Merge remote-tracking branch 'ms/x86_64' into next
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 11 Sep 2015 14:06:09 +0000 (15:06 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 11 Sep 2015 14:06:09 +0000 (15:06 +0100)
97 files changed:
config/backup/includes/dma [new file with mode: 0644]
config/cfgroot/network-functions.pl
config/cron/crontab
config/dma/dma-cleanup-spool [new file with mode: 0644]
config/etc/ipsec.user.secrets
config/menu/40-services.menu
config/rootfiles/common/Email-Date-Format [new file with mode: 0644]
config/rootfiles/common/MIME-Lite [new file with mode: 0644]
config/rootfiles/common/chkconfig [new file with mode: 0644]
config/rootfiles/common/dma [new file with mode: 0644]
config/rootfiles/common/rrdtool
config/rootfiles/common/web-user-interface
config/rootfiles/core/94/exclude [new file with mode: 0644]
config/rootfiles/core/94/filelists/Email-Date-Format [new symlink]
config/rootfiles/core/94/filelists/MIME-Lite [new symlink]
config/rootfiles/core/94/filelists/armv5tel/glibc [new symlink]
config/rootfiles/core/94/filelists/chkconfig [new symlink]
config/rootfiles/core/94/filelists/coreutils [new symlink]
config/rootfiles/core/94/filelists/dma [new symlink]
config/rootfiles/core/94/filelists/dnsmasq [moved from config/rootfiles/core/93/filelists/dnsmasq with 100% similarity]
config/rootfiles/core/94/filelists/file [new symlink]
config/rootfiles/core/94/filelists/files [new file with mode: 0644]
config/rootfiles/core/94/filelists/fireinfo [new symlink]
config/rootfiles/core/94/filelists/hdparm [new symlink]
config/rootfiles/core/94/filelists/i586/glibc [new symlink]
config/rootfiles/core/94/filelists/openssh [new symlink]
config/rootfiles/core/94/filelists/pcre [moved from config/rootfiles/core/93/filelists/pcre with 100% similarity]
config/rootfiles/core/94/filelists/rrdtool [new symlink]
config/rootfiles/core/94/filelists/squid [moved from config/rootfiles/core/93/filelists/squid with 100% similarity]
config/rootfiles/core/94/meta [moved from config/rootfiles/core/93/meta with 100% similarity]
config/rootfiles/core/94/update.sh [new file with mode: 0644]
config/rootfiles/oldcore/93/exclude [moved from config/rootfiles/core/93/exclude with 100% similarity]
config/rootfiles/oldcore/93/filelists/bind [moved from config/rootfiles/core/93/filelists/bind with 100% similarity]
config/rootfiles/oldcore/93/filelists/daq [moved from config/rootfiles/core/93/filelists/daq with 100% similarity]
config/rootfiles/oldcore/93/filelists/ddns [moved from config/rootfiles/core/93/filelists/ddns with 100% similarity]
config/rootfiles/oldcore/93/filelists/dnsmasq [new symlink]
config/rootfiles/oldcore/93/filelists/files [moved from config/rootfiles/core/93/filelists/files with 100% similarity]
config/rootfiles/oldcore/93/filelists/libevent2 [moved from config/rootfiles/core/93/filelists/libevent2 with 100% similarity]
config/rootfiles/oldcore/93/filelists/libpcap [moved from config/rootfiles/core/93/filelists/libpcap with 100% similarity]
config/rootfiles/oldcore/93/filelists/nettle [moved from config/rootfiles/core/93/filelists/nettle with 100% similarity]
config/rootfiles/oldcore/93/filelists/pcre [new symlink]
config/rootfiles/oldcore/93/filelists/squid [new symlink]
config/rootfiles/oldcore/93/meta [new file with mode: 0644]
config/rootfiles/oldcore/93/update.sh [moved from config/rootfiles/core/93/update.sh with 100% similarity]
config/rootfiles/packages/postfix
doc/language_issues.de
doc/language_issues.en
doc/language_issues.es
doc/language_issues.fr
doc/language_issues.it
doc/language_issues.nl
doc/language_issues.pl
doc/language_issues.ru
doc/language_issues.tr
doc/language_missings
html/cgi-bin/logs.cgi/log.dat
html/cgi-bin/mail.cgi [new file with mode: 0755]
html/cgi-bin/vpnmain.cgi
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
lfs/chkconfig [new file with mode: 0644]
lfs/coreutils
lfs/dma [new file with mode: 0644]
lfs/dnsmasq
lfs/file
lfs/fireinfo
lfs/glibc
lfs/hdparm
lfs/openssh
lfs/pcre
lfs/perl-Email-Date-Format [new file with mode: 0644]
lfs/perl-MIME-Lite [new file with mode: 0644]
lfs/postfix
lfs/rrdtool
lfs/squid
lfs/squid-accounting
make.sh
src/initscripts/init.d/sshd
src/paks/postfix/install.sh
src/paks/postfix/uninstall.sh
src/patches/dnsmasq/001-include_0_0_0_0_8_in_DNS_rebind_checks.patch [new file with mode: 0644]
src/patches/dnsmasq/002-enhance_add_subnet_to_allow_arbitary_subnet_addresses.patch [new file with mode: 0644]
src/patches/dnsmasq/003-dont_answer_non_auth_queries_for_auth_zones_locally_when_localise_queries_set.patch [new file with mode: 0644]
src/patches/fireinfo/0001-Add-an-other-forbidden-string-Serial.patch [moved from src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch with 90% similarity]
src/patches/fireinfo/0002-Escape-any-non-printable-ascii-characters.patch [new file with mode: 0644]
src/patches/fireinfo/0003-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch [moved from src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch with 90% similarity]
src/patches/fireinfo/0004-Filter-all-IDs-that-only-consist-of-0xff.patch [new file with mode: 0644]
src/patches/fireinfo/0005-Fix-crash-if-there-is-id-has-already-been-reset-to-N.patch [new file with mode: 0644]
src/patches/glibc/glibc-rh1217186.patch [new file with mode: 0644]
src/patches/pcre-8.37-Fix-another-buffer-overflow.patch [new file with mode: 0644]
src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch [new file with mode: 0644]
src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch [new file with mode: 0644]
src/patches/squid-3.4-13228.patch [new file with mode: 0644]
src/squid-accounting/accounting.cgi
src/squid-accounting/acct.de.pl
src/squid-accounting/acct.en.pl
src/squid-accounting/acct.pl

diff --git a/config/backup/includes/dma b/config/backup/includes/dma
new file mode 100644 (file)
index 0000000..7c75205
--- /dev/null
@@ -0,0 +1,5 @@
+/var/ipfire/dma
+/var/ipfire/dma/dma.conf
+/var/ipfire/dma/auth.conf
+/var/ipfire/dma/mail.conf
+/var/spool/dma
index 1cd2814..9dd752d 100644 (file)
@@ -163,6 +163,21 @@ sub check_ip_address_and_netmask($$) {
        return &check_netmask($netmask);
 }
 
+# Returns True for all valid subnets like a.b.c.d/e or a.b.c.d/a.b.c.d
+sub check_subnet($) {
+       my $subnet = shift;
+
+       my ($address, $network) = split(/\//, $subnet, 2);
+
+       # Check if the IP address is fine.
+       my $result = &check_ip_address($address);
+       unless ($result) {
+               return $result;
+       }
+
+       return &check_prefix($network) || &check_netmask($network);
+}
+
 # For internal use only. Will take an IP address and
 # return it in a normalised style. Like 8.8.8.010 -> 8.8.8.8.
 sub _normalise_ip_address($) {
index d5e5d7e..02abadc 100644 (file)
@@ -25,9 +25,7 @@ HOME=/
 17 5 * * *     /etc/init.d/tmpfs backup >/dev/null
 
 # Update dynamic DNS records every five minutes.
-# Force an update once a month
 */5 * * * *    [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all
-3 2 1 * *      [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all --force
 
 # Logwatch
 01 0 * * *     /usr/local/bin/logwatch > /var/log/logwatch/`date -I -d yesterday`; \
@@ -60,3 +58,9 @@ HOME=/
 
