/rlm_ldap.a
+#usr/lib/freeradius/rlm_ldap.la
+usr/lib/freeradius/rlm_ldap.so
+#usr/lib/freeradius/rlm_linelog.a
+#usr/lib/freeradius/rlm_linelog.la
+usr/lib/freeradius/rlm_linelog.so
+#usr/lib/freeradius/rlm_logintime.a
+#usr/lib/freeradius/rlm_logintime.la
+usr/lib/freeradius/rlm_logintime.so
+#usr/lib/freeradius/rlm_mschap.a
+#usr/lib/freeradius/rlm_mschap.la
+usr/lib/freeradius/rlm_mschap.so
+#usr/lib/freeradius/rlm_otp.a
+#usr/lib/freeradius/rlm_otp.la
+usr/lib/freeradius/rlm_otp.so
+#usr/lib/freeradius/rlm_pam.a
+#usr/lib/freeradius/rlm_pam.la
+usr/lib/freeradius/rlm_pam.so
+#usr/lib/freeradius/rlm_pap.a
+#usr/lib/freeradius/rlm_pap.la
+usr/lib/freeradius/rlm_pap.so
+#usr/lib/freeradius/rlm_passwd.a
+#usr/lib/freeradius/rlm_passwd.la
+usr/lib/freeradius/rlm_passwd.so
+#usr/lib/freeradius/rlm_perl.a
+#usr/lib/freeradius/rlm_perl.la
+usr/lib/freeradius/rlm_perl.so
+#usr/lib/freeradius/rlm_preprocess.a
+#usr/lib/freeradius/rlm_preprocess.la
+usr/lib/freeradius/rlm_preprocess.so
+#usr/lib/freeradius/rlm_python.a
+#usr/lib/freeradius/rlm_python.la
+usr/lib/freeradius/rlm_python.so
+#usr/lib/freeradius/rlm_radutmp.a
+#usr/lib/freeradius/rlm_radutmp.la
+usr/lib/freeradius/rlm_radutmp.so
+#usr/lib/freeradius/rlm_realm.a
+#usr/lib/freeradius/rlm_realm.la
+usr/lib/freeradius/rlm_realm.so
+#usr/lib/freeradius/rlm_replicate.a
+#usr/lib/freeradius/rlm_replicate.la
+usr/lib/freeradius/rlm_replicate.so
+#usr/lib/freeradius/rlm_soh.a
+#usr/lib/freeradius/rlm_soh.la
+usr/lib/freeradius/rlm_soh.so
+#usr/lib/freeradius/rlm_sometimes.a
+#usr/lib/freeradius/rlm_sometimes.la
+usr/lib/freeradius/rlm_sometimes.so
+#usr/lib/freeradius/rlm_sql.a
+#usr/lib/freeradius/rlm_sql.la
+usr/lib/freeradius/rlm_sql.so
+#usr/lib/freeradius/rlm_sql_null.a
+#usr/lib/freeradius/rlm_sql_null.la
+usr/lib/freeradius/rlm_sql_null.so
+#usr/lib/freeradius/rlm_sqlcounter.a
+#usr/lib/freeradius/rlm_sqlcounter.la
+usr/lib/freeradius/rlm_sqlcounter.so
+#usr/lib/freeradius/rlm_sqlippool.a
+#usr/lib/freeradius/rlm_sqlippool.la
+usr/lib/freeradius/rlm_sqlippool.so
+#usr/lib/freeradius/rlm_test.a
+#usr/lib/freeradius/rlm_test.la
+#usr/lib/freeradius/rlm_unix.a
+#usr/lib/freeradius/rlm_unix.la
+usr/lib/freeradius/rlm_unix.so
+#usr/lib/freeradius/rlm_unpack.a
+#usr/lib/freeradius/rlm_unpack.la
+usr/lib/freeradius/rlm_unpack.so
+#usr/lib/freeradius/rlm_utf8.a
+#usr/lib/freeradius/rlm_utf8.la
+usr/lib/freeradius/rlm_utf8.so
+#usr/lib/freeradius/rlm_wimax.a
+#usr/lib/freeradius/rlm_wimax.la
+usr/lib/freeradius/rlm_wimax.so
+#usr/lib/freeradius/rlm_yubikey.a
+#usr/lib/freeradius/rlm_yubikey.la
+usr/lib/freeradius/rlm_yubikey.so
+usr/sbin/checkrad
+usr/sbin/raddebug
+usr/sbin/radiusd
+usr/sbin/radmin
+#usr/share/doc/freeradius
+#usr/share/doc/freeradius/ChangeLog
+#usr/share/doc/freeradius/Makefile.sphinx
+#usr/share/doc/freeradius/README
+#usr/share/doc/freeradius/bugs
+#usr/share/doc/freeradius/concepts
+#usr/share/doc/freeradius/concepts/aaa.rst
+#usr/share/doc/freeradius/concepts/proxy.rst
+#usr/share/doc/freeradius/configuration
+#usr/share/doc/freeradius/configuration/acct_type.rst
+#usr/share/doc/freeradius/configuration/autz_type.rst
+#usr/share/doc/freeradius/configuration/configurable_failover.rst
+#usr/share/doc/freeradius/configuration/load_balance.rst
+#usr/share/doc/freeradius/configuration/post_auth_type
+#usr/share/doc/freeradius/configuration/session_type
+#usr/share/doc/freeradius/configuration/simultaneous_use
+#usr/share/doc/freeradius/configuration/snmp
+#usr/share/doc/freeradius/configuration/variables.rst
+#usr/share/doc/freeradius/deployment
+#usr/share/doc/freeradius/deployment/CYGWIN.rst
+#usr/share/doc/freeradius/deployment/MACOSX
+#usr/share/doc/freeradius/deployment/OS2
+#usr/share/doc/freeradius/deployment/performance-testing
+#usr/share/doc/freeradius/deployment/supervise-radiusd.rst
+#usr/share/doc/freeradius/deployment/tuning_guide
+#usr/share/doc/freeradius/developer
+#usr/share/doc/freeradius/developer/coding-methods.rst
+#usr/share/doc/freeradius/developer/contributing.rst
+#usr/share/doc/freeradius/developer/module_interface.rst
+#usr/share/doc/freeradius/developer/release-method.rst
+#usr/share/doc/freeradius/index.rst
+#usr/share/doc/freeradius/modules
+#usr/share/doc/freeradius/modules/RADIUS-LDAP-eDirectory
+#usr/share/doc/freeradius/modules/ldap_howto.rst
+#usr/share/doc/freeradius/modules/mschap.rst
+#usr/share/doc/freeradius/modules/rlm_dbm
+#usr/share/doc/freeradius/modules/rlm_eap
+#usr/share/doc/freeradius/modules/rlm_expiration
+#usr/share/doc/freeradius/modules/rlm_krb5
+#usr/share/doc/freeradius/modules/rlm_pam
+#usr/share/doc/freeradius/modules/rlm_passwd
+#usr/share/doc/freeradius/modules/rlm_python
+#usr/share/doc/freeradius/modules/rlm_soh
+#usr/share/doc/freeradius/modules/rlm_sql
+#usr/share/doc/freeradius/modules/rlm_sqlcounter
+#usr/share/doc/freeradius/modules/rlm_sqlippool
+#usr/share/doc/freeradius/rfc
+#usr/share/doc/freeradius/rfc/Makefile
+#usr/share/doc/freeradius/rfc/attributes.html
+#usr/share/doc/freeradius/rfc/draft-kamath-pppext-eap-mschapv2-00.txt
+#usr/share/doc/freeradius/rfc/draft-sterman-aaa-sip-00.txt
+#usr/share/doc/freeradius/rfc/genref.pl
+#usr/share/doc/freeradius/rfc/leap.txt
+#usr/share/doc/freeradius/rfc/per-rfc.pl
+#usr/share/doc/freeradius/rfc/rewrite.pl
+#usr/share/doc/freeradius/rfc/rfc1157.txt
+#usr/share/doc/freeradius/rfc/rfc1227.txt
+#usr/share/doc/freeradius/rfc/rfc1448.txt
+#usr/share/doc/freeradius/rfc/rfc1901.txt
+#usr/share/doc/freeradius/rfc/rfc1905.txt
+#usr/share/doc/freeradius/rfc/rfc2243.txt
+#usr/share/doc/freeradius/rfc/rfc2284.txt
+#usr/share/doc/freeradius/rfc/rfc2289.txt
+#usr/share/doc/freeradius/rfc/rfc2433.txt
+#usr/share/doc/freeradius/rfc/rfc2548.txt
+#usr/share/doc/freeradius/rfc/rfc2607.txt
+#usr/share/doc/freeradius/rfc/rfc2618.txt
+#usr/share/doc/freeradius/rfc/rfc2619.txt
+#usr/share/doc/freeradius/rfc/rfc2620.txt
+#usr/share/doc/freeradius/rfc/rfc2621.txt
+#usr/share/doc/freeradius/rfc/rfc2716.txt
+#usr/share/doc/freeradius/rfc/rfc2759.txt
+#usr/share/doc/freeradius/rfc/rfc2809.txt
+#usr/share/doc/freeradius/rfc/rfc2865.txt
+#usr/share/doc/freeradius/rfc/rfc2866.txt
+#usr/share/doc/freeradius/rfc/rfc2867.txt
+#usr/share/doc/freeradius/rfc/rfc2868.txt
+#usr/share/doc/freeradius/rfc/rfc2869.txt
+#usr/share/doc/freeradius/rfc/rfc2924.txt
+#usr/share/doc/freeradius/rfc/rfc3079.txt
+#usr/share/doc/freeradius/rfc/rfc3162.txt
+#usr/share/doc/freeradius/rfc/rfc3539.txt
+#usr/share/doc/freeradius/rfc/rfc3575.txt
+#usr/share/doc/freeradius/rfc/rfc3576.txt
+#usr/share/doc/freeradius/rfc/rfc3579.txt
+#usr/share/doc/freeradius/rfc/rfc3580.txt
+#usr/share/doc/freeradius/rfc/rfc3748.txt
+#usr/share/doc/freeradius/rfc/rfc4072.txt
+#usr/share/doc/freeradius/rfc/rfc4186.txt
+#usr/share/doc/freeradius/rfc/rfc4282.txt
+#usr/share/doc/freeradius/rfc/rfc4372.txt
+#usr/share/doc/freeradius/rfc/rfc4590.txt
+#usr/share/doc/freeradius/rfc/rfc4668.txt
+#usr/share/doc/freeradius/rfc/rfc4669.txt
+#usr/share/doc/freeradius/rfc/rfc4670.txt
+#usr/share/doc/freeradius/rfc/rfc4671.txt
+#usr/share/doc/freeradius/rfc/rfc4672.txt
+#usr/share/doc/freeradius/rfc/rfc4673.txt
+#usr/share/doc/freeradius/rfc/rfc4675.txt
+#usr/share/doc/freeradius/rfc/rfc4679.txt
+#usr/share/doc/freeradius/rfc/rfc4818.txt
+#usr/share/doc/freeradius/rfc/rfc4849.txt
+#usr/share/doc/freeradius/rfc/rfc5080.txt
+#usr/share/doc/freeradius/rfc/rfc5090.txt
+#usr/share/doc/freeradius/rfc/rfc5176.txt
+#usr/share/doc/freeradius/rfc/rfc5247.txt
+#usr/share/doc/freeradius/rfc/rfc5281.txt
+#usr/share/doc/freeradius/rfc/rfc5580.txt
+#usr/share/doc/freeradius/rfc/rfc5607.txt
+#usr/share/doc/freeradius/rfc/rfc5904.txt
+#usr/share/doc/freeradius/rfc/rfc5931.txt
+#usr/share/doc/freeradius/rfc/rfc5997.txt
+#usr/share/doc/freeradius/rfc/rfc6158.txt
+#usr/share/doc/freeradius/rfc/rfc6519.txt
+#usr/share/doc/freeradius/rfc/rfc6572.txt
+#usr/share/doc/freeradius/rfc/rfc6613.txt
+#usr/share/doc/freeradius/rfc/rfc6614.txt
+#usr/share/doc/freeradius/rfc/rfc6677.txt
+#usr/share/doc/freeradius/rfc/rfc6911.txt
+#usr/share/doc/freeradius/rfc/rfc6929.txt
+#usr/share/doc/freeradius/rfc/rfc6930.txt
+#usr/share/doc/freeradius/rfc/rfc7055.txt
+#usr/share/doc/freeradius/rfc/rfc7268.txt
+#usr/share/doc/freeradius/rfc/rfc7542.txt
+#usr/share/doc/freeradius/rfc/rfc7599.txt
+#usr/share/doc/freeradius/schemas
+#usr/share/doc/freeradius/schemas/ldap
+#usr/share/doc/freeradius/schemas/ldap/edir
+#usr/share/doc/freeradius/schemas/ldap/edir/freeradius-clients.ldif
+#usr/share/doc/freeradius/schemas/ldap/iplanet
+#usr/share/doc/freeradius/schemas/ldap/iplanet/freeradius.ldif
+#usr/share/doc/freeradius/schemas/ldap/iplanet/freeradius.schema
+#usr/share/doc/freeradius/schemas/ldap/openldap
+#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius-clients.ldif
+#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius-clients.schema
+#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius.ldif
+#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius.schema
+#usr/share/doc/freeradius/schemas/logstash
+#usr/share/doc/freeradius/schemas/logstash/README
+#usr/share/doc/freeradius/schemas/logstash/kibana3-dashboard.json
+#usr/share/doc/freeradius/schemas/logstash/kibana4-dashboard.json
+#usr/share/doc/freeradius/schemas/logstash/log-courier.conf
+#usr/share/doc/freeradius/schemas/logstash/logstash-radius.conf
+#usr/share/doc/freeradius/schemas/logstash/radius-mapping.sh
+#usr/share/doc/freeradius/schemas/sql
+#usr/share/doc/freeradius/vendor
+#usr/share/doc/freeradius/vendor/ascend
+#usr/share/doc/freeradius/vendor/bay
+#usr/share/doc/freeradius/vendor/cisco.rst
+#usr/share/doc/freeradius/vendor/proxim
+usr/share/freeradius
+#usr/share/freeradius/dictionary
+#usr/share/freeradius/dictionary.3com
+#usr/share/freeradius/dictionary.3gpp
+#usr/share/freeradius/dictionary.3gpp2
+#usr/share/freeradius/dictionary.acc
+#usr/share/freeradius/dictionary.acme
+#usr/share/freeradius/dictionary.actelis
+#usr/share/freeradius/dictionary.aerohive
+#usr/share/freeradius/dictionary.airespace
+#usr/share/freeradius/dictionary.alcatel
+#usr/share/freeradius/dictionary.alcatel-lucent.aaa
+#usr/share/freeradius/dictionary.alcatel.esam
+#usr/share/freeradius/dictionary.alcatel.sr
+#usr/share/freeradius/dictionary.alteon
+#usr/share/freeradius/dictionary.altiga
+#usr/share/freeradius/dictionary.alvarion
+#usr/share/freeradius/dictionary.alvarion.wimax.v2_2
+#usr/share/freeradius/dictionary.apc
+#usr/share/freeradius/dictionary.aptilo
+#usr/share/freeradius/dictionary.aptis
+#usr/share/freeradius/dictionary.arbor
+#usr/share/freeradius/dictionary.arista
+#usr/share/freeradius/dictionary.aruba
+#usr/share/freeradius/dictionary.ascend
+#usr/share/freeradius/dictionary.ascend.illegal
+#usr/share/freeradius/dictionary.asn
+#usr/share/freeradius/dictionary.audiocodes
+#usr/share/freeradius/dictionary.avaya
+#usr/share/freeradius/dictionary.azaire
+#usr/share/freeradius/dictionary.bay
+#usr/share/freeradius/dictionary.bintec
+#usr/share/freeradius/dictionary.bluecoat
+#usr/share/freeradius/dictionary.boingo
+#usr/share/freeradius/dictionary.bristol
+#usr/share/freeradius/dictionary.broadsoft
+#usr/share/freeradius/dictionary.brocade
+#usr/share/freeradius/dictionary.bskyb
+#usr/share/freeradius/dictionary.bt
+#usr/share/freeradius/dictionary.cablelabs
+#usr/share/freeradius/dictionary.cabletron
+#usr/share/freeradius/dictionary.camiant
+#usr/share/freeradius/dictionary.chillispot
+#usr/share/freeradius/dictionary.cisco
+#usr/share/freeradius/dictionary.cisco.asa
+#usr/share/freeradius/dictionary.cisco.bbsm
+#usr/share/freeradius/dictionary.cisco.vpn3000
+#usr/share/freeradius/dictionary.cisco.vpn5000
+#usr/share/freeradius/dictionary.citrix
+#usr/share/freeradius/dictionary.clavister
+#usr/share/freeradius/dictionary.colubris
+#usr/share/freeradius/dictionary.columbia_university
+#usr/share/freeradius/dictionary.compat
+#usr/share/freeradius/dictionary.compatible
+#usr/share/freeradius/dictionary.cosine
+#usr/share/freeradius/dictionary.dante
+#usr/share/freeradius/dictionary.dhcp
+#usr/share/freeradius/dictionary.digium
+#usr/share/freeradius/dictionary.dlink
+#usr/share/freeradius/dictionary.dragonwave
+#usr/share/freeradius/dictionary.efficientip
+#usr/share/freeradius/dictionary.eltex
+#usr/share/freeradius/dictionary.epygi
+#usr/share/freeradius/dictionary.equallogic
+#usr/share/freeradius/dictionary.ericsson
+#usr/share/freeradius/dictionary.ericsson.ab
+#usr/share/freeradius/dictionary.ericsson.packet.core.networks
+#usr/share/freeradius/dictionary.erx
+#usr/share/freeradius/dictionary.extreme
+#usr/share/freeradius/dictionary.f5
+#usr/share/freeradius/dictionary.fdxtended
+#usr/share/freeradius/dictionary.fortinet
+#usr/share/freeradius/dictionary.foundry
+#usr/share/freeradius/dictionary.freedhcp
+#usr/share/freeradius/dictionary.freeradius
+#usr/share/freeradius/dictionary.freeradius.internal
+#usr/share/freeradius/dictionary.freeswitch
+#usr/share/freeradius/dictionary.gandalf
+#usr/share/freeradius/dictionary.garderos
+#usr/share/freeradius/dictionary.gemtek
+#usr/share/freeradius/dictionary.h3c
+#usr/share/freeradius/dictionary.hillstone
+#usr/share/freeradius/dictionary.hp
+#usr/share/freeradius/dictionary.huawei
+#usr/share/freeradius/dictionary.iana
+#usr/share/freeradius/dictionary.iea
+#usr/share/freeradius/dictionary.infoblox
+#usr/share/freeradius/dictionary.infonet
+#usr/share/freeradius/dictionary.ipunplugged
+#usr/share/freeradius/dictionary.issanni
+#usr/share/freeradius/dictionary.itk
+#usr/share/freeradius/dictionary.juniper
+#usr/share/freeradius/dictionary.karlnet
+#usr/share/freeradius/dictionary.kineto
+#usr/share/freeradius/dictionary.lancom
+#usr/share/freeradius/dictionary.lantronix
+#usr/share/freeradius/dictionary.livingston
+#usr/share/freeradius/dictionary.localweb
+#usr/share/freeradius/dictionary.lucent
+#usr/share/freeradius/dictionary.manzara
+#usr/share/freeradius/dictionary.meinberg
+#usr/share/freeradius/dictionary.meraki
+#usr/share/freeradius/dictionary.merit
+#usr/share/freeradius/dictionary.meru
+#usr/share/freeradius/dictionary.microsoft
+#usr/share/freeradius/dictionary.mikrotik
+#usr/share/freeradius/dictionary.motorola
+#usr/share/freeradius/dictionary.motorola.illegal
+#usr/share/freeradius/dictionary.motorola.wimax
+#usr/share/freeradius/dictionary.navini
+#usr/share/freeradius/dictionary.netscreen
+#usr/share/freeradius/dictionary.networkphysics
+#usr/share/freeradius/dictionary.nexans
+#usr/share/freeradius/dictionary.nokia
+#usr/share/freeradius/dictionary.nokia.conflict
+#usr/share/freeradius/dictionary.nomadix
+#usr/share/freeradius/dictionary.nortel
+#usr/share/freeradius/dictionary.ntua
+#usr/share/freeradius/dictionary.openser
+#usr/share/freeradius/dictionary.packeteer
+#usr/share/freeradius/dictionary.paloalto
+#usr/share/freeradius/dictionary.patton
+#usr/share/freeradius/dictionary.perle
+#usr/share/freeradius/dictionary.propel
+#usr/share/freeradius/dictionary.prosoft
+#usr/share/freeradius/dictionary.proxim
+#usr/share/freeradius/dictionary.purewave
+#usr/share/freeradius/dictionary.quiconnect
+#usr/share/freeradius/dictionary.quintum
+#usr/share/freeradius/dictionary.redcreek
+#usr/share/freeradius/dictionary.rfc2865
+#usr/share/freeradius/dictionary.rfc2866
+#usr/share/freeradius/dictionary.rfc2867
+#usr/share/freeradius/dictionary.rfc2868
+#usr/share/freeradius/dictionary.rfc2869
+#usr/share/freeradius/dictionary.rfc3162
+#usr/share/freeradius/dictionary.rfc3576
+#usr/share/freeradius/dictionary.rfc3580
+#usr/share/freeradius/dictionary.rfc4072
+#usr/share/freeradius/dictionary.rfc4372
+#usr/share/freeradius/dictionary.rfc4603
+#usr/share/freeradius/dictionary.rfc4675
+#usr/share/freeradius/dictionary.rfc4679
+#usr/share/freeradius/dictionary.rfc4818
+#usr/share/freeradius/dictionary.rfc4849
+#usr/share/freeradius/dictionary.rfc5090
+#usr/share/freeradius/dictionary.rfc5176
+#usr/share/freeradius/dictionary.rfc5447
+#usr/share/freeradius/dictionary.rfc5580
+#usr/share/freeradius/dictionary.rfc5607
+#usr/share/freeradius/dictionary.rfc5904
+#usr/share/freeradius/dictionary.rfc6519
+#usr/share/freeradius/dictionary.rfc6572
+#usr/share/freeradius/dictionary.rfc6677
+#usr/share/freeradius/dictionary.rfc6911
+#usr/share/freeradius/dictionary.rfc6929
+#usr/share/freeradius/dictionary.rfc6930
+#usr/share/freeradius/dictionary.rfc7055
+#usr/share/freeradius/dictionary.rfc7155
+#usr/share/freeradius/dictionary.rfc7268
+#usr/share/freeradius/dictionary.rfc7499
+#usr/share/freeradius/dictionary.riverbed
+#usr/share/freeradius/dictionary.riverstone
+#usr/share/freeradius/dictionary.roaringpenguin
+#usr/share/freeradius/dictionary.ruckus
+#usr/share/freeradius/dictionary.ruggedcom
+#usr/share/freeradius/dictionary.sg
+#usr/share/freeradius/dictionary.shasta
+#usr/share/freeradius/dictionary.shiva
+#usr/share/freeradius/dictionary.siemens
+#usr/share/freeradius/dictionary.slipstream
+#usr/share/freeradius/dictionary.sofaware
+#usr/share/freeradius/dictionary.sonicwall
+#usr/share/freeradius/dictionary.springtide
+#usr/share/freeradius/dictionary.starent
+#usr/share/freeradius/dictionary.starent.vsa1
+#usr/share/freeradius/dictionary.surfnet
+#usr/share/freeradius/dictionary.symbol
+#usr/share/freeradius/dictionary.t_systems_nova
+#usr/share/freeradius/dictionary.telebit
+#usr/share/freeradius/dictionary.telkom
+#usr/share/freeradius/dictionary.terena
+#usr/share/freeradius/dictionary.trapeze
+#usr/share/freeradius/dictionary.travelping
+#usr/share/freeradius/dictionary.tropos
+#usr/share/freeradius/dictionary.ukerna
+#usr/share/freeradius/dictionary.unix
+#usr/share/freeradius/dictionary.usr
+#usr/share/freeradius/dictionary.usr.illegal
+#usr/share/freeradius/dictionary.utstarcom
+#usr/share/freeradius/dictionary.valemount
+#usr/share/freeradius/dictionary.versanet
+#usr/share/freeradius/dictionary.vqp
+#usr/share/freeradius/dictionary.walabi
+#usr/share/freeradius/dictionary.waverider
+#usr/share/freeradius/dictionary.wichorus
+#usr/share/freeradius/dictionary.wifialliance
+#usr/share/freeradius/dictionary.wimax
+#usr/share/freeradius/dictionary.wimax.alvarion
+#usr/share/freeradius/dictionary.wimax.wichorus
+#usr/share/freeradius/dictionary.wispr
+#usr/share/freeradius/dictionary.xedia
+#usr/share/freeradius/dictionary.xylan
+#usr/share/freeradius/dictionary.yubico
+#usr/share/freeradius/dictionary.zeus
+#usr/share/freeradius/dictionary.zte
+#usr/share/freeradius/dictionary.zyxel
+#usr/share/man/man1/radclient.1
+#usr/share/man/man1/radeapclient.1
+#usr/share/man/man1/radlast.1
+#usr/share/man/man1/radtest.1
+#usr/share/man/man1/radwho.1
+#usr/share/man/man1/radzap.1
+#usr/share/man/man1/smbencrypt.1
+#usr/share/man/man5/checkrad.5
+#usr/share/man/man5/clients.conf.5
+#usr/share/man/man5/dictionary.5
+#usr/share/man/man5/radiusd.conf.5
+#usr/share/man/man5/radrelay.conf.5
+#usr/share/man/man5/rlm_always.5
+#usr/share/man/man5/rlm_attr_filter.5
+#usr/share/man/man5/rlm_chap.5
+#usr/share/man/man5/rlm_counter.5
+#usr/share/man/man5/rlm_detail.5
+#usr/share/man/man5/rlm_digest.5
+#usr/share/man/man5/rlm_expr.5
+#usr/share/man/man5/rlm_files.5
+#usr/share/man/man5/rlm_idn.5
+#usr/share/man/man5/rlm_mschap.5
+#usr/share/man/man5/rlm_pap.5
+#usr/share/man/man5/rlm_passwd.5
+#usr/share/man/man5/rlm_realm.5
+#usr/share/man/man5/rlm_sql.5
+#usr/share/man/man5/rlm_unix.5
+#usr/share/man/man5/unlang.5
+#usr/share/man/man5/users.5
+#usr/share/man/man8/radcrypt.8
+#usr/share/man/man8/raddebug.8
+#usr/share/man/man8/radiusd.8
+#usr/share/man/man8/radmin.8
+#usr/share/man/man8/radrelay.8
+#usr/share/man/man8/radsniff.8
+#usr/share/man/man8/radsqlrelay.8
+#usr/share/man/man8/rlm_ippool_tool.8
+var/ipfire/backup/addons/includes/freeradius
+var/log/radius
+#var/log/radius/radacct
-usr/local/bin/guardian.pl
-usr/local/bin/guardian_block.sh
-usr/local/bin/guardian_unblock.sh
+etc/logrotate.d/guardian
+etc/rc.d/init.d/guardian
+etc/rc.d/init.d/networking/red.up/35-guardian
+etc/rc.d/rc0.d/K76guardian
+etc/rc.d/rc3.d/S45guardian
+etc/rc.d/rc6.d/K76guardian
+srv/web/ipfire/cgi-bin/guardian.cgi
+usr/bin/guardianctrl
+#usr/lib/perl5/site_perl/5.12.3/Guardian
+usr/lib/perl5/site_perl/5.12.3/Guardian/Base.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Config.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Daemon.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Events.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/IPtables.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Logger.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Parser.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Socket.pm
+usr/sbin/guardian
+var/ipfire/backup/addons/includes/guardian
var/ipfire/guardian
-var/ipfire/guardian/guardian.conf
-var/ipfire/guardian/guardian.ignore
+var/ipfire/menu.d/EX-guardian.menu
var/log/guardian
var/log/guardian/guardian.log
#usr/lib/libtiff.a
#usr/lib/libtiff.la
usr/lib/libtiff.so
-usr/lib/libtiff.so.3
-usr/lib/libtiff.so.3.9.4
+usr/lib/libtiff.so.5
+usr/lib/libtiff.so.5.2.4
#usr/lib/libtiffxx.a
#usr/lib/libtiffxx.la
usr/lib/libtiffxx.so
-usr/lib/libtiffxx.so.3
-usr/lib/libtiffxx.so.3.9.4
-#usr/share/doc/tiff-3.9.4
-#usr/share/doc/tiff-3.9.4/COPYRIGHT
-#usr/share/doc/tiff-3.9.4/ChangeLog
-#usr/share/doc/tiff-3.9.4/README
-#usr/share/doc/tiff-3.9.4/README.vms
-#usr/share/doc/tiff-3.9.4/RELEASE-DATE
-#usr/share/doc/tiff-3.9.4/TODO
-#usr/share/doc/tiff-3.9.4/VERSION
-#usr/share/doc/tiff-3.9.4/html
-#usr/share/doc/tiff-3.9.4/html/TIFFTechNote2.html
-#usr/share/doc/tiff-3.9.4/html/addingtags.html
-#usr/share/doc/tiff-3.9.4/html/bugs.html
-#usr/share/doc/tiff-3.9.4/html/build.html
-#usr/share/doc/tiff-3.9.4/html/contrib.html
-#usr/share/doc/tiff-3.9.4/html/document.html
-#usr/share/doc/tiff-3.9.4/html/images
-#usr/share/doc/tiff-3.9.4/html/images.html
-#usr/share/doc/tiff-3.9.4/html/images/back.gif
-#usr/share/doc/tiff-3.9.4/html/images/bali.jpg
-#usr/share/doc/tiff-3.9.4/html/images/cat.gif
-#usr/share/doc/tiff-3.9.4/html/images/cover.jpg
-#usr/share/doc/tiff-3.9.4/html/images/cramps.gif
-#usr/share/doc/tiff-3.9.4/html/images/dave.gif
-#usr/share/doc/tiff-3.9.4/html/images/info.gif
-#usr/share/doc/tiff-3.9.4/html/images/jello.jpg
-#usr/share/doc/tiff-3.9.4/html/images/jim.gif
-#usr/share/doc/tiff-3.9.4/html/images/note.gif
-#usr/share/doc/tiff-3.9.4/html/images/oxford.gif
-#usr/share/doc/tiff-3.9.4/html/images/quad.jpg
-#usr/share/doc/tiff-3.9.4/html/images/ring.gif
-#usr/share/doc/tiff-3.9.4/html/images/smallliz.jpg
-#usr/share/doc/tiff-3.9.4/html/images/strike.gif
-#usr/share/doc/tiff-3.9.4/html/images/warning.gif
-#usr/share/doc/tiff-3.9.4/html/index.html
-#usr/share/doc/tiff-3.9.4/html/internals.html
-#usr/share/doc/tiff-3.9.4/html/intro.html
-#usr/share/doc/tiff-3.9.4/html/libtiff.html
-#usr/share/doc/tiff-3.9.4/html/man
-#usr/share/doc/tiff-3.9.4/html/man/TIFFClose.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFDataWidth.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFError.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFFlush.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFGetField.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFOpen.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFPrintDirectory.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFRGBAImage.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFReadDirectory.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFReadEncodedStrip.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFReadEncodedTile.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFReadRGBAImage.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFReadRGBAStrip.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFReadRGBATile.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFReadRawStrip.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFReadRawTile.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFReadScanline.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFReadTile.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFSetDirectory.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFSetField.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFWarning.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteDirectory.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteEncodedStrip.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteEncodedTile.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteRawStrip.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteRawTile.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteScanline.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteTile.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFbuffer.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFcodec.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFcolor.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFmemory.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFquery.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFsize.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFstrip.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFswab.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/TIFFtile.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/fax2ps.1.html
-#usr/share/doc/tiff-3.9.4/html/man/fax2tiff.1.html
-#usr/share/doc/tiff-3.9.4/html/man/gif2tiff.1.html
-#usr/share/doc/tiff-3.9.4/html/man/index.html
-#usr/share/doc/tiff-3.9.4/html/man/libtiff.3tiff.html
-#usr/share/doc/tiff-3.9.4/html/man/pal2rgb.1.html
-#usr/share/doc/tiff-3.9.4/html/man/ppm2tiff.1.html
-#usr/share/doc/tiff-3.9.4/html/man/ras2tiff.1.html
-#usr/share/doc/tiff-3.9.4/html/man/raw2tiff.1.html
-#usr/share/doc/tiff-3.9.4/html/man/rgb2ycbcr.1.html
-#usr/share/doc/tiff-3.9.4/html/man/sgi2tiff.1.html
-#usr/share/doc/tiff-3.9.4/html/man/thumbnail.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiff2bw.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiff2pdf.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiff2ps.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiff2rgba.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffcmp.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffcp.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffcrop.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffdither.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffdump.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffgt.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffinfo.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffmedian.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffset.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffsplit.1.html