 # Update GeoIP database once a month.
 %monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1
+
+# Retry sending spooled mails regularly
+%hourly * /usr/sbin/dma -q
+
+# Cleanup the mail spool directory
+%weekly * * /usr/sbin/dma-cleanup-spool
diff --git a/config/dma/dma-cleanup-spool b/config/dma/dma-cleanup-spool
new file mode 100644 (file)
index 0000000..92af30c
--- /dev/null
@@ -0,0 +1,48 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2015 Michael Tremer <michael.tremer@ipfire.org>               #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+SPOOL_DIR="/var/spool/dma"
+
+find_messages() {
+       find "${SPOOL_DIR}" -type f -name "M*" -mtime +30
+}
+
+remove_message() {
+       local f_message="${1}"
+       local f_queue="${f_message/${SPOOL_DIR}\/M/${SPOOL_DIR}\/Q}"
+
+       # If a message file and a queue file exist, delete both
+       [ -f "${f_message}" ] || return 1
+       [ -f "${f_queue}" ] || return 1
+
+       rm -f "${f_message}" "${f_queue}"
+       return 0
+}
+
+main() {
+       for message in $(find_messages); do
+               remove_message "${message}"
+       done
+
+       return 0
+}
+
+main || exit $?
index 0e0858a..7bc066f 100644 (file)
@@ -1,2 +1,2 @@
-# user secrets that should not overwritten by the webif
+# user secrets that should not be overwritten by the webif
 #
index 2f4d96e..aaf1ad7 100644 (file)
                                'title' => "$Lang::tr{'time server'}",
                                'enabled' => 1,
                                };
+    $subservices->{'41.dma'} = {'caption' => $Lang::tr{'email settings'},
+                               'uri' => '/cgi-bin/mail.cgi',
+                               'title' => "$Lang::tr{'email settings'}",
+                               'enabled' => 1,
+                               };
     $subservices->{'50.qos'} = {'caption' => 'Quality of Service',
                                'uri' => '/cgi-bin/qos.cgi',
                                'title' => "Quality of Service",
diff --git a/config/rootfiles/common/Email-Date-Format b/config/rootfiles/common/Email-Date-Format
new file mode 100644 (file)
index 0000000..dbfab85
--- /dev/null
@@ -0,0 +1,8 @@
+#usr/lib/perl5/site_perl/5.12.3/Email
+#usr/lib/perl5/site_perl/5.12.3/Email/Date
+usr/lib/perl5/site_perl/5.12.3/Email/Date/Format.pm
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Email
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Email/Date
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Email/Date/Format
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Email/Date/Format/.packlist
+#usr/share/man/man3/Email::Date::Format.3
diff --git a/config/rootfiles/common/MIME-Lite b/config/rootfiles/common/MIME-Lite
new file mode 100644 (file)
index 0000000..89248ae
--- /dev/null
@@ -0,0 +1,6 @@
+usr/lib/perl5/site_perl/5.12.3/MIME/Lite.pm
+#usr/lib/perl5/site_perl/5.12.3/MIME/changes.pod
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/MIME/Lite
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/MIME/Lite/.packlist
+#usr/share/man/man3/MIME::Lite.3
+#usr/share/man/man3/MIME::changes.3
diff --git a/config/rootfiles/common/chkconfig b/config/rootfiles/common/chkconfig
new file mode 100644 (file)
index 0000000..0468d2f
--- /dev/null
@@ -0,0 +1,4 @@
+#etc/alternatives
+usr/sbin/alternatives
+usr/sbin/update-alternatives
+#var/lib/alternatives
diff --git a/config/rootfiles/common/dma b/config/rootfiles/common/dma
new file mode 100644 (file)
index 0000000..ac57527
--- /dev/null
@@ -0,0 +1,13 @@
+etc/alternatives/sendmail
+usr/lib/dma-mbox-create
+usr/sbin/dma
+usr/sbin/dma-cleanup-spool
+usr/sbin/mailq
+usr/sbin/sendmail
+usr/sbin/sendmail.dma
+#usr/share/man/man8/dma.8
+var/ipfire/dma
+var/ipfire/dma/auth.conf
+var/ipfire/dma/dma.conf
+var/lib/alternatives/sendmail
+var/spool/dma
index 738fe37..6a79679 100644 (file)
@@ -26,98 +26,98 @@ usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/RRDs.pm
 #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.bs
 usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.so
 #usr/lib/pkgconfig/librrd.pc
-#usr/share/doc/rrdtool-1.5.3
-#usr/share/doc/rrdtool-1.5.3/html
-#usr/share/doc/rrdtool-1.5.3/html/RRDp.html
-#usr/share/doc/rrdtool-1.5.3/html/RRDs.html
-#usr/share/doc/rrdtool-1.5.3/html/bin_dec_hex.html
-#usr/share/doc/rrdtool-1.5.3/html/cdeftutorial.html
-#usr/share/doc/rrdtool-1.5.3/html/index.html
-#usr/share/doc/rrdtool-1.5.3/html/librrd.html
-#usr/share/doc/rrdtool-1.5.3/html/rpntutorial.html
-#usr/share/doc/rrdtool-1.5.3/html/rrd-beginners.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdbuild.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdcached.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdcgi.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdcreate.html
-#usr/share/doc/rrdtool-1.5.3/html/rrddump.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdfetch.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdfirst.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdflushcached.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdgraph.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_data.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_examples.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_graph.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_rpn.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdinfo.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdlast.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdlastupdate.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdresize.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdrestore.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdthreads.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdtool.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdtune.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdtutorial.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdupdate.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdxport.html
-#usr/share/doc/rrdtool-1.5.3/txt
-#usr/share/doc/rrdtool-1.5.3/txt/bin_dec_hex.pod
-#usr/share/doc/rrdtool-1.5.3/txt/bin_dec_hex.txt
-#usr/share/doc/rrdtool-1.5.3/txt/cdeftutorial.pod
-#usr/share/doc/rrdtool-1.5.3/txt/cdeftutorial.txt
-#usr/share/doc/rrdtool-1.5.3/txt/librrd.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rpntutorial.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rpntutorial.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrd-beginners.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrd-beginners.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdbuild.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdbuild.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcached.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcached.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcgi.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcgi.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcreate.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcreate.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrddump.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrddump.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdfetch.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdfetch.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdfirst.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdfirst.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdflushcached.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdflushcached.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_data.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_data.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_examples.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_examples.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_graph.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_graph.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_rpn.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_rpn.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdinfo.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdinfo.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdlast.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdlast.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdlastupdate.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdlastupdate.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdresize.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdresize.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdrestore.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdrestore.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdthreads.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdthreads.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtool.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtool.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtune.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtune.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtutorial.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtutorial.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdupdate.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdupdate.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdxport.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdxport.txt
+#usr/share/doc/rrdtool-1.5.4
+#usr/share/doc/rrdtool-1.5.4/html
+#usr/share/doc/rrdtool-1.5.4/html/RRDp.html
+#usr/share/doc/rrdtool-1.5.4/html/RRDs.html
+#usr/share/doc/rrdtool-1.5.4/html/bin_dec_hex.html
+#usr/share/doc/rrdtool-1.5.4/html/cdeftutorial.html
+#usr/share/doc/rrdtool-1.5.4/html/index.html
+#usr/share/doc/rrdtool-1.5.4/html/librrd.html
+#usr/share/doc/rrdtool-1.5.4/html/rpntutorial.html
+#usr/share/doc/rrdtool-1.5.4/html/rrd-beginners.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdbuild.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdcached.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdcgi.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdcreate.html
+#usr/share/doc/rrdtool-1.5.4/html/rrddump.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdfetch.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdfirst.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdflushcached.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdgraph.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_data.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_examples.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_graph.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_rpn.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdinfo.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdlast.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdlastupdate.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdresize.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdrestore.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdthreads.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdtool.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdtune.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdtutorial.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdupdate.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdxport.html
+#usr/share/doc/rrdtool-1.5.4/txt
+#usr/share/doc/rrdtool-1.5.4/txt/bin_dec_hex.pod
+#usr/share/doc/rrdtool-1.5.4/txt/bin_dec_hex.txt
+#usr/share/doc/rrdtool-1.5.4/txt/cdeftutorial.pod
+#usr/share/doc/rrdtool-1.5.4/txt/cdeftutorial.txt
+#usr/share/doc/rrdtool-1.5.4/txt/librrd.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rpntutorial.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rpntutorial.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrd-beginners.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrd-beginners.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdbuild.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdbuild.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcached.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcached.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcgi.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcgi.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcreate.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcreate.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrddump.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrddump.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdfetch.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdfetch.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdfirst.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdfirst.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdflushcached.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdflushcached.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_data.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_data.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_examples.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_examples.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_graph.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_graph.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_rpn.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_rpn.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdinfo.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdinfo.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdlast.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdlast.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdlastupdate.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdlastupdate.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdresize.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdresize.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdrestore.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdrestore.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdthreads.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdthreads.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtool.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtool.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtune.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtune.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtutorial.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtutorial.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdupdate.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdupdate.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdxport.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdxport.txt
 #usr/share/man/man1/bin_dec_hex.1
 #usr/share/man/man1/cdeftutorial.1
 #usr/share/man/man1/rpntutorial.1
@@ -162,4 +162,5 @@ usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.so
 #usr/share/rrdtool/examples/rrdcached/rrdcached-size.pl
 #usr/share/rrdtool/examples/shared-demo.pl
 #usr/share/rrdtool/examples/stripes.pl
+#usr/share/rrdtool/examples/stripes.py
 var/log/rrd
index dc22367..d22c1a3 100644 (file)
@@ -48,6 +48,7 @@ srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromport.dat
 srv/web/ipfire/cgi-bin/logs.cgi/summary.dat
 srv/web/ipfire/cgi-bin/logs.cgi/urlfilter.dat
 srv/web/ipfire/cgi-bin/mac.cgi
+srv/web/ipfire/cgi-bin/mail.cgi
 srv/web/ipfire/cgi-bin/mdstat.cgi
 srv/web/ipfire/cgi-bin/media.cgi
 srv/web/ipfire/cgi-bin/memory.cgi
diff --git a/config/rootfiles/core/94/exclude b/config/rootfiles/core/94/exclude
new file mode 100644 (file)
index 0000000..4c7aa5a
--- /dev/null
@@ -0,0 +1,22 @@
+boot/config.txt
+etc/alternatives
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/core/94/filelists/Email-Date-Format b/config/rootfiles/core/94/filelists/Email-Date-Format
new file mode 120000 (symlink)
index 0000000..b98751e
--- /dev/null
@@ -0,0 +1 @@
+../../../common/Email-Date-Format
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/MIME-Lite b/config/rootfiles/core/94/filelists/MIME-Lite
new file mode 120000 (symlink)
index 0000000..c388805
--- /dev/null
@@ -0,0 +1 @@
+../../../common/MIME-Lite
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/armv5tel/glibc b/config/rootfiles/core/94/filelists/armv5tel/glibc
new file mode 120000 (symlink)
index 0000000..4c70d72
--- /dev/null
@@ -0,0 +1 @@
+../../../../common/armv5tel/glibc
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/chkconfig b/config/rootfiles/core/94/filelists/chkconfig
new file mode 120000 (symlink)
index 0000000..00ef4cf
--- /dev/null
@@ -0,0 +1 @@
+../../../common/chkconfig
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/coreutils b/config/rootfiles/core/94/filelists/coreutils
new file mode 120000 (symlink)
index 0000000..7351ed2
--- /dev/null
@@ -0,0 +1 @@
+../../../common/coreutils
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/dma b/config/rootfiles/core/94/filelists/dma
new file mode 120000 (symlink)
index 0000000..60f4682
--- /dev/null
@@ -0,0 +1 @@
+../../../common/dma
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/file b/config/rootfiles/core/94/filelists/file
new file mode 120000 (symlink)
index 0000000..0c60e43
--- /dev/null
@@ -0,0 +1 @@
+../../../common/file
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/files b/config/rootfiles/core/94/filelists/files
new file mode 100644 (file)
index 0000000..9b08114
--- /dev/null
@@ -0,0 +1,9 @@
+etc/system-release
+etc/issue
+etc/rc.d/init.d/sshd
+srv/web/ipfire/cgi-bin/logs.cgi/log.dat
+srv/web/ipfire/cgi-bin/mail.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+var/ipfire/langs
+var/ipfire/menu.d/40-services.menu
+var/ipfire/network-functions.pl
diff --git a/config/rootfiles/core/94/filelists/fireinfo b/config/rootfiles/core/94/filelists/fireinfo
new file mode 120000 (symlink)
index 0000000..c461155
--- /dev/null
@@ -0,0 +1 @@
+../../../common/fireinfo
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/hdparm b/config/rootfiles/core/94/filelists/hdparm
new file mode 120000 (symlink)
index 0000000..b644751
--- /dev/null
@@ -0,0 +1 @@
+../../../common/hdparm
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/i586/glibc b/config/rootfiles/core/94/filelists/i586/glibc
new file mode 120000 (symlink)
index 0000000..943021f
--- /dev/null
@@ -0,0 +1 @@
+../../../../common/i586/glibc
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/openssh b/config/rootfiles/core/94/filelists/openssh
new file mode 120000 (symlink)
index 0000000..d8c77fd
--- /dev/null
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/rrdtool b/config/rootfiles/core/94/filelists/rrdtool
new file mode 120000 (symlink)
index 0000000..7a82e41
--- /dev/null
@@ -0,0 +1 @@
+../../../common/rrdtool
\ No newline at end of file
diff --git a/config/rootfiles/core/94/update.sh b/config/rootfiles/core/94/update.sh
new file mode 100644 (file)
index 0000000..6df0958
--- /dev/null
@@ -0,0 +1,88 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 3 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2015 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+# Remove old core updates from pakfire cache to save space...
+core=94
+for (( i=1; i<=$core; i++ ))
+do
+       rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+/etc/init.d/squid stop
+/etc/init.d/sshd stop
+/etc/init.d/dnsmasq stop
+
+# Extract files
+extract_files
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Update SSH configuration
+sed -i /etc/ssh/sshd_config \
+       -e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/'
+
+# Move away old and unsupported keys
+mv -f /etc/ssh/ssh_host_dsa_key{,.old}
+# Regenerating weak RSA keys
+mv -f /etc/ssh/ssh_host_key{,.old}
+mv -f /etc/ssh/ssh_host_rsa_key{,.old}
+
+# Update crontab
+sed -i /var/spool/cron/root.orig -e "/Force an update once a month/d"
+sed -i /var/spool/cron/root.orig -e "/ddns update-all --force/d"
+
+grep -qv "dma -q" || cat <<EOF >> /var/spool/cron/root.orig
+
+# Retry sending spooled mails regularly
+%hourly * /usr/sbin/dma -q
+
+# Cleanup the mail spool directory
+%weekly * * /usr/sbin/dma-cleanup-spool
+EOF
+
+fcrontab -z &>/dev/null
+
+# Start services
+/etc/init.d/dnsmasq start
+/etc/init.d/sshd start
+/etc/init.d/squid start
+
+# This update need a reboot...
+#touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+       grub-mkconfig -o /boot/grub/grub.cfg
+fi
+sync
+
+# Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/oldcore/93/filelists/dnsmasq b/config/rootfiles/oldcore/93/filelists/dnsmasq
new file mode 120000 (symlink)
index 0000000..d469c74
--- /dev/null
@@ -0,0 +1 @@
+../../../common/dnsmasq
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/93/filelists/pcre b/config/rootfiles/oldcore/93/filelists/pcre
new file mode 120000 (symlink)
index 0000000..b390d9a
--- /dev/null
@@ -0,0 +1 @@
+../../../common/pcre
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/93/filelists/squid b/config/rootfiles/oldcore/93/filelists/squid
new file mode 120000 (symlink)
index 0000000..2dc8372
--- /dev/null
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/93/meta b/config/rootfiles/oldcore/93/meta
new file mode 100644 (file)
index 0000000..d547fa8
--- /dev/null
@@ -0,0 +1 @@
+DEPS=""
index c347bb8..bc4739d 100644 (file)
@@ -68,7 +68,7 @@ usr/sbin/postmap
 usr/sbin/postmulti
 usr/sbin/postqueue
 usr/sbin/postsuper
-usr/sbin/sendmail
+usr/sbin/sendmail.postfix
 #usr/share/man/man1/mailq.1
 #usr/share/man/man1/newaliases.1
 #usr/share/man/man1/postalias.1
index 0d86987..54d9de9 100644 (file)
@@ -164,7 +164,11 @@ WARNING: translation string unused: edit network
 WARNING: translation string unused: edit service
 WARNING: translation string unused: editor
 WARNING: translation string unused: eg
+WARNING: translation string unused: email error
 WARNING: translation string unused: email server can not be empty
+WARNING: translation string unused: email subject
+WARNING: translation string unused: email success
+WARNING: translation string unused: email text
 WARNING: translation string unused: enable javascript
 WARNING: translation string unused: enable wildcards
 WARNING: translation string unused: enabled on
@@ -643,6 +647,7 @@ WARNING: untranslated string: emerging rules
 WARNING: untranslated string: fwhost cust geoipgrp
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
+WARNING: untranslated string: info messages
 WARNING: untranslated string: no data
 WARNING: untranslated string: none
 WARNING: untranslated string: qos add subclass
@@ -651,4 +656,5 @@ WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: show tls-auth key
+WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn statistics n2n
index 1f1c78d..95477de 100644 (file)
@@ -187,7 +187,11 @@ WARNING: translation string unused: edit network
 WARNING: translation string unused: edit service
 WARNING: translation string unused: editor
 WARNING: translation string unused: eg
+WARNING: translation string unused: email error
 WARNING: translation string unused: email server can not be empty
+WARNING: translation string unused: email subject
+WARNING: translation string unused: email success
+WARNING: translation string unused: email text
 WARNING: translation string unused: enable javascript
 WARNING: translation string unused: enable wildcards
 WARNING: translation string unused: enabled on
@@ -675,6 +679,7 @@ WARNING: untranslated string: bytes
 WARNING: untranslated string: fwhost cust geoipgrp
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
+WARNING: untranslated string: info messages
 WARNING: untranslated string: no data
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
index 2a50200..91945ff 100644 (file)
@@ -690,6 +690,22 @@ WARNING: untranslated string: drop action1
 WARNING: untranslated string: drop action2
 WARNING: untranslated string: drop forward
 WARNING: untranslated string: drop outgoing
+WARNING: untranslated string: email config
+WARNING: untranslated string: email empty field
+WARNING: untranslated string: email invalid
+WARNING: untranslated string: email invalid mailfqdn
+WARNING: untranslated string: email invalid mailip
+WARNING: untranslated string: email invalid mailport
+WARNING: untranslated string: email mailaddr
+WARNING: untranslated string: email mailpass
+WARNING: untranslated string: email mailport
+WARNING: untranslated string: email mailrcpt
+WARNING: untranslated string: email mailsender
+WARNING: untranslated string: email mailuser
+WARNING: untranslated string: email settings
+WARNING: untranslated string: email testmail
+WARNING: untranslated string: email tls
+WARNING: untranslated string: email usemail
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
@@ -879,6 +895,7 @@ WARNING: untranslated string: imsi
 WARNING: untranslated string: incoming compression in bytes per second
 WARNING: untranslated string: incoming firewall access
 WARNING: untranslated string: incoming overhead in bytes per second
+WARNING: untranslated string: info messages
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -1047,6 +1064,7 @@ WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn keyexchange
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
index aa4951d..344ef07 100644 (file)
@@ -698,6 +698,22 @@ WARNING: untranslated string: drop action1
 WARNING: untranslated string: drop action2
 WARNING: untranslated string: drop forward
 WARNING: untranslated string: drop outgoing
+WARNING: untranslated string: email config
+WARNING: untranslated string: email empty field
+WARNING: untranslated string: email invalid
+WARNING: untranslated string: email invalid mailfqdn
+WARNING: untranslated string: email invalid mailip
+WARNING: untranslated string: email invalid mailport
+WARNING: untranslated string: email mailaddr
+WARNING: untranslated string: email mailpass
+WARNING: untranslated string: email mailport
+WARNING: untranslated string: email mailrcpt
+WARNING: untranslated string: email mailsender
+WARNING: untranslated string: email mailuser
+WARNING: untranslated string: email settings
+WARNING: untranslated string: email testmail
+WARNING: untranslated string: email tls
+WARNING: untranslated string: email usemail
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
@@ -894,6 +910,7 @@ WARNING: untranslated string: imsi
 WARNING: untranslated string: incoming compression in bytes per second
 WARNING: untranslated string: incoming firewall access
 WARNING: untranslated string: incoming overhead in bytes per second
+WARNING: untranslated string: info messages
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -1062,6 +1079,7 @@ WARNING: untranslated string: urlfilter mode block
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn keyexchange
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
index 1669e79..38614d6 100644 (file)
@@ -674,6 +674,22 @@ WARNING: untranslated string: advproxy group access control
 WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: bytes
 WARNING: untranslated string: check all
+WARNING: untranslated string: email config
+WARNING: untranslated string: email empty field
+WARNING: untranslated string: email invalid
+WARNING: untranslated string: email invalid mailfqdn
+WARNING: untranslated string: email invalid mailip
+WARNING: untranslated string: email invalid mailport
+WARNING: untranslated string: email mailaddr
+WARNING: untranslated string: email mailpass
+WARNING: untranslated string: email mailport
+WARNING: untranslated string: email mailrcpt
+WARNING: untranslated string: email mailsender
+WARNING: untranslated string: email mailuser
+WARNING: untranslated string: email settings
+WARNING: untranslated string: email testmail
+WARNING: untranslated string: email tls
+WARNING: untranslated string: email usemail
 WARNING: untranslated string: fwdfw err concon
 WARNING: untranslated string: fwdfw err ratecon
 WARNING: untranslated string: fwdfw limitconcon
@@ -696,6 +712,7 @@ WARNING: untranslated string: geoipblock enable feature
 WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: incoming compression in bytes per second
 WARNING: untranslated string: incoming overhead in bytes per second
+WARNING: untranslated string: info messages
 WARNING: untranslated string: invalid input for valid till days
 WARNING: untranslated string: masquerade blue
 WARNING: untranslated string: masquerade green
@@ -720,6 +737,7 @@ WARNING: untranslated string: samba join a domain
 WARNING: untranslated string: samba join domain
 WARNING: untranslated string: search
 WARNING: untranslated string: uncheck all
+WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
 WARNING: untranslated string: vpn statistics n2n
index 11d7657..2d3c78b 100644 (file)
@@ -686,6 +686,22 @@ WARNING: untranslated string: dnssec not supported
 WARNING: untranslated string: dnssec validating
 WARNING: untranslated string: download tls-auth key
 WARNING: untranslated string: drop outgoing
+WARNING: untranslated string: email config
+WARNING: untranslated string: email empty field
+WARNING: untranslated string: email invalid
+WARNING: untranslated string: email invalid mailfqdn
+WARNING: untranslated string: email invalid mailip
+WARNING: untranslated string: email invalid mailport
+WARNING: untranslated string: email mailaddr
+WARNING: untranslated string: email mailpass
+WARNING: untranslated string: email mailport
+WARNING: untranslated string: email mailrcpt
+WARNING: untranslated string: email mailsender
+WARNING: untranslated string: email mailuser
+WARNING: untranslated string: email settings
+WARNING: untranslated string: email testmail
+WARNING: untranslated string: email tls
+WARNING: untranslated string: email usemail
 WARNING: untranslated string: firewall logs country
 WARNING: untranslated string: fwdfw err concon
 WARNING: untranslated string: fwdfw err ratecon
@@ -713,6 +729,7 @@ WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
 WARNING: untranslated string: incoming compression in bytes per second
 WARNING: untranslated string: incoming overhead in bytes per second
+WARNING: untranslated string: info messages
 WARNING: untranslated string: invalid input for valid till days
 WARNING: untranslated string: masquerade blue
 WARNING: untranslated string: masquerade green
@@ -769,6 +786,7 @@ WARNING: untranslated string: ta key
 WARNING: untranslated string: uncheck all
 WARNING: untranslated string: upload dh key
 WARNING: untranslated string: vendor
+WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
 WARNING: untranslated string: vpn statistics n2n
index 2a50200..91945ff 100644 (file)
@@ -690,6 +690,22 @@ WARNING: untranslated string: drop action1
 WARNING: untranslated string: drop action2
 WARNING: untranslated string: drop forward
 WARNING: untranslated string: drop outgoing
+WARNING: untranslated string: email config
+WARNING: untranslated string: email empty field
+WARNING: untranslated string: email invalid
+WARNING: untranslated string: email invalid mailfqdn
+WARNING: untranslated string: email invalid mailip
+WARNING: untranslated string: email invalid mailport
+WARNING: untranslated string: email mailaddr
+WARNING: untranslated string: email mailpass
+WARNING: untranslated string: email mailport
+WARNING: untranslated string: email mailrcpt
+WARNING: untranslated string: email mailsender
+WARNING: untranslated string: email mailuser
+WARNING: untranslated string: email settings
+WARNING: untranslated string: email testmail
+WARNING: untranslated string: email tls
+WARNING: untranslated string: email usemail
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
@@ -879,6 +895,7 @@ WARNING: untranslated string: imsi
 WARNING: untranslated string: incoming compression in bytes per second
 WARNING: untranslated string: incoming firewall access
 WARNING: untranslated string: incoming overhead in bytes per second
+WARNING: untranslated string: info messages
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -1047,6 +1064,7 @@ WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn keyexchange
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
index d2215b6..4531670 100644 (file)
@@ -692,6 +692,22 @@ WARNING: untranslated string: drop action1
 WARNING: untranslated string: drop action2
 WARNING: untranslated string: drop forward
 WARNING: untranslated string: drop outgoing
+WARNING: untranslated string: email config
+WARNING: untranslated string: email empty field
+WARNING: untranslated string: email invalid
+WARNING: untranslated string: email invalid mailfqdn
+WARNING: untranslated string: email invalid mailip
+WARNING: untranslated string: email invalid mailport
+WARNING: untranslated string: email mailaddr
+WARNING: untranslated string: email mailpass
+WARNING: untranslated string: email mailport
+WARNING: untranslated string: email mailrcpt
+WARNING: untranslated string: email mailsender
+WARNING: untranslated string: email mailuser
+WARNING: untranslated string: email settings
+WARNING: untranslated string: email testmail
+WARNING: untranslated string: email tls
+WARNING: untranslated string: email usemail
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: encryption
 WARNING: untranslated string: entropy
@@ -879,6 +895,7 @@ WARNING: untranslated string: incoming compression in bytes per second
 WARNING: untranslated string: incoming firewall access
 WARNING: untranslated string: incoming overhead in bytes per second
 WARNING: untranslated string: incoming traffic in bytes per second
+WARNING: untranslated string: info messages
 WARNING: untranslated string: integrity
 WARNING: untranslated string: invalid input for dpd delay
 WARNING: untranslated string: invalid input for dpd timeout
@@ -1040,6 +1057,7 @@ WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter redirect template
 WARNING: untranslated string: vendor
 WARNING: untranslated string: visit us at
+WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn keyexchange
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
index a9d6332..672a49d 100644 (file)
@@ -666,6 +666,22 @@ WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: bytes
 WARNING: untranslated string: check all
+WARNING: untranslated string: email config
+WARNING: untranslated string: email empty field
+WARNING: untranslated string: email invalid
+WARNING: untranslated string: email invalid mailfqdn
+WARNING: untranslated string: email invalid mailip
+WARNING: untranslated string: email invalid mailport
+WARNING: untranslated string: email mailaddr
+WARNING: untranslated string: email mailpass
+WARNING: untranslated string: email mailport
+WARNING: untranslated string: email mailrcpt
+WARNING: untranslated string: email mailsender
+WARNING: untranslated string: email mailuser
+WARNING: untranslated string: email settings
+WARNING: untranslated string: email testmail
+WARNING: untranslated string: email tls
+WARNING: untranslated string: email usemail
 WARNING: untranslated string: fwhost addgeoipgrp
 WARNING: untranslated string: fwhost cust geoipgroup
 WARNING: untranslated string: fwhost cust geoipgrp
@@ -682,6 +698,7 @@ WARNING: untranslated string: geoipblock enable feature
 WARNING: untranslated string: ike lifetime should be between 1 and 8 hours
 WARNING: untranslated string: incoming compression in bytes per second
 WARNING: untranslated string: incoming overhead in bytes per second
+WARNING: untranslated string: info messages
 WARNING: untranslated string: invalid input for valid till days
 WARNING: untranslated string: no data
 WARNING: untranslated string: none
@@ -697,6 +714,7 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: search
 WARNING: untranslated string: uncheck all
+WARNING: untranslated string: vpn force mobike
 WARNING: untranslated string: vpn statistic n2n
 WARNING: untranslated string: vpn statistic rw
 WARNING: untranslated string: vpn statistics n2n
index b88db57..97e2d18 100644 (file)
 < drop action2
 < drop forward
 < drop outgoing
+< email config
+< email empty field
+< email error
+< email invalid
+< email invalid mailfqdn
+< email invalid mailip
+< email invalid mailport
+< email mailaddr
+< email mailpass
+< email mailport
+< email mailrcpt
+< email mailsender
+< email mailuser
+< email settings
+< email subject
+< email success
+< email testmail
+< email text
+< email tls
+< email usemail
 < encryption
 < entropy
 < entropy graphs
 < drop action2
 < drop forward
 < drop outgoing
+< email config
+< email empty field
+< email error
+< email invalid
+< email invalid mailfqdn
+< email invalid mailip
+< email invalid mailport
+< email mailaddr
+< email mailpass
+< email mailport
+< email mailrcpt
+< email mailsender
+< email mailuser
+< email settings
+< email subject
+< email success
+< email testmail
+< email text
+< email tls
+< email usemail
 < encryption
 < entropy
 < entropy graphs
 < drop action2
 < drop forward
 < drop outgoing
+< email config
+< email empty field
+< email error
+< email invalid
+< email invalid mailfqdn
+< email invalid mailip
+< email invalid mailport
+< email mailaddr
+< email mailpass
+< email mailport
+< email mailrcpt
+< email mailsender
+< email mailuser
+< email settings
+< email subject
+< email success
+< email testmail
+< email text
+< email tls
+< email usemail
 < encryption
 < entropy
 < entropy graphs
 < drop forward
 < drop outgoing
 < Edit an existing route
+< email config
+< email empty field
+< email error
+< email invalid
+< email invalid mailfqdn
+< email invalid mailip
+< email invalid mailport
+< email mailaddr
+< email mailpass
+< email mailport
+< email mailrcpt
+< email mailsender
+< email mailuser
+< email settings
+< email subject
+< email success
+< email testmail
+< email text
+< email tls
+< email usemail
 < encryption
 < entropy
 < entropy graphs
index 1813862..e8635d7 100644 (file)
@@ -53,6 +53,7 @@ my %sections = (
         'red' => '(red:|pppd\[.*\]: |chat\[.*\]|pppoe\[.*\]|pptp\[.*\]|pppoa\[.*\]|pppoa3\[.*\]|pppoeci\[.*\]|ipppd|ipppd\[.*\]|kernel: ippp\d|kernel: isdn.*|ibod\[.*\]|dhcpcd\[.*\]|modem_run\[.*\])',
         'ddns' => '(ddns\[\d+\]:)',
         'dns' => '(dnsmasq\[.*\]: )',
+        'dma' => '(dma\[.*\]: )',
         'dhcp' => '(dhcpd: )',
         'clamav' => '(clamd\[.*\]: |freshclam\[.*\]: )',
         'collectd' => '(collectd\[.*\]: )',
@@ -73,6 +74,7 @@ my %trsections = (
         'red' => 'RED',
         'ddns' => $Lang::tr{'dynamic dns'},
         'dns' => 'DNS',
+        'dma' => 'Mail',
         'dhcp' => "$Lang::tr{'dhcp server'}",
         'cron' => 'Cron',
         'collectd' => 'Collectd',
@@ -192,8 +194,10 @@ while ($gzindex >=0 && $loop) {
         # calculate file name
         if ($gzindex == 0) {
             $filestr = "/var/log/messages";
+            $filestr = "/var/log/mail" if (${section} =~ 'dma');
         } else {
             $filestr = "/var/log/messages.$gzindex";
+            $filestr = "/var/log/mail.$gzindex" if (${section} =~ 'dma');
            $filestr = "$filestr.gz" if -f "$filestr.gz";
         }
        # now read file if existing
diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi
new file mode 100755 (executable)
index 0000000..be663a6
--- /dev/null
@@ -0,0 +1,345 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2015  IPFire Team  <alexander.marx@ipfire.org>                #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+use MIME::Lite;
+#enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+#Initialize variables and hashes
+my $dmafile="${General::swroot}/dma/dma.conf";
+my $authfile="${General::swroot}/dma/auth.conf";
+my $mailfile="${General::swroot}/dma/mail.conf";
+my %dma=();
+my %auth=();
+my %mail=();
+my %mainsettings=();
+my %cgiparams=();
+my $errormessage='';
+
+#Read all parameters for site
+&Header::getcgihash(\%cgiparams);
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+#Show Headers
+&Header::showhttpheaders();
+
+#Check configfiles
+if ( -f $dmafile){
+       open (FILE, "<", $dmafile) or die $!;
+       foreach my $line (<FILE>) {
+               $line =~ m/^([A-Z]+)\s+?(.*)?$/;
+               my $key = $1;
+               my $val = $2;
+               $dma{$key}=$val;
+       }
+}else{
+       open(FILE, ">$dmafile") or die $!;
+}
+close FILE;
+
+if (exists $dma{'AUTHPATH'}){
+       open (FILE, "<", $dma{'AUTHPATH'}) or die "$dma{'AUTHPATH'} nicht gefunden $! ";
+       my $authline;
+       foreach my $line (<FILE>) {
+               $authline = $line;
+       }
+       my @part1 = split(/\|/,$authline);
+       my @part2 = split(/\:/,$part1[1]);
+       $auth{'AUTHNAME'} = $part1[0];
+       $auth{'AUTHHOST'} = $part2[0];
+       $auth{'AUTHPASS'} = $part2[1];
+}
+
+if ( -f $mailfile){
+       &General::readhash($mailfile, \%mail);
+}
+
+#ACTIONS
+if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite
+       #Check fields
+       if ($cgiparams{'USEMAIL'} eq 'on'){
+               $errormessage=&checkmailsettings;
+       }else{
+               $cgiparams{'txt_mailserver'}='';
+               $cgiparams{'txt_mailport'}='';
+               $cgiparams{'txt_mailuser'}='';
+               $cgiparams{'txt_mailpass'}='';
+               $cgiparams{'mail_tls'}='';
+               $cgiparams{'txt_mailsender'}='';
+               $cgiparams{'txt_recipient'}='';
+       }
+       if(!$errormessage){
+               #clear hashes
+               %auth=();
+               %dma=();
+               %mail=();
+
+               #clear configfiles
+               open (TXT, ">$dmafile") or die("Could not open /var/ipfire/dma/dma.conf: $!\n");
+               open (TXT1, ">$authfile") or die("Could not open /var/ipfire/dma/auth.conf: $!\n");
+               open (TXT2, ">$mailfile") or die("Could not open /var/ipfire/dma/mail.conf: $!\n");
+               close TXT2;
+
+               #Fill hashes with actual values
+               $mail{'USEMAIL'}                = $cgiparams{'USEMAIL'};
+               $mail{'SENDER'}                 = $cgiparams{'txt_mailsender'};
+               $mail{'RECIPIENT'}              = $cgiparams{'txt_recipient'};
+
+               $auth{'AUTHNAME'}               = $cgiparams{'txt_mailuser'};
+               $auth{'AUTHPASS'}               = $cgiparams{'txt_mailpass'};
+               $auth{'AUTHHOST'}               = $cgiparams{'txt_mailserver'};
+
+               $dma{'SMARTHOST'}               = $cgiparams{'txt_mailserver'};
+               $dma{'PORT'}                    = $cgiparams{'txt_mailport'};
+               $dma{'STARTTLS'}                = '' if ($cgiparams{'mail_tls'});
+               $dma{'SECURETRANSFER'}  = '' if exists $dma{'STARTTLS'};
+               $dma{'SPOOLDIR'}                = "/var/spool/dma";
+               $dma{'FULLBOUNCE'}              = '';
+               $dma{'MAILNAME'}                = "$mainsettings{'HOSTNAME'}.$mainsettings{DOMAINNAME}";
+               $dma{'AUTHPATH'}                = "$authfile" if exists $auth{'AUTHNAME'};
+
+               #Create new configfiles
+               &General::writehash("$mailfile", \%mail);
+               while ( ($k,$v) = each %dma ) {
+                       print TXT "$k $v\n";
+               }
+               close TXT;
+               print TXT1 "$auth{'AUTHNAME'}|$auth{'AUTHHOST'}:$auth{'AUTHPASS'}\n";
+               close TXT2;
+
+       }else{
+               $cgiparams{'update'}='on';
+               &configsite;
+       }
+}
+if ($cgiparams{'ACTION'} eq "$Lang::tr{'email testmail'}"){ #Testmail button on configsite
+       &testmail;
+}
+
+#Show site
+&configsite;
+
+#FUNCTIONS
+sub configsite{
+       
+
+       #If update set fieldvalues new
+       if($cgiparams{'update'} eq 'on'){
+               $dma{'USEMAIL'}= 'on';
+               $dma{'SMARTHOST'}       = $cgiparams{'txt_mailserver'};
+               $dma{'PORT'}            = $cgiparams{'txt_mailport'};
+               $auth{'AUTHUSER'}       = $cgiparams{'txt_mailuser'};
+               $auth{'AUTHHOST'}       = $cgiparams{'txt_mailserver'};
+               $auth{'AUTHPASS'}       = $cgiparams{'txt_mailpass'};
+       }
+       #find preselections
+       $checked{'usemail'}{$mail{'USEMAIL'}}   = 'CHECKED';
+       $checked{'mail_tls'}{'on'}                              = 'CHECKED' if exists $dma{'STARTTLS'};
+       
+       #Open site
+       &Header::openpage($Lang::tr{'email settings'}, 1, '');
+       &Header::openbigbox('100%', 'center');
+       &error;
+       &info;
+       &Header::openbox('100%', 'left', $Lang::tr{'email config'});
+       
+       #### JAVA SCRIPT ####
+       print<<END;
+<script>
+       \$(document).ready(function() {
+               // Show/Hide elements when USEMAIL checkbox is checked.
+               if (\$("#MAIL").attr("checked")) {
+                       \$(".MAILSRV").show();
+               } else {
+                       \$(".MAILSRV").hide();
+               }
+
+               // Toggle MAIL elements when "USEMAIL" checkbox is clicked
+               \$("#MAIL").change(function() {
+                       \$(".MAILSRV").toggle();
+               });
+       });
+</script>
+END
+       ##### JAVA SCRIPT END ####
+       my $col="style='background-color:$color{'color22'}'";
+       print<<END;
+       <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+       <table style='width:100%' border='0'>
+       <tr>
+               <th colspan='3'></th>
+       </tr>
+       <tr>
+               <td style='width:24em'>$Lang::tr{'email usemail'}</td>
+               <td><label><input type='checkbox' name='USEMAIL' id='MAIL' $checked{'usemail'}{'on'}></label></td>
+               <td></td>
+       </tr>
+       </table><br>
+
+       <div class="MAILSRV">
+               <table style='width:100%;'>
+               <tr>
+                       <td>$Lang::tr{'email mailsender'}<img src='/blob.gif' alt='*' /></td>
+                       <td><input type='text' name='txt_mailsender' value='$mail{'SENDER'}' style='width:22em;'></td>
+               </tr>
+               <tr>
+                       <td>$Lang::tr{'email mailrcpt'}<img src='/blob.gif' alt='*' /></td>
+                       <td><input type='text' name='txt_recipient' value='$mail{'RECIPIENT'}' style='width:22em;'></td>
+               </tr>
+               <tr>
+                       <td style='width:24em'>$Lang::tr{'email mailaddr'}<img src='/blob.gif' alt='*' /></td>
+                       <td><input type='text' name='txt_mailserver' value='$dma{'SMARTHOST'}' style='width:22em;'></td>
+               </tr>
+               <tr>
+                       <td>$Lang::tr{'email mailport'}<img src='/blob.gif' alt='*' /></td>
+                       <td><input type='text' name='txt_mailport' value='$dma{'PORT'}' size='3'></td>
+               </tr>
+               <tr>
+                       <td>$Lang::tr{'email mailuser'}</td>
+                       <td><input type='text' name='txt_mailuser' value='$auth{'AUTHNAME'}' style='width:22em;'></td>
+               </tr>
+               <tr>
+                       <td>$Lang::tr{'email mailpass'}</td>
+                       <td><input type='password' name='txt_mailpass' value='$auth{'AUTHPASS'}' style='width:22em;' ></td>
+               </tr>
+               <tr>
+                       <td>$Lang::tr{'email tls'}</td>
+                       <td><input type='checkbox' name='mail_tls' $checked{'mail_tls'}{'on'}></td>
+               </tr>
+END
+               if (! -z $dmafile && $mail{'USEMAIL'} eq 'on'){
+                       print "<tr>";
+                       print "<td></td>";
+                       print "<td><input type='submit' name='ACTION' value='$Lang::tr{'email testmail'}'></td>";
+                       print "</tr>";
+               }
+               print<<END;;
+               <tr>
+                       <td colspan='2'>&nbsp;</td>
+               </tr>
+               </table>
+       </div>
+
+       <table style='width:100%;'>
+       <tr>
+               <td colspan='3' display:inline align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td>
+       </tr>
+       </table>
+       <br>
+       </form>
+END
+       &Header::closebox();
+       &Header::closebigbox(); 
+       &Header::closepage();
+       exit 0;
+}
+
+sub checkmailsettings {
+       #Check if mailserver is an ip address or a domain
+       if ($cgiparams{'txt_mailserver'} =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/){
+               if (! &General::validip($cgiparams{'txt_mailserver'})){
+                       $errormessage.="$Lang::tr{'email invalid mailip'} $cgiparams{'txt_mailserver'}<br>";
+               }
+       }elsif(! &General::validfqdn($cgiparams{'txt_mailserver'})){
+                       $errormessage.="$Lang::tr{'email invalid mailfqdn'} $cgiparams{'txt_mailserver'}<br>";
+       }
+       #Check valid mailserverport
+       if($cgiparams{'txt_mailport'} < 1 || $cgiparams{'txt_mailport'} > 65535){
+               $errormessage.="$Lang::tr{'email invalid mailport'} $cgiparams{'txt_mailport'}<br>";
+       }
+       #Check valid sender
+       if(! $cgiparams{'txt_mailsender'}){
+               $errormessage.="$Lang::tr{'email empty field'} $Lang::tr{'email mailsender'}<br>";
+       }else{
+               if (! &General::validemail($cgiparams{'txt_mailsender'})){
+                       $errormessage.="<br>$Lang::tr{'email invalid'} $Lang::tr{'email mailsender'}<br>";
+               }
+       }
+       return $errormessage;
+}
+
+sub testmail {
+       ### Create a new multipart message:
+       $msg = MIME::Lite->new(
+               From    => $mail{'SENDER'},
+               To              => $mail{'RECIPIENT'},
+               #Cc             => 'some@other.com, some@more.com',
+               Subject => 'IPFire Testmail',
+               Type    => 'multipart/mixed'
+       );
+
+       ### Add parts (each "attach" has same arguments as "new"):
+       $msg->attach(
+               Type    => 'TEXT',
+               Data    => "This is the IPFire test mail."
+       );
+
+       ### Add attachment for testing
+       #$msg->attach(
+       #       Type     => 'application/txt',
+       #       Encoding => 'base64',
+       #       Path     => '/var/ipfire/dma/dma.conf',
+       #       Filename => 'dma.conf',
+       #       Disposition => 'attachment'
+       #);
+
+       $msg->send_by_sendmail;
+}
+
+sub info {
+       if ($infomessage) {
+               &Header::openbox('100%', 'left', $Lang::tr{'info messages'});
+               print "<class name='base'>$infomessage\n";
+               print "&nbsp;</class>\n";
+               &Header::closebox();
+       }
+}
+
+sub error {
+       if ($errormessage) {
+               &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+               print "<class name='base'>$errormessage\n";
+               print "&nbsp;</class>\n";
+               &Header::closebox();
+       }
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
index 8c44b7e..9f3c645 100644 (file)
@@ -108,6 +108,7 @@ $cgiparams{'ROOTCERT_STATE'} = '';
 $cgiparams{'RW_NET'} = '';
 $cgiparams{'DPD_DELAY'} = '30';
 $cgiparams{'DPD_TIMEOUT'} = '120';
+$cgiparams{'FORCE_MOBIKE'} = 'off';
 &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
 