-#usr/share/doc/tiff-3.9.4/html/man/tiffsv.1.html
-#usr/share/doc/tiff-3.9.4/html/misc.html
-#usr/share/doc/tiff-3.9.4/html/support.html
-#usr/share/doc/tiff-3.9.4/html/tools.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta007.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta016.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta018.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta024.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta028.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta029.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta031.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta032.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta033.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta034.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta035.html
-#usr/share/doc/tiff-3.9.4/html/v3.4beta036.html
-#usr/share/doc/tiff-3.9.4/html/v3.5.1.html
-#usr/share/doc/tiff-3.9.4/html/v3.5.2.html
-#usr/share/doc/tiff-3.9.4/html/v3.5.3.html
-#usr/share/doc/tiff-3.9.4/html/v3.5.4.html
-#usr/share/doc/tiff-3.9.4/html/v3.5.5.html
-#usr/share/doc/tiff-3.9.4/html/v3.5.6-beta.html
-#usr/share/doc/tiff-3.9.4/html/v3.5.7.html
-#usr/share/doc/tiff-3.9.4/html/v3.6.0.html
-#usr/share/doc/tiff-3.9.4/html/v3.6.1.html
-#usr/share/doc/tiff-3.9.4/html/v3.7.0.html
-#usr/share/doc/tiff-3.9.4/html/v3.7.0alpha.html
-#usr/share/doc/tiff-3.9.4/html/v3.7.0beta.html
-#usr/share/doc/tiff-3.9.4/html/v3.7.0beta2.html
-#usr/share/doc/tiff-3.9.4/html/v3.7.1.html
-#usr/share/doc/tiff-3.9.4/html/v3.7.2.html
-#usr/share/doc/tiff-3.9.4/html/v3.7.3.html
-#usr/share/doc/tiff-3.9.4/html/v3.7.4.html
-#usr/share/doc/tiff-3.9.4/html/v3.8.0.html
-#usr/share/doc/tiff-3.9.4/html/v3.8.1.html
-#usr/share/doc/tiff-3.9.4/html/v3.8.2.html
-#usr/share/doc/tiff-3.9.4/html/v3.9.0beta.html
-#usr/share/doc/tiff-3.9.4/html/v3.9.1.html
-#usr/share/doc/tiff-3.9.4/html/v3.9.2.html
+usr/lib/libtiffxx.so.5
+usr/lib/libtiffxx.so.5.2.4
+#usr/lib/pkgconfig/libtiff-4.pc
+#usr/share/doc/tiff-4.0.6
+#usr/share/doc/tiff-4.0.6/COPYRIGHT
+#usr/share/doc/tiff-4.0.6/ChangeLog
+#usr/share/doc/tiff-4.0.6/README
+#usr/share/doc/tiff-4.0.6/README.vms
+#usr/share/doc/tiff-4.0.6/RELEASE-DATE
+#usr/share/doc/tiff-4.0.6/TODO
+#usr/share/doc/tiff-4.0.6/VERSION
+#usr/share/doc/tiff-4.0.6/html
+#usr/share/doc/tiff-4.0.6/html/TIFFTechNote2.html
+#usr/share/doc/tiff-4.0.6/html/addingtags.html
+#usr/share/doc/tiff-4.0.6/html/bugs.html
+#usr/share/doc/tiff-4.0.6/html/build.html
+#usr/share/doc/tiff-4.0.6/html/contrib.html
+#usr/share/doc/tiff-4.0.6/html/document.html
+#usr/share/doc/tiff-4.0.6/html/images
+#usr/share/doc/tiff-4.0.6/html/images.html
+#usr/share/doc/tiff-4.0.6/html/images/back.gif
+#usr/share/doc/tiff-4.0.6/html/images/bali.jpg
+#usr/share/doc/tiff-4.0.6/html/images/cat.gif
+#usr/share/doc/tiff-4.0.6/html/images/cover.jpg
+#usr/share/doc/tiff-4.0.6/html/images/cramps.gif
+#usr/share/doc/tiff-4.0.6/html/images/dave.gif
+#usr/share/doc/tiff-4.0.6/html/images/info.gif
+#usr/share/doc/tiff-4.0.6/html/images/jello.jpg
+#usr/share/doc/tiff-4.0.6/html/images/jim.gif
+#usr/share/doc/tiff-4.0.6/html/images/note.gif
+#usr/share/doc/tiff-4.0.6/html/images/oxford.gif
+#usr/share/doc/tiff-4.0.6/html/images/quad.jpg
+#usr/share/doc/tiff-4.0.6/html/images/ring.gif
+#usr/share/doc/tiff-4.0.6/html/images/smallliz.jpg
+#usr/share/doc/tiff-4.0.6/html/images/strike.gif
+#usr/share/doc/tiff-4.0.6/html/images/warning.gif
+#usr/share/doc/tiff-4.0.6/html/index.html
+#usr/share/doc/tiff-4.0.6/html/internals.html
+#usr/share/doc/tiff-4.0.6/html/intro.html
+#usr/share/doc/tiff-4.0.6/html/libtiff.html
+#usr/share/doc/tiff-4.0.6/html/man
+#usr/share/doc/tiff-4.0.6/html/man/TIFFClose.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFDataWidth.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFError.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldDataType.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldName.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldPassCount.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldReadCount.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldTag.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldWriteCount.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFFlush.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFGetField.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFOpen.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFPrintDirectory.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFRGBAImage.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFReadDirectory.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFReadEncodedStrip.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFReadEncodedTile.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFReadRGBAImage.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFReadRGBAStrip.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFReadRGBATile.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFReadRawStrip.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFReadRawTile.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFReadScanline.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFReadTile.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFSetDirectory.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFSetField.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFWarning.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteDirectory.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteEncodedStrip.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteEncodedTile.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteRawStrip.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteRawTile.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteScanline.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteTile.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFbuffer.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFcodec.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFcolor.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFmemory.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFquery.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFsize.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFstrip.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFswab.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/TIFFtile.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/bmp2tiff.1.html
+#usr/share/doc/tiff-4.0.6/html/man/fax2ps.1.html
+#usr/share/doc/tiff-4.0.6/html/man/fax2tiff.1.html
+#usr/share/doc/tiff-4.0.6/html/man/gif2tiff.1.html
+#usr/share/doc/tiff-4.0.6/html/man/index.html
+#usr/share/doc/tiff-4.0.6/html/man/libtiff.3tiff.html
+#usr/share/doc/tiff-4.0.6/html/man/pal2rgb.1.html
+#usr/share/doc/tiff-4.0.6/html/man/ppm2tiff.1.html
+#usr/share/doc/tiff-4.0.6/html/man/ras2tiff.1.html
+#usr/share/doc/tiff-4.0.6/html/man/raw2tiff.1.html
+#usr/share/doc/tiff-4.0.6/html/man/rgb2ycbcr.1.html
+#usr/share/doc/tiff-4.0.6/html/man/sgi2tiff.1.html
+#usr/share/doc/tiff-4.0.6/html/man/thumbnail.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiff2bw.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiff2pdf.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiff2ps.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiff2rgba.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffcmp.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffcp.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffcrop.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffdither.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffdump.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffgt.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffinfo.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffmedian.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffset.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffsplit.1.html
+#usr/share/doc/tiff-4.0.6/html/man/tiffsv.1.html
+#usr/share/doc/tiff-4.0.6/html/misc.html
+#usr/share/doc/tiff-4.0.6/html/support.html
+#usr/share/doc/tiff-4.0.6/html/tools.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta007.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta016.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta018.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta024.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta028.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta029.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta031.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta032.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta033.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta034.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta035.html
+#usr/share/doc/tiff-4.0.6/html/v3.4beta036.html
+#usr/share/doc/tiff-4.0.6/html/v3.5.1.html
+#usr/share/doc/tiff-4.0.6/html/v3.5.2.html
+#usr/share/doc/tiff-4.0.6/html/v3.5.3.html
+#usr/share/doc/tiff-4.0.6/html/v3.5.4.html
+#usr/share/doc/tiff-4.0.6/html/v3.5.5.html
+#usr/share/doc/tiff-4.0.6/html/v3.5.6-beta.html
+#usr/share/doc/tiff-4.0.6/html/v3.5.7.html
+#usr/share/doc/tiff-4.0.6/html/v3.6.0.html
+#usr/share/doc/tiff-4.0.6/html/v3.6.1.html
+#usr/share/doc/tiff-4.0.6/html/v3.7.0.html
+#usr/share/doc/tiff-4.0.6/html/v3.7.0alpha.html
+#usr/share/doc/tiff-4.0.6/html/v3.7.0beta.html
+#usr/share/doc/tiff-4.0.6/html/v3.7.0beta2.html
+#usr/share/doc/tiff-4.0.6/html/v3.7.1.html
+#usr/share/doc/tiff-4.0.6/html/v3.7.2.html
+#usr/share/doc/tiff-4.0.6/html/v3.7.3.html
+#usr/share/doc/tiff-4.0.6/html/v3.7.4.html
+#usr/share/doc/tiff-4.0.6/html/v3.8.0.html
+#usr/share/doc/tiff-4.0.6/html/v3.8.1.html
+#usr/share/doc/tiff-4.0.6/html/v3.8.2.html
+#usr/share/doc/tiff-4.0.6/html/v3.9.0beta.html
+#usr/share/doc/tiff-4.0.6/html/v3.9.1.html
+#usr/share/doc/tiff-4.0.6/html/v3.9.2.html
+#usr/share/doc/tiff-4.0.6/html/v4.0.0.html
+#usr/share/doc/tiff-4.0.6/html/v4.0.1.html
+#usr/share/doc/tiff-4.0.6/html/v4.0.2.html
+#usr/share/doc/tiff-4.0.6/html/v4.0.3.html
+#usr/share/doc/tiff-4.0.6/html/v4.0.4.html
+#usr/share/doc/tiff-4.0.6/html/v4.0.4beta.html
+#usr/share/doc/tiff-4.0.6/html/v4.0.5.html
+#usr/share/doc/tiff-4.0.6/html/v4.0.6.html
#usr/share/man/man1/bmp2tiff.1
#usr/share/man/man1/fax2ps.1
#usr/share/man/man1/fax2tiff.1
#usr/share/man/man3/TIFFClose.3tiff
#usr/share/man/man3/TIFFDataWidth.3tiff
#usr/share/man/man3/TIFFError.3tiff
+#usr/share/man/man3/TIFFFieldDataType.3tiff
+#usr/share/man/man3/TIFFFieldName.3tiff
+#usr/share/man/man3/TIFFFieldPassCount.3tiff
+#usr/share/man/man3/TIFFFieldReadCount.3tiff
+#usr/share/man/man3/TIFFFieldTag.3tiff
+#usr/share/man/man3/TIFFFieldWriteCount.3tiff
#usr/share/man/man3/TIFFFlush.3tiff
#usr/share/man/man3/TIFFGetField.3tiff
#usr/share/man/man3/TIFFOpen.3tiff
#usr/share/man/man8/libvirtd.8
#usr/share/man/man8/virtlockd.8
#var/cache/libvirt
-var/cache/libvirt/qemu
+#var/cache/libvirt/qemu
#var/lib/libvirt
-var/lib/libvirt/boot
-var/lib/libvirt/filesystems
-var/lib/libvirt/images
+#var/lib/libvirt/boot
+#var/lib/libvirt/filesystems
+#var/lib/libvirt/images
#var/lib/libvirt/lockd
-var/lib/libvirt/lockd/files
-var/lib/libvirt/qemu
+#var/lib/libvirt/lockd/files
+#var/lib/libvirt/qemu
#var/log/libvirt
#var/log/libvirt/lxc
-var/log/libvirt/qemu
+#var/log/libvirt/qemu
#var/log/libvirt/uml
etc/rc.d/init.d/libvirt-guests
etc/rc.d/init.d/libvirtd
+var/ipfire/backup/addons/includes/libvirt
#lib/modules/KVER-ipfire-pae/kernel/drivers/misc/altera-stapl
#lib/modules/KVER-ipfire-pae/kernel/drivers/misc/altera-stapl/altera-stapl.ko
#lib/modules/KVER-ipfire-pae/kernel/drivers/misc/bmp085-i2c.ko
+#lib/modules/KVER-ipfire-pae/kernel/drivers/misc/bmp085.ko
#lib/modules/KVER-ipfire-pae/kernel/drivers/misc/cb710
#lib/modules/KVER-ipfire-pae/kernel/drivers/misc/cb710/cb710.ko
#lib/modules/KVER-ipfire-pae/kernel/drivers/misc/cs5535-mfgpt.ko
usr/share/nano/pov.nanorc
usr/share/nano/python.nanorc
usr/share/nano/ruby.nanorc
+usr/share/nano/rust.nanorc
usr/share/nano/sh.nanorc
usr/share/nano/spec.nanorc
usr/share/nano/tcl.nanorc
usr/share/nginx/html
usr/share/nginx/html/50x.html
usr/share/nginx/html/index.html
+var/ipfire/backup/addons/includes/nginx
var/log/nginx
var/spool/nginx
--- /dev/null
+#usr/bin/ipcount
+#usr/bin/iptab
+usr/lib/perl5/site_perl/5.12.3/Net/IP.pm
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/IP
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/IP/.packlist
+#usr/share/man/man3/Net::IP.3
--- /dev/null
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/common
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/common/sense
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/common/sense/.packlist
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/common
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/common/sense.pm
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/common/sense.pod
+#usr/share/man/man3/common::sense.3
--- /dev/null
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Linux
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Linux/Inotify2.pm
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2/.packlist
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2/Inotify2.bs
+usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2/Inotify2.so
+#usr/share/man/man3/Linux::Inotify2.3
+lib/udev/rules.d/65-kvm.rules
usr/bin/qemu
usr/bin/qemu-arm
usr/bin/qemu-ga
usr/share/qemu/pxe-pcnet.rom
usr/share/qemu/pxe-rtl8139.rom
usr/share/qemu/pxe-virtio.rom
-usr/share/qemu/q35-acpi-dsdt.aml
usr/share/qemu/qemu-icon.bmp
usr/share/qemu/qemu_logo_no_text.svg
usr/share/qemu/s390-ccw.img
-usr/share/qemu/s390-zipl.rom
usr/share/qemu/sgabios.bin
usr/share/qemu/slof.bin
usr/share/qemu/spapr-rtas.bin
usr/share/qemu/vgabios-vmware.bin
usr/share/qemu/vgabios.bin
#usr/var/run
+usr/bin/ivshmem-client
+usr/bin/ivshmem-server
+#usr/share/man/man8/qemu-ga.8
#usr/lib/libspice-server.la
#usr/lib/libspice-server.so
usr/lib/libspice-server.so.1
-usr/lib/libspice-server.so.1.10.0
+usr/lib/libspice-server.so.1.10.1
#usr/lib/pkgconfig/spice-server.pc
{
&writelog("Retrieving file for local cache: $updatefile");
} else {
- &writelog("Retrieving file for local cache at max. " . $xlratorsettings{'MAX_DOWNLOAD_RATE'} . " kBit/s: $updatefile");
+ &writelog("Retrieving file for local cache at max. " . $xlratorsettings{'MAX_DOWNLOAD_RATE'} . " kbit/s: $updatefile");
}
$ENV{'http_proxy'} = $proxysettings{'UPSTREAM_PROXY'};
WARNING: translation string unused: behind a proxy
WARNING: translation string unused: bitrate
WARNING: translation string unused: bleeding rules
-WARNING: translation string unused: block
WARNING: translation string unused: blue access use hint
WARNING: translation string unused: blue interface
WARNING: translation string unused: cache management
WARNING: translation string unused: tripwirewarningpolicy
WARNING: translation string unused: umount
WARNING: translation string unused: umount removable media before to unplug
-WARNING: translation string unused: unblock
-WARNING: translation string unused: unblock all
WARNING: translation string unused: unencrypted
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fwhost cust geoipgrp
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: guardian invalid blockcount
+WARNING: untranslated string: guardian invalid blocktime
+WARNING: untranslated string: guardian invalid logfile
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: info messages
WARNING: untranslated string: no data
WARNING: translation string unused: bewan adsl usb
WARNING: translation string unused: bitrate
WARNING: translation string unused: bleeding rules
-WARNING: translation string unused: block
WARNING: translation string unused: blue access use hint
WARNING: translation string unused: blue interface
WARNING: translation string unused: cache management
WARNING: translation string unused: geoipblock country name
WARNING: translation string unused: geoipblock flag
WARNING: translation string unused: green interface
+WARNING: translation string unused: guardian not running no hosts can be blocked
+WARNING: translation string unused: guardian snort alertfile
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
WARNING: translation string unused: host
WARNING: translation string unused: tripwirewarningpolicy
WARNING: translation string unused: umount
WARNING: translation string unused: umount removable media before to unplug
-WARNING: translation string unused: unblock
-WARNING: translation string unused: unblock all
WARNING: translation string unused: unencrypted
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: untranslated string: bytes
WARNING: untranslated string: fwhost cust geoipgrp
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: guardian invalid blockcount
+WARNING: untranslated string: guardian invalid blocktime
+WARNING: untranslated string: guardian invalid logfile
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: info messages
WARNING: untranslated string: no data
WARNING: translation string unused: geoipblock country name
WARNING: translation string unused: geoipblock flag
WARNING: translation string unused: green interface
+WARNING: translation string unused: guardian alertfile
+WARNING: translation string unused: guardian ignorefile
+WARNING: translation string unused: guardian interface
+WARNING: translation string unused: guardian timelimit
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
WARNING: translation string unused: host
WARNING: untranslated string: atm device
WARNING: untranslated string: attention
WARNING: untranslated string: bit
+WARNING: untranslated string: block
WARNING: untranslated string: bytes
WARNING: untranslated string: capabilities
WARNING: untranslated string: ccd add
WARNING: untranslated string: gen dh
WARNING: untranslated string: generate dh key
WARNING: untranslated string: grouptype
+WARNING: untranslated string: guardian
+WARNING: untranslated string: guardian block a host
+WARNING: untranslated string: guardian block httpd brute-force
+WARNING: untranslated string: guardian block owncloud brute-force
+WARNING: untranslated string: guardian block ssh brute-force
+WARNING: untranslated string: guardian blockcount
+WARNING: untranslated string: guardian blocked hosts
+WARNING: untranslated string: guardian blocking of this address is not allowed
+WARNING: untranslated string: guardian blocktime
+WARNING: untranslated string: guardian common settings
+WARNING: untranslated string: guardian daemon
+WARNING: untranslated string: guardian empty input
+WARNING: untranslated string: guardian enabled
+WARNING: untranslated string: guardian firewallaction
+WARNING: untranslated string: guardian ignored hosts
+WARNING: untranslated string: guardian invalid address or subnet
+WARNING: untranslated string: guardian invalid blockcount
+WARNING: untranslated string: guardian invalid blocktime
+WARNING: untranslated string: guardian invalid logfile
+WARNING: untranslated string: guardian logfacility
+WARNING: untranslated string: guardian loglevel
+WARNING: untranslated string: guardian no entries
+WARNING: untranslated string: guardian priority level
+WARNING: untranslated string: guardian service
+WARNING: untranslated string: guardian watch snort alertfile
WARNING: untranslated string: hardware support
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: imei
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: unblock
+WARNING: untranslated string: unblock all
WARNING: untranslated string: uncheck all
WARNING: untranslated string: uplink
WARNING: untranslated string: upload dh key
WARNING: translation string unused: generatereport
WARNING: translation string unused: genkey
WARNING: translation string unused: green interface
+WARNING: translation string unused: guardian alertfile
+WARNING: translation string unused: guardian ignorefile
+WARNING: translation string unused: guardian interface
+WARNING: translation string unused: guardian timelimit
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
WARNING: translation string unused: host
WARNING: untranslated string: atm device
WARNING: untranslated string: attention
WARNING: untranslated string: bit
+WARNING: untranslated string: block
WARNING: untranslated string: bytes
WARNING: untranslated string: capabilities
WARNING: untranslated string: ccd add
WARNING: untranslated string: geoipblock country is blocked
WARNING: untranslated string: geoipblock enable feature
WARNING: untranslated string: grouptype
+WARNING: untranslated string: guardian
+WARNING: untranslated string: guardian block a host
+WARNING: untranslated string: guardian block httpd brute-force
+WARNING: untranslated string: guardian block owncloud brute-force
+WARNING: untranslated string: guardian block ssh brute-force
+WARNING: untranslated string: guardian blockcount
+WARNING: untranslated string: guardian blocked hosts
+WARNING: untranslated string: guardian blocking of this address is not allowed
+WARNING: untranslated string: guardian blocktime
+WARNING: untranslated string: guardian common settings
+WARNING: untranslated string: guardian daemon
+WARNING: untranslated string: guardian empty input
+WARNING: untranslated string: guardian enabled
+WARNING: untranslated string: guardian firewallaction
+WARNING: untranslated string: guardian ignored hosts
+WARNING: untranslated string: guardian invalid address or subnet
+WARNING: untranslated string: guardian invalid blockcount
+WARNING: untranslated string: guardian invalid blocktime
+WARNING: untranslated string: guardian invalid logfile
+WARNING: untranslated string: guardian logfacility
+WARNING: untranslated string: guardian loglevel
+WARNING: untranslated string: guardian no entries
+WARNING: untranslated string: guardian priority level
+WARNING: untranslated string: guardian service
+WARNING: untranslated string: guardian watch snort alertfile
WARNING: untranslated string: hardware support
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: imei
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: unblock
+WARNING: untranslated string: unblock all
WARNING: untranslated string: uncheck all
WARNING: untranslated string: uplink
WARNING: untranslated string: upload dh key
WARNING: translation string unused: generatereport
WARNING: translation string unused: genkey
WARNING: translation string unused: green interface
+WARNING: translation string unused: guardian alertfile
+WARNING: translation string unused: guardian ignorefile
+WARNING: translation string unused: guardian interface
+WARNING: translation string unused: guardian timelimit
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
WARNING: translation string unused: host
WARNING: untranslated string: advproxy group access control
WARNING: untranslated string: advproxy group required
WARNING: untranslated string: application layer gateways
+WARNING: untranslated string: block
WARNING: untranslated string: bytes
WARNING: untranslated string: check all
WARNING: untranslated string: dhcp dns enable update
WARNING: untranslated string: geoipblock country is allowed
WARNING: untranslated string: geoipblock country is blocked
WARNING: untranslated string: geoipblock enable feature
+WARNING: untranslated string: guardian
+WARNING: untranslated string: guardian block a host
+WARNING: untranslated string: guardian block httpd brute-force
+WARNING: untranslated string: guardian block owncloud brute-force
+WARNING: untranslated string: guardian block ssh brute-force
+WARNING: untranslated string: guardian blockcount
+WARNING: untranslated string: guardian blocked hosts
+WARNING: untranslated string: guardian blocking of this address is not allowed
+WARNING: untranslated string: guardian blocktime
+WARNING: untranslated string: guardian common settings
+WARNING: untranslated string: guardian daemon
+WARNING: untranslated string: guardian empty input
+WARNING: untranslated string: guardian enabled
+WARNING: untranslated string: guardian firewallaction
+WARNING: untranslated string: guardian ignored hosts
+WARNING: untranslated string: guardian invalid address or subnet
+WARNING: untranslated string: guardian invalid blockcount
+WARNING: untranslated string: guardian invalid blocktime
+WARNING: untranslated string: guardian invalid logfile
+WARNING: untranslated string: guardian logfacility
+WARNING: untranslated string: guardian loglevel
+WARNING: untranslated string: guardian no entries
+WARNING: untranslated string: guardian priority level
+WARNING: untranslated string: guardian service
+WARNING: untranslated string: guardian watch snort alertfile
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: incoming compression in bytes per second
WARNING: untranslated string: incoming overhead in bytes per second
WARNING: untranslated string: samba join a domain
WARNING: untranslated string: samba join domain
WARNING: untranslated string: search
+WARNING: untranslated string: unblock
+WARNING: untranslated string: unblock all
WARNING: untranslated string: uncheck all
WARNING: untranslated string: vpn force mobike
WARNING: untranslated string: vpn statistic n2n
WARNING: translation string unused: generatereport
WARNING: translation string unused: genkey
WARNING: translation string unused: green interface
+WARNING: translation string unused: guardian alertfile
+WARNING: translation string unused: guardian ignorefile
+WARNING: translation string unused: guardian interface
+WARNING: translation string unused: guardian timelimit
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
WARNING: translation string unused: host
WARNING: untranslated string: advproxy group required
WARNING: untranslated string: application layer gateways
WARNING: untranslated string: atm device
+WARNING: untranslated string: block