 ###
@@ -360,6 +361,11 @@ sub writeipsecfiles {
        # Compression
        print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on');
 
+       # Force MOBIKE?
+       if (($lconfighash{$key}[29] eq "ikev2") && ($lconfighash{$key}[32] eq 'on')) {
+               print CONF "\tmobike=yes\n";
+       }
+
        # Dead Peer Detection
        my $dpdaction = $lconfighash{$key}[27];
        print CONF "\tdpdaction=$dpdaction\n";
@@ -1286,6 +1292,7 @@ END
        $cgiparams{'VHOST'}             = $confighash{$cgiparams{'KEY'}}[14];
        $cgiparams{'DPD_TIMEOUT'}               = $confighash{$cgiparams{'KEY'}}[30];
        $cgiparams{'DPD_DELAY'}         = $confighash{$cgiparams{'KEY'}}[31];
+       $cgiparams{'FORCE_MOBIKE'}      = $confighash{$cgiparams{'KEY'}}[32];
 
        if (!$cgiparams{'DPD_DELAY'}) {
                $cgiparams{'DPD_DELAY'} = 30;
@@ -1768,7 +1775,7 @@ END
        my $key = $cgiparams{'KEY'};
        if (! $key) {
            $key = &General::findhasharraykey (\%confighash);
-           foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
+           foreach my $i (0 .. 32) { $confighash{$key}[$i] = "";}
        }
        $confighash{$key}[0] = $cgiparams{'ENABLED'};
        $confighash{$key}[1] = $cgiparams{'NAME'};
@@ -1810,6 +1817,7 @@ END
        $confighash{$key}[14] = $cgiparams{'VHOST'};
        $confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'};
        $confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
+       $confighash{$key}[32] = $cgiparams{'FORCE_MOBIKE'};
 
        #free unused fields!
        $confighash{$key}[6] = 'off';
@@ -1858,6 +1866,10 @@ END
                $cgiparams{'DPD_TIMEOUT'} = 120;
        }
 
+       if (!$cgiparams{'FORCE_MOBIKE'}) {
+               $cgiparams{'FORCE_MOBIKE'} = 'no';
+       }
+
        # Default IKE Version to v2
        if (!$cgiparams{'IKE_VERSION'}) {
            $cgiparams{'IKE_VERSION'} = 'ikev2';
@@ -1935,6 +1947,7 @@ END
        <input type='hidden' name='DPD_ACTION' value='$cgiparams{'DPD_ACTION'}' />
        <input type='hidden' name='DPD_DELAY' value='$cgiparams{'DPD_DELAY'}' />
        <input type='hidden' name='DPD_TIMEOUT' value='$cgiparams{'DPD_TIMEOUT'}' />
+       <input type='hidden' name='FORCE_MOBIKE' value='$cgiparams{'FORCE_MOBIKE'}' />
 END
     ;
     if ($cgiparams{'KEY'}) {
@@ -2206,6 +2219,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 
        if (
            ($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) ||
+           ($cgiparams{'FORCE_MOBIKE'} !~ /^(|on|off)$/) ||
            ($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) ||
            ($cgiparams{'PFS'} !~ /^(|on|off)$/) ||
            ($cgiparams{'VHOST'} !~ /^(|on|off)$/)
@@ -2241,6 +2255,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
        $confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'};
        $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
        $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
+       $confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'FORCE_MOBIKE'};
        &General::writehasharray("${General::swroot}/vpn/config", \%confighash);
        &writeipsecfiles();
        if (&vpnenabled) {
@@ -2268,6 +2283,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
        $cgiparams{'DPD_ACTION'}     = $confighash{$cgiparams{'KEY'}}[27];
        $cgiparams{'DPD_TIMEOUT'}    = $confighash{$cgiparams{'KEY'}}[30];
        $cgiparams{'DPD_DELAY'}      = $confighash{$cgiparams{'KEY'}}[31];
+       $cgiparams{'FORCE_MOBIKE'}   = $confighash{$cgiparams{'KEY'}}[32];
 
        if (!$cgiparams{'DPD_DELAY'}) {
                $cgiparams{'DPD_DELAY'} = 30;
@@ -2362,6 +2378,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
     foreach my $key (@temp) {$checked{'ESP_GROUPTYPE'}{$key} = "selected='selected'"; }
 
     $checked{'COMPRESSION'} = $cgiparams{'COMPRESSION'} eq 'on' ? "checked='checked'" : '' ;
+    $checked{'FORCE_MOBIKE'} = $cgiparams{'FORCE_MOBIKE'} eq 'on' ? "checked='checked'" : '' ;
     $checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on' ? "checked='checked'" : '' ;
     $checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ;
     $checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ;
@@ -2605,6 +2622,14 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
                        </label>
                </td>
        </tr>
+       <tr>
+               <td>
+                       <label>
+                               <input type='checkbox' name='FORCE_MOBIKE' $checked{'FORCE_MOBIKE'} />
+                               $Lang::tr{'vpn force mobike'}
+                       </label>
+               </td>
+       </tr>
 EOF
     ;
     if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
index 48ade28..c6d25fc 100644 (file)
 'edit share' => 'Freigabe bearbeiten',
 'editor' => 'Editor',
 'eg' => 'z.B.:',
+'email config' => 'Konfiguration',
+'email empty field' => 'Leeres Feld',
+'email error' => 'ERROR: Testmail konnte nicht versendet werden',
+'email invalid' => 'Ungültiges Feld',
+'email invalid mailfqdn' => 'Ungültiger FQDN für Mailserver',
+'email invalid mailip' => 'Ungültige IP-Adresse für Mailserver',
+'email invalid mailport' => 'Ungültiger Port für Mailserver',
+'email mailaddr' => 'Mailserver-Adresse',
+'email mailpass' => 'Passwort',
+'email mailport' => 'Mailserver-Port',
+'email mailrcpt' => 'E-Mail-Empfänger',
+'email mailsender' => 'E-Mail Absender',
+'email mailuser' => 'Benutzername',
 'email server can not be empty' => 'Email-Server darf nicht leer sein',
+'email settings' => 'Mailversand',
+'email subject' => 'IPFire Testmail',
+'email success' => 'Testmail erfolgreich versendet',
+'email testmail' => 'Testnachricht senden',
+'email text' => 'Testnachricht vom IPFire Mailversand.',
+'email tls' => 'TLS aktivieren',
+'email usemail' => 'Mailversand aktivieren',
 'emailreportlevel' => 'Email-Reportlevel',
 'empty' => 'Dieses Feld kann leer bleiben',
 'empty profile' => 'Unbenannt',
index af7fda9..1e1b459 100644 (file)
 'edit share' => 'Edit share',
 'editor' => 'Editor',
 'eg' => 'e.g.:',
+'email config' => 'Configuration',
+'email empty field' => 'Empty field',
+'email error' => 'ERROR: Testmail could not be sent',
+'email invalid' => 'Invalid field',
+'email invalid mailfqdn' => 'Invalid mailserver fqdn',
+'email invalid mailip' => 'Invalid mailserver IP address',
+'email invalid mailport' => 'Invalid mailserver port',
+'email mailaddr' => 'Mailserver address',
+'email mailpass' => 'Password',
+'email mailport' => 'Mailserver port',
+'email mailrcpt' => 'Mail recipient',
+'email mailsender' => 'Mail sender',
+'email mailuser' => 'Username',
 'email server can not be empty' => 'E-mail server can not be empty',
+'email settings' => 'Mailservice',
+'email subject' => 'IPFire Testmail',
+'email success' => 'Testmail successfully sent',
+'email testmail' => 'Send testmail',
+'email text' => 'Testmail from IPFire Mailservice.',
+'email tls' => 'Use TLS',
+'email usemail' => 'Activate Mailservice',
 'emailreportlevel' => 'E-mailreportlevel',
 'emerging rules' => 'Emergingthreats.net Community Rules',
 'empty' => 'This field may be left blank',
 'vpn configuration main' => 'VPN Configuration',
 'vpn delayed start' => 'Delay before launching VPN (seconds)',
 'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.',
+'vpn force mobike' => 'Force using MOBIKE (only IKEv2)',
 'vpn incompatible use of defaultroute' => 'hostname=%defaultroute not allowed',
 'vpn keyexchange' => 'Keyexchange',
 'vpn local id' => 'Local ID',
diff --git a/lfs/chkconfig b/lfs/chkconfig
new file mode 100644 (file)
index 0000000..afec454
--- /dev/null
@@ -0,0 +1,78 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2010  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.5
+
+THISAPP    = chkconfig-$(VER)
+DL_FILE    = $(THISAPP).tar.bz2
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 0e59a43ef588a7bba5528b10bb59bef2
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && make alternatives
+       cd $(DIR_APP) && install -v -m 755 alternatives /usr/sbin
+       ln -svf alternatives /usr/sbin/update-alternatives
+       -mkdir -pv /etc/alternatives /var/lib/alternatives
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
index cd2440d..ede0493 100644 (file)
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2011  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 8.23
+VER        = 8.24
 
 THISAPP    = coreutils-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -60,7 +60,7 @@ objects =$(DL_FILE)
 
 $(DL_FILE)                      = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5                  = abed135279f87ad6762ce57ff6d89c41
+$(DL_FILE)_MD5                  = 40efdbce865d2458d8da0a9dcee7c16c
 
 install : $(TARGET)
 
diff --git a/lfs/dma b/lfs/dma
new file mode 100644 (file)
index 0000000..9fe49ab
--- /dev/null
+++ b/lfs/dma
@@ -0,0 +1,87 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2011  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 0.9.1
+
+THISAPP    = dma-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = dma
+PAK_VER    = 1
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 56afaf438ba34d4ff9c8879dc29a16b1
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       mkdir -pv /var/ipfire/dma
+       cd $(DIR_APP) && sed -i '/PREFIX/s/usr\/local/usr/g' Makefile
+       cd $(DIR_APP) && sed -i '/CONFDIR/s/etc\/dma/var\/ipfire\/dma/g' Makefile
+       cd $(DIR_APP) && make
+       cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc
+       install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin
+       chown -R nobody.nobody /var/ipfire/dma
+       chown nobody.root /var/ipfire/dma/auth.conf
+       ln -svf dma /usr/sbin/sendmail.dma
+       /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
index f327967..f16c761 100644 (file)
@@ -73,7 +73,11 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/001-include_0_0_0_0_8_in_DNS_rebind_checks.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/002-enhance_add_subnet_to_allow_arbitary_subnet_addresses.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/003-dont_answer_non_auth_queries_for_auth_zones_locally_when_localise_queries_set.patch
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
+
        cd $(DIR_APP) && sed -i src/config.h \
                -e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
                -e 's|/\* #define HAVE_DNSSEC \*/|#define HAVE_DNSSEC|g' \
index bfd7552..49829d0 100644 (file)
--- a/lfs/file
+++ b/lfs/file
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2014  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2015  Michael Tremer & Christian Schmidt                      #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.20
+VER        = 5.24
 
 THISAPP    = file-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 5d5e13eb3e0e13839da869a31790faf2
+$(DL_FILE)_MD5 = ec161b5a0d2aef147fb046e5630b1408
 
 install : $(TARGET)
 
index 9d65765..55a7845 100644 (file)
@@ -70,8 +70,11 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/0001-Add-an-other-forbidden-string-Serial.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/0002-Escape-any-non-printable-ascii-characters.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/0003-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/0004-Filter-all-IDs-that-only-consist-of-0xff.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/0005-Fix-crash-if-there-is-id-has-already-been-reset-to-N.patch
 
        cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh
        cd $(DIR_APP) && ./configure --prefix=/usr
index 2341d10..d7d51cf 100644 (file)
--- a/lfs/glibc
+++ b/lfs/glibc
@@ -285,6 +285,7 @@ endif
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1183533.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1207995.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1209375.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1217186.patch
 
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch
index e4e2e53..e4e9ac1 100644 (file)
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2014  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 9.45
+VER        = 9.48
 
 THISAPP    = hdparm-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 1c75d0751a44928b6c4bc81fb16d7fe8
+$(DL_FILE)_MD5 = 213efdbe7471fad3408198918e164354
 
 install : $(TARGET)
 
index 7e6e376..22d1de5 100644 (file)
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.8p1
+VER        = 7.1p1
 
 THISAPP    = openssh-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 08f72de6751acfbd0892b5f003922701
+$(DL_FILE)_MD5 = 8709736bc8a8c253bc4eeb4829888ca5
 
 install : $(TARGET)
 
@@ -90,6 +90,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
            -e 's/^#\?SyslogFacility AUTH .*$$/SyslogFacility AUTH/' \
            -e 's/^#\?LogLevel INFO .*$$/LogLevel INFO/' \
            -e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \
+           -e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \
            /etc/ssh/sshd_config
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)
index 8f207da..fd66350 100644 (file)
--- a/lfs/pcre
+++ b/lfs/pcre
@@ -72,6 +72,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch
        cd $(DIR_APP) && ./configure \
                --prefix=/usr \
                --disable-static \
diff --git a/lfs/perl-Email-Date-Format b/lfs/perl-Email-Date-Format
new file mode 100644 (file)
index 0000000..ce55d14
--- /dev/null
@@ -0,0 +1,77 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.005
+
+THISAPP    = Email-Date-Format-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 030dcee3bc1a44674900b0132925bd03
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && perl Makefile.PL
+       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make install
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
diff --git a/lfs/perl-MIME-Lite b/lfs/perl-MIME-Lite
new file mode 100644 (file)
index 0000000..c6f53e6
--- /dev/null
@@ -0,0 +1,77 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 3.030
+
+THISAPP    = MIME-Lite-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 5a6d90329e049eee77248d667343acc7
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && yes |perl Makefile.PL
+       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make install
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
index 696c68e..b8029f7 100644 (file)
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = postfix
-PAK_VER    = 8
+PAK_VER    = 9
 
 DEPS       = "amavisd mysql"
 
@@ -115,5 +115,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
        install -v -m 644 $(DIR_SRC)/config/backup/includes/postfix \
                         /var/ipfire/backup/addons/includes/postfix
+       mv /usr/sbin/sendmail /usr/sbin/sendmail.postfix
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)
index d0a1181..f156400 100644 (file)
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.5.3
+VER        = 1.5.4
 
 THISAPP    = rrdtool-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 868a828cc6b10654c440a85054240ae2
+$(DL_FILE)_MD5 = 4daea1e628e1c70d91800d6a06427dc1
 
 install : $(TARGET)
 
index d8c8a05..de6c87d 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.4-13228.patch
        cd $(DIR_APP) && ./configure \
                --prefix=/usr \
                --sysconfdir=/etc/squid \
@@ -113,7 +114,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --enable-cache-digests \
                --enable-forw-via-db \
                --enable-htcp \
-               --enable-linux-netfilter \
                --enable-kill-parent-hack \
                --disable-wccpv2 \
                --enable-icap-client \
index a2ffd90..aa2ca50 100644 (file)
@@ -9,15 +9,15 @@
 
 include Config
 
-VER        = 1.0.3
+VER        = 1.0.4
 
 THISAPP    = squid-accounting-$(VER)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = squid-accounting
-PAK_VER    = 6
+PAK_VER    = 7
 
-DEPS       = "perl-DBI perl-DBD-SQLite perl-File-ReadBackwards perl-PDF-API2 sendEmail"
+DEPS       = "perl-DBI perl-DBD-SQLite perl-File-ReadBackwards perl-PDF-API2"
 
 ###############################################################################
 # Top-level Rules
@@ -50,8 +50,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        chmod 777 /var/log/accounting.log
 #Set permissions for logo and graphs
        chmod -R 777 /srv/web/ipfire/html/accounting
-               
-       
+
        install -v -m 755 $(DIR_APP)/squid-accounting/accounting.cgi /srv/web/ipfire/cgi-bin/
        install -v -m 755 $(DIR_APP)/squid-accounting/acct.pl /usr/local/bin/
        install -v -m 644 $(DIR_APP)/squid-accounting/acct-lib.pl /var/ipfire/accounting/
@@ -61,10 +60,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        install -v -m 755 $(DIR_APP)/squid-accounting/dbinstall.pl /var/ipfire/accounting/
        install -v -m 644 $(DIR_APP)/squid-accounting/config/backup/includes/squid-accounting  \
                        /var/ipfire/backup/addons/includes/squid-accounting
-                       
+
 #activate hourly logging of proxy logfile
        ln -sf /usr/local/bin/acct.pl /etc/fcron.hourly/squid-accounting
-               
        chown -R nobody.nobody /var/ipfire/accounting
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 7d9cad0..235964b 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -25,7 +25,7 @@
 NAME="IPFire"                                                  # Software name
 SNAME="ipfire"                                                 # Short name
 VERSION="2.17"                                                 # Version number
-CORE="93"                                                      # Core Level (Filename)
+CORE="94"                                                      # Core Level (Filename)
 PAKFIRE_CORE="93"                                              # Core Level (PAKFIRE)
 GIT_BRANCH=`git rev-parse --abbrev-ref HEAD`                   # Git Branch
 SLOGAN="www.ipfire.org"                                                # Software slogan
@@ -648,6 +648,7 @@ buildipfire() {
   ipfiremake screen
   ipfiremake smartmontools
   ipfiremake htop
+  ipfiremake chkconfig
   ipfiremake postfix
   ipfiremake fetchmail
   ipfiremake cyrus-imapd
@@ -655,6 +656,7 @@ buildipfire() {
   ipfiremake clamav
   ipfiremake spamassassin
   ipfiremake amavisd
+  ipfiremake dma
   ipfiremake alsa
   ipfiremake mpfire
   ipfiremake guardian
@@ -727,6 +729,8 @@ buildipfire() {
   ipfiremake perl-Net-SMTP-SSL
   ipfiremake perl-MIME-Base64
   ipfiremake perl-Authen-SASL
+  ipfiremake perl-MIME-Lite
+  ipfiremake perl-Email-Date-Format
   ipfiremake git
   ipfiremake squidclamav
   ipfiremake vnstat
index 0ed8661..7b4092d 100644 (file)
 
 case "$1" in
     start)
-       if [ ! -e "/etc/ssh/ssh_host_key" ]; then
-               boot_mesg "Generating SSH host key..."
-               ssh-keygen -qf /etc/ssh/ssh_host_key -N '' -t rsa1
-               evaluate_retval
-       fi
-
-       for algo in rsa dsa ecdsa ed25519; do
+       for algo in rsa ecdsa ed25519; do
                keyfile="/etc/ssh/ssh_host_${algo}_key"
 
                # If the key already exists, there is nothing to do.
                [ -e "${keyfile}" ] && continue
 
-               case "${algo}" in
-                       rsa)
-                               algo="rsa1"
-                               ;;
-               esac
-
                boot_mesg "Generating SSH key (${algo})..."
                ssh-keygen -qf "${keyfile}" -N '' -t ${algo}
                evaluate_retval
index 0932d2e..1629d21 100644 (file)
@@ -34,3 +34,6 @@ start_service ${NAME}
 ln -sf  ../init.d/postfix /etc/rc.d/rc0.d/K25postfix
 ln -sf  ../init.d/postfix /etc/rc.d/rc3.d/S35postfix
 ln -sf  ../init.d/postfix /etc/rc.d/rc6.d/K25postfix
+
+# Update alternatives
+/usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.postfix 15
index bc70451..bff411a 100644 (file)
@@ -25,5 +25,6 @@
 extract_backup_includes
 stop_service ${NAME}
 make_backup ${NAME}
+/usr/sbin/alternatives --remove sendmail /usr/sbin/sendmail.postfix
 remove_files
 rm -rfv /etc/rc.d/rc*.d/*postfix
diff --git a/src/patches/dnsmasq/001-include_0_0_0_0_8_in_DNS_rebind_checks.patch b/src/patches/dnsmasq/001-include_0_0_0_0_8_in_DNS_rebind_checks.patch
new file mode 100644 (file)
index 0000000..8a2557a
--- /dev/null
@@ -0,0 +1,41 @@
+From d2aa7dfbb6d1088dcbea9fecc61b9293b320eb95 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 3 Aug 2015 21:52:12 +0100
+Subject: [PATCH] Include 0.0.0.0/8 in DNS rebind checks.
+
+---
+ CHANGELOG     |    7 +++++++
+ src/rfc1035.c |    3 ++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 901da47..3f4026d 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,3 +1,10 @@
++version 2.76
++            Include 0.0.0.0/8 in DNS rebind checks. This range 
++          translates to hosts on  the local network, or, at 
++          least, 0.0.0.0 accesses the local host, so could
++          be targets for DNS rebinding. See RFC 5735 section 3 
++          for details. Thanks to Stephen Röttger for the bug report.
++          
+ version 2.75
+             Fix reversion on 2.74 which caused 100% CPU use when a 
+           dhcp-script is configured. Thanks to Adrian Davey for
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 56647b0..29e9e65 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -728,7 +728,8 @@ int private_net(struct in_addr addr, int ban_localhost)
+   in_addr_t ip_addr = ntohl(addr.s_addr);
+   return
+-    (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost)  /* 127.0.0.0/8    (loopback) */ || 
++    (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost)  /* 127.0.0.0/8    (loopback) */ ||
++    ((ip_addr & 0xFF000000) == 0x00000000)  /* RFC 5735 section 3. "here" network */ ||
+     ((ip_addr & 0xFFFF0000) == 0xC0A80000)  /* 192.168.0.0/16 (private)  */ ||
+     ((ip_addr & 0xFF000000) == 0x0A000000)  /* 10.0.0.0/8     (private)  */ ||
+     ((ip_addr & 0xFFF00000) == 0xAC100000)  /* 172.16.0.0/12  (private)  */ ||
+-- 
+1.7.10.4
diff --git a/src/patches/dnsmasq/002-enhance_add_subnet_to_allow_arbitary_subnet_addresses.patch b/src/patches/dnsmasq/002-enhance_add_subnet_to_allow_arbitary_subnet_addresses.patch
new file mode 100644 (file)
index 0000000..2d3d6e4
--- /dev/null
@@ -0,0 +1,271 @@
+From a7369bef8abd241c3d85633fa9c870943f091e76 Mon Sep 17 00:00:00 2001
+From: Ed Bardsley <ebardsley@google.com>
+Date: Wed, 5 Aug 2015 21:17:18 +0100
+Subject: [PATCH] Enhance --add-subnet to allow arbitary subnet addresses.
+
+---
+ CHANGELOG     |    4 ++++
+ man/dnsmasq.8 |   32 ++++++++++++++++++++-----------
+ src/dnsmasq.h |   13 ++++++++++---
+ src/option.c  |   59 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
+ src/rfc1035.c |   39 +++++++++++++++++++++++++++++++-------
+ 5 files changed, 121 insertions(+), 26 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 3f4026d..bbc2834 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -4,6 +4,10 @@ version 2.76
+           least, 0.0.0.0 accesses the local host, so could
+           be targets for DNS rebinding. See RFC 5735 section 3 
+           for details. Thanks to Stephen Röttger for the bug report.
++
++          Enhance --add-subnet to allow arbitrary subnet addresses.
++            Thanks to Ed Barsley for the patch.
++      
+           
+ version 2.75
+             Fix reversion on 2.74 which caused 100% CPU use when a 
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index c8913b5..a23c898 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -604,17 +604,27 @@ experimental. Also note that exposing MAC addresses in this way may
+ have security and privacy implications. The warning about caching
+ given for --add-subnet applies to --add-mac too.
+ .TP 
+-.B --add-subnet[[=<IPv4 prefix length>],<IPv6 prefix length>]
+-Add the subnet address of the requestor to the DNS queries which are
+-forwarded upstream. The amount of the address forwarded depends on the
+-prefix length parameter: 32 (128 for IPv6) forwards the whole address,
+-zero forwards none of it but still marks the request so that no
+-upstream nameserver will add client address information either. The
+-default is zero for both IPv4 and IPv6. Note that upstream nameservers
+-may be configured to return different results based on this
+-information, but the dnsmasq cache does not take account. If a dnsmasq
+-instance is configured such that different results may be encountered,
+-caching should be disabled.
++.B --add-subnet[[=[<IPv4 address>/]<IPv4 prefix length>][,[<IPv6 address>/]<IPv6 prefix length>]]
++Add a subnet address to the DNS queries which are forwarded
++upstream. If an address is specified in the flag, it will be used,
++otherwise, the address of the requestor will be used. The amount of
++the address forwarded depends on the prefix length parameter: 32 (128
++for IPv6) forwards the whole address, zero forwards none of it but
++still marks the request so that no upstream nameserver will add client
++address information either. The default is zero for both IPv4 and
++IPv6. Note that upstream nameservers may be configured to return
++different results based on this information, but the dnsmasq cache
++does not take account. If a dnsmasq instance is configured such that
++different results may be encountered, caching should be disabled.
++
++For example,
++.B --add-subnet=24,96
++will add the /24 and /96 subnets of the requestor for IPv4 and IPv6 requestors, respectively.
++.B --add-subnet=1.2.3.4/24
++will add 1.2.3.0/24 for IPv4 requestors and ::/0 for IPv6 requestors.
++.B --add-subnet=1.2.3.4/24,1.2.3.4/24
++will add 1.2.3.0/24 for both IPv4 and IPv6 requestors.
++
+ .TP
+ .B \-c, --cache-size=<cachesize>
+ Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index cf1a782..f42acdb 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -541,6 +541,13 @@ struct iname {
+   struct iname *next;
+ };
++/* subnet parameters from command line */
++struct mysubnet {
++  union mysockaddr addr;
++  int addr_used;
++  int mask;
++};
++
+ /* resolv-file parms from command-line */
+ struct resolvc {
+   struct resolvc *next;
+@@ -935,9 +942,9 @@ extern struct daemon {
+   struct auth_zone *auth_zones;
+   struct interface_name *int_names;
+   char *mxtarget;
+-  int addr4_netmask;
+-  int addr6_netmask;
+-  char *lease_file; 
++  struct mysubnet *add_subnet4;
++  struct mysubnet *add_subnet6;
++  char *lease_file;
+   char *username, *groupname, *scriptuser;
+   char *luascript;
+   char *authserver, *hostmaster;
+diff --git a/src/option.c b/src/option.c
+index ecc2619..746cd11 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -445,7 +445,7 @@ static struct {
+   { LOPT_PXE_SERV, ARG_DUP, "<service>", gettext_noop("Boot service for PXE menu."), NULL },
+   { LOPT_TEST, 0, NULL, gettext_noop("Check configuration syntax."), NULL },
+   { LOPT_ADD_MAC, OPT_ADD_MAC, NULL, gettext_noop("Add requestor's MAC address to forwarded DNS queries."), NULL },
+-  { LOPT_ADD_SBNET, ARG_ONE, "<v4 pref>[,<v6 pref>]", gettext_noop("Add requestor's IP subnet to forwarded DNS queries."), NULL },
++  { LOPT_ADD_SBNET, ARG_ONE, "<v4 pref>[,<v6 pref>]", gettext_noop("Add specified IP subnet to forwarded DNS queries."), NULL },
+   { LOPT_DNSSEC, OPT_DNSSEC_PROXY, NULL, gettext_noop("Proxy DNSSEC validation results from upstream nameservers."), NULL },
+   { LOPT_INCR_ADDR, OPT_CONSEC_ADDR, NULL, gettext_noop("Attempt to allocate sequential IP addresses to DHCP clients."), NULL },
+   { LOPT_CONNTRACK, OPT_CONNTRACK, NULL, gettext_noop("Copy connection-track mark from queries to upstream connections."), NULL },
+@@ -722,6 +722,20 @@ static void do_usage(void)
+ #define ret_err(x) do { strcpy(errstr, (x)); return 0; } while (0)
++static char *parse_mysockaddr(char *arg, union mysockaddr *addr) 
++{
++  if (inet_pton(AF_INET, arg, &addr->in.sin_addr) > 0)
++    addr->sa.sa_family = AF_INET;
++#ifdef HAVE_IPV6
++  else if (inet_pton(AF_INET6, arg, &addr->in6.sin6_addr) > 0)
++    addr->sa.sa_family = AF_INET6;
++#endif
++  else
++    return _("bad address");
++   
++  return NULL;
++}
++
+ char *parse_server(char *arg, union mysockaddr *addr, union mysockaddr *source_addr, char *interface, int *flags)
+ {
+   int source_port = 0, serv_port = NAMESERVER_PORT;
+@@ -1585,7 +1599,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+           li = match_suffix->next;
+           free(match_suffix->suffix);
+           free(match_suffix);
+-        }    
++        }
+       break;
+       }
+@@ -1593,10 +1607,45 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+       set_option_bool(OPT_CLIENT_SUBNET);
+       if (arg)
+       {
++          char *err, *end;
+         comma = split(arg);
+-        if (!atoi_check(arg, &daemon->addr4_netmask) || 
+-            (comma && !atoi_check(comma, &daemon->addr6_netmask)))
+-           ret_err(gen_err);
++
++          struct mysubnet* new = opt_malloc(sizeof(struct mysubnet));
++          if ((end = split_chr(arg, '/')))
++          {
++            /* has subnet+len */
++            err = parse_mysockaddr(arg, &new->addr);
++            if (err)
++              ret_err(err);
++            if (!atoi_check(end, &new->mask))
++              ret_err(gen_err);
++            new->addr_used = 1;
++          } 
++        else if (!atoi_check(arg, &new->mask))
++          ret_err(gen_err);
++          
++          daemon->add_subnet4 = new;
++
++          new = opt_malloc(sizeof(struct mysubnet));
++          if (comma)
++            {
++              if ((end = split_chr(comma, '/')))
++                {
++                  /* has subnet+len */
++                  err = parse_mysockaddr(comma, &new->addr);
++                  if (err)
++                    ret_err(err);
++                  if (!atoi_check(end, &new->mask))
++                    ret_err(gen_err);
++                  new->addr_used = 1;
++                }
++              else
++                {
++                  if (!atoi_check(comma, &new->mask))
++                    ret_err(gen_err);
++                }
++            }
++          daemon->add_subnet6 = new;
+       }
+       break;
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 29e9e65..6a51b30 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -629,26 +629,47 @@ struct subnet_opt {
+ #endif
+ };
++static void *get_addrp(union mysockaddr *addr, const short family) 
++{
++#ifdef HAVE_IPV6
++  if (family == AF_INET6)
++    return &addr->in6.sin6_addr;
++#endif
++
++  return &addr->in.sin_addr;
++}
++
+ static size_t calc_subnet_opt(struct subnet_opt *opt, union mysockaddr *source)
+ {
+   /* http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-02 */
+   
+   int len;
+   void *addrp;
++  int sa_family = source->sa.sa_family;
+ #ifdef HAVE_IPV6
+   if (source->sa.sa_family == AF_INET6)
+     {
+-      opt->family = htons(2);
+-      opt->source_netmask = daemon->addr6_netmask;
+-      addrp = &source->in6.sin6_addr;
++      opt->source_netmask = daemon->add_subnet6->mask;
++      if (daemon->add_subnet6->addr_used) 
++      {
++        sa_family = daemon->add_subnet6->addr.sa.sa_family;
++        addrp = get_addrp(&daemon->add_subnet6->addr, sa_family);
++      } 
++      else 
++      addrp = &source->in6.sin6_addr;
+     }
+   else
+ #endif
+     {
+-      opt->family = htons(1);
+-      opt->source_netmask = daemon->addr4_netmask;
+-      addrp = &source->in.sin_addr;
++      opt->source_netmask = daemon->add_subnet4->mask;
++      if (daemon->add_subnet4->addr_used)
++      {
++        sa_family = daemon->add_subnet4->addr.sa.sa_family;
++        addrp = get_addrp(&daemon->add_subnet4->addr, sa_family);
++      } 
++      else 
++      addrp = &source->in.sin_addr;
+     }
+   
+   opt->scope_netmask = 0;
+@@ -656,6 +677,11 @@ static size_t calc_subnet_opt(struct subnet_opt *opt, union mysockaddr *source)
+   
+   if (opt->source_netmask != 0)
+     {
++#ifdef HAVE_IPV6
++      opt->family = htons(sa_family == AF_INET6 ? 2 : 1);
++#else
++      opt->family = htons(1);
++#endif
+       len = ((opt->source_netmask - 1) >> 3) + 1;
+       memcpy(opt->addr, addrp, len);
+       if (opt->source_netmask & 7)
+@@ -2335,4 +2361,3 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+   
+   return len;
+ }
+-
+-- 
+1.7.10.4
diff --git a/src/patches/dnsmasq/003-dont_answer_non_auth_queries_for_auth_zones_locally_when_localise_queries_set.patch b/src/patches/dnsmasq/003-dont_answer_non_auth_queries_for_auth_zones_locally_when_localise_queries_set.patch
new file mode 100644 (file)
index 0000000..cfbcdfb
--- /dev/null
@@ -0,0 +1,34 @@
+From 3a3965ac21b1b759eab8799b6edb09195b671306 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 9 Aug 2015 17:45:06 +0100
+Subject: [PATCH] Don't answer non-auth queries for auth zones locally when
+ --localise-queries set.
+
+---
+ src/forward.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/forward.c b/src/forward.c
+index 2731b90..b76a974 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -1365,7 +1365,7 @@ void receive_query(struct listener *listen, time_t now)
+ #ifdef HAVE_AUTH
+       /* find queries for zones we're authoritative for, and answer them directly */
+-      if (!auth_dns)
++      if (!auth_dns && !option_bool(OPT_LOCALISE))
+       for (zone = daemon->auth_zones; zone; zone = zone->next)
+         if (in_zone(zone, daemon->namebuff, NULL))
+           {
+@@ -1904,7 +1904,7 @@ unsigned char *tcp_request(int confd, time_t now,
+         
+ #ifdef HAVE_AUTH
+         /* find queries for zones we're authoritative for, and answer them directly */
+-        if (!auth_dns)
++        if (!auth_dns && !option_bool(OPT_LOCALISE))
+           for (zone = daemon->auth_zones; zone; zone = zone->next)
+             if (in_zone(zone, daemon->namebuff, NULL))
+               {
+-- 
+1.7.10.4
@@ -1,7 +1,7 @@
 From edacae4b2cdc41f1c0bfc93e041532ff6c49f60c Mon Sep 17 00:00:00 2001
 From: Michael Tremer <michael.tremer@ipfire.org>
 Date: Tue, 17 Mar 2015 22:19:17 +0100
-Subject: [PATCH] Add an other forbidden string: "Serial"
+Subject: [PATCH 1/5] Add an other forbidden string: "Serial"
 