WARNING: untranslated string: bytes
WARNING: untranslated string: capabilities
WARNING: untranslated string: check all
WARNING: untranslated string: geoipblock country is allowed
WARNING: untranslated string: geoipblock country is blocked
WARNING: untranslated string: geoipblock enable feature
+WARNING: untranslated string: guardian
+WARNING: untranslated string: guardian block a host
+WARNING: untranslated string: guardian block httpd brute-force
+WARNING: untranslated string: guardian block owncloud brute-force
+WARNING: untranslated string: guardian block ssh brute-force
+WARNING: untranslated string: guardian blockcount
+WARNING: untranslated string: guardian blocked hosts
+WARNING: untranslated string: guardian blocking of this address is not allowed
+WARNING: untranslated string: guardian blocktime
+WARNING: untranslated string: guardian common settings
+WARNING: untranslated string: guardian daemon
+WARNING: untranslated string: guardian empty input
+WARNING: untranslated string: guardian enabled
+WARNING: untranslated string: guardian firewallaction
+WARNING: untranslated string: guardian ignored hosts
+WARNING: untranslated string: guardian invalid address or subnet
+WARNING: untranslated string: guardian invalid blockcount
+WARNING: untranslated string: guardian invalid blocktime
+WARNING: untranslated string: guardian invalid logfile
+WARNING: untranslated string: guardian logfacility
+WARNING: untranslated string: guardian loglevel
+WARNING: untranslated string: guardian no entries
+WARNING: untranslated string: guardian priority level
+WARNING: untranslated string: guardian service
+WARNING: untranslated string: guardian watch snort alertfile
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: imei
WARNING: untranslated string: imsi
WARNING: untranslated string: software version
WARNING: untranslated string: source ip country
WARNING: untranslated string: ta key
+WARNING: untranslated string: unblock
+WARNING: untranslated string: unblock all
WARNING: untranslated string: uncheck all
WARNING: untranslated string: upload dh key
WARNING: untranslated string: vendor
WARNING: translation string unused: geoipblock country name
WARNING: translation string unused: geoipblock flag
WARNING: translation string unused: green interface
+WARNING: translation string unused: guardian alertfile
+WARNING: translation string unused: guardian ignorefile
+WARNING: translation string unused: guardian interface
+WARNING: translation string unused: guardian timelimit
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
WARNING: translation string unused: host
WARNING: untranslated string: atm device
WARNING: untranslated string: attention
WARNING: untranslated string: bit
+WARNING: untranslated string: block
WARNING: untranslated string: bytes
WARNING: untranslated string: capabilities
WARNING: untranslated string: ccd add
WARNING: untranslated string: gen dh
WARNING: untranslated string: generate dh key
WARNING: untranslated string: grouptype
+WARNING: untranslated string: guardian
+WARNING: untranslated string: guardian block a host
+WARNING: untranslated string: guardian block httpd brute-force
+WARNING: untranslated string: guardian block owncloud brute-force
+WARNING: untranslated string: guardian block ssh brute-force
+WARNING: untranslated string: guardian blockcount
+WARNING: untranslated string: guardian blocked hosts
+WARNING: untranslated string: guardian blocking of this address is not allowed
+WARNING: untranslated string: guardian blocktime
+WARNING: untranslated string: guardian common settings
+WARNING: untranslated string: guardian daemon
+WARNING: untranslated string: guardian empty input
+WARNING: untranslated string: guardian enabled
+WARNING: untranslated string: guardian firewallaction
+WARNING: untranslated string: guardian ignored hosts
+WARNING: untranslated string: guardian invalid address or subnet
+WARNING: untranslated string: guardian invalid blockcount
+WARNING: untranslated string: guardian invalid blocktime
+WARNING: untranslated string: guardian invalid logfile
+WARNING: untranslated string: guardian logfacility
+WARNING: untranslated string: guardian loglevel
+WARNING: untranslated string: guardian no entries
+WARNING: untranslated string: guardian priority level
+WARNING: untranslated string: guardian service
+WARNING: untranslated string: guardian watch snort alertfile
WARNING: untranslated string: hardware support
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: imei
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: unblock
+WARNING: untranslated string: unblock all
WARNING: untranslated string: uncheck all
WARNING: untranslated string: uplink
WARNING: untranslated string: upload dh key
WARNING: translation string unused: generatereport
WARNING: translation string unused: genkey
WARNING: translation string unused: green interface
+WARNING: translation string unused: guardian alertfile
+WARNING: translation string unused: guardian ignorefile
+WARNING: translation string unused: guardian interface
+WARNING: translation string unused: guardian timelimit
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
WARNING: translation string unused: host
WARNING: untranslated string: atm device
WARNING: untranslated string: attention
WARNING: untranslated string: bit
+WARNING: untranslated string: block
WARNING: untranslated string: bytes
WARNING: untranslated string: capabilities
WARNING: untranslated string: ccd add
WARNING: untranslated string: geoipblock country is blocked
WARNING: untranslated string: geoipblock enable feature
WARNING: untranslated string: grouptype
+WARNING: untranslated string: guardian
+WARNING: untranslated string: guardian block a host
+WARNING: untranslated string: guardian block httpd brute-force
+WARNING: untranslated string: guardian block owncloud brute-force
+WARNING: untranslated string: guardian block ssh brute-force
+WARNING: untranslated string: guardian blockcount
+WARNING: untranslated string: guardian blocked hosts
+WARNING: untranslated string: guardian blocking of this address is not allowed
+WARNING: untranslated string: guardian blocktime
+WARNING: untranslated string: guardian common settings
+WARNING: untranslated string: guardian daemon
+WARNING: untranslated string: guardian empty input
+WARNING: untranslated string: guardian enabled
+WARNING: untranslated string: guardian firewallaction
+WARNING: untranslated string: guardian ignored hosts
+WARNING: untranslated string: guardian invalid address or subnet
+WARNING: untranslated string: guardian invalid blockcount
+WARNING: untranslated string: guardian invalid blocktime
+WARNING: untranslated string: guardian invalid logfile
+WARNING: untranslated string: guardian logfacility
+WARNING: untranslated string: guardian loglevel
+WARNING: untranslated string: guardian no entries
+WARNING: untranslated string: guardian priority level
+WARNING: untranslated string: guardian service
+WARNING: untranslated string: guardian watch snort alertfile
WARNING: untranslated string: hardware support
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: imei
WARNING: untranslated string: tor traffic limit soft
WARNING: untranslated string: tor traffic read written
WARNING: untranslated string: tor use exit nodes
+WARNING: untranslated string: unblock
+WARNING: untranslated string: unblock all
WARNING: untranslated string: uncheck all
WARNING: untranslated string: uplink
WARNING: untranslated string: upload dh key
WARNING: translation string unused: bewan adsl usb
WARNING: translation string unused: bitrate
WARNING: translation string unused: bleeding rules
-WARNING: translation string unused: block
WARNING: translation string unused: blue access use hint
WARNING: translation string unused: blue interface
WARNING: translation string unused: cache management
WARNING: translation string unused: geoipblock country name
WARNING: translation string unused: geoipblock flag
WARNING: translation string unused: green interface
+WARNING: translation string unused: guardian alertfile
+WARNING: translation string unused: guardian ignorefile
+WARNING: translation string unused: guardian interface
+WARNING: translation string unused: guardian timelimit
WARNING: translation string unused: gz with key
WARNING: translation string unused: hint
WARNING: translation string unused: host
WARNING: translation string unused: tripwirewarningpolicy
WARNING: translation string unused: umount
WARNING: translation string unused: umount removable media before to unplug
-WARNING: translation string unused: unblock
-WARNING: translation string unused: unblock all
WARNING: translation string unused: unencrypted
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: untranslated string: bytes
WARNING: untranslated string: fwhost cust geoipgrp
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: guardian
+WARNING: untranslated string: guardian block a host
+WARNING: untranslated string: guardian block httpd brute-force
+WARNING: untranslated string: guardian block owncloud brute-force
+WARNING: untranslated string: guardian block ssh brute-force
+WARNING: untranslated string: guardian blockcount
+WARNING: untranslated string: guardian blocked hosts
+WARNING: untranslated string: guardian blocking of this address is not allowed
+WARNING: untranslated string: guardian blocktime
+WARNING: untranslated string: guardian common settings
+WARNING: untranslated string: guardian daemon
+WARNING: untranslated string: guardian empty input
+WARNING: untranslated string: guardian enabled
+WARNING: untranslated string: guardian firewallaction
+WARNING: untranslated string: guardian ignored hosts
+WARNING: untranslated string: guardian invalid address or subnet
+WARNING: untranslated string: guardian invalid blockcount
+WARNING: untranslated string: guardian invalid blocktime
+WARNING: untranslated string: guardian invalid logfile
+WARNING: untranslated string: guardian logfacility
+WARNING: untranslated string: guardian loglevel
+WARNING: untranslated string: guardian no entries
+WARNING: untranslated string: guardian priority level
+WARNING: untranslated string: guardian service
+WARNING: untranslated string: guardian watch snort alertfile
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
WARNING: untranslated string: info messages
WARNING: untranslated string: no data
< geoipblock enable feature
< geoipblock flag
< grouptype
+< guardian
+< guardian block a host
+< guardian blockcount
+< guardian blocked hosts
+< guardian block httpd brute-force
+< guardian blocking of this address is not allowed
+< guardian block owncloud brute-force
+< guardian block ssh brute-force
+< guardian blocktime
+< guardian common settings
+< guardian daemon
+< guardian empty input
+< guardian enabled
+< guardian firewallaction
+< guardian ignored hosts
+< guardian invalid address or subnet
+< guardian logfacility
+< guardian loglevel
+< guardian no entries
+< guardian priority level
+< guardian service
+< guardian watch snort alertfile
< hardware support
< imei
< imsi
< gen dh
< generate dh key
< grouptype
+< guardian
+< guardian block a host
+< guardian blockcount
+< guardian blocked hosts
+< guardian block httpd brute-force
+< guardian blocking of this address is not allowed
+< guardian block owncloud brute-force
+< guardian block ssh brute-force
+< guardian blocktime
+< guardian common settings
+< guardian daemon
+< guardian empty input
+< guardian enabled
+< guardian firewallaction
+< guardian ignored hosts
+< guardian invalid address or subnet
+< guardian logfacility
+< guardian loglevel
+< guardian no entries
+< guardian priority level
+< guardian service
+< guardian watch snort alertfile
< hardware support
< imei
< imsi
< geoipblock enable feature
< geoipblock flag
< grouptype
+< guardian
+< guardian block a host
+< guardian blockcount
+< guardian blocked hosts
+< guardian block httpd brute-force
+< guardian blocking of this address is not allowed
+< guardian block owncloud brute-force
+< guardian block ssh brute-force
+< guardian blocktime
+< guardian common settings
+< guardian daemon
+< guardian empty input
+< guardian enabled
+< guardian firewallaction
+< guardian ignored hosts
+< guardian invalid address or subnet
+< guardian logfacility
+< guardian loglevel
+< guardian no entries
+< guardian priority level
+< guardian service
+< guardian watch snort alertfile
< hardware support
< imei
< imsi
< geoipblock enable feature
< geoipblock flag
< grouptype
+< guardian
+< guardian block a host
+< guardian blockcount
+< guardian blocked hosts
+< guardian block httpd brute-force
+< guardian blocking of this address is not allowed
+< guardian block owncloud brute-force
+< guardian block ssh brute-force
+< guardian blocktime
+< guardian common settings
+< guardian daemon
+< guardian empty input
+< guardian enabled
+< guardian firewallaction
+< guardian ignored hosts
+< guardian invalid address or subnet
+< guardian logfacility
+< guardian loglevel
+< guardian no entries
+< guardian priority level
+< guardian service
+< guardian watch snort alertfile
< hardware support
< hour-graph
< imei
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2016 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+use Locale::Codes::Country;
+use Guardian::Socket;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+#workaround to suppress a warning when a variable is used only once
+my @dummy = (
+ ${Header::colourred},
+ ${Header::colourgreen}
+);
+
+undef (@dummy);
+
+my $string=();
+my $memory=();
+my @memory=();
+my @pid=();
+my @guardian=();
+
+# Path to the guardian.ignore file.
+my $ignorefile ='/var/ipfire/guardian/guardian.ignore';
+
+# Hash which contains the supported modules and the
+# file locations on IPFire systems.
+my %module_file_locations = (
+ "HTTPD" => "/var/log/httpd/error_log",
+ "OWNCLOUD" => "/var/owncloud/data/owncloud.log",
+ "SNORT" => "/var/log/snort/alert",
+ "SSH" => "/var/log/messages",
+);
+
+our %netsettings = ();
+&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+our %color = ();
+our %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+# Pakfire meta file for owncloud.
+# (File exists when the addon is installed.)
+my $owncloud_meta = "/opt/pakfire/db/installed/meta-owncloud";
+
+
+# File declarations.
+my $settingsfile = "${General::swroot}/guardian/settings";
+my $ignoredfile = "${General::swroot}/guardian/ignored";
+
+# Create empty settings and ignoredfile if they do not exist yet.
+unless (-e "$settingsfile") { system("touch $settingsfile"); }
+unless (-e "$ignoredfile") { system("touch $ignoredfile"); }
+
+our %settings = ();
+our %ignored = ();
+
+$settings{'ACTION'} = '';
+
+$settings{'GUARDIAN_ENABLED'} = 'off';
+$settings{'GUARDIAN_MONITOR_SNORT'} = 'on';
+$settings{'GUARDIAN_MONITOR_SSH'} = 'on';
+$settings{'GUARDIAN_MONITOR_HTTPD'} = 'on';
+$settings{'GUARDIAN_MONITOR_OWNCLOUD'} = '';
+$settings{'GUARDIAN_LOG_FACILITY'} = 'syslog';
+$settings{'GUARDIAN_LOGLEVEL'} = 'info';
+$settings{'GUARDIAN_BLOCKCOUNT'} = '3';
+$settings{'GUARDIAN_BLOCKTIME'} = '86400';
+$settings{'GUARDIAN_FIREWALL_ACTION'} = 'DROP';
+$settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
+$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'} = '3';
+
+# Default settings for owncloud if installed.
+if ( -e "$owncloud_meta") {
+ $settings{'GUARDIAN_MONITOR_OWNCLOUD'} = 'off';
+}
+
+my $errormessage = '';
+
+&Header::showhttpheaders();
+
+# Get GUI values.
+&Header::getcgihash(\%settings);
+
+# Check if guardian is running and grab some stats.
+&daemonstats();
+my $pid = $pid[0];
+
+## Perform input checks and save settings.
+#
+if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
+ # Check for valid blocktime.
+ unless(($settings{'GUARDIAN_BLOCKTIME'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKTIME'} ne "0")) {
+ $errormessage = "$Lang::tr{'guardian invalid blocktime'}";
+ }
+
+ # Check if the bloccount is valid.
+ unless(($settings{'GUARDIAN_BLOCKCOUNT'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKCOUNT'} ne "0")) {
+ $errormessage = "$Lang::tr{'guardian invalid blockcount'}";
+ }
+
+ # Check Logfile.
+ unless($settings{'GUARDIAN_LOGFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
+ $errormessage = "$Lang::tr{'guardian invalid logfile'}";
+ }
+
+ # Only continue if no error message has been set.
+ if($errormessage eq '') {
+ # Write configuration settings to file.
+ &General::writehash("${General::swroot}/guardian/settings", \%settings);
+
+ # Update configuration files.
+ &BuildConfiguration();
+ }
+
+## Add/edit an entry to the ignore file.
+#
+} elsif (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::tr{'update'})) {
+
+ # Check if any input has been performed.
+ if ($settings{'IGNORE_ENTRY_ADDRESS'} ne '') {
+
+ # Check if the given input is no valid IP-address or IP-address with subnet, display an error message.
+ if ((!&General::validip($settings{'IGNORE_ENTRY_ADDRESS'})) && (!&General::validipandmask($settings{'IGNORE_ENTRY_ADDRESS'}))) {
+ $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
+ }
+ } else {
+ $errormessage = "$Lang::tr{'guardian empty input'}";
+ }
+
+ # Go further if there was no error.
+ if ($errormessage eq '') {
+ my %ignored = ();
+ my $id;
+ my $status;
+
+ # Assign hash values.
+ my $new_entry_address = $settings{'IGNORE_ENTRY_ADDRESS'};
+ my $new_entry_remark = $settings{'IGNORE_ENTRY_REMARK'};
+
+ # Read-in ignoredfile.
+ &General::readhasharray($ignoredfile, \%ignored);
+
+ # Check if we should edit an existing entry and got an ID.
+ if (($settings{'ACTION'} eq $Lang::tr{'update'}) && ($settings{'ID'})) {
+ # Assin the provided id.
+ $id = $settings{'ID'};
+
+ # Undef the given ID.
+ undef($settings{'ID'});
+
+ # Grab the configured status of the corresponding entry.
+ $status = $ignored{$id}[2];
+ } else {
+ # Each newly added entry automatically should be enabled.
+ $status = "enabled";
+
+ # Generate the ID for the new entry.
+ #
+ # Sort the keys by it's ID and store them in an array.
+ my @keys = sort { $a <=> $b } keys %ignored;
+
+ # Reverse the key array.
+ my @reversed = reverse(@keys);
+
+ # Obtain the last used id.
+ my $last_id = @reversed[0];
+
+ # Increase the last id by one and use it as id for the new entry.
+ $id = ++$last_id;
+ }
+
+ # Add/Modify the entry to/in the ignored hash.
+ $ignored{$id} = ["$new_entry_address", "$new_entry_remark", "$status"];
+
+ # Write the changed ignored hash to the ignored file.
+ &General::writehasharray($ignoredfile, \%ignored);
+
+ # Regenerate the ignore file.
+ &GenerateIgnoreFile();
+ }
+
+ # Check if guardian is running.
+ if ($pid > 0) {
+ # Send reload command through socket connection.
+ &Guardian::Socket::Client("reload-ignore-list");
+ }
+
+## Toggle Enabled/Disabled for an existing entry on the ignore list.
+#
+
+} elsif ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
+ my %ignored = ();
+
+ # Only go further, if an ID has been passed.
+ if ($settings{'ID'}) {
+ # Assign the given ID.
+ my $id = $settings{'ID'};
+
+ # Undef the given ID.
+ undef($settings{'ID'});
+
+ # Read-in ignoredfile.
+ &General::readhasharray($ignoredfile, \%ignored);
+
+ # Grab the configured status of the corresponding entry.
+ my $status = $ignored{$id}[2];
+
+ # Switch the status.
+ if ($status eq "disabled") {
+ $status = "enabled";
+ } else {
+ $status = "disabled";
+ }
+
+ # Modify the status of the existing entry.
+ $ignored{$id} = ["$ignored{$id}[0]", "$ignored{$id}[1]", "$status"];
+
+ # Write the changed ignored hash to the ignored file.
+ &General::writehasharray($ignoredfile, \%ignored);
+
+ # Regenerate the ignore file.
+ &GenerateIgnoreFile();
+
+ # Check if guardian is running.
+ if ($pid > 0) {
+ # Send reload command through socket connection.
+ &Guardian::Socket::Client("reload-ignore-list");
+ }
+ }
+
+## Remove entry from ignore list.
+#
+} elsif ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
+ my %ignored = ();
+
+ # Read-in ignoredfile.
+ &General::readhasharray($ignoredfile, \%ignored);
+
+ # Drop entry from the hash.
+ delete($ignored{$settings{'ID'}});
+
+ # Undef the given ID.
+ undef($settings{'ID'});
+
+ # Write the changed ignored hash to the ignored file.
+ &General::writehasharray($ignoredfile, \%ignored);
+
+ # Regenerate the ignore file.
+ &GenerateIgnoreFile();
+
+ # Check if guardian is running.
+ if ($pid > 0) {
+ # Send reload command through socket connection.
+ &Guardian::Socket::Client("reload-ignore-list");
+ }
+
+## Block a user given address or subnet.
+#
+} elsif ($settings{'ACTION'} eq $Lang::tr{'block'}) {
+
+ # Assign some temporary variables used for input validation.
+ my $input = $settings{'ADDRESS_BLOCK'};
+ my $green = $netsettings{'GREEN_ADDRESS'};
+ my $blue = $netsettings{'BLUE_ADDRESS'};
+ my $orange = $netsettings{'ORANGE_ADDRESS'};
+ my $red = $netsettings{'RED_ADDRESS'};
+
+ # File declarations.
+ my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
+ my $dns1file = "${General::swroot}/red/dns1";
+ my $dns2file = "${General::swroot}/red/dns2";
+
+ # Get gateway address.
+ my $gateway = &_get_address_from_file($gatewayfile);
+
+ # Get addresses from the used dns servers.
+ my $dns1 = &_get_address_from_file($dns1file);
+ my $dns2 = &_get_address_from_file($dns2file);
+
+ # Check if any input has been performed.
+ if ($input eq '') {
+ $errormessage = "$Lang::tr{'guardian empty input'}";
+ }
+
+ # Check if the given input is localhost (127.0.0.1).
+ elsif ($input eq "127.0.0.1") {
+ $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
+ }
+
+ # Check if the given input is anywhere (0.0.0.0).
+ elsif ($input eq "0.0.0.0") {
+ $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
+ }
+
+ # Check if the given input is one of the interface addresses or our gateway.
+ elsif ($input eq "$green" || $input eq "$blue" || $input eq "$orange" || $input eq "$red" || $input eq "$gateway" || $input eq "$dns1" || $input eq "$dns2") {
+ $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
+ }
+
+ # Check if the given input is a valid IP address.
+ elsif (!&General::validip($input)) {
+ $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
+ }
+
+ # Go further if there was no error.
+ if ($errormessage eq '') {
+ my $block = $settings{'ADDRESS_BLOCK'};
+
+ # Send command to block the specified address through socket connection.
+ &Guardian::Socket::Client("block $block");
+ }
+
+## Unblock address or subnet.
+#
+} elsif ($settings{'ACTION'} eq $Lang::tr{'unblock'}) {
+
+ # Check if no empty input has been performed.
+ if ($settings{'ADDRESS_UNBLOCK'} ne '') {
+
+ # Check if the given input is no valid IP-address or IP-address with subnet, display an error message.
+ if ((!&General::validip($settings{'ADDRESS_UNBLOCK'})) && (!&General::validipandmask($settings{'ADDRESS_UNBLOCK'}))) {
+ $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
+ }
+
+ } else {
+ $errormessage = "$Lang::tr{'guardian empty input'}";
+ }
+
+ # Go further if there was no error.
+ if ($errormessage eq '') {
+ my $unblock = $settings{'ADDRESS_UNBLOCK'};
+
+ # Send command to unblock the given address through socket connection.
+ &Guardian::Socket::Client("unblock $unblock");
+ }
+
+## Unblock all.
+#
+} elsif ($settings{'ACTION'} eq $Lang::tr{'unblock all'}) {
+
+ # Send flush command through socket connection.
+ &Guardian::Socket::Client("flush");
+}
+
+# Load settings from files.
+&General::readhash("${General::swroot}/guardian/settings", \%settings);
+&General::readhasharray("${General::swroot}/guardian/ignored", \%ignored);
+
+# Call functions to generate whole page.
+&showMainBox();
+&showIgnoreBox();
+
+# Display area only if guardian is running.
+if ( ($memory != 0) && ($pid > 0) ) {
+ &showBlockedBox();
+}
+
+# Function to display the status of guardian and allow base configuration.
+sub showMainBox() {
+ my %checked = ();
+ my %selected = ();
+
+ $checked{'GUARDIAN_ENABLED'}{'on'} = '';
+ $checked{'GUARDIAN_ENABLED'}{'off'} = '';
+ $checked{'GUARDIAN_ENABLED'}{$settings{'GUARDIAN_ENABLED'}} = 'checked';
+ $checked{'GUARDIAN_MONITOR_SNORT'}{'off'} = '';
+ $checked{'GUARDIAN_MONITOR_SNORT'}{'on'} = '';
+ $checked{'GUARDIAN_MONITOR_SNORT'}{$settings{'GUARDIAN_MONITOR_SNORT'}} = "checked='checked'";
+ $checked{'GUARDIAN_MONITOR_SSH'}{'off'} = '';
+ $checked{'GUARDIAN_MONITOR_SSH'}{'on'} = '';
+ $checked{'GUARDIAN_MONITOR_SSH'}{$settings{'GUARDIAN_MONITOR_SSH'}} = "checked='checked'";
+ $checked{'GUARDIAN_MONITOR_HTTPD'}{'off'} = '';
+ $checked{'GUARDIAN_MONITOR_HTTPD'}{'on'} = '';
+ $checked{'GUARDIAN_MONITOR_HTTPD'}{$settings{'GUARDIAN_MONITOR_HTTPD'}} = "checked='checked'";
+ $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} = '';
+ $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} = '';
+ $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{$settings{'GUARDIAN_MONITOR_OWNCLOUD'}} = "checked='checked'";
+
+ $selected{'GUARDIAN_LOG_FACILITY'}{$settings{'GUARDIAN_LOG_FACILITY'}} = 'selected';
+ $selected{'GUARDIAN_LOGLEVEL'}{$settings{'GUARDIAN_LOGLEVEL'}} = 'selected';
+ $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}} = 'selected';
+ $selected{'GUARDIAN_FIREWALL_ACTION'}{$settings{'GUARDIAN_FIREWALL_ACTION'}} = 'selected';
+
+ &Header::openpage($Lang::tr{'guardian configuration'}, 1, '');
+ &Header::openbigbox('100%', 'left', '', $errormessage);
+
+ # Print errormessage if there is one.
+ if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<font class='base'>$errormessage </font>\n";
+ &Header::closebox();
+ }
+
+ ### Java Script ###
+ print<<END;
+ <script>
+ var update_options = function() {
+
+ var logfacility = \$("#GUARDIAN_LOG_FACILITY").val();
+ var loglevel = \$("#GUARDIAN_LOGLEVEL").val();
+
+ if (logfacility === undefined)
+ return;
+
+ if (loglevel === undefined)
+ return;
+
+ // Show / Hide input for specifying the path to the logfile.
+ if (logfacility === "file") {
+ \$(".GUARDIAN_LOGFILE").show();
+ } else {
+ \$(".GUARDIAN_LOGFILE").hide();
+ }
+
+ // Show / Hide loglevel debug if the facility is set to syslog.
+ if (logfacility === "syslog") {
+ \$("#loglevel_debug").hide();
+ } else {
+ \$("#loglevel_debug").show();
+ }
+
+ // Show / Hide logfacility syslog if the loglevel is set to debug.