 ---
  src/fireinfo/system.py | 2 +-
@@ -21,5 +21,5 @@ index daf77b399d20..9d7872822b85 100644
        "01010101-0101-0101-0101-010101010101",
        "00020003-0004-0005-0006-000700080009",
 -- 
-2.1.0
+2.4.3
 
diff --git a/src/patches/fireinfo/0002-Escape-any-non-printable-ascii-characters.patch b/src/patches/fireinfo/0002-Escape-any-non-printable-ascii-characters.patch
new file mode 100644 (file)
index 0000000..576154b
--- /dev/null
@@ -0,0 +1,69 @@
+From 4468fb2eb49e21d2350f6619584e6816f5159d29 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 28 Mar 2015 13:17:57 +0100
+Subject: [PATCH 2/5] Escape any non-printable ascii characters
+
+http://forum.ipfire.org/viewtopic.php?f=5&t=12970
+---
+ src/fireinfo/system.py | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
+index 9d7872822b85..4148c66eded7 100644
+--- a/src/fireinfo/system.py
++++ b/src/fireinfo/system.py
+@@ -325,6 +325,16 @@ class System(object):
+               return v, m
++      @staticmethod
++      def escape_string(s):
++              """
++                      Will remove all non-printable characters from the given string
++              """
++              if s is None:
++                      return
++
++              return filter(lambda x: x in string.printable, s)
++
+       @property
+       def vendor(self):
+               """
+@@ -334,14 +344,14 @@ class System(object):
+               for file in ("sys_vendor", "board_vendor", "chassis_vendor",):
+                       ret = read_from_file(os.path.join(SYS_CLASS_DMI, file))
+                       if ret:
+-                              return ret
++                              return self.escape_string(ret)
+               if os.path.exists("/proc/device-tree"):
+                       ret = self.__cpuinfo.get("Hardware", None)
+               else:
+                       ret, m = self.vendor_model_tuple()
+-              return ret
++              return self.escape_string(ret)
+       @property
+       def model(self):
+@@ -352,7 +362,7 @@ class System(object):
+               for file in ("product_name", "board_model", "chassis_model",):
+                       ret = read_from_file(os.path.join(SYS_CLASS_DMI, file))
+                       if ret:
+-                              return ret
++                              return self.escape_string(ret)
+               # Read device-tree model if available
+               ret = read_from_file("/proc/device-tree/model")
+@@ -364,7 +374,7 @@ class System(object):
+               if not ret:
+                       v, ret = self.vendor_model_tuple()
+-              return ret
++              return self.escape_string(ret)
+       @property
+       def memory(self):
+-- 
+2.4.3
+
@@ -1,7 +1,8 @@
 From c667589410912ca980a78f417e86dd6585d58f9a Mon Sep 17 00:00:00 2001
 From: Michael Tremer <michael.tremer@ipfire.org>
 Date: Mon, 4 May 2015 16:00:31 +0200
-Subject: [PATCH] Skip search for hypervisor name when the CPU string is empty
+Subject: [PATCH 3/5] Skip search for hypervisor name when the CPU string is
+ empty
 
 ---
  src/_fireinfo/fireinfo.c | 11 ++++++-----
@@ -30,5 +31,5 @@ index fc639d9d4cd9..6601c21a733f 100644
                }
  
 -- 
-2.1.0
+2.4.3
 
diff --git a/src/patches/fireinfo/0004-Filter-all-IDs-that-only-consist-of-0xff.patch b/src/patches/fireinfo/0004-Filter-all-IDs-that-only-consist-of-0xff.patch
new file mode 100644 (file)
index 0000000..737a319
--- /dev/null
@@ -0,0 +1,28 @@
+From d58f8ef75a29dd6f8968084b5383ce0f39c75666 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 12 Aug 2015 10:50:42 +0100
+Subject: [PATCH 4/5] Filter all IDs that only consist of 0xff
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/fireinfo/system.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
+index 4148c66eded7..edf7359a17e6 100644
+--- a/src/fireinfo/system.py
++++ b/src/fireinfo/system.py
+@@ -255,6 +255,10 @@ class System(object):
+                                               id = None
+                                               break
++                      # Check if the string only contains 0xff
++                      if all((e == "\xff" for e in id)):
++                              id = None
++
+                       if id:
+                               _ids.append(id)
+-- 
+2.4.3
+
diff --git a/src/patches/fireinfo/0005-Fix-crash-if-there-is-id-has-already-been-reset-to-N.patch b/src/patches/fireinfo/0005-Fix-crash-if-there-is-id-has-already-been-reset-to-N.patch
new file mode 100644 (file)
index 0000000..dcc552d
--- /dev/null
@@ -0,0 +1,26 @@
+From deafec982e4c8f2e6ffa3bf70b0a94fa30158e9a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 9 Sep 2015 15:04:43 +0100
+Subject: [PATCH 5/5] Fix crash if there is id has already been reset to None
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/fireinfo/system.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py
+index edf7359a17e6..c2ba12e818f0 100644
+--- a/src/fireinfo/system.py
++++ b/src/fireinfo/system.py
+@@ -256,7 +256,7 @@ class System(object):
+                                               break
+                       # Check if the string only contains 0xff
+-                      if all((e == "\xff" for e in id)):
++                      if id and all((e == "\xff" for e in id)):
+                               id = None
+                       if id:
+-- 
+2.4.3
+
diff --git a/src/patches/glibc/glibc-rh1217186.patch b/src/patches/glibc/glibc-rh1217186.patch
new file mode 100644 (file)
index 0000000..6c6c393
--- /dev/null
@@ -0,0 +1,65 @@
+#
+# Author: Carlos O'Donell
+# Upstream status: Needs to go upstream (2015-05-07)
+#
+diff --git a/inet/rcmd.c b/inet/rcmd.c
+index acacaa0..9f2443b 100644
+--- a/inet/rcmd.c
++++ b/inet/rcmd.c
+@@ -803,29 +803,38 @@ __validuser2_sa(hostf, ra, ralen, luser, ruser, rhost)
+       *p = '\0';              /* <nul> terminate username (+host?) */
+       /* buf -> host(?) ; user -> username(?) */
++      if (*buf == '\0')
++        break;
++      if (*user == '\0')
++        user = luser;
++
++      /* First check the user part.  This is an optimization, since
++         one should always check the host first in order to detect
++         negative host checks (which we check for later).  */
++      ucheck = __icheckuser (user, ruser);
++
++      /* Either we found the user, or we didn't and this is a
++         negative host check.  We must do the negative host lookup
++         in order to preserve the semantics of stopping on this line
++         before processing others.  */
++      if (ucheck != 0 || *buf == '-') {
++
++          /* Next check host part */
++          hcheck = __checkhost_sa (ra, ralen, buf, rhost);
++
++          /* Negative '-host user(?)' match?  */
++          if (hcheck < 0)
++              break;
+-      /* First check host part */
+-      hcheck = __checkhost_sa (ra, ralen, buf, rhost);
+-
+-      if (hcheck < 0)
+-          break;
+-
+-      if (hcheck) {
+-          /* Then check user part */
+-          if (! (*user))
+-              user = luser;
+-
+-          ucheck = __icheckuser (user, ruser);
+-
+-          /* Positive 'host user' match? */
+-          if (ucheck > 0) {
++          /* Positive 'host user' match?  */
++          if (hcheck > 0 && ucheck > 0) {
+               retval = 0;
+               break;
+           }
+-          /* Negative 'host -user' match? */
+-          if (ucheck < 0)
+-              break;
++          /* Negative 'host -user' match?  */
++          if (hcheck > 0 && ucheck < 0)
++            break;
+           /* Neither, go on looking for match */
+       }
diff --git a/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch b/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch
new file mode 100644 (file)
index 0000000..20ead09
--- /dev/null
@@ -0,0 +1,110 @@
+From f6efcf125123199d446c5561266c3c3846ed9f30 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Wed, 3 Jun 2015 16:51:59 +0000
+Subject: [PATCH] Fix another buffer overflow.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 8.37:
+
+commit 225f0d5eb16c7a26591a1e3f286c7476907b5a6a
+Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date:   Wed Jun 3 16:51:59 2015 +0000
+
+    Fix another buffer overflow.
+
+    git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1562 2f5784b3-3f2a-0410-8824-cb99058d5e15
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ pcre_compile.c           | 7 ++++++-
+ testdata/testinput2      | 2 ++
+ testdata/testoutput11-16 | 2 +-
+ testdata/testoutput11-32 | 2 +-
+ testdata/testoutput11-8  | 2 +-
+ testdata/testoutput2     | 2 ++
+ 6 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index 8b4aaef..f5d2384 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -7210,7 +7210,12 @@ for (;; ptr++)
+           real compile this will be picked up and the reference wrapped with
+           OP_ONCE to make it atomic, so we must space in case this occurs. */
+-          if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
++          /* In fact, this can happen for a non-forward reference because
++          another group with the same number might be created later. This
++          issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
++          only mode, we finesse the bug by allowing more memory always. */
++
++          /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE;
+           }
+         /* In the real compile, search the name table. We check the name
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index 5cc9ce6..e12de3a 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4156,4 +4156,6 @@ backtracking verbs. --/
+ /(?=di(?<=(?1))|(?=(.))))/
++"(?J:(?|(?'R')(\k'R')|((?'R'))))"
++
+ /-- End of testinput2 --/
+diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
+index 422f2ad..e222e7c 100644
+--- a/testdata/testoutput11-16
++++ b/testdata/testoutput11-16
+@@ -231,7 +231,7 @@ Memory allocation (code space): 73
+ ------------------------------------------------------------------
+ /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
+-Memory allocation (code space): 61
++Memory allocation (code space): 77
+ ------------------------------------------------------------------
+   0  24 Bra
+   2   5 CBra 1
+diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
+index d953ec8..9a80ec9 100644
+--- a/testdata/testoutput11-32
++++ b/testdata/testoutput11-32
+@@ -231,7 +231,7 @@ Memory allocation (code space): 155
+ ------------------------------------------------------------------
+ /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
+-Memory allocation (code space): 125
++Memory allocation (code space): 157
+ ------------------------------------------------------------------
+   0  24 Bra
+   2   5 CBra 1
+diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
+index 6ec18ec..3adaca2 100644
+--- a/testdata/testoutput11-8
++++ b/testdata/testoutput11-8
+@@ -231,7 +231,7 @@ Memory allocation (code space): 45
+ ------------------------------------------------------------------
+ /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
+-Memory allocation (code space): 38
++Memory allocation (code space): 50
+ ------------------------------------------------------------------
+   0  30 Bra
+   3   7 CBra 1
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 4decb8d..5bad26c 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14428,4 +14428,6 @@ Failed: lookbehind assertion is not fixed length at offset 17
+ /(?=di(?<=(?1))|(?=(.))))/
+ Failed: unmatched parentheses at offset 23
++"(?J:(?|(?'R')(\k'R')|((?'R'))))"
++
+ /-- End of testinput2 --/
+-- 
+2.4.3
+
diff --git a/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch b/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch
new file mode 100644 (file)
index 0000000..ab1b962
--- /dev/null
@@ -0,0 +1,190 @@
+From b3f0b0dd971314df8f865e221aa1a88e75d6d1a6 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Wed, 5 Aug 2015 15:38:32 +0000
+Subject: [PATCH] Fix buffer overflow for named references in (?| situations.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported for 8.37:
+
+commit 7af8e8717def179fd7b69e173abd347c1a3547cb
+Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date:   Wed Aug 5 15:38:32 2015 +0000
+
+    Fix buffer overflow for named references in (?| situations.
+
+    git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1585 2f5784b3-3f2a-0410-8824-cb99058d5e15
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ pcre_compile.c       | 74 ++++++++++++++++++++++++++++++----------------------
+ pcre_internal.h      |  1 +
+ testdata/testinput2  |  2 ++
+ testdata/testoutput2 |  2 ++
+ 4 files changed, 48 insertions(+), 31 deletions(-)
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index f5d2384..5fe5c1d 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -6641,6 +6641,7 @@ for (;; ptr++)
+         /* ------------------------------------------------------------ */
+         case CHAR_VERTICAL_LINE:  /* Reset capture count for each branch */
+         reset_bracount = TRUE;
++        cd->dupgroups = TRUE;     /* Record (?| encountered */ 
+         /* Fall through */
+         /* ------------------------------------------------------------ */
+@@ -7151,7 +7152,8 @@ for (;; ptr++)
+         if (lengthptr != NULL)
+           {
+           named_group *ng;
+-
++          recno = 0;
++           
+           if (namelen == 0)
+             {
+             *errorcodeptr = ERR62;
+@@ -7168,32 +7170,6 @@ for (;; ptr++)
+             goto FAILED;
+             }
+-          /* The name table does not exist in the first pass; instead we must
+-          scan the list of names encountered so far in order to get the
+-          number. If the name is not found, set the value to 0 for a forward
+-          reference. */
+-
+-          recno = 0;
+-          ng = cd->named_groups;
+-          for (i = 0; i < cd->names_found; i++, ng++)
+-            {
+-            if (namelen == ng->length &&
+-                STRNCMP_UC_UC(name, ng->name, namelen) == 0)
+-              {
+-              open_capitem *oc;
+-              recno = ng->number;
+-              if (is_recurse) break;
+-              for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+-                {
+-                if (oc->number == recno)
+-                  {
+-                  oc->flag = TRUE;
+-                  break;
+-                  }
+-                }
+-              }
+-            }
+-
+           /* Count named back references. */
+           if (!is_recurse) cd->namedrefcount++;
+@@ -7215,7 +7191,44 @@ for (;; ptr++)
+           issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
+           only mode, we finesse the bug by allowing more memory always. */
+-          /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE;
++          *lengthptr += 2 + 2*LINK_SIZE;
++          
++          /* It is even worse than that. The current reference may be to an
++          existing named group with a different number (so apparently not
++          recursive) but which later on is also attached to a group with the
++          current number. This can only happen if $(| has been previous 
++          encountered. In that case, we allow yet more memory, just in case. 
++          (Again, this is fixed "properly" in PCRE2. */
++          
++          if (cd->dupgroups) *lengthptr += 2 + 2*LINK_SIZE;
++
++          /* Otherwise, check for recursion here. The name table does not exist
++          in the first pass; instead we must scan the list of names encountered
++          so far in order to get the number. If the name is not found, leave
++          the value of recno as 0 for a forward reference. */
++           
++          else
++            { 
++            ng = cd->named_groups;
++            for (i = 0; i < cd->names_found; i++, ng++)
++              {
++              if (namelen == ng->length &&
++                  STRNCMP_UC_UC(name, ng->name, namelen) == 0)
++                {
++                open_capitem *oc;
++                recno = ng->number;
++                if (is_recurse) break;
++                for (oc = cd->open_caps; oc != NULL; oc = oc->next)
++                  {
++                  if (oc->number == recno)
++                    {
++                    oc->flag = TRUE;
++                    break;
++                    }
++                  }
++                }
++              }
++            }   
+           }
+         /* In the real compile, search the name table. We check the name
+@@ -7262,8 +7275,6 @@ for (;; ptr++)
+           for (i++; i < cd->names_found; i++)
+             {
+             if (STRCMP_UC_UC(slot + IMM2_SIZE, cslot + IMM2_SIZE) != 0) break;
+-
+-
+             count++;
+             cslot += cd->name_entry_size;
+             }
+@@ -9189,6 +9200,7 @@ cd->names_found = 0;
+ cd->name_entry_size = 0;
+ cd->name_table = NULL;
+ cd->dupnames = FALSE;
++cd->dupgroups = FALSE;
+ cd->namedrefcount = 0;
+ cd->start_code = cworkspace;
+ cd->hwm = cworkspace;
+@@ -9223,7 +9235,7 @@ if (errorcode != 0) goto PCRE_EARLY_ERROR_RETURN;
+ DPRINTF(("end pre-compile: length=%d workspace=%d\n", length,
+   (int)(cd->hwm - cworkspace)));
+-
++  
+ if (length > MAX_PATTERN_SIZE)
+   {
+   errorcode = ERR20;
+diff --git a/pcre_internal.h b/pcre_internal.h
+index dd0ac7f..7ca6020 100644
+--- a/pcre_internal.h
++++ b/pcre_internal.h
+@@ -2446,6 +2446,7 @@ typedef struct compile_data {
+   BOOL had_pruneorskip;             /* (*PRUNE) or (*SKIP) encountered */
+   BOOL check_lookbehind;            /* Lookbehinds need later checking */
+   BOOL dupnames;                    /* Duplicate names exist */
++  BOOL dupgroups;                   /* Duplicate groups exist: (?| found */ 
+   BOOL iscondassert;                /* Next assert is a condition */
+   int  nltype;                      /* Newline type */
+   int  nllen;                       /* Newline string length */
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index e12de3a..8e044f8 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4158,4 +4158,6 @@ backtracking verbs. --/
+ "(?J:(?|(?'R')(\k'R')|((?'R'))))"
++/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/
++
+ /-- End of testinput2 --/
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 5bad26c..6019425 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14430,4 +14430,6 @@ Failed: unmatched parentheses at offset 23
+ "(?J:(?|(?'R')(\k'R')|((?'R'))))"
++/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/
++
+ /-- End of testinput2 --/
+-- 
+2.4.3
+
diff --git a/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch b/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch
new file mode 100644 (file)
index 0000000..837e86f
--- /dev/null
@@ -0,0 +1,98 @@
+From 83ed574998fe7b844b98ab7cd56291068feb9e31 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Sat, 16 May 2015 11:05:40 +0000
+Subject: [PATCH] Fix named forward reference to duplicate group number
+ overflow bug.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Port to 8.37:
+
+commit 2fa78aa4e42bcebf2d616c4ee89c012f29dc3447
+Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date:   Sat May 16 11:05:40 2015 +0000
+
+    Fix named forward reference to duplicate group number overflow bug.
+
+    git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1559 2f5784b3-3f2a-0410-8824-cb99058d5e15
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ pcre_compile.c       | 24 ++++++++++++++++--------
+ testdata/testinput1  |  3 +++
+ testdata/testoutput1 |  5 +++++
+ 3 files changed, 24 insertions(+), 8 deletions(-)
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index b66b1f6..8b4aaef 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -7183,15 +7183,15 @@ for (;; ptr++)
+               open_capitem *oc;
+               recno = ng->number;
+               if (is_recurse) break;
+-              for (oc = cd->open_caps; oc != NULL; oc = oc->next)         
+-                {          
+-                if (oc->number == recno)                                     
+-                  {               
+-                  oc->flag = TRUE;                                      
++              for (oc = cd->open_caps; oc != NULL; oc = oc->next)
++                {
++                if (oc->number == recno)
++                  {
++                  oc->flag = TRUE;
+                   break;
+-                  }                                                         
+-                }                          
+-              }    
++                  }
++                }
++              }
+             }
+           /* Count named back references. */
+@@ -7203,6 +7203,14 @@ for (;; ptr++)
+           16-bit data item. */
+           *lengthptr += IMM2_SIZE;
++
++          /* If this is a forward reference and we are within a (?|...) group,
++          the reference may end up as the number of a group which we are
++          currently inside, that is, it could be a recursive reference. In the
++          real compile this will be picked up and the reference wrapped with
++          OP_ONCE to make it atomic, so we must space in case this occurs. */
++
++          if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
+           }
+         /* In the real compile, search the name table. We check the name
+diff --git a/testdata/testinput1 b/testdata/testinput1
+index 73c2f4d..8379ce0 100644
+--- a/testdata/testinput1
++++ b/testdata/testinput1
+@@ -5730,4 +5730,7 @@ AbcdCBefgBhiBqz
+ "(?1)(?#?'){8}(a)"
+     baaaaaaaaac
++"(?|(\k'Pm')|(?'Pm'))"
++    abcd
++
+ /-- End of testinput1 --/
+diff --git a/testdata/testoutput1 b/testdata/testoutput1
+index 0a53fd0..e852ab9 100644
+--- a/testdata/testoutput1
++++ b/testdata/testoutput1
+@@ -9429,4 +9429,9 @@ No match
+  0: aaaaaaaaa
+  1: a
++"(?|(\k'Pm')|(?'Pm'))"
++    abcd
++ 0: 
++ 1: 
++
+ /-- End of testinput1 --/
+-- 
+2.4.3
+
diff --git a/src/patches/squid-3.4-13228.patch b/src/patches/squid-3.4-13228.patch
new file mode 100644 (file)
index 0000000..7f7d16f
--- /dev/null
@@ -0,0 +1,35 @@
+------------------------------------------------------------
+revno: 13228
+revision-id: squid3@treenet.co.nz-20150828132334-3r7v4kh1lrqprrqg
+parent: squid3@treenet.co.nz-20150801072237-5tzh2dczozz1e8sq
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3696
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.4
+timestamp: Fri 2015-08-28 06:23:34 -0700
+message:
+  Bug 3696: crash when client delay pools are activated
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20150828132334-3r7v4kh1lrqprrqg
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
+# testament_sha1: d193928c4656282187f2a31bf66d43fd4c247177
+# timestamp: 2015-08-28 13:33:44 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
+# base_revision_id: squid3@treenet.co.nz-20150801072237-\
+#   5tzh2dczozz1e8sq
+# 
+# Begin patch
+=== modified file 'src/client_side.cc'
+--- src/client_side.cc 2014-06-21 04:24:37 +0000
++++ src/client_side.cc 2015-08-28 13:23:34 +0000
+@@ -3447,7 +3447,8 @@
+             /* pools require explicit 'allow' to assign a client into them */
+             if (pools[pool].access) {
+-                ch.accessList = pools[pool].access;
++                cbdataReferenceDone(ch.accessList);
++                ch.accessList = cbdataReference(pools[pool].access);
+                 allow_t answer = ch.fastCheck();
+                 if (answer == ACCESS_ALLOWED) {
+
index 1ec9849..1064763 100755 (executable)
@@ -56,12 +56,17 @@ my $count=0;
 my $col;
 my $proxlog=$Lang::tr{'stopped'};
 my $proxsrv=$Lang::tr{'stopped'};
+my $mailfile="${General::swroot}/dma/mail.conf";
 
 &Header::getcgihash(\%cgiparams);
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
 &General::readhash("$settingsfile", \%settings) if(-f $settingsfile);
 
+if ( -f $mailfile){
+       &General::readhash($mailfile, \%mail);
+}
+
 #Find out which lang is set (used later to set decimal separator correctly)
 my $uplang=uc($mainsettings{'LANGUAGE'});
 setlocale LC_NUMERIC,"$mainsettings{'LANGUAGE'}_$uplang";
@@ -136,11 +141,6 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite
        if ($cgiparams{'USEMAIL'} eq 'on'){
                $errormessage=&checkmailsettings;
        }elsif($cgiparams{'USEMAIL'} ne 'on'){
-               $cgiparams{'txt_mailserver'}='';
-               $cgiparams{'txt_mailport'}='';
-               $cgiparams{'txt_mailuser'}='';
-               $cgiparams{'txt_mailpass'}='';
-               $cgiparams{'mail_tls'}='';
                $cgiparams{'txt_mailsender'}='';
                $cgiparams{'txt_mailsubject'}='';
                $mailtxt='';
@@ -155,11 +155,6 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite
                $settings{'CURRENCY'}   = $cgiparams{'txt_currency'};
                $settings{'SKIPURLS'}   = $skipurls;
                $settings{'USEMAIL'}    = $cgiparams{'USEMAIL'};
-               $settings{'MAILSRV'}    = $cgiparams{'txt_mailserver'};
-               $settings{'MAILPORT'}   = $cgiparams{'txt_mailport'};
-               $settings{'MAILUSER'}   = $cgiparams{'txt_mailuser'};
-               $settings{'MAILPASS'}   = $cgiparams{'txt_mailpass'};
-               $settings{'TLS'}                = $cgiparams{'mail_tls'};
                $settings{'MAILSENDER'} = $cgiparams{'txt_mailsender'};
                $settings{'MAILSUB'}    = $cgiparams{'txt_mailsubject'};
                $settings{'MAILTXT'}    = $mailtxt;
@@ -568,10 +563,6 @@ sub configsite{
        #If update set fieldvalues new
        if($cgiparams{'update'} eq 'on'){
                $settings{'USEMAIL'} = 'on';
-               $settings{'MAILSRV'} = $cgiparams{'txt_mailserver'};
-               $settings{'MAILPORT'} = $cgiparams{'txt_mailport'};
-               $settings{'MAILUSER'} = $cgiparams{'txt_mailuser'};
-               $settings{'MAILPASS'} = $cgiparams{'txt_mailpass'};
                $settings{'MAILSUB'} = $cgiparams{'txt_mailsubject'};
                $settings{'MAILTXT'} = $cgiparams{'txt_mailtxt'};
        }
@@ -580,14 +571,13 @@ sub configsite{
        $checked{'logging'}{$settings{'LOG'}}                                   = 'CHECKED';
        $checked{'multiuser'}{$settings{'MULTIUSER'}}                   = 'CHECKED';
        $checked{'usemail'}{$settings{'USEMAIL'}}                               = 'CHECKED';
-       $checked{'mail_tls'}{$settings{'TLS'}}                                  = 'CHECKED';
-       
+
        #Open site
        &Header::openpage($Lang::tr{'acct settings'}, 1, '');
        &Header::openbigbox('100%', 'center');
        &error;
        &Header::openbox('100%', 'left', $Lang::tr{'acct config'});
-       
+
        #### JAVA SCRIPT ####
        print<<END;
 <script>
@@ -631,57 +621,45 @@ END
                <td>$Lang::tr{'acct multiuser'}</td>
                <td><input type='checkbox' name='multiuser' $checked{'multiuser'}{'on'}></td>
                <td></td>
-       <tr>
+       </tr>
        <tr>
                <td>$Lang::tr{'acct mwst'}</td>
                <td><input type='text' name='txt_mwst' value='$settings{'MWST'}' style='width:22em;'></td>
                <td></td>
+       </tr>
        <tr>
                <td>$Lang::tr{'acct currency'}</td>
                <td><input type='text' name='txt_currency' value='$settings{'CURRENCY'}' style='width:22em;'></td>
                <td></td>
-       
+       </tr>
        <tr>
                <td valign='top'>$Lang::tr{'acct skipurl'}</td>
                <td style='padding-left:0.2em;'><textarea name="txt_skipurls" cols="20" rows="6" style='width:22em;'>$settings{'SKIPURLS'}</textarea></td>
                <td></td>
        </tr>
+END
+
+if ($mail{'USEMAIL'} eq 'on'){
+       if (!$settings{'MAILSENDER'}){
+               $settings{'MAILSENDER'} = $mail{'SENDER'};
+       }
+print <<END;
        <tr>
                <td>$Lang::tr{'acct usemail'}</td>
                <td><label><input type='checkbox' name='USEMAIL' id='MAIL' $checked{'usemail'}{'on'}></label></td>
                <td></td>
        </tr>
-       </table><br>
+END
+}
 