+ if (loglevel === "debug") {
+ \$("#logfacility_syslog").hide();
+ } else {
+ \$("#logfacility_syslog").show();
+ }
+ };
+
+ \$(document).ready(function() {
+ \$("#GUARDIAN_LOG_FACILITY").change(update_options);
+ \$("#GUARDIAN_LOGLEVEL").change(update_options);
+ update_options();
+
+ // Show / Hide snort priority level option, based if
+ // snort is enabled / disabled.
+ if (\$('input[name=GUARDIAN_MONITOR_SNORT]:checked').val() == 'on') {
+ \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').show();
+ } else {
+ \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').hide();
+ }
+
+ // Show/Hide snort priority level when GUARDIAN_MONITOR_SNORT get changed.
+ \$('input[name=GUARDIAN_MONITOR_SNORT]').change(function() {
+ \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').toggle();
+ });
+ });
+ </script>
+END
+
+
+
+ # Draw current guardian state.
+ &Header::openbox('100%', 'center', $Lang::tr{'guardian'});
+
+ # Get current status of guardian.
+ &daemonstats();
+ $pid = $pid[0];
+
+ # Display some useful information related to guardian, if daemon is running.
+ if ( ($memory != 0) && ($pid > 0) ){
+ print <<END;
+ <table width='95%' cellspacing='0' class='tbl'>
+ <tr>
+ <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'guardian service'}</strong></th>
+ </tr>
+ <tr>
+ <td class='base'>$Lang::tr{'guardian daemon'}</td>
+ <td align='center' colspan='2' width='75%' bgcolor='${Header::colourgreen}'><font color='white'><strong>$Lang::tr{'running'}</strong></font></td>
+ </tr>
+ <tr>
+ <td class='base'></td>
+ <td bgcolor='$color{'color20'}' align='center'><strong>PID</strong></td>
+ <td bgcolor='$color{'color20'}' align='center'><strong>$Lang::tr{'memory'}</strong></td>
+ </tr>
+ <tr>
+ <td class='base'></td>
+ <td bgcolor='$color{'color22'}' align='center'>$pid</td>
+ <td bgcolor='$color{'color22'}' align='center'>$memory KB</td>
+ </tr>
+ </table>
+END
+ } else {
+ # Otherwise display a hint that the service is not launched.
+ print <<END;
+ <table width='95%' cellspacing='0' class='tbl'>
+ <tr>
+ <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'guardian service'}</strong></th>
+ </tr>
+ <tr>
+ <td class='base'>$Lang::tr{'guardian daemon'}</td>
+ <td align='center' width='75%' bgcolor='${Header::colourred}'><font color='white'><strong>$Lang::tr{'stopped'}</strong></font></td>
+ </tr>
+ </table>
+END
+ }
+
+ &Header::closebox();
+
+ # Draw elements for guardian configuration.
+ &Header::openbox('100%', 'center', $Lang::tr{'guardian configuration'});
+
+ print <<END;
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+
+ <table width='95%'>
+ <tr>
+ <td colspan='2' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian common settings'}</b></td>
+ </tr>
+ <tr>
+ <td width='20%' class='base'>$Lang::tr{'guardian enabled'}:</td>
+ <td><input type='checkbox' name='GUARDIAN_ENABLED' $checked{'GUARDIAN_ENABLED'}{'on'} /></td>
+ </tr>
+ <tr>
+ <td colspan='2'><br></td>
+ </tr>
+ <tr>
+ <td width='20%' class='base'>$Lang::tr{'guardian watch snort alertfile'}</td>
+ <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SNORT' value='on' $checked{'GUARDIAN_MONITOR_SNORT'}{'on'} /> /
+ <input type='radio' name='GUARDIAN_MONITOR_SNORT' value='off' $checked{'GUARDIAN_MONITOR_SNORT'}{'off'} /> off</td>
+ </tr>
+ <tr>
+ <td width='20%' class='base'>$Lang::tr{'guardian block ssh brute-force'}</td>
+ <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SSH' value='on' $checked{'GUARDIAN_MONITOR_SSH'}{'on'} /> /
+ <input type='radio' name='GUARDIAN_MONITOR_SSH' value='off' $checked{'GUARDIAN_MONITOR_SSH'}{'off'} /> off</td>
+ </tr>
+ <tr>
+ <td width='20%' class='base'>$Lang::tr{'guardian block httpd brute-force'}</td>
+ <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='on' $checked{'GUARDIAN_MONITOR_HTTPD'}{'on'} /> /
+ <input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='off' $checked{'GUARDIAN_MONITOR_HTTPD'}{'off'} /> off</td>
+ </tr>
+END
+ # Display owncloud checkbox when the addon is installed.
+ if ( -e "$owncloud_meta" ) {
+ print"<tr>\n";
+ print"<td width='20%' class='base'>$Lang::tr{'guardian block owncloud brute-force'}</td>\n";
+ print"<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='on' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} /> /\n";
+ print"<input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='off' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} /> off</td>\n";
+ print"</tr>\n";
+ }
+ print <<END;
+ <tr>
+ <td colspan='2'><br></td>
+ </tr>
+ <tr>
+ <td align='left' width='20%'>$Lang::tr{'guardian logfacility'}:</td>
+ <td><select id='GUARDIAN_LOG_FACILITY' name='GUARDIAN_LOG_FACILITY'>
+ <option id='logfacility_syslog' value='syslog' $selected{'GUARDIAN_LOG_FACILITY'}{'syslog'}>syslog</option>
+ <option id='logfacility_file' value='file' $selected{'GUARDIAN_LOG_FACILITY'}{'file'}>file</option>
+ <option id='logfacility_console' value='console' $selected{'GUARDIAN_LOG_FACILITY'}{'console'}>console</option>
+ </select></td>
+ </tr>
+ <tr>
+ <td colspan='2'><br></td>
+ </tr>
+ <tr>
+ <td align='left' width='20%'>$Lang::tr{'guardian loglevel'}:</td>
+ <td><select id='GUARDIAN_LOGLEVEL' name='GUARDIAN_LOGLEVEL'>
+ <option id='loglevel_off' value='off' $selected{'GUARDIAN_LOGLEVEL'}{'off'}>off</option>
+ <option id='loglevel_info' value='info' $selected{'GUARDIAN_LOGLEVEL'}{'info'}>info</option>
+ <option id='loglevel_debug' value='debug' $selected{'GUARDIAN_LOGLEVEL'}{'debug'}>debug</option>
+ </select></td>
+ </tr>
+ <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
+ <td colspan='2'><br></td>
+ </tr>
+ <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
+ <td align='left' width='20%'>$Lang::tr{'guardian priority level'}:</td>
+ <td><select name='GUARDIAN_SNORT_PRIORITY_LEVEL'>
+ <option value='1' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'1'}>1</option>
+ <option value='2' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'2'}>2</option>
+ <option value='3' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'3'}>3</option>
+ <option value='4' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'4'}>4</option>
+ </select></td>
+ </tr>
+ <tr>
+ <td colspan='2'><br></td>
+ </tr>
+ <tr>
+ <td width='20%' class='base'>$Lang::tr{'guardian firewallaction'}:</td>
+ <td><select name='GUARDIAN_FIREWALL_ACTION'>
+ <option value='DROP' $selected{'GUARDIAN_FIREWALL_ACTION'}{'DROP'}>Drop</option>
+ <option value='REJECT' $selected{'GUARDIAN_FIREWALL_ACTION'}{'REJECT'}>Reject</option>
+ </select></td>
+ </tr>
+ <tr>
+ <td colspan='2'><br></td>
+ </tr>
+ <tr>
+ <td width='20%' class='base'>$Lang::tr{'guardian blockcount'}:</td>
+ <td><input type='text' name='GUARDIAN_BLOCKCOUNT' value='$settings{'GUARDIAN_BLOCKCOUNT'}' size='5' /></td>
+ </tr>
+ <tr>
+ <td width='20%' class='base'>$Lang::tr{'guardian blocktime'}:</td>
+ <td><input type='text' name='GUARDIAN_BLOCKTIME' value='$settings{'GUARDIAN_BLOCKTIME'}' size='10' /></td>
+ </tr>
+ <tr class="GUARDIAN_LOGFILE">
+ <td width='20%' class='base'>$Lang::tr{'guardian logfile'}:</td>
+ <td><input type='text' name='GUARDIAN_LOGFILE' value='$settings{'GUARDIAN_LOGFILE'}' size='30' /></td>
+ </tr>
+ </table>
+END
+
+ print <<END;
+ <hr>
+
+ <table width='95%'>
+ <tr>
+ <td> </td>
+ <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+ <td> </td>
+ </tr>
+ </table>
+ </form>
+END
+
+ &Header::closebox();
+}
+
+# Function to show elements of the guardian ignorefile and allow to add or remove single members of it.
+sub showIgnoreBox() {
+ &Header::openbox('100%', 'center', $Lang::tr{'guardian ignored hosts'});
+
+ print <<END;
+ <table width='80%'>
+ <tr>
+ <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'ip address'}</b></td>
+ <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'remark'}</b></td>
+ <td class='base' colspan='3' bgcolor='$color{'color20'}'></td>
+ </tr>
+END
+ # Check if some hosts have been add to be ignored.
+ if (keys (%ignored)) {
+ my $col = "";
+
+ # Loop through all entries of the hash..
+ while( (my $key) = each %ignored) {
+ # Assign data array positions to some nice variable names.
+ my $address = $ignored{$key}[0];
+ my $remark = $ignored{$key}[1];
+ my $status = $ignored{$key}[2];
+
+ # Check if the key (id) number is even or not.
+ if ($settings{'ID'} eq $key) {
+ $col="bgcolor='${Header::colouryellow}'";
+ } elsif ($key % 2) {
+ $col="bgcolor='$color{'color22'}'";
+ } else {
+ $col="bgcolor='$color{'color20'}'";
+ }
+
+ # Choose icon for the checkbox.
+ my $gif;
+ my $gdesc;
+
+ # Check if the status is enabled and select the correct image and description.
+ if ($status eq 'enabled' ) {
+ $gif = 'on.gif';
+ $gdesc = $Lang::tr{'click to disable'};
+ } else {
+ $gif = 'off.gif';
+ $gdesc = $Lang::tr{'click to enable'};
+ }
+
+ print <<END;
+ <tr>
+ <td width='20%' class='base' $col>$address</td>
+ <td width='65%' class='base' $col>$remark</td>
+
+ <td align='center' $col>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
+ <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
+ <input type='hidden' name='ID' value='$key' />
+ </form>
+ </td>
+
+ <td align='center' $col>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
+ <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
+ <input type='hidden' name='ID' value='$key' />
+ </form>
+ </td>
+
+ <td align='center' $col>
+ <form method='post' name='$key' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}'>
+ <input type='hidden' name='ID' value='$key'>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}'>
+ </form>
+ </td>
+ </tr>
+END
+ }
+ } else {
+ # Print notice that currently no hosts are ignored.
+ print "<tr>\n";
+ print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n";
+ print "</tr>\n";
+ }
+
+ print "</table>\n";
+
+ # Section to add new elements or edit existing ones.
+ print <<END;
+ <br>
+ <hr>
+ <br>
+
+ <div align='center'>
+ <table width='100%'>
+END
+
+ # Assign correct headline and button text.
+ my $buttontext;
+ my $entry_address;
+ my $entry_remark;
+
+ # Check if an ID (key) has been given, in this case an existing entry should be edited.
+ if ($settings{'ID'} ne '') {
+ $buttontext = $Lang::tr{'update'};
+ print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n";
+
+ # Grab address and remark for the given key.
+ $entry_address = $ignored{$settings{'ID'}}[0];
+ $entry_remark = $ignored{$settings{'ID'}}[1];
+ } else {
+ $buttontext = $Lang::tr{'add'};
+ print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n";
+ }
+
+ print <<END;
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ID' value='$settings{'ID'}'>
+ <tr>
+ <td width='30%'>$Lang::tr{'ip address'}: </td>
+ <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>
+
+ <td width='30%'>$Lang::tr{'remark'}: </td>
+ <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td>
+ <td align='center' width='20%'><input type='submit' name='ACTION' value='$buttontext' /></td>
+ </tr>
+ </form>
+ </table>
+ </div>
+END
+
+ &Header::closebox();
+}
+
+# Function to list currently bocked addresses from guardian and unblock them or add custom entries to block.
+sub showBlockedBox() {
+ &Header::openbox('100%', 'center', $Lang::tr{'guardian blocked hosts'});
+
+ print <<END;
+ <table width='60%'>
+ <tr>
+ <td colspan='2' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian blocked hosts'}</b></td>
+ </tr>
+END
+
+ # Lauch function to get the currently blocked hosts.
+ my @blocked_hosts = &GetBlockedHosts();
+
+ my $id = 0;
+ my $col = "";
+
+ # Loop through our blocked hosts array.
+ foreach my $blocked_host (@blocked_hosts) {
+
+ # Increase id number for each element in the ignore file.
+ $id++;
+
+ # Check if the id number is even or not.
+ if ($id % 2) {
+ $col="bgcolor='$color{'color22'}'";
+ } else {
+ $col="bgcolor='$color{'color20'}'";
+ }
+
+ print <<END;
+ <tr>
+ <td width='80%' class='base' $col><a href='/cgi-bin/ipinfo.cgi?ip=$blocked_host'>$blocked_host</a></td>
+ <td width='20%' align='center' $col>
+ <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'unblock'}' src='/images/delete.gif' title='$Lang::tr{'unblock'}' alt='$Lang::tr{'unblock'}'>
+ <input type='hidden' name='ADDRESS_UNBLOCK' value='$blocked_host'>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'unblock'}'>
+ </form>
+ </td>
+ </tr>
+END
+ }
+
+ # If the loop only has been runs once the id still is "0", which means there are no
+ # additional entries (blocked hosts) in the iptables chain.
+ if ($id == 0) {
+
+ # Print notice that currently no hosts are blocked.
+ print "<tr>\n";
+ print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n";
+ print "</tr>\n";
+ }
+
+ print "</table>\n";
+
+ # Section for a manual block of an IP-address.
+ print <<END;
+ <br>
+ <div align='center'>
+ <table width='60%' border='0'>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <tr>
+ <td width='30%'>$Lang::tr{'guardian block a host'}: </td>
+ <td width='40%'><input type='text' name='ADDRESS_BLOCK' value='' size='24' /></td>
+ <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'block'}'></td>
+ <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'unblock all'}'></td>
+ </tr>
+ </form>
+ </table>
+ </div>
+END
+
+ &Header::closebox();
+}
+
+&Header::closebigbox();
+&Header::closepage();
+
+# Function to check if guardian has been started.
+# Grab process id and consumed memory if the daemon is running.
+sub daemonstats() {
+ $memory = 0;
+ # for pid and memory
+ open(FILE, '/usr/local/bin/addonctrl guardian status | ');
+ @guardian = <FILE>;
+ close(FILE);
+ $string = join("", @guardian);
+ $string =~ s/[a-z_]//gi;
+ $string =~ s/\[[0-1]\;[0-9]+//gi;
+ $string =~ s/[\(\)\.]//gi;
+ $string =~ s/ //gi;
+ $string =~ s/\e//gi;
+ @pid = split(/\s/,$string);
+ if (open(FILE, "/proc/$pid[0]/statm")){
+ my $temp = <FILE>;
+ @memory = split(/ /,$temp);
+ close(FILE);
+ }
+ $memory+=$memory[0];
+}
+
+sub GetBlockedHosts() {
+ # Create new, empty array.
+ my @hosts;
+
+ # Lauch helper to get chains from iptables.
+ system('/usr/local/bin/getipstat');
+
+ # Open temporary file which contains the chains and rules.
+ open (FILE, '/srv/web/ipfire/html/iptables.txt');
+
+ # Loop through the entire file.
+ while (<FILE>) {
+ my $line = $_;
+
+ # Search for the guardian chain and extract
+ # the lines between it and the next empty line
+ # which is placed before the next firewall
+ # chain starts.
+ if ($line =~ /^Chain GUARDIAN/ .. /^\s*$/) {
+ # Skip descriptive lines.
+ next if ($line =~ /^Chain/);
+ next if ($line =~ /^ pkts/);
+
+ # Generate array, based on the line content (seperator is a single or multiple space's)
+ my @comps = split(/\s{1,}/, $line);
+ my ($lead, $pkts, $bytes, $target, $prot, $opt, $in, $out, $source, $destination) = @comps;
+
+ # Assign different variable names.
+ my $blocked_host = $source;
+
+ # Add host to our hosts array.
+ if ($blocked_host) {
+ push(@hosts, $blocked_host);
+ }
+ }
+ }
+
+ # Close filehandle.
+ close(FILE);
+
+ # Remove recently created temporary files of the "getipstat" binary.
+ system(rm -f "/srv/web/ipfire/html/iptables.txt");
+ system(rm -f "/srv/web/ipfire/html/iptablesmangle.txt");
+ system(rm -f "/srv/web/ipfire/html/iptablesnat.txt");
+
+ # Convert entries, sort them, write back and store the sorted entries into new array.
+ my @sorted = map { $_->[0] }
+ sort { $a->[1] <=> $b->[1] }
+ map { [$_, int sprintf("%03.f%03.f%03.f%03.f", split(/\./, $_))] }
+ @hosts;
+
+ # Return our sorted list.
+ return @sorted
+}
+
+sub BuildConfiguration() {
+ my %settings = ();
+ &General::readhash("${General::swroot}/guardian/settings", \%settings);
+
+ my $configfile = "${General::swroot}/guardian/guardian.conf";
+
+ # Create the configfile if not exist yet.
+ unless (-e "$configfile") { system("touch $configfile"); }
+
+ # Open configfile for writing.
+ open(FILE, ">$configfile");
+
+ # Config file header.
+ print FILE "# Autogenerated configuration file.\n";
+ print FILE "# All user modifications will be overwritten.\n\n";
+
+ # Settings for the logging mechanism.
+ print FILE "# Log settings.\n";
+ print FILE "LogFacility = $settings{'GUARDIAN_LOG_FACILITY'}\n";
+
+ if ($settings{'GUARDIAN_LOG_FACILITY'} eq "file") {
+ print FILE "LogFile = $settings{'GUARDIAN_LOGFILE'}\n";
+ }
+
+ print FILE "LogLevel = $settings{'GUARDIAN_LOGLEVEL'}\n\n";
+
+ # IPFire related static settings.
+ print FILE "# IPFire related settings.\n";
+ print FILE "FirewallEngine = IPtables\n";
+ print FILE "SocketOwner = nobody:nobody\n";
+ print FILE "IgnoreFile = $ignorefile\n\n";
+
+ # Configured block values.
+ print FILE "# Configured block settings.\n";
+ print FILE "BlockCount = $settings{'GUARDIAN_BLOCKCOUNT'}\n";
+ print FILE "BlockTime = $settings{'GUARDIAN_BLOCKTIME'}\n";
+ print FILE "FirewallAction = $settings{'GUARDIAN_FIREWALL_ACTION'}\n\n";
+
+ # Enabled modules.
+ # Loop through whole settings hash.
+ print FILE "# Enabled modules.\n";
+ foreach my $option (keys %settings) {
+ # Search for enabled modules.
+ if ($option =~ /GUARDIAN_MONITOR_(.*)/) {
+ # Skip if module is not enabled.
+ next unless($settings{$option} eq "on");
+
+ # Skip module if no file location is available.
+ next unless(exists($module_file_locations{$1}));
+
+ # Add enabled module and defined path to the config file.
+ print FILE "Monitor_$1 = $module_file_locations{$1}\n";
+ }
+ }
+
+ # Module settings.
+ print FILE "\n# Module settings.\n";
+ # Check if SNORT is enabled and add snort priority.
+ if ($settings{'GUARDIAN_MONITOR_SNORT'} eq "on") {
+ print FILE "SnortPriorityLevel = $settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}\n";
+ }
+
+ close(FILE);
+
+ # Generate ignore file.
+ &GenerateIgnoreFile();
+
+ # Check if guardian should be started or stopped.
+ if($settings{'GUARDIAN_ENABLED'} eq 'on') {
+ if($pid > 0) {
+ # Send reload command through socket connection.
+ &Guardian::Socket::Client("reload");
+ } else {
+ # Launch guardian.
+ system("/usr/local/bin/addonctrl guardian start &>/dev/null");
+ }
+ } else {
+ # Stop the daemon.
+ system("/usr/local/bin/addonctrl guardian stop &>/dev/null");
+ }
+}
+
+sub GenerateIgnoreFile() {
+ my %ignored = ();
+
+ # Read-in ignoredfile.
+ &General::readhasharray($ignoredfile, \%ignored);
+
+ # Create the guardian.ignore file if not exist yet.
+ unless (-e "$ignorefile") { system("touch $ignorefile"); }
+
+ # Open ignorefile for writing.
+ open(FILE, ">$ignorefile");
+
+ # Config file header.
+ print FILE "# Autogenerated configuration file.\n";
+ print FILE "# All user modifications will be overwritten.\n\n";
+
+ # Add IFPire interfaces and gateway to the ignore file.
+ #
+ # Assign some temporary variables for the IPFire interfaces.
+ my $green = $netsettings{'GREEN_ADDRESS'};
+ my $blue = $netsettings{'BLUE_ADDRESS'};
+ my $orange = $netsettings{'ORANGE_ADDRESS'};
+
+ # File declarations.
+ my $public_address_file = "${General::swroot}/red/local-ipaddress";
+ my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
+ my $dns1file = "${General::swroot}/red/dns1";
+ my $dns2file = "${General::swroot}/red/dns2";
+
+ # Write the obtained addresses to the ignore file.
+ print FILE "# IPFire local interfaces.\n";
+ print FILE "$green\n";
+
+ # Check if a blue interface exists.
+ if ($blue) {
+ # Add blue address.
+ print FILE "$blue\n";
+ }
+
+ # Check if an orange interface exists.
+ if ($orange) {
+ # Add orange address.
+ print FILE "$orange\n";
+ }
+
+ print FILE "\n# IPFire red interface, gateway and used DNS-servers.\n";
+ print FILE "# Include the corresponding files to obtain the addresses.\n";
+ print FILE "Include_File = $public_address_file\n";
+ print FILE "Include_File = $gatewayfile\n";
+ print FILE "Include_File = $dns1file\n";
+ print FILE "Include_File = $dns2file\n";
+
+ # Add all user defined hosts and networks to the ignore file.
+ #
+ # Check if the hash contains any elements.
+ if (keys (%ignored)) {
+ # Write headline.
+ print FILE "\n# User defined hosts/networks.\n";
+
+ # Loop through the entire hash and write the host/network
+ # and remark to the ignore file.
+ while ( (my $key) = each %ignored) {
+ my $address = $ignored{$key}[0];
+ my $remark = $ignored{$key}[1];
+ my $status = $ignored{$key}[2];
+
+ # Check if the status of the entry is "enabled".
+ if ($status eq "enabled") {
+ # Check if the address/network is valid.
+ if ((&General::validip($address)) || (&General::validipandmask($address))) {
+ # Write the remark to the file.
+ print FILE "# $remark\n";
+
+ # Write the address/network to the ignore file.
+ print FILE "$address\n\n";
+ }
+ }
+ }
+ }
+
+ close(FILE);
+}
+
+# Private subfunction to obtain IP-addresses from given file names.
+#
+sub _get_address_from_file ($) {
+ my $file = shift;
+
+ # Check if the file exists.
+ if (-e $file) {
+ # Open the given file.
+ open(FILE, "$file") or die "Could not open $file.";
+
+ # Obtain the address from the first line of the file.
+ my $address = <FILE>;
+
+ # Close filehandle
+ close(FILE);
+
+ # Remove newlines.
+ chomp $address;
+
+ # Check if the grabbed address is valid.
+ if (&General::validip($address)) {
+ # Return the address.
+ return $address;
+ }
+ }
+
+ # Return nothing.
+ return;
+}
$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
-$snortsettings{'ENABLE_GUARDIAN'} = 'off';
-$snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`;
-$snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1';
-$snortsettings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
-$snortsettings{'GUARDIAN_ALERTFILE'} = '/var/log/snort/alert';
-$snortsettings{'GUARDIAN_IGNOREFILE'} = '/var/ipfire/guardian/guardian.ignore';
-$snortsettings{'GUARDIAN_TARGETFILE'} = '/var/ipfire/guardian/guardian.target';
-$snortsettings{'GUARDIAN_TIMELIMIT'} = '86400';
$snortsettings{'ACTION'} = '';
-$snortsettings{'ACTION2'} = '';
$snortsettings{'RULES'} = '';
$snortsettings{'OINKCODE'} = '';
$snortsettings{'INSTALLDATE'} = '';
####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') {
- $url=" https://www.snort.org/rules/snortrules-snapshot-2976.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
+ $url=" https://www.snort.org/rules/snortrules-snapshot-2982.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'registered') {
- $url=" https://www.snort.org/rules/snortrules-snapshot-2976.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
+ $url=" https://www.snort.org/rules/snortrules-snapshot-2982.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'community') {
$url=" https://www.snort.org/rules/community";
} else {
} else {
unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
}
- if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on')
- {
- system ('/usr/bin/touch', "${General::swroot}/guardian/enable");
- } else {
- unlink "${General::swroot}/guardian/enable";
- }
system('/usr/local/bin/snortctrl restart >/dev/null');
-} elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){
- foreach my $key (keys %snortsettings){
- if ( $key !~ /^GUARDIAN/ ){
- delete $snortsettings{$key};
- }
- }
- &General::writehashpart("${General::swroot}/snort/settings", \%snortsettings);
- open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}";
- print IGNOREFILE $snortsettings{'GUARDIAN_IGNOREFILE_CONTENT'};
- close(IGNOREFILE);
- open(GUARDIAN, ">/var/ipfire/guardian/guardian.conf") or die "Unable to write guardian conf /var/ipfire/guardian/guardian.conf";
- print GUARDIAN <<END
-Interface $snortsettings{'GUARDIAN_INTERFACE'}
-HostGatewayByte $snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'}
-LogFile $snortsettings{'GUARDIAN_LOGFILE'}
-AlertFile $snortsettings{'GUARDIAN_ALERTFILE'}
-IgnoreFile $snortsettings{'GUARDIAN_IGNOREFILE'}
-TargetFile $snortsettings{'GUARDIAN_TARGETFILE'}
-TimeLimit $snortsettings{'GUARDIAN_TIMELIMIT'}
-END
-;
- close(GUARDIAN);
- system('/usr/local/bin/snortctrl restart >/dev/null');
}
+
# INSTALLMD5 is not in the form, so not retrieved by getcgihash
&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
-$checked{'ENABLE_GUARDIAN'}{'off'} = '';
-$checked{'ENABLE_GUARDIAN'}{'on'} = '';
-$checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'";
$selected{'RULES'}{'nothing'} = '';
$selected{'RULES'}{'community'} = '';
$selected{'RULES'}{'emerging'} = '';
print " <input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} /> ORANGE Snort";
}
print " <input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} /> RED Snort";
-if ( -e "/var/ipfire/guardian/guardian.conf" ) {
- print " <input type='checkbox' name='ENABLE_GUARDIAN' $checked{'ENABLE_GUARDIAN'}{'on'} /> Guardian";
-}
print <<END
</td></tr>
&Header::closebox();
-####################### Added for guardian control ####################################
-if ( -e "/var/ipfire/guardian/guardian.conf" ) {
- &Header::openbox('100%', 'LEFT', $Lang::tr{'guardian configuration'});
-print <<END
-<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
-<tr><td align='left' width='40%'>$Lang::tr{'guardian interface'}</td><td align='left'><input type='text' name='GUARDIAN_INTERFACE' value='$snortsettings{'GUARDIAN_INTERFACE'}' size="30" /></td></tr>
-<tr><td align='left' width='40%'>$Lang::tr{'guardian timelimit'}</td><td align='left'><input type='text' name='GUARDIAN_TIMELIMIT' value='$snortsettings{'GUARDIAN_TIMELIMIT'}' size="30" /></td></tr>
-<tr><td align='left' width='40%'>$Lang::tr{'guardian logfile'}</td><td align='left'><input type='text' name='GUARDIAN_LOGFILE' value='$snortsettings{'GUARDIAN_LOGFILE'}' size="30" /></td></tr>
-<tr><td align='left' width='40%'>$Lang::tr{'guardian alertfile'}</td><td align='left'><input type='text' name='GUARDIAN_ALERTFILE' value='$snortsettings{'GUARDIAN_ALERTFILE'}' size="30" /></td></tr>
-<tr><td align='left' width='40%'>$Lang::tr{'guardian ignorefile'}</td><td align='left'><textarea name='GUARDIAN_IGNOREFILE_CONTENT' cols='32' rows='6' wrap='off'>
-END
-;
- print `cat /var/ipfire/guardian/guardian.ignore`;
-print <<END
-</textarea></td></tr>
-<tr><td align='right' colspan='2'><input type='hidden' name='ACTION2' value='guardian' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td></tr>
-</table>
-</form>
-END
-;
- &Header::closebox();
-}
-
-
-
-
####################### Added for snort rules control #################################
if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
'pakfire' => '(pakfire:) ',
'wireless' => '(hostapd:|kernel: ath.*:|kernel: wifi[0-9]:) ',
'squid' => '(squid\[.*\]: |squid: )',
- 'snort' => '(snort\[.*\]: )'
+ 'snort' => '(snort\[.*\]: )',
+ 'guardian' => '(guardian\[.*\]: )'
);
# Translations for the %sections array.
'pakfire' => 'Pakfire',
'wireless' => 'Wireless',
'squid' => "$Lang::tr{'web proxy'}",
- 'snort' => "$Lang::tr{'intrusion detection'}"
+ 'snort' => "$Lang::tr{'intrusion detection'}",
+ 'guardian' => "$Lang::tr{'guardian'}"
);
;
foreach (@throttle_limits) {
- print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n";
+ print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kbit/s</option>\n";
}
print <<END
;
foreach (@throttle_limits) {
- print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n";
+ print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kbit/s</option>\n";
}
print <<END
;
foreach (@throttle_limits) {
- print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n";
+ print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kbit/s</option>\n";
}
print <<END
;
foreach (@throttle_limits) {
- print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n";
+ print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kbit/s</option>\n";
}
print <<END
foreach (@bandwidth_limits) {
if ($_ >= 1024) {
- print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
+ print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>". $_ / 1024 ." Mbit/s</option>\n";
} else {
- print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>$_ kBit/s</option>\n";
+ print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>$_ kbit/s</option>\n";
}
}
foreach (@bandwidth_limits) {
if ($_ >= 1024) {
- print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
+ print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>". $_ / 1024 ." Mbit/s</option>\n";
} else {
- print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>$_ kBit/s</option>\n";
+ print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>$_ kbit/s</option>\n";
}
}
print <<END;
sub FormatBitsPerSecond() {
my $bits = shift;
- my @units = ("Bit/s", "KBit/s", "MBit/s", "GBit/s", "TBit/s");
+ my @units = ("bit/s", "kbit/s", "Mbit/s", "Gbit/s", "Tbit/s");
my $units_index = 0;
while (($units_index <= $#units) && ($bits >= 1024)) {
print <<EOF;
<div id='traffic'>
<strong>Traffic:</strong>
- In <span id='rx_kbs'>--.-- Bit/s</span>
- Out <span id='tx_kbs'>--.-- Bit/s</span>
+ In <span id='rx_kbs'>--.-- bit/s</span>
+ Out <span id='tx_kbs'>--.-- bit/s</span>
</div>
EOF
}
}
function format_bytes(bytes) {
- var units = ["Bit/s", "kBit/s", "MBit/s", "GBit/s", "TBit/s"];
+ var units = ["bit/s", "kbit/s", "Mbit/s", "Gbit/s", "Tbit/s"];
var unit = units[0];
for (var i = 1; i < units.length; i++) {
'dos charset' => 'DOS Charset',
'down and up speed' => 'Geben Sie bitte hier ihre Download- bzw. Upload-Geschwindigkeit ein <br /> und klicken Sie danach auf <i>Speichern</i>.',
'downlink' => 'Downlink',
-'downlink speed' => 'Downlink-Geschwindigkeit (kBit/sek)',
+'downlink speed' => 'Downlink-Geschwindigkeit (kbit/sek)',
'downlink std class' => 'Downloadstandardklasse',
'download' => 'herunterladen',
'download ca certificate' => 'CA-Zertifikat herunterladen',
'green interface' => 'Grünes Interface',
'grouptype' => 'Gruppentyp:',
'guaranteed bandwith' => 'Garantierte Bandbreite',
-'guardian alertfile' => 'Alertfile',
-'guardian configuration' => 'Guardian Konfiguration',
-'guardian ignorefile' => 'Ignorefile',
-'guardian interface' => 'Interface',
-'guardian logfile' => 'Logfile',
-'guardian timelimit' => 'Timelimit',
+'guardian' => 'Guardian',
+'guardian block a host' => 'Host blocken',
+'guardian block httpd brute-force' => 'httpd-Brute-Force-Erkennung',
+'guardian block owncloud brute-force' => 'Owncloud-Brute-Force-Erkennung',
+'guardian block ssh brute-force' => 'SSH-Brute-Force-Erkennung',
+'guardian blockcount' => 'Trefferschwelle',
+'guardian blocked hosts' => 'Aktuell geblockte Hosts',
+'guardian blocking of this address is not allowed' => 'Diese Addresse darf nicht gelockt werden.',
+'guardian blocktime' => 'Blockzeit',
+'guardian common settings' => 'Allgemeine Einstellungen',
+'guardian configuration' => 'Guardian-Konfiguration',
+'guardian daemon' => 'Daemon',
+'guardian empty input' => 'Fehlende Angabe: Bitte eine gültige IP-Addresse oder Netzwerk angeben.',
+'guardian enabled' => 'Guardian aktivieren',
+'guardian firewallaction' => 'Firewall-Aktion',
+'guardian ignored hosts' => 'Ignorierte Hosts',
+'guardian invalid address or subnet' => 'Ungültige Host-Addresse oder Netzwerk.',
+'guardian logfacility' => 'Logziel',
+'guardian logfile' => 'Logdatei',
+'guardian loglevel' => 'Loglevel',
+'guardian no entries' => 'Keine Einträge vorhanden.',
+'guardian priority level' => 'Prioritätslevel',
+'guardian service' => 'Guardian-Dienst',
+'guardian watch snort alertfile' => 'Snort-Alarme auswerten',
'guest ok' => 'Gastzugang gewähren',
'gui settings' => 'Benutzeroberfläche',
'gz with key' => 'Nur ein verschlüsseltes Archiv kann auf dieser Maschine wiederhergestellt werden.',
'updxlrtr maintenance' => 'Wartung',
'updxlrtr marked as' => 'markiert als',
'updxlrtr max disk usage' => 'Max. Festplattennutzung',
-'updxlrtr max download rate' => 'Max. externe Downloadrate (kBit/s)',
+'updxlrtr max download rate' => 'Max. externe Downloadrate (kbit/s)',
'updxlrtr month' => 'einem Monat',
'updxlrtr monthly' => 'monatlich',
'updxlrtr not accessed' => 'nicht zugegriffen seit',
'updxlrtr year' => 'einem Jahr',
'upgrade' => 'upgrade',
'uplink' => 'Uplink',
-'uplink speed' => 'Uplink-Geschwindigkeit (kBit/sek)',
+'uplink speed' => 'Uplink-Geschwindigkeit (kbit/sek)',
'uplink std class' => 'Uploadstandardklasse',
'upload' => 'Hochladen',
'upload a certificate' => 'Ein Zertifikat hochladen:',
'eg' => 'e.g.:',
'email config' => 'Configuration',
'email empty field' => 'Empty field',
-'email error' => 'ERROR: Testmail could not be sent',
+'email error' => 'ERROR: Test mail could not be sent',
'email invalid' => 'Invalid field',
-'email invalid mailfqdn' => 'Invalid mailserver fqdn',
-'email invalid mailip' => 'Invalid mailserver IP address',
-'email invalid mailport' => 'Invalid mailserver port',
-'email mailaddr' => 'Mailserver address',
+'email invalid mailfqdn' => 'Invalid mail server fqdn',
+'email invalid mailip' => 'Invalid mail server IP address',
+'email invalid mailport' => 'Invalid mail server port',
+'email mailaddr' => 'Mail Server Address',
'email mailpass' => 'Password',
-'email mailport' => 'Mailserver port',
-'email mailrcpt' => 'Mail recipient',
-'email mailsender' => 'Mail sender',
+'email mailport' => 'Mail Server Port',
+'email mailrcpt' => 'Mail Recipient',
+'email mailsender' => 'Mail Sender',
'email mailuser' => 'Username',
'email server can not be empty' => 'E-mail server can not be empty',
-'email settings' => 'Mailservice',
-'email subject' => 'IPFire Testmail',
-'email success' => 'Testmail successfully sent',
-'email testmail' => 'Send testmail',
-'email text' => 'Testmail from IPFire Mailservice.',
+'email settings' => 'Mail Service',
+'email subject' => 'IPFire Test Mail',
+'email success' => 'Test message successfully sent',
+'email testmail' => 'Send test mail',
+'email text' => 'Test mail from IPFire Mail Service',
'email tls' => 'Use TLS',
-'email usemail' => 'Activate Mailservice',
+'email usemail' => 'Activate Mail Service',
'emailreportlevel' => 'E-mailreportlevel',
'emerging rules' => 'Emergingthreats.net Community Rules',
'empty' => 'This field may be left blank',
'green interface' => 'Green Interface',
'grouptype' => 'Grouptype:',
'guaranteed bandwith' => 'Guaranteed bandwith',
-'guardian alertfile' => 'Alertfile',
+'guardian' => 'Guardian',
+'guardian block a host' => 'Block host',
+'guardian block httpd brute-force' => 'httpd Brute Force Detection',
+'guardian block owncloud brute-force' => 'Owncloud Brute Force detection',
+'guardian block ssh brute-force' => 'SSH Brute Force Detection',
+'guardian blockcount' => 'Strike Threshold',
+'guardian blocked hosts' => 'Currently blocked hosts',
+'guardian blocking of this address is not allowed' => 'Blocking of the given address is not allowed.',
+'guardian blocktime' => 'Block Time',
+'guardian common settings' => 'Common Settings',
'guardian configuration' => 'Guardian Configuration',
-'guardian ignorefile' => 'Ignorefile',
-'guardian interface' => 'Interface',
-'guardian logfile' => 'Logfile',
-'guardian timelimit' => 'Timelimit',
+'guardian daemon' => 'Daemon',
+'guardian empty input' => 'Empty input: Please perform a valid host address or subnet.',
+'guardian enabled' => 'Enable Guardian',
+'guardian firewallaction' => 'Firewall Action',
+'guardian ignored hosts' => 'Ignored Hosts',
+'guardian invalid address or subnet' => 'Invalid host address or subnet.',
+'guardian logfacility' => 'Log Facility',
+'guardian logfile' => 'Log File',
+'guardian loglevel' => 'Log Level',
+'guardian no entries' => 'No entries at the moment.',
+'guardian not running no hosts can be blocked' => 'Guardian is not running. No hosts will be blocked.',
+'guardian priority level' => 'Priority Level',
+'guardian service' => 'Guardian Service',
+'guardian snort alertfile' => 'Snort Alert File',
+'guardian watch snort alertfile' => 'Monitor Snort Alert File',
'guest ok' => 'allow guests to access',
'gui settings' => 'GUI Settings',
'gz with key' => 'Only an encrypted archive can be restored on this machine.',
'updxlrtr maintenance' => 'Maintenance',
'updxlrtr marked as' => 'marked as',
'updxlrtr max disk usage' => 'Max. disk usage',
-'updxlrtr max download rate' => 'Max. external download rate (kBit/s)',
+'updxlrtr max download rate' => 'Max. external download rate (kbit/s)',
'updxlrtr month' => 'one month',
'updxlrtr monthly' => 'monthly',
'updxlrtr not accessed' => 'not accessed since',
'updxlrtr maintenance' => 'Mantenimiento',
'updxlrtr marked as' => 'marcado como',
'updxlrtr max disk usage' => 'Máximo uso de disco',
-'updxlrtr max download rate' => 'Tasa Máxima de descarga externa (kBit/s)',
+'updxlrtr max download rate' => 'Tasa Máxima de descarga externa (kbit/s)',
'updxlrtr month' => 'un mes',
'updxlrtr monthly' => 'mensual',
'updxlrtr not accessed' => 'no se ha accesado desde',
'updxlrtr maintenance' => 'Maintenance',
'updxlrtr marked as' => 'marqué comme',
'updxlrtr max disk usage' => 'Utilisation du disque Max.',
-'updxlrtr max download rate' => 'Taux de téléchargement externe Max. (kBit/s)',
+'updxlrtr max download rate' => 'Taux de téléchargement externe Max. (kbit/s)',
'updxlrtr month' => 'un mois',
'updxlrtr monthly' => 'mensuellement',
'updxlrtr not accessed' => 'la dernière utilisation date de',
'updxlrtr maintenance' => 'Maintenance',
'updxlrtr marked as' => 'marked as',
'updxlrtr max disk usage' => 'Max. disk usage',
-'updxlrtr max download rate' => 'Max. external download rate (kBit/s)',
+'updxlrtr max download rate' => 'Max. external download rate (kbit/s)',
'updxlrtr month' => 'one month',
'updxlrtr monthly' => 'Mensile',
'updxlrtr not accessed' => 'not accessed since',
'updxlrtr maintenance' => 'Onderhoud',
'updxlrtr marked as' => 'gemarkeerd als',
'updxlrtr max disk usage' => 'Max. schijfgebruik',
-'updxlrtr max download rate' => 'Max. externe downloadsnelheid (kBit/s)',
+'updxlrtr max download rate' => 'Max. externe downloadsnelheid (kbit/s)',
'updxlrtr month' => 'een maand',
'updxlrtr monthly' => 'maandelijks',
'updxlrtr not accessed' => 'niet benaderd sinds',
'updxlrtr maintenance' => 'Konserwacja',
'updxlrtr marked as' => 'oznaczone jako',
'updxlrtr max disk usage' => 'Maks. wykorzystanie dysku',
-'updxlrtr max download rate' => 'Maks. prędkość pobierania (kBit/s)',
+'updxlrtr max download rate' => 'Maks. prędkość pobierania (kbit/s)',
'updxlrtr month' => 'miesiąca',
'updxlrtr monthly' => 'miesięcznie',
'updxlrtr not accessed' => 'bez żądania od',
'updxlrtr maintenance' => 'Управление',
'updxlrtr marked as' => 'отмечен как',
'updxlrtr max disk usage' => 'Максимальное использование диска',
-'updxlrtr max download rate' => 'Максимальная скорость загрузки (kBit/s)',
+'updxlrtr max download rate' => 'Максимальная скорость загрузки (kbit/s)',
'updxlrtr month' => 'один месяц',
'updxlrtr monthly' => 'Ежемесячно',
'updxlrtr not accessed' => 'Не обращались с',
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = 7zip
-PAK_VER = 5
+PAK_VER = 6
DEPS = ""
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) patch -Np1 < $(DIR_SRC)/src/patches/p7zip/CVE-2016-2334.patch
+ cd $(DIR_APP) patch -Np1 < $(DIR_SRC)/src/patches/p7zip/CVE-2016-2335.patch
cd $(DIR_APP) && make 7z $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2010 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.2.47
+VER = 2.2.52
THISAPP = acl-$(VER)
-DL_FILE = $(THISAPP).tar.bz2
+DL_FILE = $(THISAPP).src.tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
+DIR_APP = $(DIR_SRC)/acl-2.2.52
+TARGET = $(DIR_INFO)/acl-2.2.52
###############################################################################
# Top-level Rules
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 09c8b9684695527e8f237364afb7811f
+$(DL_FILE)_MD5 = a61415312426e9c2212bd7dc7929abda
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr --libexecdir=/usr/lib --disable-static
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
cd $(DIR_APP) && make install-lib
cd $(DIR_APP) && make install-dev
+ chmod -v 755 /usr/lib/libacl.so
@rm -rf $(DIR_APP)
@$(POSTBUILD)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.0.23
+VER = 2.0.26
THISAPP = acpid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d7bcdcdefcd53b03730e50ba842554ea
+$(DL_FILE)_MD5 = f6d772e35ed907f1cc14ad1a546fd473
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure --prefix=/usr \
+ --docdir=/usr/share/doc/acpid-2.0.26
cd $(DIR_APP) && make $(MAKETUNING) OPT="$(CFLAGS)"
cd $(DIR_APP) && make install
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-smsc95xx-add_mac_addr_param.patch
endif
+ # Patches form stable linux updates
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports/backports-linux-upstream-1.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports/backports-linux-upstream-2.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports/backports-linux-upstream-3.patch
+
# generate config
cd $(DIR_APP) && make KLIB=/lib/modules/$(KVER)-$(VERSUFIX)/ allmodconfig
include Config
-VER = 7.48.0
+VER = 7.49.1
THISAPP = curl-$(VER)
-DL_FILE = $(THISAPP).tar.bz2
+DL_FILE = $(THISAPP).tar.lzma
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d42e0fc34a5cace5739631cc040974fe
+$(DL_FILE)_MD5 = ae5e5e395da413d1fa0864e1d0a3fa57
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xvf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--disable-ipv6 \
+ --disable-static \
+ --enable-threaded-resolver \
--with-ca-bundle=/etc/ssl/certs/ca-bundle.crt
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
include Config
-VER = 009
+VER = 010
THISAPP = ddns-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 31f949d9f417ee7f801cf8aac849a92e
+$(DL_FILE)_MD5 = 51e74b613732c0d7be3adb3348a5ed95
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/001-Calculate_length_of_TFTP_error_reply_correctly.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/002-Zero_newly_malloc_ed_memory.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/003-Check_return_of_expand_always.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/005-Manpage_typo.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \
DIR_APP = $(DIR_SRC)/foomatic-filters-$(VER_FILTERS)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = foomatic
-PAK_VER = 2
+PAK_VER = 3
DEPS = "cups ghostscript libtiff hplip"
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2016 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 3.0.11
+
+THISAPP = freeradius-server-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = freeradius
+PAK_VER = 1
+
+DEPS = "samba"
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 9428ba0d25293a2b5acd3b85f3dd46d0
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && \
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --libdir=/usr/lib/freeradius \
+ --localstatedir=/var \
+ --with-system-libtool \
+ --with-threads \
+ --with-thread-pool \
+ --disable-ltdl-install \
+ --without-rlm_eap_ikev2 \
+ --without-rlm_sql_iodbc \
+ --without-rlm_sql_firebird \
+ --without-rlm_sql_db2 \
+ --without-rlm_sql_oracle \
+ --without-rlm_sql_sqlite \
+ --without-rlm_sql_mysql
+
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+
+ sed -i /etc/raddb/radiusd.conf \
+ -e "s/^#user =.*$$/user = nobody/" \
+ -e "s/^#group =.*$$/group = nobody/"
+
+ rm -rvf \
+ /root/.rnd \
+ /var/run/radiusd \
+ /etc/raddb/certs/*.crt \
+ /etc/raddb/certs/*.csr \
+ /etc/raddb/certs/*.der \
+ /etc/raddb/certs/*.key \
+ /etc/raddb/certs/*.pem \
+ /etc/raddb/certs/*.p12 \
+ /etc/raddb/certs/index.* \
+ /etc/raddb/certs/serial* \
+ /etc/raddb/certs/dh \
+ /etc/raddb/certs/random \
+ /usr/sbin/rc.radiusd \
+ /usr/bin/rbmonkey \
+ /etc/raddb/mods-config/sql/main/mssql \
+ /etc/raddb/mods-config/sql/ippool/oracle \
+ /etc/raddb/mods-config/sql/ippool-dhcp/oracle \
+ /etc/raddb/mods-config/sql/main/oracle \
+ /etc/raddb/mods-available/unbound \
+ /etc/raddb/mods-config/unbound/default.conf \
+ /etc/raddb/mods-available/couchbase \
+ /etc/raddb/mods-available/abfab* \
+ /etc/raddb/policy.d/abfab* \
+ /etc/raddb/sites-available/abfab* \
+ /usr/lib/freeradius/rlm_test.so \
+ /etc/raddb/experimental.conf
+
+ install -v -m 644 $(DIR_SRC)/config/backup/includes/freeradius \
+ /var/ipfire/backup/addons/includes/freeradius
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
include Config
-VER = ipfire
+VER = 2.0
THISAPP = guardian-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
+
PROG = guardian
-PAK_VER = 9
+PAK_VER = 10
+
+DEPS = "perl-inotify2 perl-Net-IP"
-DEPS = ""
###############################################################################
# Top-level Rules
###############################################################################
-objects =
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 15be3b14a70e21502368deca74903f5c
install : $(TARGET)
-check :
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-download :
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
-md5 :
+md5 : $(subst %,%_MD5,$(objects))
-dist:
+dist:
@$(PAK)
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- -mkdir -p /var/ipfire/guardian /var/log/guardian
- touch /var/log/guardian/guardian.log
- touch /var/ipfire/guardian/guardian.ignore
- install -v -m 644 $(DIR_SRC)/config/guardian/guardian.conf /var/ipfire/guardian/
- install -v -m 755 $(DIR_SRC)/config/guardian/guardian.pl /usr/local/bin/
- install -v -m 755 $(DIR_SRC)/config/guardian/guardian_block.sh /usr/local/bin/
- install -v -m 755 $(DIR_SRC)/config/guardian/guardian_unblock.sh /usr/local/bin/
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axvf $(DIR_DL)/$(DL_FILE)
+
+ # Adjust path for firewall binaries.
+ cd $(DIR_APP) && sed -i "s|/usr/sbin/|/sbin/|g" modules/IPtables.pm
+
+ cd $(DIR_APP) && make
+ cd $(DIR_APP) && make install
+
+ # Create config directory and create files.
+ -mkdir -pv /var/ipfire/guardian
chown nobody.nobody /var/ipfire/guardian
- chown nobody.nobody /var/ipfire/guardian/{guardian.conf,guardian.ignore}
+
+ # Create directory and file for logging.
+ -mkdir -pv /var/log/guardian
+ touch /var/log/guardian/guardian.log
+
+ # Create symlinks for runlevel interaction.
+ ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc3.d/S45guardian
+ ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc0.d/K76guardian
+ ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc6.d/K76guardian
+
+ # Install include file for backup.
+ install -v -m 644 $(DIR_SRC)/config/backup/includes/guardian \
+ /var/ipfire/backup/addons/includes/guardian
+
+ # Logrotate.