+print <<END;
+       </table><br>
        <div class="MAILSRV">
                <table style='width:100%;'>
                <tr>
-                       <td style='width:24em'>$Lang::tr{'acct mailaddr'}</td>
-                       <td><input type='text' name='txt_mailserver' value='$settings{'MAILSRV'}' style='width:22em;'></td>
-               </tr>
-               <tr>
-                       <td>$Lang::tr{'acct mailport'}</td>
-                       <td><input type='text' name='txt_mailport' value='$settings{'MAILPORT'}' size='3'></td>
-               </tr>
-               <tr>
-                       <td>$Lang::tr{'acct mailuser'}<img src='/blob.gif' alt='*' /></td>
-                       <td><input type='text' name='txt_mailuser' value='$settings{'MAILUSER'}' style='width:22em;'></td>
-               </tr>
-               <tr>
-                       <td>$Lang::tr{'acct mailpass'}<img src='/blob.gif' alt='*' /></td>
-                       <td><input type='password' name='txt_mailpass' value='$settings{'MAILPASS'}' style='width:22em;' ></td>
-               </tr>
-               <tr>
-                       <td>$Lang::tr{'acct tls'}</td>
-                       <td><input type='checkbox' name='mail_tls' $checked{'mail_tls'}{'on'}></td>
-               </tr>
-               <tr>
-                       <td>$Lang::tr{'acct mailsender'}</td>
+                       <td style='width:24em'>$Lang::tr{'acct mailsender'}</td>
                        <td><input type='text' name='txt_mailsender' value='$settings{'MAILSENDER'}' style='width:22em;'></td>
                </tr>
-               <tr>
-                       <td colspan='2'>&nbsp;</td>
-               </tr>
                <tr>
                        <td>$Lang::tr{'acct subject'}</td>
                        <td><input type='text' name='txt_mailsubject' value='$settings{'MAILSUB'}' style='width:22em;'></td>
@@ -693,7 +671,6 @@ END
                </table>
        </div>
 
-
        <table style='width:100%;'>
        <tr>
                <td colspan='3' display:inline align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td>
@@ -1119,28 +1096,28 @@ print<<END;
                                <td>
                                        <input type='radio' name='rdo_companytype' value='CUST' $checked{'rdo_companytype'}{'CUST'}>$Lang::tr{'acct customer'} &nbsp;
                                        <input type='radio' name='rdo_companytype' value='HOST' $checked{'rdo_companytype'}{'HOST'}>$Lang::tr{'acct hoster'}</td>
-                               <td style='width:8em;'>$Lang::tr{'acct bank'}</td>
+                               <td style='width:8em;'>$Lang::tr{'acct bank'}<img src='/blob.gif' alt='*' /></td>
                                <td>
                                        <input type='text' name='txt_bank' value='$cgiparams{'txt_bank'}' style='width:25em;'></td>
                        </tr>
                        <tr>
-                               <td>$Lang::tr{'acct company'}</td>
+                               <td>$Lang::tr{'acct company'}<img src='/blob.gif' alt='*' /></td>
                                <td>
                                        <input type='text' name='txt_company' value='$cgiparams{'txt_company'}' style='width:25em;'></td>
-                               <td>$Lang::tr{'acct iban'}<img src='/blob.gif' alt='*' /></td>
+                               <td>$Lang::tr{'acct iban'}</td>
                                <td>
                                        <input type='text' name='txt_iban' value='$cgiparams{'txt_iban'}' style='width:25em;'></td>
                        </tr>
                        <tr>
-                               <td>$Lang::tr{'acct name1'}<img src='/blob.gif' alt='*' /></td>
+                               <td>$Lang::tr{'acct name1'}</td>
                                <td>
                                        <input type='text' name='txt_name1' value='$cgiparams{'txt_name1'}' style='width:25em;'></td>
-                               <td>$Lang::tr{'acct bic'}<img src='/blob.gif' alt='*' /></td>
+                               <td>$Lang::tr{'acct bic'}</td>
                                <td>
                                        <input type='text' name='txt_bic' maxlength='8' value='$cgiparams{'txt_bic'}' style='width:25em;'></td>
                        </tr>
                        <tr>
-                               <td>$Lang::tr{'acct str'}</td>
+                               <td>$Lang::tr{'acct str'}<img src='/blob.gif' alt='*' /></td>
                                <td align='left'>
                                        <input type='text' name='txt_str' value='$cgiparams{'txt_str'}' style='width:25em;'></td>
                                <td>$Lang::tr{'acct blz'}</td>
@@ -1148,7 +1125,7 @@ print<<END;
                                        <input type='text' name='txt_blz' maxlength='8' value='$cgiparams{'txt_blz'}' style='width:25em;'></td>
                        </tr>
                        <tr>
-                               <td>$Lang::tr{'acct str_nr'}</td>
+                               <td>$Lang::tr{'acct str_nr'}<img src='/blob.gif' alt='*' /></td>
                                <td><input type='text' name='txt_str_nr' value='$cgiparams{'txt_str_nr'}' style='width:25em;'></td>
                                <td>$Lang::tr{'acct kto'}</td>
                                <td>
@@ -1157,16 +1134,16 @@ print<<END;
 
                        
                        <tr>
-                               <td>$Lang::tr{'acct plz'}</td>
+                               <td>$Lang::tr{'acct plz'}<img src='/blob.gif' alt='*' /></td>
                                <td>
                                        <input type='text' name='txt_plz' value='$cgiparams{'txt_plz'}' style='width:25em;'></td>
-                               <td>$Lang::tr{'acct email'}</td>
+                               <td>$Lang::tr{'acct email'}<img src='/blob.gif' alt='*' /></td>
                                <td><input type='text' name='txt_email' value='$cgiparams{'txt_email'}' style='width:25em;'></td>
                        </tr>
                        <tr>
-                               <td>$Lang::tr{'acct city'}</td>
+                               <td>$Lang::tr{'acct city'}<img src='/blob.gif' alt='*' /></td>
                                <td><input type='text' name='txt_city' value='$cgiparams{'txt_city'}' style='width:25em;'></td>
-                               <td>$Lang::tr{'acct inet'}<img src='/blob.gif' alt='*' /></td>
+                               <td>$Lang::tr{'acct inet'}</td>
                                <td>
                                        <input type='text' name='txt_inet' value='$cgiparams{'txt_inet'}' style='width:25em;'></td>
                        </tr>
@@ -1180,25 +1157,25 @@ print<<END;
                        <tr>
                                <td></td>
                                <td></td>
-                               <td>$Lang::tr{'acct ustid'}</td>
+                               <td>$Lang::tr{'acct ustid'}<img src='/blob.gif' alt='*' /></td>
                                <td><input type='text' name='txt_ustid' value='$cgiparams{'txt_ustid'}' style='width:25em;'></td>
                        </tr>
                        <tr>
                                <td></td>
                                <td></td>
-                               <td>$Lang::tr{'acct tel'}<img src='/blob.gif' alt='*' /></td>
+                               <td>$Lang::tr{'acct tel'}</td>
                                <td>
                                        <input type='text' name='txt_tel' value='$cgiparams{'txt_tel'}' style='width:25em;'></td>
                        </tr>
                        <tr>
                                <td></td>
                                <td></td>
-                               <td>$Lang::tr{'acct fax'}<img src='/blob.gif' alt='*' /></td>
+                               <td>$Lang::tr{'acct fax'}</td>
                                <td>
                                        <input type='text' name='txt_fax' value='$cgiparams{'txt_fax'}' style='width:25em;'></td>
                        </tr>
                        <tr>
-                               <td colspan='6'><img src='/blob.gif' alt='*' /><font size="1">$Lang::tr{'acct optional'}</font></td>
+                               <td colspan='6'><img src='/blob.gif' alt='*' /><font size="1">$Lang::tr{'acct not optional'}</font></td>
                        </tr>
                        <tr>
 END
@@ -2175,18 +2152,6 @@ END
 }
 
 sub checkmailsettings{
-       #Check if mailserver is an ip address or a domain
-       if ($cgiparams{'txt_mailserver'} =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/){
-               if (! &General::validip($cgiparams{'txt_mailserver'})){
-                       $errormessage.="$Lang::tr{'acct invalid mailip'} $cgiparams{'txt_mailserver'}<br>";
-               }
-       }elsif(! &General::validfqdn($cgiparams{'txt_mailserver'})){
-                       $errormessage.="$Lang::tr{'acct invalid mailfqdn'} $cgiparams{'txt_mailserver'}<br>";
-       }
-       #Check valid mailserverport
-       if($cgiparams{'txt_mailport'} < 1 || $cgiparams{'txt_mailport'} > 65535){
-               $errormessage.="$Lang::tr{'acct invalid mailport'} $cgiparams{'txt_mailport'}<br>";
-       }
        #Check valid sender
        if(! $cgiparams{'txt_mailsender'}){
                $errormessage.="$Lang::tr{'acct empty field'} $Lang::tr{'acct mailsender'}<br>";
index 2110cf7..0291a9d 100644 (file)
@@ -88,9 +88,9 @@
 'acct mwst' => 'Mehrwertsteuer in %',
 'acct name1' => 'Name 1',
 'acct name2' => 'Name 2',
+'acct not optional' => 'Diese Felder sind Pflichtfelder',
 'acct nr' => 'RG-Nr.',
 'acct oldestdb' => 'Erster DB-Eintrag',
-'acct optional' => 'Diese Felder sind optional',
 'acct parameter' => 'Parameter',
 'acct path' => 'Pfad',
 'acct pdf billtxt' => 'Rechnung',
index 3e3ed19..913f2a7 100644 (file)
@@ -90,7 +90,7 @@
 'acct name2' => 'Name 2',
 'acct nr' => 'RG-No.',
 'acct oldestdb' => 'Fist DB Entry',
-'acct optional' => 'These fields are optional',
+'acct not optional' => 'These fields are required',
 'acct parameter' => 'Parameter',
 'acct path' => 'Path',
 'acct pdf billtxt' => 'Bill',
index 7222689..68eb63c 100755 (executable)
@@ -27,6 +27,8 @@
 use Time::Local;
 use File::ReadBackwards;
 use strict;
+use MIME::Lite;
+
 #use warnings;
 
 require '/var/ipfire/general-functions.pl';
@@ -62,6 +64,11 @@ my ($mini,$max)=&ACCT::getminmax;
 my $now = localtime;
 my $proxylog;
 my $proxysrv;
+my $dmafile="${General::swroot}/dma/dma.conf";
+my $authfile="${General::swroot}/dma/auth.conf";
+my $mailfile="${General::swroot}/dma/mail.conf";
+my %mail=();
+my %dma=();
 
 ########
 # Main #
@@ -69,6 +76,7 @@ my $proxysrv;
 
 &checkproxy;
 
+
 #If we have a disabled file and the proxy is off, we don't need to check anything, exit!
 if((! -f $proxyenabled || $proxylog eq $Lang::tr{'stopped'}) && -f "${General::swroot}/accounting/disabled"){
        &ACCT::logger($settings{'LOG'}," Proxy or proxylogging disabled - exiting with no data collection\n");
@@ -92,7 +100,7 @@ if (-f $proxyenabled && $proxylog eq $Lang::tr{'running'}){
        $dbh=&ACCT::connectdb;
        my $m=sprintf("%d",(localtime((time-3600)))[4]+1);
        &ACCT::logger($settings{'LOG'},"month before one hour $m, now is ".($mon+1)."\n");
-       if ($m < ($mon+1) || $m == '12' && ($mon+1) == '1'){
+       if ($m = ($mon+1) || $m == '12' && ($mon+1) == '1'){
                #Logrotate
                my $year1=$year+1900;
                system ("tar", "cfz", "/var/log/accounting-$m-$year1.tar.gz", "/var/log/accounting.log");
@@ -103,11 +111,22 @@ if (-f $proxyenabled && $proxylog eq $Lang::tr{'running'}){
                #move all db entries older than this month to second table and cumulate them daily
                &ACCT::movedbdata;
                &ACCT::logger($settings{'LOG'},"New Month. Old trafficvalues moved to ACCT_HIST Table\n");
-               if ($settings{'USEMAIL'} eq 'on'){
+               #check if mail is enabled
+               if ( -f $mailfile){
+                       &General::readhash($mailfile, \%mail);
+               }
+               if ($mail{'USEMAIL'} eq 'on'){
                        &ACCT::logger($settings{'LOG'},"Mailserver is activated - Now sending bills via mail...\n");
                        my $res=&ACCT::getbillgroups;
                        foreach my $line (@$res){
                                my ($grp) = @$line;
+                               open (FILE, "<", $dmafile) or die $!;
+                               foreach my $line (<FILE>) {
+                                       $line =~ m/^([A-Z]+)\s+?(.*)?$/;
+                                       my $key = $1;
+                                       my $val = $2;
+                                       $dma{$key}=$val;
+                               }
                                &sendbill($grp,$settings{'MWST'},$settings{'CURRENCY'});
                        }
                }else{
@@ -214,7 +233,7 @@ sub sendbill {
        $month = '0'.$actmonth if $actmonth < 10;
        $month = '12' if $actmonth == 0;
        my $actyear  = $now[5];
-       my ($from,$till)=&ACCT::getmonth($actmonth,$actyear);                                   #FIXME month and year as variables!
+       my ($from,$till)=&ACCT::getmonth($actmonth,$actyear);
        my @billar = &ACCT::GetTaValues($from,$till,$rggrp);
        my $address_cust = &ACCT::getTaAddress($rggrp,'CUST');
        my $address_host = &ACCT::getTaAddress($rggrp,'HOST');
@@ -229,23 +248,34 @@ sub sendbill {
 
        if ($back eq '0'){
                &ACCT::logger($settings{'LOG'},"Bill for $company_cust successfully created.\n");
-               my $file="'/var/ipfire/accounting/bill/$rggrp/$month-$actyear-$no.pdf'";
+               my $file="/var/ipfire/accounting/bill/$rggrp/$month-$actyear-$no.pdf";
                $settings{'MAILTXT'} =~ tr/\|/\r\n/ ;
-               my $cmd = "/usr/local/bin/sendEmail ";
-               $cmd .= " -f $settings{'MAILSENDER'}";                                                  #Sender
-               $cmd .= " -t $email";                                                                                   #Recipient
-               if ($ccmail){
-                       $cmd .= " -cc $ccmail";
-               }
-               #Send Mail via TLS?
-               if ($settings{'TLS'} eq 'on'){
-                       $cmd .= " -o tls=yes";                                                                          #TLS
-               }
-               $cmd .= " -u '$settings{'MAILSUB'}'";                                                   #Subject
-               $cmd .= " -m '$settings{'MAILTXT'}'";                                                   #Mailtext
-               $cmd .= " -s $settings{'MAILSRV'}:$settings{'MAILPORT'}";               #Mailserver:port
-               $cmd .= " -a $file";
-               my $res=system ($cmd);
+
+               #extract filename from path
+               my ($filename) = $file =~ m{([^/]+)$};
+
+               my $msg = MIME::Lite->new(
+                       From    => $mail{'SENDER'},
+                       To              => $email,
+                       Cc              => $ccmail,
+                       Subject => $settings{'MAILSUB'},
+                       Type    => 'multipart/mixed'
+               );
+
+               $msg->attach(
+                       Type    => 'TEXT',
+                       Data    => $settings{'MAILTXT'}
+               );
+
+               $msg->attach(
+                       Type            => 'application/pdf',
+                       Path            => $file,
+                       Filename        => $filename,
+                       Disposition     => 'attachment'
+               );
+
+               my $res=$msg->send_by_sendmail;
+
                if ($res == 0){
                        &ACCT::logger($settings{'LOG'},"Bill for $company_cust successfully sent.\n");
                }elsif ($res > 0){
@@ -255,13 +285,19 @@ sub sendbill {
                
        }else{
                &ACCT::logger($settings{'LOG'},"ERROR Bill for $company_cust could not be created.\n");
-               my $cmd = "/usr/local/bin/sendEmail ";
-               $cmd .= " -f $settings{'MAILSENDER'}";
-               $cmd .= " -t $settings{'MAILSENDER'}";
-               $cmd .= " -u Fehler Squid Accounting";
-               $cmd .= " -m 'Die Rechnung konnte nicht erzeugt und per Mail versendet werden' $company_cust";
-               $cmd .= " -s $settings{'MAILSRV'}:$settings{'MAILPORT'}";
-               my $res=system ($cmd);
+               my $msg = MIME::Lite->new(
+                       From    => $mail{'SENDER'},
+                       To              => $mail{'RECIPIENT'},
+                       Subject => "ERROR Squid Accounting",
+                       Type    => 'multipart/mixed'
+               );
+
+               $msg->attach(
+                       Type    => 'TEXT',
+                       Data    => "The bill could not be created for customer $company_cust"
+               );
+
+               $msg->send_by_sendmail;
                return 0;
        }
 }