+ -mkdir -pv /etc/logrotate.d
+ install -v -m 644 $(DIR_SRC)/config/guardian/guardian.logrotate \
+ /etc/logrotate.d/guardian
+
+ @rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
-VER = 2.0.1
+VER = 2.0.2
THISAPP = htop-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = htop
-PAK_VER = 8
+PAK_VER = 9
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f75fe92b4defaa80d99109830f34b5e2
+$(DL_FILE)_MD5 = 7d354d904bad591a931ad57e99fea84a
install : $(TARGET)
include Config
-VER = s20121221
+VER = s20160308
THISAPP = iputils-$(VER)
-DL_FILE = $(THISAPP).tar.bz2
+DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6072aef64205720dd1893b375e184171
+$(DL_FILE)_MD5 = a3ff521e21a383f562c2f06472c5bca0
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && make ping tracepath
cd $(DIR_APP) && install -m 4755 ping /usr/bin
cd $(DIR_APP) && install -m 0755 tracepath /usr/bin
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2015 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 3.1.2
+VER = 3.2.1
THISAPP = libarchive-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = efad5a503f66329bb9d2f4308b5de98a
+$(DL_FILE)_MD5 = afa257047d1941a565216edbf0171e72
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --disable-static
-
+ cd $(DIR_APP) && ./configure --prefix=/usr --disable-static
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
-
@rm -rf $(DIR_APP)
@$(POSTBUILD)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.24
+VER = 2.25
THISAPP = libcap-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ffb154f29b1d28466c6fe6add8286a2d
+$(DL_FILE)_MD5 = 6666b839e5d46c2ad33fc8aa2ceb5f77
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ # Prevent a static library from being installed
+ cd $(DIR_APP) && sed -i '/install.*STALIBNAME/d' libcap/Makefile
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
- # link for old binaries
+ # links for old binaries
ln -svf libcap.so.2 /lib/libcap.so.1
+ ln -svf /lib/libcap.so.2.25 /usr/lib/libcap.so
chmod +x /lib/libcap.so.*
@rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
-VER = 3.9.4
+VER = 4.0.6
THISAPP = tiff-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libtiff
-PAK_VER = 2
+PAK_VER = 3
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2006c1bdd12644dbf02956955175afd6
+$(DL_FILE)_MD5 = d1d2e940dea0b5ad435f21f03d96dd72
install : $(TARGET)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = i586 x86_64
PROG = libvirt
-PAK_VER = 1
+PAK_VER = 6
DEPS = "libpciaccess libyajl ncat qemu"
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0002-Change-options-in-libvirtd.conf-for-IPFire.patch
cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc \
--with-openssl --without-sasl \
--without-uml --without-vbox --without-lxc --without-esx --without-vmware --without-openvz \
--without-firewalld --without-network -with-interface --with-virtualport --with-macvtap \
--disable-nls --without-avahi --without-test-suite -without-dbus \
+ --with-qemu-user=nobody --with-qemu-group=kvm \
--with-storage-dir --without-storage-fs --without-storage-lvm --without-storage-iscsi \
--without-storage-scsi --without-storage-mpath --without-storage-disk --without-storage-rbd --without-storage-sheepdog --without-storage-gluster --without-storage-zfs
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
install -v -m 754 $(DIR_SRC)/src/initscripts/init.d/libvirtd /etc/rc.d/init.d/libvirtd
mv /usr/libexec/libvirt-guests.sh /etc/rc.d/init.d/libvirt-guests
+ # Backup
+ install -v -m 644 $(DIR_SRC)/config/backup/includes/libvirt /var/ipfire/backup/addons/includes/libvirt
@rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
-VER = 3.14.65
-RPI_PATCHES = 3.14.65-grsec-ipfire1
-A7M_PATCHES = 3.14.65-grsec-ipfire1
-GRS_PATCHES = grsecurity-3.1ipfire-3.14.65-v1.patch.xz
+VER = 3.14.74
+RPI_PATCHES = 3.14.74-grsec-ipfire1
+A7M_PATCHES = 3.14.74-grsec-ipfire1
+GRS_PATCHES = grsecurity-3.1ipfire-3.14.74-v1.patch.xz
THISAPP = linux-$(VER)
CFLAGS =
CXXFLAGS =
-PAK_VER = 68
+PAK_VER = 69
DEPS = ""
KERNEL_ARCH = $(MACHINE)
arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz
$(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = cfc70821a04acb80ded45e408e9faf36
-rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 0d1059c18f4810abbe9aafb6beab445b
-arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = 589eb8703fa2ba2944b2f925b7f7ffb3
-$(GRS_PATCHES)_MD5 = 548571a2c70219cce9728eb8b8949030
+$(DL_FILE)_MD5 = f83028755dc380862a91fe75e64b01aa
+rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 32b1101dc51f89c1fb3bfb1907f4bce5
+arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = b9a638c68cefd4c08dfcb9c4434458b1
+$(GRS_PATCHES)_MD5 = 5f4595575e159dd730b222d204cc9b39
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2016 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.5.3
+VER = 2.6.1
THISAPP = nano-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nano
-PAK_VER = 9
+PAK_VER = 10
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a04d77611422ab4b6a7b489650c7a793
+$(DL_FILE)_MD5 = 5154704d2f3461140e6798470e03b711
install : $(TARGET)
include Config
-VER = 1.6.2
+VER = 1.8.1
THISAPP = nginx-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nginx
-PAK_VER = 4
+PAK_VER = 5
###############################################################################
# Top-level Rules
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d1b55031ae6e4bce37f8776b94d8b930
+$(DL_FILE)_MD5 = 2e91695074dbdfbf1bcec0ada9fda462
install : $(TARGET)
--error-log-path=/var/log/nginx/error.log \
--user=nobody \
--group=nobody \
- --with-imap --with-imap_ssl_module --with-http_ssl_module \
+ --with-imap \
+ --with-imap_ssl_module \
+ --with-http_ssl_module \
+ --with-http_gunzip_module \
+ --with-http_gzip_static_module \
+ --with-http_random_index_module \
+ --with-http_secure_link_module \
+ --with-http_degradation_module \
--with-http_stub_status_module \
--with-http_dav_module \
- --with-http_sub_module
+ --with-http_sub_module \
+ --with-pcre
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
mkdir -p /var/log/nginx /var/spool/nginx
cp /usr/src/config/nginx/nginx /etc/init.d/
+
+ # Backup
+ install -v -m 644 $(DIR_SRC)/config/backup/includes/nginx \
+ /var/ipfire/backup/addons/includes/nginx
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
-VER = 4.2.8p5
+VER = 4.2.8p8
THISAPP = ntp-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9f02b2a0acc1617ce2716d529a58d2d8
+$(DL_FILE)_MD5 = 4a8636260435b230636f053ffd070e34
install : $(TARGET)
include Config
-VER = 7.2p2
+VER = 7.3p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 13009a9156510d8f27e752659075cced
+$(DL_FILE)_MD5 = dfadd9f035d38ce5d58a3bf130b86d08
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2016 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 8.38
+VER = 8.39
THISAPP = pcre-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8a353fe1450216b6655dfcf3561716d9
+$(DL_FILE)_MD5 = e3fca7650a0556a2647821679d81f585
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.38-upstream_fixes-1.patch
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--disable-static \
--enable-utf8 \
--disable-jit \
- --enable-unicode-properties
+ --enable-pcre16 \
+ --enable-pcre32 \
+ --enable-pcregrep-libz \
+ --enable-pcregrep-libbz2 \
+ --enable-pcretest-libreadline \
+ --enable-unicode-properties \
+ --docdir=/usr/share/doc/pcre-$(THISAPP)
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2011 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+
+###############################################################################
+# Definitions
+###############################################################################
+include Config
+VER = 1.26
+
+THISAPP = Net-IP-$(VER)
+DL_FILE = ${THISAPP}.tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+PROG = perl-Net-IP
+DEPS = ""
+PAK_VER = 1
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 3a98e3ac45d69ea38a63a7e678bd716d
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2011 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+
+###############################################################################
+# Definitions
+###############################################################################
+include Config
+VER = 3.74
+
+THISAPP = common-sense-$(VER)
+DL_FILE = ${THISAPP}.tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+PROG = perl-common-sense
+DEPS = ""
+PAK_VER = 1
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 35b273147200c4c95eef7816f83e572d
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.22
+
+THISAPP = Linux-Inotify2-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+PROG = perl-inotify2
+DEPS = "perl-common-sense"
+PAK_VER = 1
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = bc0a86f04476f9e0aaab026b8081f097
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && perl Makefile.PL
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.10.4
+VER = 1.16
THISAPP = popt-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dd22a6873b43d00f75e1c1b7dcfd1ff7
+$(DL_FILE)_MD5 = 3743beefa3dd6247a73f8f7a32c14c33
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && sed -i -e "/*origOptString ==/c 0)" popt.c
cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
include Config
-VER = 2.4.0
+VER = 2.6.0
THISAPP = qemu-$(VER)
DL_FILE = $(THISAPP).tar.bz2
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = i586 x86_64
PROG = qemu
-PAK_VER = 18
+PAK_VER = 20
DEPS = "sdl spice"
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 186ee8194140a484a455f8e3c74589f4
+$(DL_FILE)_MD5 = ca3f70b43f093e33e9e014f144067f13
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \
- --enable-kvm --disable-attr \
+ --enable-kvm --disable-bluez --disable-attr \
--target-list="i386-linux-user x86_64-linux-user arm-linux-user i386-softmmu x86_64-softmmu arm-softmmu" \
--extra-cflags="$(CFLAGS)" --enable-spice
cd $(DIR_APP) && make $(MAKETUNING)
paxctl -m -r /usr/bin/qemu-arm
paxctl -m -r /usr/bin/qemu-i386
paxctl -m -r /usr/bin/qemu-x86_64
+ # install an udev script to set the permissions of /dev/kvm
+ cp -avf $(DIR_SRC)/config/qemu/65-kvm.rules /lib/udev/rules.d/65-kvm.rules
@rm -rf $(DIR_APP)
@$(POSTBUILD)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = sane
-PAK_VER = 4
+PAK_VER = 5
DEPS = "cups libtiff"
include Config
-VER = 4.0.15
+VER = 4.2.1
THISAPP = shadow-$(VER)
-DL_FILE = $(THISAPP).tar.bz2
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a0452fa989f8ba45023cc5a08136568e
+$(DL_FILE)_MD5 = 2bfafe7d4962682d31b5eba65dba4fc8
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --libdir=/lib --enable-shared --without-selinux --disable-nls
- cd $(DIR_APP) && sed -i 's/groups$(EXEEXT) //' src/Makefile
- cd $(DIR_APP) && find man -name Makefile -exec sed -i '/groups/d' {} \;
- cd $(DIR_APP) && sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/shadow-4.2.1-suppress_installation_of_groups.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/shadow-4.2.1-SHA512_password_hashing.patch
+ cd $(DIR_APP) && ./configure --libdir=/lib \
+ --sysconfdir=/etc \
+ --enable-shared \
+ --without-selinux \
+ --disable-nls \
+ --with-group-name-max-length=32
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
cd $(DIR_APP) && cp -v etc/{limits,login.access} /etc
-e 's@/var/spool/mail@/var/mail@' \
etc/login.defs > /etc/login.defs
mv -v /usr/bin/passwd /bin
- mv -v /lib/libshadow.*a /usr/lib
- rm -v /lib/libshadow.so
ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so
- mkdir -v /etc/default
touch /etc/shadow
chmod 600 /etc/shadow
pwconv
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.9.7.6
+VER = 2.9.8.2
THISAPP = snort-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 65349f3272c4de5b3210f77f1f7ab0e6
+$(DL_FILE)_MD5 = b5005f88a01b42ff7ee0defb94161ffc
install : $(TARGET)
DIR_APP = $(DIR_SRC)/spandsp-0.0.6
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = spandsp
-PAK_VER = 3
+PAK_VER = 4
DEPS = "libtiff"
include Config
-VER = 0.12.6
+VER = 0.12.8
THISAPP = spice-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = spice
-PAK_VER = 1
+PAK_VER = 2
DEPS = "opus"
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 605a8c8ea80bc95076c4b3539c6dd026
+$(DL_FILE)_MD5 = 376853d11b9921aa34a06c4dbef81874
install : $(TARGET)
include Config
-VER = 0.12.10
+VER = 0.12.11
THISAPP = spice-protocol-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = spice-protocol
-PAK_VER = 1
+PAK_VER = 2
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1fb9d0dcdd42dce1b476ae8aa7569bcc
+$(DL_FILE)_MD5 = 422bf0bc1eb34c8af3479a78b28e969b
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.16
+VER = 1.18
THISAPP = wget-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = fe102975ab3a6c049777883f1bb9ad07
+$(DL_FILE)_MD5 = af9ca95a4bb8ac4a9bf10aeae66fa5ec
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.16
+VER = 2.21
THISAPP = which-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 830b83af48347a9a3520f561e47cbc9b
+$(DL_FILE)_MD5 = 097ff1a324ae02e0a3b0369f07a7544a
install : $(TARGET)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.19" # Version number
-CORE="103" # Core Level (Filename)
+CORE="104" # Core Level (Filename)
PAKFIRE_CORE="103" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
lfsmake2 perl
lfsmake2 readline
lfsmake2 readline-compat
+ lfsmake2 bzip2
lfsmake2 pcre
lfsmake2 pcre-compat
lfsmake2 bash
- lfsmake2 bzip2
lfsmake2 diffutils
lfsmake2 e2fsprogs
lfsmake2 ed
ipfiremake libpciaccess
ipfiremake libyajl
ipfiremake libvirt
+ ipfiremake freeradius
+ ipfiremake perl-common-sense
+ ipfiremake perl-inotify2
+ ipfiremake perl-Net-IP
}
buildinstaller() {
--- /dev/null
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/freeradius
+#
+# Description : Initscript for the FreeRADIUS Server
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+case "${1}" in
+ start)
+ # Create necessary directories
+ mkdir -p /var/run/radiusd
+
+ boot_mesg "Starting FreeRADIUS server..."
+ loadproc /usr/sbin/radiusd -d /etc/raddb
+ ;;
+
+ stop)
+ boot_mesg "Stopping FreeRADIUS server..."
+ killproc /usr/sbin/radiusd
+ ;;
+
+ reload)
+ boot_mesg "Reloading FreeRADIUS server..."
+ reloadproc /usr/sbin/radiusd
+ ;;
+
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
+
+ status)
+ statusproc /usr/sbin/radiusd
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|reload|restart|status}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/freeradius
--- /dev/null
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/guardian
+#
+# Description : Guardian Initscript
+#
+# Authors : Kim Wölfel for ipfire.org
+#
+# Version : 01.00
+#
+# Notes :
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+eval $(/usr/local/bin/readhash /var/ipfire/guardian/settings)
+
+function guardian_is_enabled() {
+ [ "${GUARDIAN_ENABLED}" = "on" ]
+}
+
+case "$1" in
+ start)
+ guardian_is_enabled || exit 0
+
+ boot_mesg "Starting Guardian..."
+ loadproc /usr/sbin/guardian -c /var/ipfire/guardian/guardian.conf
+ ;;
+
+ stop)
+ if ([ -f /run/guardian/guardian.pid ]); then
+ boot_mesg "Stopping Guardian..."
+ kill $(cat /run/guardian/guardian.pid)
+ sleep 1;
+ fi
+ ;;
+
+ status)
+ statusproc /usr/sbin/guardian
+ ;;
+
+ restart)
+ $0 stop
+ sleep 2
+ $0 start
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/guardian
--- /dev/null
+#!/bin/bash
+
+exec /usr/bin/guardianctrl reload-ignore-list 2&>/dev/null
sleep 1
chmod 644 /var/run/snort_$DEVICE.pid
done
-
-
- if [ -r /var/ipfire/guardian/enable ]; then
- IFACE=`/bin/cat /var/ipfire/red/iface 2>/dev/null | /usr/bin/tr -d '\012'`
- sed -e "s/^Interface.*/Interface ${IFACE}/" /var/ipfire/guardian/guardian.conf > temp
- mv temp /var/ipfire/guardian/guardian.conf
- chown nobody.root /var/ipfire/guardian/guardian.conf
-
- boot_mesg "Starting Guardian..."
- loadproc /usr/local/bin/guardian.pl -c /var/ipfire/guardian/guardian.conf
- fi
- ;;
-
+ ;;
+
stop)
DEVICES=""
if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
done
rm /var/run/snort_* >/dev/null 2>/dev/null
-
- if ([ -r /var/ipfire/guardian/enable ] || [ ! -z $(pidofproc /usr/local/bin/guardian.pl) ]); then
- boot_mesg "Stopping Guardian..."
- killproc /usr/local/bin/guardian.pl
- fi
# Don't report returncode of rm if snort was not started
exit 0
esac
done
- if [ -e "/etc/init.d/${1}" ]; then
+ if [ -f "/etc/init.d/${1}" ]; then
if [ -n "${BACKGROUND}" ]; then
(sleep ${DELAY} && /etc/init.d/${1} start) &
else
}
stop_service() {
- if [ -e "/etc/init.d/${1}" ]; then
+ if [ -f "/etc/init.d/${1}" ]; then
/etc/init.d/${1} stop
fi
}
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+extract_files
+restore_backup ${NAME}
+
+# Create initial set of certificates
+if [ ! -e "/etc/raddb/certs/server.pem" ]; then
+ ( umask 007; /etc/raddb/certs/bootstrap )
+fi
+
+start_service --background ${NAME}
+
+# Enable autostart
+ln -sf ../init.d/freeradius /etc/rc.d/rc0.d/K25freeradius
+ln -sf ../init.d/freeradius /etc/rc.d/rc3.d/S35freeradius
+ln -sf ../init.d/freeradius /etc/rc.d/rc6.d/K25freeradius
+
+exit 0
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+rm -rfv /etc/rc.d/rc*.d/*freeradius
+stop_service ${NAME}
+make_backup ${NAME}
+remove_files
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+./uninstall.sh
+./install.sh
############################################################################
#
. /opt/pakfire/lib/functions.sh
+
+# creates a new user and group called libvirt-remote if they not exist
+getent group libvirt-remote >/dev/null || groupadd libvirt-remote
+getent passwd libvirt-remote >/dev/null || \
+useradd -m -g libvirt-remote -s /bin/bash "libvirt-remote"
+
extract_files
-start_service --delay 300 --background ${NAME}
+
+# create diretorys in var
+mkdir -p /var/cache/libvirt/qemu \
+/var/lib/libvirt/boot \
+/var/lib/libvirt/filesystems \
+/var/lib/libvirt/images \
+/var/lib/libvirt/lockd/files \
+/var/lib/libvirt/qemu \
+/var/log/libvirt/qemu
+# set the permissions
+chown -R nobody:kvm /var/cache/libvirt/qemu
+chown -R nobody:kvm /var/lib/libvirt/qemu
+chown -R nobody:kvm /var/lib/libvirt/images
+# restore the backup
+restore_backup ${NAME}
+
+start_service --background libvirtd
ln -svf /etc/init.d/libvirtd /etc/rc.d/rc0.d/K20libvirtd
ln -svf /etc/init.d/libvirtd /etc/rc.d/rc3.d/S70libvirtd
ln -svf /etc/init.d/libvirtd /etc/rc.d/rc6.d/K20libvirtd
############################################################################
#
. /opt/pakfire/lib/functions.sh
-stop_service ${NAME}
+stop_service libvirtd
+
+extract_backup_includes
+make_backup ${NAME}
+
remove_files
rm -f /etc/rc.d/rc*.d/*libvirt-guests
#
. /opt/pakfire/lib/functions.sh
stop_service ${NAME}
+extract_backup_includes
make_backup ${NAME}
remove_files
############################################################################
#
. /opt/pakfire/lib/functions.sh
+#create the group kvm when they not exist
+getent group kvm >/dev/null || groupadd kvm
extract_files
restore_backup ${NAME}
echo shm /dev/shm tmpfs defaults,size=256M 0 0 >> /etc/fstab
---- a/arch/arm/mach-omap2/cclock3xxx_data.c~ 2015-12-12 11:00:10.474423373 +0000
-+++ b/arch/arm/mach-omap2/cclock3xxx_data.c 2015-12-12 11:30:31.198452547 +0000
+diff -Naur linux-3.14.74.org/arch/arm/mach-omap2/cclock3xxx_data.c linux-3.14.74/arch/arm/mach-omap2/cclock3xxx_data.c
+--- linux-3.14.74.org/arch/arm/mach-omap2/cclock3xxx_data.c 2016-07-27 18:56:02.000000000 +0200
++++ linux-3.14.74/arch/arm/mach-omap2/cclock3xxx_data.c 2016-07-29 01:47:45.272515907 +0200
@@ -250,7 +250,7 @@
static struct clk dpll1_ck;
--static struct clk_ops dpll1_ck_ops;
-+static clk_ops_no_const dpll1_ck_ops;
-
- static struct clk_ops dpll1_ck_ops_34xx __initdata = {
+-static const struct clk_ops dpll1_ck_ops = {
++static clk_ops_no_const dpll1_ck_ops = {
.init = &omap2_init_clk_clkdm,
-diff -Naur linux-3.14.63-org/net/ipv6/addrconf.c linux-3.14.63/net/ipv6/addrconf.c
---- linux-3.14.63-org/net/ipv6/addrconf.c 2016-03-04 22:56:07.375481749 +0100
-+++ linux-3.14.63/net/ipv6/addrconf.c 2016-03-04 23:08:34.285482105 +0100
+ .enable = &omap3_noncore_dpll_enable,
+ .disable = &omap3_noncore_dpll_disable,
+diff -Naur linux-3.14.74.org/net/ipv6/addrconf.c linux-3.14.74/net/ipv6/addrconf.c
+--- linux-3.14.74.org/net/ipv6/addrconf.c 2016-07-29 03:47:13.000000000 +0200
++++ linux-3.14.74/net/ipv6/addrconf.c 2016-07-29 00:47:00.000000000 +0200
@@ -4818,7 +4818,7 @@
{
struct inet6_dev *idev = ctl->extra1;
diff -Naur backports-4.2.6-1.org/drivers/net/usb/asix_common.c backports-4.2.6-1/drivers/net/usb/asix_common.c
--- backports-4.2.6-1.org/drivers/net/usb/asix_common.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/asix_common.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/asix_common.c 2016-06-28 14:35:17.965307221 +0200
@@ -0,0 +1,584 @@
+/*
+ * ASIX AX8817X based USB 2.0 Ethernet Devices
+}
diff -Naur backports-4.2.6-1.org/drivers/net/usb/asix_devices.c backports-4.2.6-1/drivers/net/usb/asix_devices.c
--- backports-4.2.6-1.org/drivers/net/usb/asix_devices.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/asix_devices.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/asix_devices.c 2016-06-28 14:35:17.965307221 +0200
@@ -0,0 +1,1107 @@
+/*
+ * ASIX AX8817X based USB 2.0 Ethernet Devices
+
diff -Naur backports-4.2.6-1.org/drivers/net/usb/asix.h backports-4.2.6-1/drivers/net/usb/asix.h
--- backports-4.2.6-1.org/drivers/net/usb/asix.h 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/asix.h 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/asix.h 2016-06-28 14:35:17.965307221 +0200
@@ -0,0 +1,234 @@
+/*
+ * ASIX AX8817X based USB 2.0 Ethernet Devices
+#endif /* _ASIX_H */
diff -Naur backports-4.2.6-1.org/drivers/net/usb/ax88172a.c backports-4.2.6-1/drivers/net/usb/ax88172a.c
--- backports-4.2.6-1.org/drivers/net/usb/ax88172a.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/ax88172a.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/ax88172a.c 2016-06-28 14:35:17.965307221 +0200
@@ -0,0 +1,422 @@
+/*
+ * ASIX AX88172A based USB 2.0 Ethernet Devices
+};
diff -Naur backports-4.2.6-1.org/drivers/net/usb/ax88179_178a.c backports-4.2.6-1/drivers/net/usb/ax88179_178a.c
--- backports-4.2.6-1.org/drivers/net/usb/ax88179_178a.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/ax88179_178a.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/ax88179_178a.c 2016-06-28 14:35:17.968640554 +0200
@@ -0,0 +1,1756 @@
+/*
+ * ASIX AX88179/178A USB 3.0/2.0 to Gigabit Ethernet Devices
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/catc.c backports-4.2.6-1/drivers/net/usb/catc.c
--- backports-4.2.6-1.org/drivers/net/usb/catc.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/catc.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/catc.c 2016-06-28 14:35:17.975307221 +0200
@@ -0,0 +1,965 @@
+/*
+ * Copyright (c) 2001 Vojtech Pavlik
+module_usb_driver(catc_driver);
diff -Naur backports-4.2.6-1.org/drivers/net/usb/cdc_eem.c backports-4.2.6-1/drivers/net/usb/cdc_eem.c
--- backports-4.2.6-1.org/drivers/net/usb/cdc_eem.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/cdc_eem.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/cdc_eem.c 2016-06-28 14:35:17.975307221 +0200
@@ -0,0 +1,381 @@
+/*
+ * USB CDC EEM network interface driver
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/cdc-phonet.c backports-4.2.6-1/drivers/net/usb/cdc-phonet.c
--- backports-4.2.6-1.org/drivers/net/usb/cdc-phonet.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/cdc-phonet.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/cdc-phonet.c 2016-06-28 14:35:17.975307221 +0200
@@ -0,0 +1,466 @@
+/*
+ * phonet.c -- USB CDC Phonet host driver
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/cdc_subset.c backports-4.2.6-1/drivers/net/usb/cdc_subset.c
--- backports-4.2.6-1.org/drivers/net/usb/cdc_subset.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/cdc_subset.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/cdc_subset.c 2016-06-28 14:35:17.975307221 +0200
@@ -0,0 +1,369 @@
+/*
+ * Simple "CDC Subset" USB Networking Links
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/cx82310_eth.c backports-4.2.6-1/drivers/net/usb/cx82310_eth.c
--- backports-4.2.6-1.org/drivers/net/usb/cx82310_eth.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/cx82310_eth.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/cx82310_eth.c 2016-06-28 14:35:17.978640554 +0200
@@ -0,0 +1,353 @@
+/*
+ * Driver for USB ethernet port of Conexant CX82310-based ADSL routers
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/dm9601.c backports-4.2.6-1/drivers/net/usb/dm9601.c
--- backports-4.2.6-1.org/drivers/net/usb/dm9601.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/dm9601.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/dm9601.c 2016-06-28 14:35:17.978640554 +0200
@@ -0,0 +1,647 @@
+/*
+ * Davicom DM96xx USB 10/100Mbps ethernet devices
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/gl620a.c backports-4.2.6-1/drivers/net/usb/gl620a.c
--- backports-4.2.6-1.org/drivers/net/usb/gl620a.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/gl620a.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/gl620a.c 2016-06-28 14:35:17.978640554 +0200
@@ -0,0 +1,242 @@
+/*
+ * GeneSys GL620USB-A based links
+
diff -Naur backports-4.2.6-1.org/drivers/net/usb/hso.c backports-4.2.6-1/drivers/net/usb/hso.c
--- backports-4.2.6-1.org/drivers/net/usb/hso.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/hso.c 2016-01-27 15:03:25.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/hso.c 2016-06-28 14:35:17.981973887 +0200
@@ -0,0 +1,3322 @@
+/******************************************************************************
+ *
+module_param(disable_net, int, S_IRUGO | S_IWUSR);
diff -Naur backports-4.2.6-1.org/drivers/net/usb/huawei_cdc_ncm.c backports-4.2.6-1/drivers/net/usb/huawei_cdc_ncm.c
--- backports-4.2.6-1.org/drivers/net/usb/huawei_cdc_ncm.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/huawei_cdc_ncm.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/huawei_cdc_ncm.c 2016-06-28 14:35:17.981973887 +0200
@@ -0,0 +1,224 @@
+/* huawei_cdc_ncm.c - handles Huawei devices using the CDC NCM protocol as
+ * transport layer.
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/int51x1.c backports-4.2.6-1/drivers/net/usb/int51x1.c
--- backports-4.2.6-1.org/drivers/net/usb/int51x1.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/int51x1.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/int51x1.c 2016-06-28 14:35:17.985307220 +0200
@@ -0,0 +1,199 @@
+/*
+ * Copyright (c) 2009 Peter Holik
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/ipheth.c backports-4.2.6-1/drivers/net/usb/ipheth.c
--- backports-4.2.6-1.org/drivers/net/usb/ipheth.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/ipheth.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/ipheth.c 2016-06-28 14:35:17.985307220 +0200
@@ -0,0 +1,588 @@
+/*
+ * ipheth.c - Apple iPhone USB Ethernet driver
+MODULE_LICENSE("Dual BSD/GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/kalmia.c backports-4.2.6-1/drivers/net/usb/kalmia.c
--- backports-4.2.6-1.org/drivers/net/usb/kalmia.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/kalmia.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/kalmia.c 2016-06-28 14:35:17.985307220 +0200
@@ -0,0 +1,366 @@
+/*
+ * USB network interface driver for Samsung Kalmia based LTE USB modem like the
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/kaweth.c backports-4.2.6-1/drivers/net/usb/kaweth.c
--- backports-4.2.6-1.org/drivers/net/usb/kaweth.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/kaweth.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/kaweth.c 2016-06-28 14:35:17.988640553 +0200
@@ -0,0 +1,1331 @@
+/****************************************************************
+ *
+module_usb_driver(kaweth_driver);
diff -Naur backports-4.2.6-1.org/drivers/net/usb/Kconfig backports-4.2.6-1/drivers/net/usb/Kconfig
--- backports-4.2.6-1.org/drivers/net/usb/Kconfig 2015-11-15 22:19:40.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/Kconfig 2016-01-27 15:58:23.159192032 +0100
++++ backports-4.2.6-1/drivers/net/usb/Kconfig 2016-06-28 14:35:17.991973886 +0200
@@ -13,7 +13,6 @@
if USB_NET_DRIVERS
called VL600. This driver only handles the ethernet
diff -Naur backports-4.2.6-1.org/drivers/net/usb/Kconfig.orig backports-4.2.6-1/drivers/net/usb/Kconfig.orig
--- backports-4.2.6-1.org/drivers/net/usb/Kconfig.orig 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/Kconfig.orig 2015-11-15 22:19:40.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/Kconfig.orig 2016-06-28 14:35:17.991973886 +0200
@@ -0,0 +1,638 @@
+#
+# USB Network devices configuration
+endif # USB_NET_DRIVERS
diff -Naur backports-4.2.6-1.org/drivers/net/usb/lg-vl600.c backports-4.2.6-1/drivers/net/usb/lg-vl600.c
--- backports-4.2.6-1.org/drivers/net/usb/lg-vl600.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/lg-vl600.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/lg-vl600.c 2016-06-28 14:35:17.991973886 +0200
@@ -0,0 +1,353 @@
+/*
+ * Ethernet interface part of the LG VL600 LTE modem (4G dongle)
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/Makefile backports-4.2.6-1/drivers/net/usb/Makefile
--- backports-4.2.6-1.org/drivers/net/usb/Makefile 2015-11-15 22:19:40.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/Makefile 2016-01-27 15:53:50.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/Makefile 2016-06-28 14:35:17.991973886 +0200
@@ -1,39 +1,40 @@
#
# Makefile for USB Network drivers
diff -Naur backports-4.2.6-1.org/drivers/net/usb/mcs7830.c backports-4.2.6-1/drivers/net/usb/mcs7830.c
--- backports-4.2.6-1.org/drivers/net/usb/mcs7830.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/mcs7830.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/mcs7830.c 2016-06-28 14:35:17.995307218 +0200
@@ -0,0 +1,643 @@
+/*
+ * MOSCHIP MCS7830 based (7730/7830/7832) USB 2.0 Ethernet Devices
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/net1080.c backports-4.2.6-1/drivers/net/usb/net1080.c
--- backports-4.2.6-1.org/drivers/net/usb/net1080.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/net1080.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/net1080.c 2016-06-28 14:35:17.995307218 +0200
@@ -0,0 +1,544 @@
+/*
+ * Net1080 based USB host-to-host cables
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/pegasus.c backports-4.2.6-1/drivers/net/usb/pegasus.c
--- backports-4.2.6-1.org/drivers/net/usb/pegasus.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/pegasus.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/pegasus.c 2016-06-28 14:35:17.995307218 +0200
@@ -0,0 +1,1335 @@
+/*
+ * Copyright (c) 1999-2013 Petko Manolov (petkan@nucleusys.com)
+module_exit(pegasus_exit);
diff -Naur backports-4.2.6-1.org/drivers/net/usb/pegasus.h backports-4.2.6-1/drivers/net/usb/pegasus.h
--- backports-4.2.6-1.org/drivers/net/usb/pegasus.h 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/pegasus.h 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/pegasus.h 2016-06-28 14:35:17.998640551 +0200
@@ -0,0 +1,308 @@
+/*
+ * Copyright (c) 1999-2013 Petko Manolov (petkan@nucleusys.com)
+#endif /* PEGASUS_DEV */
diff -Naur backports-4.2.6-1.org/drivers/net/usb/plusb.c backports-4.2.6-1/drivers/net/usb/plusb.c
--- backports-4.2.6-1.org/drivers/net/usb/plusb.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/plusb.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/plusb.c 2016-06-28 14:35:17.998640551 +0200
@@ -0,0 +1,162 @@
+/*
+ * PL-2301/2302 USB host-to-host link cables
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/r8152.c backports-4.2.6-1/drivers/net/usb/r8152.c
--- backports-4.2.6-1.org/drivers/net/usb/r8152.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/r8152.c 2016-01-27 12:43:25.000000000 +0100
-@@ -0,0 +1,2847 @@
++++ backports-4.2.6-1/drivers/net/usb/r8152.c 2016-06-28 14:45:32.005250978 +0200
+@@ -0,0 +1,2856 @@
+/*
+ * Copyright (c) 2014 Realtek Semiconductor Corp. All rights reserved.
+ *
+#define VENDOR_ID_SAMSUNG 0x04e8
+#define PRODUCT_ID_SAMSUNG 0xa101
+
++#define VENDOR_ID_LENOVO 0x17ef
++#define PRODUCT_ID_LENOVO 0x7205
++
++#define VENDOR_ID_NVIDIA 0x0955
++#define PRODUCT_ID_NVIDIA 0x09ff
++
++
+#define MCU_TYPE_PLA 0x0100
+#define MCU_TYPE_USB 0x0000
+
+ {USB_DEVICE(VENDOR_ID_REALTEK, PRODUCT_ID_RTL8152)},
+ {USB_DEVICE(VENDOR_ID_REALTEK, PRODUCT_ID_RTL8153)},
+ {USB_DEVICE(VENDOR_ID_SAMSUNG, PRODUCT_ID_SAMSUNG)},
++ {USB_DEVICE(VENDOR_ID_LENOVO, PRODUCT_ID_LENOVO)},
++ {USB_DEVICE(VENDOR_ID_NVIDIA, PRODUCT_ID_NVIDIA)},
+ {}
+};
+
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/rtl8150.c backports-4.2.6-1/drivers/net/usb/rtl8150.c
--- backports-4.2.6-1.org/drivers/net/usb/rtl8150.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/rtl8150.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/rtl8150.c 2016-06-28 14:35:18.001973885 +0200
@@ -0,0 +1,949 @@
+/*
+ * Copyright (c) 2002 Petko Manolov (petkan@users.sourceforge.net)
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc75xx.c backports-4.2.6-1/drivers/net/usb/smsc75xx.c
--- backports-4.2.6-1.org/drivers/net/usb/smsc75xx.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/smsc75xx.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/smsc75xx.c 2016-06-28 14:35:18.008640551 +0200
@@ -0,0 +1,2286 @@
+ /***************************************************************************
+ *
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc75xx.h backports-4.2.6-1/drivers/net/usb/smsc75xx.h
--- backports-4.2.6-1.org/drivers/net/usb/smsc75xx.h 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/smsc75xx.h 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/smsc75xx.h 2016-06-28 14:35:18.008640551 +0200
@@ -0,0 +1,421 @@
+ /***************************************************************************
+ *
+#endif /* _SMSC75XX_H */
diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc95xx.c backports-4.2.6-1/drivers/net/usb/smsc95xx.c
--- backports-4.2.6-1.org/drivers/net/usb/smsc95xx.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/smsc95xx.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/smsc95xx.c 2016-06-28 14:35:18.011973884 +0200
@@ -0,0 +1,2032 @@
+ /***************************************************************************
+ *
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc95xx.h backports-4.2.6-1/drivers/net/usb/smsc95xx.h
--- backports-4.2.6-1.org/drivers/net/usb/smsc95xx.h 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/smsc95xx.h 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/smsc95xx.h 2016-06-28 14:35:18.011973884 +0200
@@ -0,0 +1,290 @@
+ /***************************************************************************
+ *
+#endif /* _SMSC95XX_H */
diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9700.c backports-4.2.6-1/drivers/net/usb/sr9700.c
--- backports-4.2.6-1.org/drivers/net/usb/sr9700.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/sr9700.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/sr9700.c 2016-06-28 14:35:18.011973884 +0200
@@ -0,0 +1,559 @@
+/*
+ * CoreChip-sz SR9700 one chip USB 1.1 Ethernet Devices
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9700.h backports-4.2.6-1/drivers/net/usb/sr9700.h
--- backports-4.2.6-1.org/drivers/net/usb/sr9700.h 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/sr9700.h 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/sr9700.h 2016-06-28 14:35:18.011973884 +0200
@@ -0,0 +1,173 @@
+/*
+ * CoreChip-sz SR9700 one chip USB 1.1 Ethernet Devices
+#endif /* _SR9700_H */
diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9800.c backports-4.2.6-1/drivers/net/usb/sr9800.c
--- backports-4.2.6-1.org/drivers/net/usb/sr9800.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/sr9800.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/sr9800.c 2016-06-28 14:35:18.015307217 +0200
@@ -0,0 +1,875 @@
+/* CoreChip-sz SR9800 one chip USB 2.0 Ethernet Devices
+ *
+MODULE_LICENSE("GPL");
diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9800.h backports-4.2.6-1/drivers/net/usb/sr9800.h
--- backports-4.2.6-1.org/drivers/net/usb/sr9800.h 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/sr9800.h 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/sr9800.h 2016-06-28 14:35:18.015307217 +0200
@@ -0,0 +1,202 @@
+/* CoreChip-sz SR9800 one chip USB 2.0 Ethernet Devices
+ *
+#endif /* _SR9800_H */
diff -Naur backports-4.2.6-1.org/drivers/net/usb/zaurus.c backports-4.2.6-1/drivers/net/usb/zaurus.c
--- backports-4.2.6-1.org/drivers/net/usb/zaurus.c 1970-01-01 01:00:00.000000000 +0100
-+++ backports-4.2.6-1/drivers/net/usb/zaurus.c 2015-11-09 23:37:56.000000000 +0100
++++ backports-4.2.6-1/drivers/net/usb/zaurus.c 2016-06-28 14:35:18.015307217 +0200
@@ -0,0 +1,385 @@
+/*
+ * Copyright (C) 2002 Pavel Machek <pavel@ucw.cz>
--- /dev/null
+From 5bb6f6e1d44aa91323857715dfddb63337f8307b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
+Date: Sun, 3 Jul 2016 22:24:50 +0200
+Subject: cdc_ncm: workaround for EM7455 "silent" data interface
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+[ Upstream commit c086e7096170390594c425114d98172bc9aceb8a ]
+
+Several Lenovo users have reported problems with their Sierra
+Wireless EM7455 modem. The driver has loaded successfully and
+the MBIM management channel has appeared to work, including
+establishing a connection to the mobile network. But no frames
+have been received over the data interface.
+
+The problem affects all EM7455 and MC7455, and is assumed to
+affect other modems based on the same Qualcomm chipset and
+baseband firmware.
+
+Testing narrowed the problem down to what seems to be a
+firmware timing bug during initialization. Adding a short sleep
+while probing is sufficient to make the problem disappear.
+Experiments have shown that 1-2 ms is too little to have any
+effect, while 10-20 ms is enough to reliably succeed.
+
+Reported-by: Stefan Armbruster <ml001@armbruster-it.de>
+Reported-by: Ralph Plawetzki <ralph@purejava.org>
+Reported-by: Andreas Fett <andreas.fett@secunet.com>
+Reported-by: Rasmus Lerdorf <rasmus@lerdorf.com>
+Reported-by: Samo Ratnik <samo.ratnik@gmail.com>
+Reported-and-tested-by: Aleksander Morgado <aleksander@aleksander.es>
+Signed-off-by: Bjørn Mork <bjorn@mork.no>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/cdc_ncm.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
+index c663722..584504e 100644
+--- a/drivers/net/usb/cdc_ncm.c
++++ b/drivers/net/usb/cdc_ncm.c
+@@ -438,6 +438,13 @@ advance:
+ if (cdc_ncm_setup(dev))
+ goto error2;
+
++ /* Some firmwares need a pause here or they will silently fail
++ * to set up the interface properly. This value was decided
++ * empirically on a Sierra Wireless MC7455 running 02.08.02.00
++ * firmware.
++ */
++ usleep_range(10000, 20000);
++
+ /* configure data interface */
+ temp = usb_set_interface(dev->udev, iface_no, data_altsetting);
+ if (temp) {
+--
+cgit v0.12
+
--- /dev/null
+From d6b8a68ac7b6d2e241f8d34b769c98a1793d9124 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Wed, 20 Apr 2016 23:23:08 +0100
+Subject: atl2: Disable unimplemented scatter/gather feature
+
+[ Upstream commit f43bfaeddc79effbf3d0fcb53ca477cca66f3db8 ]
+
+atl2 includes NETIF_F_SG in hw_features even though it has no support
+for non-linear skbs. This bug was originally harmless since the
+driver does not claim to implement checksum offload and that used to
+be a requirement for SG.
+
+Now that SG and checksum offload are independent features, if you
+explicitly enable SG *and* use one of the rare protocols that can use
+SG without checkusm offload, this potentially leaks sensitive
+information (before you notice that it just isn't working). Therefore
+this obscure bug has been designated CVE-2016-2117.
+
+Reported-by: Justin Yackoski <jyackoski@crypto-nite.com>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Fixes: ec5f06156423 ("net: Kill link between CSUM and SG features.")
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/atheros/atlx/atl2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c
+index 265ce1b..96fe542 100644
+--- a/drivers/net/ethernet/atheros/atlx/atl2.c
++++ b/drivers/net/ethernet/atheros/atlx/atl2.c
+@@ -1413,7 +1413,7 @@ static int atl2_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
+
+ err = -EIO;
+
+- netdev->hw_features = NETIF_F_SG | NETIF_F_HW_VLAN_CTAG_RX;
++ netdev->hw_features = NETIF_F_HW_VLAN_CTAG_RX;
+ netdev->features |= (NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_CTAG_RX);
+
+ /* Init PHY as early as possible due to power saving issue */
+--
+cgit v0.12
+
--- /dev/null
+From fc70a4a5cb616bf390cee03390265045de5cf06a Mon Sep 17 00:00:00 2001
+From: Feng Tang <feng.tang@intel.com>
+Date: Fri, 24 Jun 2016 15:26:05 +0800
+Subject: net: alx: Work around the DMA RX overflow issue
+
+[ Upstream commit 881d0327db37ad917a367c77aff1afa1ee41e0a9 ]
+
+Note: This is a verified backported patch for stable 4.4 kernel, and it
+could also be applied to 4.3/4.2/4.1/3.18/3.16
+
+There is a problem with alx devices, that the network link will be
+lost in 1-5 minutes after the device is up.
+
+>From debugging without datasheet, we found the error always
+happen when the DMA RX address is set to 0x....fc0, which is very
+likely to be a HW/silicon problem.
+
+This patch will apply rx skb with 64 bytes longer space, and if the
+allocated skb has a 0x...fc0 address, it will use skb_resever(skb, 64)
+to advance the address, so that the RX overflow can be avoided.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=70761
+Signed-off-by: Feng Tang <feng.tang@intel.com>
+Suggested-by: Eric Dumazet <edumazet@google.com>
+Tested-by: Ole Lukoie <olelukoie@mail.ru>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/atheros/alx/main.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c
+index 3e1d7d2..7585960 100644
+--- a/drivers/net/ethernet/atheros/alx/main.c
++++ b/drivers/net/ethernet/atheros/alx/main.c
+@@ -86,9 +86,14 @@ static int alx_refill_rx_ring(struct alx_priv *alx, gfp_t gfp)
+ while (!cur_buf->skb && next != rxq->read_idx) {
+ struct alx_rfd *rfd = &rxq->rfd[cur];
+
+- skb = __netdev_alloc_skb(alx->dev, alx->rxbuf_size, gfp);
++ skb = __netdev_alloc_skb(alx->dev, alx->rxbuf_size + 64, gfp);
+ if (!skb)
+ break;
++
++ /* Workround for the HW RX DMA overflow issue */
++ if (((unsigned long)skb->data & 0xfff) == 0xfc0)
++ skb_reserve(skb, 64);
++
+ dma = dma_map_single(&alx->hw.pdev->dev,
+ skb->data, alx->rxbuf_size,
+ DMA_FROM_DEVICE);
+--
+cgit v0.12
+
--- a/src/dnsmasq.c Thu Jul 30 20:59:06 2015
+++ b/src/dnsmasq.c Wed Dec 16 19:38:32 2015
-@@ -1016,6 +1016,11 @@
+@@ -1017,6 +1017,11 @@
poll_resolv(0, daemon->last_resolv != 0, now);
daemon->last_resolv = now;
--- a/src/dnsmasq.h Wed Dec 16 19:24:12 2015
+++ b/src/dnsmasq.h Wed Dec 16 19:40:11 2015
-@@ -1514,6 +1514,11 @@
+@@ -1516,6 +1516,11 @@
void poll_listen(int fd, short event);
int do_poll(int timeout);
+#endif
--- a/src/option.c Wed Dec 16 19:24:12 2015
+++ b/src/option.c Wed Dec 16 19:42:48 2015
-@@ -1770,7 +1770,7 @@
+@@ -1771,7 +1771,7 @@
ret_err(_("bad MX target"));
break;
--- /dev/null
+From 294d36df4749e01199ab220d44c170e7db2b0c05 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 6 Jul 2016 21:30:25 +0100
+Subject: [PATCH] Calculate length of TFTP error reply correctly.
+
+---
+ CHANGELOG | 14 ++++++++++++++
+ src/tftp.c | 7 +++++--
+ 2 files changed, 19 insertions(+), 2 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 04ff3f0..0559a6f 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,3 +1,17 @@
++version 2.77
++ Calculate the length of TFTP error reply packet
++ correctly. This fixes a problem when the error
++ message in a TFTP packet exceeds the arbitrary
++ limit of 500 characters. The message was correctly
++ truncated, but not the packet length, so
++ extra data was appended. This is a possible
++ security risk, since the extra data comes from
++ a buffer which is also used for DNS, so that
++ previous DNS queries or replies may be leaked.
++ Thanks to Mozilla for funding the security audit
++ which spotted this bug.
++
++
+ version 2.76
+ Include 0.0.0.0/8 in DNS rebind checks. This range
+ translates to hosts on the local network, or, at
+diff --git a/src/tftp.c b/src/tftp.c
+index 5e4a32a..3e1b5c5 100644
+--- a/src/tftp.c
++++ b/src/tftp.c
+@@ -652,20 +652,23 @@ static void sanitise(char *buf)
+
+ }
+
++#define MAXMESSAGE 500 /* limit to make packet < 512 bytes and definitely smaller than buffer */
+ static ssize_t tftp_err(int err, char *packet, char *message, char *file)
+ {
+ struct errmess {
+ unsigned short op, err;
+ char message[];
+ } *mess = (struct errmess *)packet;
+- ssize_t ret = 4;
++ ssize_t len, ret = 4;
+ char *errstr = strerror(errno);
+
+ sanitise(file);
+
+ mess->op = htons(OP_ERR);
+ mess->err = htons(err);
+- ret += (snprintf(mess->message, 500, message, file, errstr) + 1);
++ len = snprintf(mess->message, MAXMESSAGE, message, file, errstr);
++ ret += (len < MAXMESSAGE) ? len + 1 : MAXMESSAGE; /* include terminating zero */
++
+ my_syslog(MS_TFTP | LOG_ERR, "%s", mess->message);
+
+ return ret;
+--
+1.7.10.4
+
--- /dev/null
+From d55f81f5fd53b1dfc2c4b3249b542f2d9679e236 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 6 Jul 2016 21:33:56 +0100
+Subject: [PATCH] Zero newly malloc'ed memory.
+
+---
+ src/util.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/util.c b/src/util.c
+index 93b24f5..82443c9 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -248,6 +248,8 @@ void *safe_malloc(size_t size)
+
+ if (!ret)
+ die(_("could not get memory"), NULL, EC_NOMEM);
++ else
++ memset(ret, 0, size);
+
+ return ret;
+ }
+@@ -266,7 +268,9 @@ void *whine_malloc(size_t size)
+
+ if (!ret)
+ my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size);
+-
++ else
++ memset(ret, 0, size);
++
+ return ret;
+ }
+
+--
+1.7.10.4
+
--- /dev/null
+From ce7845bf5429bd2962c9b2e7d75e2659f3b5c1a8 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 6 Jul 2016 21:42:27 +0100
+Subject: [PATCH] Check return of expand() always.
+
+---
+ src/radv.c | 4 +++-
+ src/slaac.c | 5 ++++-
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/radv.c b/src/radv.c
+index 749b666..faa0f6d 100644
+--- a/src/radv.c
++++ b/src/radv.c
+@@ -262,7 +262,9 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad
+ parm.prio = calc_prio(ra_param);
+
+ save_counter(0);
+- ra = expand(sizeof(struct ra_packet));
++
++ if (!(ra = expand(sizeof(struct ra_packet))))
++ return;
+
+ ra->type = ND_ROUTER_ADVERT;
+ ra->code = 0;
+diff --git a/src/slaac.c b/src/slaac.c
+index 8034805..07b8ba4 100644
+--- a/src/slaac.c
++++ b/src/slaac.c
+@@ -147,7 +147,10 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases)
+ struct sockaddr_in6 addr;
+
+ save_counter(0);
+- ping = expand(sizeof(struct ping_packet));
++
++ if (!(ping = expand(sizeof(struct ping_packet))))
++ continue;
++
+ ping->type = ICMP6_ECHO_REQUEST;
+ ping->code = 0;
+ ping->identifier = ping_id;
+--
+1.7.10.4
+
--- /dev/null
+From 5874f3e9222397d82aabd9884d9bf5ce7e4109b0 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 10 Jul 2016 22:12:08 +0100
+Subject: [PATCH] Fix editing error on man page.
+
+Thanks to Eric Westbrook for spotting this.
+---
+ man/dnsmasq.8 | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 0521534..bd8c0b3 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -1037,6 +1037,10 @@ is given, then read all the files contained in that directory. The advantage of
+ using this option is the same as for --dhcp-hostsfile: the
+ dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. Note that
+ it is possible to encode the information in a
++.B --dhcp-boot
++flag as DHCP options, using the options names bootfile-name,
++server-ip-address and tftp-server. This allows these to be included
++in a dhcp-optsfile.
+ .TP
+ .B --dhcp-hostsdir=<path>
+ This is equivalent to dhcp-hostsfile, except for the following. The path MUST be a
+@@ -1048,11 +1052,6 @@ is restarted; ie host records are only added dynamically.
+ .TP
+ .B --dhcp-optsdir=<path>
+ This is equivalent to dhcp-optsfile, with the differences noted for --dhcp-hostsdir.
+-.TP
+-.B --dhcp-boot
+-flag as DHCP options, using the options names bootfile-name,
+-server-ip-address and tftp-server. This allows these to be included
+-in a dhcp-optsfile.
+ .TP
+ .B \-Z, --read-ethers
+ Read /etc/ethers for information about hosts for the DHCP server. The
+--
+1.7.10.4
+
--- /dev/null
+From 907efeb2dc712603271093bce8a93c7c3e6fe64d Mon Sep 17 00:00:00 2001
+From: Kristjan Onu <jeixav@gmail.com>
+Date: Sun, 10 Jul 2016 22:37:57 +0100
+Subject: [PATCH] Manpage typo.
+
+---
+ man/dnsmasq.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index bd8c0b3..ac8d921 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -242,7 +242,7 @@ addresses associated with the interface.
+ .B --local-service
+ Accept DNS queries only from hosts whose address is on a local subnet,
+ ie a subnet for which an interface exists on the server. This option
+-only has effect is there are no --interface --except-interface,
++only has effect if there are no --interface --except-interface,
+ --listen-address or --auth-server options. It is intended to be set as
+ a default on installation, to allow unconfigured installations to be
+ useful but also safe from being used for DNS amplification attacks.
+--
+1.7.10.4
+
--- /dev/null
+From 591ed1e90503817938ccf5f127e677a8dd48b6d8 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 11 Jul 2016 18:18:42 +0100
+Subject: [PATCH] Fix bad behaviour with some DHCP option arrangements.
+
+The check that there's enough space to store the DHCP agent-id
+at the end of the packet could succeed when it should fail
+if the END option is in either of the oprion-overload areas.
+That could overwrite legit options in the request and cause
+bad behaviour. It's highly unlikely that any sane DHCP client
+would trigger this bug, and it's never been seen, but this
+fixes the problem.
+
+Also fix off-by-one in bounds checking of option processing.
+Worst case scenario on that is a read one byte beyond the
+end off a buffer with a crafted packet, and maybe therefore
+a SIGV crash if the memory after the buffer is not mapped.
+
+Thanks to Timothy Becker for spotting these.
+---
+ src/rfc2131.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index b7c167e..8b99d4b 100644
+--- a/src/rfc2131.c
++++ b/src/rfc2131.c
+@@ -186,7 +186,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
+ be enough free space at the end of the packet to copy the option. */
+ unsigned char *sopt;
+ unsigned int total = option_len(opt) + 2;
+- unsigned char *last_opt = option_find(mess, sz, OPTION_END, 0);
++ unsigned char *last_opt = option_find1(&mess->options[0] + sizeof(u32), ((unsigned char *)mess) + sz,
++ OPTION_END, 0);
+ if (last_opt && last_opt < end - total)
+ {
+ end -= total;
+@@ -1606,7 +1607,7 @@ static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt
+ {
+ while (1)
+ {
+- if (p > end)
++ if (p >= end)
+ return NULL;
+ else if (*p == OPTION_END)
+ return opt == OPTION_END ? p : NULL;
+--
+1.7.10.4
+
--- /dev/null
+From 1d07667ac77c55b9de56b1b2c385167e0e0ec27a Mon Sep 17 00:00:00 2001
+From: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
+Date: Mon, 11 Jul 2016 18:36:05 +0100
+Subject: [PATCH] Fix logic error in Linux netlink code.
+
+This could cause dnsmasq to enter a tight loop on systems
+with a very large number of network interfaces.
+---
+ CHANGELOG | 6 ++++++
+ src/netlink.c | 8 +++++++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 0559a6f..59c9c49 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -11,6 +11,12 @@ version 2.77
+ Thanks to Mozilla for funding the security audit
+ which spotted this bug.
+
++ Fix logic error in Linux netlink code. This could
++ cause dnsmasq to enter a tight loop on systems
++ with a very large number of network interfaces.
++ Thanks to Ivan Kokshaysky for the diagnosis and
++ patch.
++
+
+ version 2.76
+ Include 0.0.0.0/8 in DNS rebind checks. This range
+diff --git a/src/netlink.c b/src/netlink.c
+index 049247b..8cd51af 100644
+--- a/src/netlink.c
++++ b/src/netlink.c
+@@ -188,11 +188,17 @@ int iface_enumerate(int family, void *parm, int (*callback)())
+ }
+
+ for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+- if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
++ if (h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
+ {
+ /* May be multicast arriving async */
+ nl_async(h);
+ }
++ else if (h->nlmsg_seq != seq)
++ {
++ /* May be part of incomplete response to previous request after
++ ENOBUFS. Drop it. */
++ continue;
++ }
+ else if (h->nlmsg_type == NLMSG_DONE)
+ return callback_ok;
+ else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
+--
+1.7.10.4
+
--- /dev/null
+From 06093a9a845bb597005d892d5d1bc7859933ada4 Mon Sep 17 00:00:00 2001
+From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
+Date: Mon, 11 Jul 2016 21:03:27 +0100
+Subject: [PATCH] Fix problem with --dnssec-timestamp whereby receipt of
+ SIGHUP would erroneously engage timestamp checking.
+
+---
+ CHANGELOG | 4 ++++
+ src/dnsmasq.c | 7 ++++---
+ src/dnsmasq.h | 1 +
+ src/dnssec.c | 5 +++--
+ 4 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 59c9c49..9f1e404 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -17,6 +17,10 @@ version 2.77
+ Thanks to Ivan Kokshaysky for the diagnosis and
+ patch.
+
++ Fix problem with --dnssec-timestamp whereby receipt
++ of SIGHUP would erroneously engage timestamp checking.
++ Thanks to Kevin Darbyshire-Bryant for this work.
++
+
+ version 2.76
+ Include 0.0.0.0/8 in DNS rebind checks. This range
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 045ec53..a47273f 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -750,7 +750,8 @@ int main (int argc, char **argv)
+
+ my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
+
+- if (option_bool(OPT_DNSSEC_TIME))
++ daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
++ if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
+ my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
+
+ if (rc == 1)
+@@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now)
+ {
+ case EVENT_RELOAD:
+ #ifdef HAVE_DNSSEC
+- if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
++ if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
+ {
+ my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
+- reset_option_bool(OPT_DNSSEC_TIME);
++ daemon->dnssec_no_time_check = 0;
+ }
+ #endif
+ /* fall through */
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 1896a64..be27ae0 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -992,6 +992,7 @@ extern struct daemon {
+ #endif
+ #ifdef HAVE_DNSSEC
+ struct ds_config *ds;
++ int dnssec_no_time_check;
+ int back_to_the_future;
+ char *timestamp_file;
+ #endif
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 3c77c7d..64358fa 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end)
+ if (utime(daemon->timestamp_file, NULL) != 0)
+ my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
+
++ my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
+ daemon->back_to_the_future = 1;
+- set_option_bool(OPT_DNSSEC_TIME);
++ daemon->dnssec_no_time_check = 0;
+ queue_event(EVENT_RELOAD); /* purge cache */
+ }
+
+ if (daemon->back_to_the_future == 0)
+ return 1;
+ }
+- else if (option_bool(OPT_DNSSEC_TIME))
++ else if (daemon->dnssec_no_time_check)
+ return 1;
+
+ /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
+--
+1.7.10.4
+
--- /dev/null
+From d6dce53e08b3a06be16d43e1bf566c6c1988e4a9 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 11 Jul 2016 21:34:31 +0100
+Subject: [PATCH] malloc(); memset() -> calloc() for efficiency.
+
+---
+ src/util.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/util.c b/src/util.c
+index 82443c9..211690e 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -244,13 +244,11 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval)
+ /* for use during startup */
+ void *safe_malloc(size_t size)
+ {
+- void *ret = malloc(size);
++ void *ret = calloc(1, size);
+
+ if (!ret)
+ die(_("could not get memory"), NULL, EC_NOMEM);
+- else
+- memset(ret, 0, size);
+-
++
+ return ret;
+ }
+
+@@ -264,12 +262,10 @@ void safe_pipe(int *fd, int read_noblock)
+
+ void *whine_malloc(size_t size)
+ {
+- void *ret = malloc(size);
++ void *ret = calloc(1, size);
+
+ if (!ret)
+ my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size);
+- else
+- memset(ret, 0, size);
+
+ return ret;
+ }
+--
+1.7.10.4
+
--- /dev/null
+From fa78573778cb23337f67f5d0c9de723169919047 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jul 2016 20:56:01 +0100
+Subject: [PATCH] Zero packet buffers before building output, to reduce risk
+ of information leakage.
+
+---
+ src/auth.c | 5 +++++
+ src/dnsmasq.h | 1 +
+ src/outpacket.c | 10 ++++++++++
+ src/radv.c | 2 +-
+ src/rfc1035.c | 5 +++++
+ src/rfc3315.c | 6 +++---
+ src/slaac.c | 2 +-
+ src/tftp.c | 5 ++++-
+ 8 files changed, 30 insertions(+), 6 deletions(-)
+
+diff --git a/src/auth.c b/src/auth.c
+index 198572d..3c5c37f 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -101,6 +101,11 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+ struct all_addr addr;
+ struct cname *a;
+
++ /* Clear buffer beyond request to avoid risk of
++ information disclosure. */
++ memset(((char *)header) + qlen, 0,
++ (limit - ((char *)header)) - qlen);
++
+ if (ntohs(header->qdcount) == 0 || OPCODE(header) != QUERY )
+ return 0;
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index be27ae0..2bda5d0 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -1471,6 +1471,7 @@ void log_relay(int family, struct dhcp_relay *relay);
+ /* outpacket.c */
+ #ifdef HAVE_DHCP6
+ void end_opt6(int container);
++void reset_counter(void);
+ int save_counter(int newval);
+ void *expand(size_t headroom);
+ int new_opt6(int opt);
+diff --git a/src/outpacket.c b/src/outpacket.c
+index a414efa..2caacd9 100644
+--- a/src/outpacket.c
++++ b/src/outpacket.c
+@@ -29,9 +29,19 @@ void end_opt6(int container)
+ PUTSHORT(len, p);
+ }
+
++void reset_counter(void)
++{
++ /* Clear out buffer when starting from begining */
++ if (daemon->outpacket.iov_base)
++ memset(daemon->outpacket.iov_base, 0, daemon->outpacket.iov_len);
++
++ save_counter(0);
++}
++
+ int save_counter(int newval)
+ {
+ int ret = outpacket_counter;
++
+ if (newval != -1)
+ outpacket_counter = newval;
+
+diff --git a/src/radv.c b/src/radv.c
+index faa0f6d..39c9217 100644
+--- a/src/radv.c
++++ b/src/radv.c
+@@ -261,7 +261,7 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad
+ parm.adv_interval = calc_interval(ra_param);
+ parm.prio = calc_prio(ra_param);
+
+- save_counter(0);
++ reset_counter();
+
+ if (!(ra = expand(sizeof(struct ra_packet))))
+ return;
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 24d08c1..9e730a9 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1209,6 +1209,11 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
+ struct mx_srv_record *rec;
+ size_t len;
++
++ /* Clear buffer beyond request to avoid risk of
++ information disclosure. */
++ memset(((char *)header) + qlen, 0,
++ (limit - ((char *)header)) - qlen);
+
+ if (ntohs(header->ancount) != 0 ||
+ ntohs(header->nscount) != 0 ||
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 3f4d69c..e1271a1 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -89,7 +89,7 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if
+ for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)
+ vendor->netid.next = &vendor->netid;
+
+- save_counter(0);
++ reset_counter();
+ state.context = context;
+ state.interface = interface;
+ state.iface_name = iface_name;
+@@ -2084,7 +2084,7 @@ void relay_upstream6(struct dhcp_relay *relay, ssize_t sz,
+ if (hopcount > 32)
+ return;
+
+- save_counter(0);
++ reset_counter();
+
+ if ((header = put_opt6(NULL, 34)))
+ {
+@@ -2161,7 +2161,7 @@ unsigned short relay_reply6(struct sockaddr_in6 *peer, ssize_t sz, char *arrival
+ (!relay->interface || wildcard_match(relay->interface, arrival_interface)))
+ break;
+
+- save_counter(0);
++ reset_counter();
+
+ if (relay)
+ {
+diff --git a/src/slaac.c b/src/slaac.c
+index 07b8ba4..bd6c9b4 100644
+--- a/src/slaac.c
++++ b/src/slaac.c
+@@ -146,7 +146,7 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases)
+ struct ping_packet *ping;
+ struct sockaddr_in6 addr;
+
+- save_counter(0);
++ reset_counter();
+
+ if (!(ping = expand(sizeof(struct ping_packet))))
+ continue;
+diff --git a/src/tftp.c b/src/tftp.c
+index 3e1b5c5..618c406 100644
+--- a/src/tftp.c
++++ b/src/tftp.c
+@@ -662,8 +662,9 @@ static ssize_t tftp_err(int err, char *packet, char *message, char *file)
+ ssize_t len, ret = 4;
+ char *errstr = strerror(errno);
+
++ memset(packet, 0, daemon->packet_buff_sz);
+ sanitise(file);
+-
++
+ mess->op = htons(OP_ERR);
+ mess->err = htons(err);
+ len = snprintf(mess->message, MAXMESSAGE, message, file, errstr);
+@@ -684,6 +685,8 @@ static ssize_t tftp_err_oops(char *packet, char *file)
+ /* return -1 for error, zero for done. */
+ static ssize_t get_block(char *packet, struct tftp_transfer *transfer)
+ {
++ memset(packet, 0, daemon->packet_buff_sz);
++
+ if (transfer->block == 0)
+ {
+ /* send OACK */
+--
+1.7.10.4
+
--- /dev/null
+From 6b1c464d6de3d7d2afc9b53afe78cda6d6e3316f Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jul 2016 20:59:16 +0100
+Subject: [PATCH] Don't reset packet length on transmission, in case of
+ retransmission.
+
+---
+ src/radv.c | 2 +-
+ src/rfc3315.c | 2 +-
+ src/slaac.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/radv.c b/src/radv.c
+index 39c9217..ffc37f2 100644
+--- a/src/radv.c
++++ b/src/radv.c
+@@ -528,7 +528,7 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad
+ }
+
+ while (retry_send(sendto(daemon->icmp6fd, daemon->outpacket.iov_base,
+- save_counter(0), 0, (struct sockaddr *)&addr,
++ save_counter(-1), 0, (struct sockaddr *)&addr,
+ sizeof(addr))));
+
+ }
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index e1271a1..c7bf46f 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -2127,7 +2127,7 @@ void relay_upstream6(struct dhcp_relay *relay, ssize_t sz,
+ my_syslog(MS_DHCP | LOG_ERR, _("Cannot multicast to DHCPv6 server without correct interface"));
+ }
+
+- send_from(daemon->dhcp6fd, 0, daemon->outpacket.iov_base, save_counter(0), &to, &from, 0);
++ send_from(daemon->dhcp6fd, 0, daemon->outpacket.iov_base, save_counter(-1), &to, &from, 0);
+
+ if (option_bool(OPT_LOG_OPTS))
+ {
+diff --git a/src/slaac.c b/src/slaac.c
+index bd6c9b4..7ecf127 100644
+--- a/src/slaac.c
++++ b/src/slaac.c
+@@ -164,7 +164,7 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases)
+ addr.sin6_port = htons(IPPROTO_ICMPV6);
+ addr.sin6_addr = slaac->addr;
+
+- if (sendto(daemon->icmp6fd, daemon->outpacket.iov_base, save_counter(0), 0,
++ if (sendto(daemon->icmp6fd, daemon->outpacket.iov_base, save_counter(-1), 0,
+ (struct sockaddr *)&addr, sizeof(addr)) == -1 &&
+ errno == EHOSTUNREACH)
+ slaac->ping_time = 0; /* Give up */
+--
+1.7.10.4
+
--- /dev/null
+From bf4e62c19e619f7edf8d03d58d33a5752f190bfd Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 22 Jul 2016 21:37:59 +0100
+Subject: [PATCH] Compile-time check on buffer sizes for leasefile parsing
+ code.
+
+---
+ src/dhcp-common.c | 16 ++++++++--------
+ src/dhcp-protocol.h | 4 ++++
+ src/lease.c | 9 ++++++++-
+ src/rfc3315.c | 2 +-
+ 4 files changed, 21 insertions(+), 10 deletions(-)
+
+diff --git a/src/dhcp-common.c b/src/dhcp-common.c
+index 08528e8..ecc752b 100644
+--- a/src/dhcp-common.c
++++ b/src/dhcp-common.c
+@@ -20,11 +20,11 @@
+
+ void dhcp_common_init(void)
+ {
+- /* These each hold a DHCP option max size 255
+- and get a terminating zero added */
+- daemon->dhcp_buff = safe_malloc(256);
+- daemon->dhcp_buff2 = safe_malloc(256);
+- daemon->dhcp_buff3 = safe_malloc(256);
++ /* These each hold a DHCP option max size 255
++ and get a terminating zero added */
++ daemon->dhcp_buff = safe_malloc(DHCP_BUFF_SZ);
++ daemon->dhcp_buff2 = safe_malloc(DHCP_BUFF_SZ);
++ daemon->dhcp_buff3 = safe_malloc(DHCP_BUFF_SZ);
+
+ /* dhcp_packet is used by v4 and v6, outpacket only by v6
+ sizeof(struct dhcp_packet) is as good an initial size as any,
+@@ -855,14 +855,14 @@ void log_context(int family, struct dhcp_context *context)
+ if (context->flags & CONTEXT_RA_STATELESS)
+ {
+ if (context->flags & CONTEXT_TEMPLATE)
+- strncpy(daemon->dhcp_buff, context->template_interface, 256);
++ strncpy(daemon->dhcp_buff, context->template_interface, DHCP_BUFF_SZ);
+ else
+ strcpy(daemon->dhcp_buff, daemon->addrbuff);
+ }
+ else
+ #endif
+- inet_ntop(family, start, daemon->dhcp_buff, 256);
+- inet_ntop(family, end, daemon->dhcp_buff3, 256);
++ inet_ntop(family, start, daemon->dhcp_buff, DHCP_BUFF_SZ);
++ inet_ntop(family, end, daemon->dhcp_buff3, DHCP_BUFF_SZ);
+ my_syslog(MS_DHCP | LOG_INFO,
+ (context->flags & CONTEXT_RA_STATELESS) ?
+ _("%s stateless on %s%.0s%.0s%s") :
+diff --git a/src/dhcp-protocol.h b/src/dhcp-protocol.h
+index a31d829..0ea449b 100644
+--- a/src/dhcp-protocol.h
++++ b/src/dhcp-protocol.h
+@@ -19,6 +19,10 @@
+ #define DHCP_CLIENT_ALTPORT 1068
+ #define PXE_PORT 4011
+
++/* These each hold a DHCP option max size 255
++ and get a terminating zero added */
++#define DHCP_BUFF_SZ 256
++
+ #define BOOTREQUEST 1
+ #define BOOTREPLY 2
+ #define DHCP_COOKIE 0x63825363
+diff --git a/src/lease.c b/src/lease.c
+index 20cac90..ca62cc5 100644
+--- a/src/lease.c
++++ b/src/lease.c
+@@ -65,7 +65,14 @@ void lease_init(time_t now)
+ }
+
+ /* client-id max length is 255 which is 255*2 digits + 254 colons
+- borrow DNS packet buffer which is always larger than 1000 bytes */
++ borrow DNS packet buffer which is always larger than 1000 bytes
++
++ Check various buffers are big enough for the code below */
++
++#if (DHCP_BUFF_SZ < 255) || (MAXDNAME < 64) || (PACKETSZ+MAXDNAME+RRFIXEDSZ < 764)
++# error Buffer size breakage in leasfile parsing.
++#endif
++
+ if (leasestream)
+ while (fscanf(leasestream, "%255s %255s", daemon->dhcp_buff3, daemon->dhcp_buff2) == 2)
+ {
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index c7bf46f..568b0c8 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -1975,7 +1975,7 @@ static void log6_packet(struct state *state, char *type, struct in6_addr *addr,
+
+ if (addr)
+ {
+- inet_ntop(AF_INET6, addr, daemon->dhcp_buff2, 255);
++ inet_ntop(AF_INET6, addr, daemon->dhcp_buff2, DHCP_BUFF_SZ - 1);
+ strcat(daemon->dhcp_buff2, " ");
+ }
+ else
+--
+1.7.10.4
+
--- /dev/null
+From 69d6e8ce6c636f78d1db0eebe7fb1cc02ae4fb9a Mon Sep 17 00:00:00 2001
+From: Jonatan Schlag <jonatan.schlag@ipfire.org>
+Date: Mon, 6 Jun 2016 19:40:50 +0200
+Subject: [PATCH 2/2] Change options in libvirtd.conf for IPFire
+
+Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
+---
+ daemon/libvirtd.conf | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf
+index ac06cdd..1a41914 100644
+--- a/daemon/libvirtd.conf
++++ b/daemon/libvirtd.conf
+@@ -87,14 +87,14 @@
+ # without becoming root.
+ #
+ # This is restricted to 'root' by default.
+-#unix_sock_group = "libvirt"
++unix_sock_group = "libvirt-remote"
+
+ # Set the UNIX socket permissions for the R/O socket. This is used
+ # for monitoring VM status only
+ #
+ # Default allows any user. If setting group ownership, you may want to
+ # restrict this too.
+-#unix_sock_ro_perms = "0777"
++unix_sock_ro_perms = "0770"
+
+ # Set the UNIX socket permissions for the R/W socket. This is used
+ # for full management of VMs
+@@ -104,7 +104,7 @@
+ #
+ # If not using PolicyKit and setting group ownership for access
+ # control, then you may want to relax this too.
+-#unix_sock_rw_perms = "0770"
++unix_sock_rw_perms = "0770"
+
+ # Set the UNIX socket permissions for the admin interface socket.
+ #
+--
+2.1.4
+
--- /dev/null
+Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
+ item.GroupID = Get32(r + 0x24);
+ item.AdminFlags = r[0x28];
+ item.OwnerFlags = r[0x29];
++ */
+ item.FileMode = Get16(r + 0x2A);
++ /*
+ item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+ item.FileType = Get32(r + 0x30);
+ item.FileCreator = Get32(r + 0x34);
+@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
+
+ UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+
++ if (size > buf.Size() || size > kCompressionBlockSize + 1)
++ return S_FALSE;
++
+ RINOK(ReadStream_FALSE(inStream, buf, size));
+
+ if ((buf[0] & 0xF) == 0xF)
--- /dev/null
+Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
+ return S_FALSE;
+ CFile &file = Files.Back();
+ const CLogVol &vol = LogVols[volIndex];
+- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++ unsigned partitionRef = lad.Location.PartitionRef;
++
++ if (partitionRef >= vol.PartitionMaps.Size())
++ return S_FALSE;
++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+
+ UInt32 key = lad.Location.Pos;
+ UInt32 value;
--- /dev/null
+diff -crB shadow-4.2.1-a/etc/login.defs shadow-4.2.1-b/etc/login.defs
+*** shadow-4.2.1-a/etc/login.defs 2014-05-09 10:20:28.000000000 +0000
+--- shadow-4.2.1-b/etc/login.defs 2016-03-13 10:51:09.680171239 +0000
+***************
+*** 118,124 ****
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+ # home directory. If you _do_ define both, MAIL_DIR takes precedence.
+ #
+! MAIL_DIR /var/spool/mail
+ #MAIL_FILE .mail
+
+ #
+--- 118,124 ----
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+ # home directory. If you _do_ define both, MAIL_DIR takes precedence.
+ #
+! MAIL_DIR /var/mail
+ #MAIL_FILE .mail
+
+ #
+***************
+*** 317,323 ****
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+! #ENCRYPT_METHOD DES
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--- 317,323 ----
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+! ENCRYPT_METHOD SHA512
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+Only in shadow-4.2.1-b: SHA512_password_hashing.patch
--- /dev/null
+diff -crB shadow-4.2.1-a/man/cs/Makefile.in shadow-4.2.1-b/man/cs/Makefile.in
+*** shadow-4.2.1-a/man/cs/Makefile.in 2014-05-09 16:49:46.000000000 +0000
+--- shadow-4.2.1-b/man/cs/Makefile.in 2016-03-13 10:47:55.924166976 +0000
+***************
+*** 300,311 ****
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+! man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+ man8/nologin.8 \
+! man5/passwd.5 \
+ man5/shadow.5 \
+ man1/su.1 \
+ man8/vipw.8
+--- 300,311 ----
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+! man1/ \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+ man8/nologin.8 \
+! man5/ \
+ man5/shadow.5 \
+ man1/su.1 \
+ man8/vipw.8
+diff -crB shadow-4.2.1-a/man/da/Makefile.in shadow-4.2.1-b/man/da/Makefile.in
+*** shadow-4.2.1-a/man/da/Makefile.in 2014-05-09 16:49:46.000000000 +0000
+--- shadow-4.2.1-b/man/da/Makefile.in 2016-03-13 10:47:55.928166977 +0000
+***************
+*** 298,304 ****
+ top_srcdir = @top_srcdir@
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+! man_MANS = man1/chfn.1 man8/groupdel.8 man1/groups.1 man5/gshadow.5 \
+ man8/logoutd.8 man1/newgrp.1 man8/nologin.8 man1/sg.1 \
+ man8/vigr.8 man8/vipw.8 $(am__append_1)
+ man_nopam =
+--- 298,304 ----
+ top_srcdir = @top_srcdir@
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+! man_MANS = man1/chfn.1 man8/groupdel.8 man1/ man5/gshadow.5 \
+ man8/logoutd.8 man1/newgrp.1 man8/nologin.8 man1/sg.1 \
+ man8/vigr.8 man8/vipw.8 $(am__append_1)
+ man_nopam =
+diff -crB shadow-4.2.1-a/man/de/Makefile.in shadow-4.2.1-b/man/de/Makefile.in
+*** shadow-4.2.1-a/man/de/Makefile.in 2014-05-09 16:49:46.000000000 +0000
+--- shadow-4.2.1-b/man/de/Makefile.in 2016-03-13 10:47:55.916166976 +0000
+***************
+*** 299,309 ****
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+--- 299,309 ----
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+diff -crB shadow-4.2.1-a/man/es/Makefile.in shadow-4.2.1-b/man/es/Makefile.in
+*** shadow-4.2.1-a/man/es/Makefile.in 2014-05-09 16:49:46.000000000 +0000
+--- shadow-4.2.1-b/man/es/Makefile.in 2016-03-13 10:47:55.872166975 +0000
+***************
+*** 266,272 ****
+ # man1/login.1 \
+ # man1/newgrp.1 \
+ # man1/passwd.1 \
+! # man5/passwd.5 \
+ # man1/su.1 \
+ # man8/vigr.8 \
+ # man8/vipw.8
+--- 266,272 ----
+ # man1/login.1 \
+ # man1/newgrp.1 \
+ # man1/passwd.1 \
+! # man5/ \
+ # man1/su.1 \
+ # man8/vigr.8 \
+ # man8/vipw.8
+diff -crB shadow-4.2.1-a/man/fr/Makefile.in shadow-4.2.1-b/man/fr/Makefile.in
+*** shadow-4.2.1-a/man/fr/Makefile.in 2014-05-09 16:49:46.000000000 +0000
+--- shadow-4.2.1-b/man/fr/Makefile.in 2016-03-13 10:47:55.984166978 +0000
+***************
+*** 301,311 ****
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+--- 301,311 ----
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+diff -crB shadow-4.2.1-a/man/hu/Makefile.in shadow-4.2.1-b/man/hu/Makefile.in
+*** shadow-4.2.1-a/man/hu/Makefile.in 2014-05-09 16:49:46.000000000 +0000
+--- shadow-4.2.1-b/man/hu/Makefile.in 2016-03-13 10:47:55.972166978 +0000
+***************
+*** 295,306 ****
+ man_MANS = \
+ man1/chsh.1 \
+ man1/gpasswd.1 \
+! man1/groups.1 \
+ man8/lastlog.8 \
+ man1/login.1 \
+ man1/newgrp.1 \
+ man1/passwd.1 \
+! man5/passwd.5 \
+ man1/sg.1 \
+ man1/su.1
+
+--- 295,306 ----
+ man_MANS = \
+ man1/chsh.1 \
+ man1/gpasswd.1 \
+! man1/ \
+ man8/lastlog.8 \
+ man1/login.1 \
+ man1/newgrp.1 \
+ man1/passwd.1 \
+! man5/ \
+ man1/sg.1 \
+ man1/su.1
+
+diff -crB shadow-4.2.1-a/man/it/Makefile.in shadow-4.2.1-b/man/it/Makefile.in
+*** shadow-4.2.1-a/man/it/Makefile.in 2014-05-09 16:49:47.000000000 +0000
+--- shadow-4.2.1-b/man/it/Makefile.in 2016-03-13 10:47:55.896166976 +0000
+***************
+*** 299,309 ****
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+--- 299,309 ----
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+diff -crB shadow-4.2.1-a/man/ja/Makefile.in shadow-4.2.1-b/man/ja/Makefile.in
+*** shadow-4.2.1-a/man/ja/Makefile.in 2014-05-09 16:49:47.000000000 +0000
+--- shadow-4.2.1-b/man/ja/Makefile.in 2016-03-13 10:47:55.932166977 +0000
+***************
+*** 296,305 ****
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chpasswd.8 man1/chsh.1 \
+ man1/expiry.1 man5/faillog.5 man8/faillog.8 man1/gpasswd.1 \
+! man8/groupadd.8 man8/groupdel.8 man8/groupmod.8 man1/groups.1 \
+ man8/grpck.8 man8/grpconv.8 man8/grpunconv.8 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
+ man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man5/shadow.5 \
+ man1/su.1 man5/suauth.5 man8/useradd.8 man8/userdel.8 \
+ man8/usermod.8 man8/vigr.8 man8/vipw.8 $(am__append_1)
+--- 296,305 ----
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chpasswd.8 man1/chsh.1 \
+ man1/expiry.1 man5/faillog.5 man8/faillog.8 man1/gpasswd.1 \
+! man8/groupadd.8 man8/groupdel.8 man8/groupmod.8 man1/ \
+ man8/grpck.8 man8/grpconv.8 man8/grpunconv.8 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man1/passwd.1 man5/ man8/pwck.8 \
+ man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man5/shadow.5 \
+ man1/su.1 man5/suauth.5 man8/useradd.8 man8/userdel.8 \
+ man8/usermod.8 man8/vigr.8 man8/vipw.8 $(am__append_1)
+diff -crB shadow-4.2.1-a/man/ko/Makefile.in shadow-4.2.1-b/man/ko/Makefile.in
+*** shadow-4.2.1-a/man/ko/Makefile.in 2014-05-09 16:49:47.000000000 +0000
+--- shadow-4.2.1-b/man/ko/Makefile.in 2016-03-13 10:47:55.940166977 +0000
+***************
+*** 295,303 ****
+ man_MANS = \
+ man1/chfn.1 \
+ man1/chsh.1 \
+! man1/groups.1 \
+ man1/login.1 \
+! man5/passwd.5 \
+ man1/su.1 \
+ man8/vigr.8 \
+ man8/vipw.8
+--- 295,303 ----
+ man_MANS = \
+ man1/chfn.1 \
+ man1/chsh.1 \
+! man1/ \
+ man1/login.1 \
+! man5/ \
+ man1/su.1 \
+ man8/vigr.8 \
+ man8/vipw.8
+diff -crB shadow-4.2.1-a/man/Makefile.in shadow-4.2.1-b/man/Makefile.in
+*** shadow-4.2.1-a/man/Makefile.in 2014-05-09 16:49:46.000000000 +0000
+--- shadow-4.2.1-b/man/Makefile.in 2016-03-13 10:47:55.880166976 +0000
+***************
+*** 365,375 ****
+ @USE_NLS_TRUE@SUBDIRS = po cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+--- 365,375 ----
+ @USE_NLS_TRUE@SUBDIRS = po cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+diff -crB shadow-4.2.1-a/man/pl/Makefile.in shadow-4.2.1-b/man/pl/Makefile.in
+*** shadow-4.2.1-a/man/pl/Makefile.in 2014-05-09 16:49:47.000000000 +0000
+--- shadow-4.2.1-b/man/pl/Makefile.in 2016-03-13 10:47:55.912166976 +0000
+***************
+*** 300,307 ****
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \
+! man8/faillog.8 man3/getspnam.3 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
+ man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 man1/sg.1 \
+ man3/shadow.3 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+ man8/vipw.8 $(am__append_1)
+--- 300,307 ----
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \
+! man8/faillog.8 man3/ man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \
+ man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 man1/sg.1 \
+ man3/shadow.3 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+ man8/vipw.8 $(am__append_1)
+diff -crB shadow-4.2.1-a/man/pt_BR/Makefile.in shadow-4.2.1-b/man/pt_BR/Makefile.in
+*** shadow-4.2.1-a/man/pt_BR/Makefile.in 2014-05-09 16:49:47.000000000 +0000
+--- shadow-4.2.1-b/man/pt_BR/Makefile.in 2016-03-13 10:47:55.904166976 +0000
+***************
+*** 297,303 ****
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+! man5/passwd.5 \
+ man5/shadow.5
+
+ EXTRA_DIST = $(man_MANS)
+--- 297,303 ----
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+! man5/ \
+ man5/shadow.5
+
+ EXTRA_DIST = $(man_MANS)
+diff -crB shadow-4.2.1-a/man/ru/Makefile.in shadow-4.2.1-b/man/ru/Makefile.in
+*** shadow-4.2.1-a/man/ru/Makefile.in 2014-05-09 16:49:47.000000000 +0000
+--- shadow-4.2.1-b/man/ru/Makefile.in 2016-03-13 10:47:55.944166977 +0000
+***************
+*** 299,309 ****
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+--- 299,309 ----
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+diff -crB shadow-4.2.1-a/man/sv/Makefile.in shadow-4.2.1-b/man/sv/Makefile.in
+*** shadow-4.2.1-a/man/sv/Makefile.in 2014-05-09 16:49:47.000000000 +0000
+--- shadow-4.2.1-b/man/sv/Makefile.in 2016-03-13 10:47:55.988166978 +0000
+***************
+*** 300,309 ****
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \
+! man8/faillog.8 man3/getspnam.3 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
+ man5/gshadow.5 man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 \
+! man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \
+ man1/sg.1 man3/shadow.3 man5/suauth.5 man8/userdel.8 \
+ man8/vigr.8 man8/vipw.8 $(am__append_1)
+ man_nopam = \
+--- 300,309 ----
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \
+! man8/faillog.8 man3/ man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \
+ man5/gshadow.5 man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 \
+! man8/nologin.8 man1/passwd.1 man5/ man8/pwck.8 \
+ man1/sg.1 man3/shadow.3 man5/suauth.5 man8/userdel.8 \
+ man8/vigr.8 man8/vipw.8 $(am__append_1)
+ man_nopam = \
+diff -crB shadow-4.2.1-a/man/tr/Makefile.in shadow-4.2.1-b/man/tr/Makefile.in
+*** shadow-4.2.1-a/man/tr/Makefile.in 2014-05-09 16:49:47.000000000 +0000
+--- shadow-4.2.1-b/man/tr/Makefile.in 2016-03-13 10:47:55.964166977 +0000
+***************
+*** 300,306 ****
+ man8/groupmod.8 \
+ man1/login.1 \
+ man1/passwd.1 \
+! man5/passwd.5 \
+ man5/shadow.5 \
+ man1/su.1 \
+ man8/useradd.8 \
+--- 300,306 ----
+ man8/groupmod.8 \
+ man1/login.1 \
+ man1/passwd.1 \
+! man5/ \
+ man5/shadow.5 \
+ man1/su.1 \
+ man8/useradd.8 \
+diff -crB shadow-4.2.1-a/man/zh_CN/Makefile.in shadow-4.2.1-b/man/zh_CN/Makefile.in
+*** shadow-4.2.1-a/man/zh_CN/Makefile.in 2014-05-09 16:49:47.000000000 +0000
+--- shadow-4.2.1-b/man/zh_CN/Makefile.in 2016-03-13 10:47:55.952166977 +0000
+***************
+*** 299,309 ****
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+--- 299,309 ----
+ top_srcdir = @top_srcdir@
+ man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \
+ man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \
+diff -crB shadow-4.2.1-a/man/zh_TW/Makefile.in shadow-4.2.1-b/man/zh_TW/Makefile.in
+*** shadow-4.2.1-a/man/zh_TW/Makefile.in 2014-05-09 16:49:48.000000000 +0000
+--- shadow-4.2.1-b/man/zh_TW/Makefile.in 2016-03-13 10:47:55.956166977 +0000
+***************
+*** 302,308 ****
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+! man5/passwd.5 \
+ man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+--- 302,308 ----
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+! man5/ \
+ man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+diff -crB shadow-4.2.1-a/src/Makefile.in shadow-4.2.1-b/src/Makefile.in
+*** shadow-4.2.1-a/src/Makefile.in 2014-05-09 16:49:48.000000000 +0000
+--- shadow-4.2.1-b/src/Makefile.in 2016-03-13 10:47:38.824166600 +0000
+***************
+*** 78,84 ****
+ POST_UNINSTALL = :
+ build_triplet = @build@
+ host_triplet = @host@
+! bin_PROGRAMS = groups$(EXEEXT) login$(EXEEXT) su$(EXEEXT)
+ sbin_PROGRAMS = nologin$(EXEEXT)
+ ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \
+ chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \
+--- 78,84 ----
+ POST_UNINSTALL = :
+ build_triplet = @build@
+ host_triplet = @host@
+! bin_PROGRAMS = login$(EXEEXT) su$(EXEEXT)
+ sbin_PROGRAMS = nologin$(EXEEXT)
+ ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \
+ chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \