#usr/share/locale/uz@Latn/LC_MESSAGES
#usr/share/locale/uz@Latn/LC_MESSAGES/ddns.mo
#usr/share/locale/vi/LC_MESSAGES/ddns.mo
+#usr/share/locale/zh
+#usr/share/locale/zh/LC_MESSAGES
+#usr/share/locale/zh/LC_MESSAGES/ddns.mo
#var/ipfire/ddns/ddns.conf.sample
etc/rc.d/init.d/networking/red.up/30-ddns
etc/rc.d/init.d/rngd
srv/web/ipfire/cgi-bin/ddns.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat
srv/web/ipfire/cgi-bin/logs.cgi/log.dat
srv/web/ipfire/cgi-bin/netexternal.cgi
--- /dev/null
+boot/config.txt
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/ovpn
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+../../../common/ddns
\ No newline at end of file
--- /dev/null
+etc/system-release
+etc/issue
+etc/rc.d/init.d/firewall
+srv/web/ipfire/cgi-bin/ddns.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
--- /dev/null
+../../../common/lzo
\ No newline at end of file
--- /dev/null
+../../../common/openssh
\ No newline at end of file
--- /dev/null
+../../../common/openssl
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+# Remove old core updates from pakfire cache to save space...
+core=80
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+/etc/init.d/ipsec stop
+
+# Remove old strongswan files
+rm -f \
+ /etc/strongswan.d/charon/unity.conf \
+ /usr/lib/ipsec/plugins/libstrongswan-unity.so \
+ /usr/share/strongswan/templates/config/plugins/unity.conf
+
+rm -f /usr/local/bin/setddns.pl
+
+# Extract files
+extract_files
+
+# Start services
+/etc/init.d/dnsmasq restart
+if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
+ /etc/init.d/ipsec start
+fi
+
+
+# Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+# Uninstall the libgpg-error package.
+rm -f \
+ /opt/pakfire/db/installed/meta-libgpg-error \
+ /opt/pakfire/db/rootfiles/libgpg-error
+
+# Fix broken proxy configuration permissions
+chown -R nobody.nobody \
+ /var/ipfire/proxy/advanced \
+ /var/ipfire/proxy/acl-1.4 \
+ /var/ipfire/proxy/enable \
+ /var/ipfire/proxy/settings \
+ /var/ipfire/proxy/squid.conf \
+ /var/ipfire/proxy/transparent
+
+# Regenerate squid configuration file
+sudo -u nobody /srv/web/ipfire/cgi-bin/proxy.cgi
+
+# Generate ddns configuration file
+sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi
+
+# Update crontab
+sed -i /var/spool/cron/root.orig -e "/setddns.pl/d"
+
+grep -q /usr/bin/ddns /var/spool/cron/root.orig || cat <<EOF >> /var/spool/cron/root.orig
+
+# Update dynamic DNS records every five minutes.
+# Force an update once a month
+*/5 * * * * [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all
+3 2 1 * * [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all --force
+EOF
+
+fcrontab -z &>/dev/null
+
+sync
+
+# This update need a reboot...
+#touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Don't report the exitcode last command
+exit 0
# Save General Settings.
#
if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
-
# Open /var/ipfire/ddns/settings for writing.
open(FILE, ">$settingsfile") or die "Unable to open $settingsfile.";
# Close file after writing.
close(FILE);
- # Unset given CGI parmas.
- undef %settings;
-
# Update ddns config file.
&GenerateDDNSConfigFile();
}
# Toggle enable/disable field. Field is in second position
#
if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
-
# Open /var/ipfire/ddns/config for writing.
open(FILE, ">$datafile") or die "Unable to open $datafile.";
# Read file line by line.
foreach my $line (@current) {
-
# Remove newlines.
chomp($line);
if ($settings{'ID'} eq $id) {
-
# Splitt lines (splitting element is a single ",") and save values into temp array.
@temp = split(/\,/,$line);
# Check if we want to toggle ENABLED or WILDCARDS.
if ($settings{'ENABLED'} ne '') {
-
# Update ENABLED.
print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$settings{'ENABLED'}\n";
}
} else {
-
# Print unmodified line.
print FILE "$line\n";
}
# Increase $id.
$id++;
}
+ undef $settings{'ID'};
# Close file after writing.
close(FILE);
- # Unset given CGI params.
- undef %settings;
-
# Write out logging notice.
&General::log($Lang::tr{'ddns hostname modified'});
# Add new accounts, or edit existing ones.
#
if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::tr{'update'})) {
-
# Check if a hostname has been given.
if ($settings{'HOSTNAME'} eq '') {
$errormessage = $Lang::tr{'hostname not set'};
# Check if a password has been typed in.
# freedns.afraid.org does not require this field.
- if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org')) {
+ if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) {
$errormessage = $Lang::tr{'password not set'};
}
# Go furter if there was no error.
- if ( ! $errormessage) {
-
+ if (!$errormessage) {
# Splitt hostname field into 2 parts for storrage.
my($hostname, $domain) = split(/\./, $settings{'HOSTNAME'}, 2);
+ # Handle enabled checkbox. When the checkbox is selected a "on" will be returned,
+ # if the checkbox is not checked nothing is returned in this case we set the value to "off".
+ if ($settings{'ENABLED'} ne 'on') {
+ $settings{'ENABLED'} = 'off';
+ }
+
# Handle adding new accounts.
if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
-
# Open /var/ipfire/ddns/config for writing.
open(FILE, ">>$datafile") or die "Unable to open $datafile.";
# Write out notice to logfile.
&General::log($Lang::tr{'ddns hostname added'});
- # Update ddns config file.
-
# Handle account edditing.
} elsif ($settings{'ACTION'} eq $Lang::tr{'update'}) {
-
# Open /var/ipfire/ddns/config for writing.
open(FILE, ">$datafile") or die "Unable to open $datafile.";
# Read file line by line.
foreach my $line (@current) {
-
if ($settings{'ID'} eq $id) {
print FILE "$settings{'SERVICE'},$hostname,$domain,$settings{'PROXY'},$settings{'WILDCARDS'},$settings{'LOGIN'},$settings{'PASSWORD'},$settings{'ENABLED'}\n";
} else {
# Write out notice to logfile.
&General::log($Lang::tr{'ddns hostname modified'});
}
-
- # Unset given CGI params.
- undef %settings;
+ undef $settings{'ID'};
# Update ddns config file.
&GenerateDDNSConfigFile();
# Remove existing accounts.
#
if ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
-
# Open /var/ipfire/ddns/config for writing.
open(FILE, ">$datafile") or die "Unable to open $datafile.";
# Read file line by line.
foreach my $line (@current) {
-
# Write back every line, except the one we want to drop
# (identified by the ID)
unless ($settings{'ID'} eq $id) {
# Increase id.
$id++;
}
+ undef $settings{'ID'};
# Close file after writing.
close(FILE);
- # Unset given CGI params.
- undef %settings;
-
# Write out notice to logfile.
&General::log($Lang::tr{'ddns hostname removed'});
# Read items for editing.
#
if ($settings{'ACTION'} eq $Lang::tr{'edit'}) {
-
my $id = 0;
my @temp;
# Read file line by line.
foreach my $line (@current) {
-
if ($settings{'ID'} eq $id) {
-
# Remove newlines.
chomp($line);
$settings{'PASSWORD'} = $temp[6];
$settings{'ENABLED'} = $temp[7];
}
- # Increase $id.
- $id++;
+ # Increase $id.
+ $id++;
}
+
+ &GenerateDDNSConfigFile();
}
#
#
# Set default values.
#
-if (! $settings{'ACTION'}) {
+if (!$settings{'ACTION'}) {
$settings{'SERVICE'} = 'dyndns.org';
$settings{'ENABLED'} = 'on';
+ $settings{'ID'} = '';
}
&Header::openpage($Lang::tr{'dynamic dns'}, 1, '');
$checked{'BEHINDROUTER'}{'FETCH_IP'} = '';
$checked{'BEHINDROUTER'}{$settings{'BEHINDROUTER'}} = "checked='checked'";
-$checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq '' ) ? '' : "checked='checked'";
+$checked{'ENABLED'}{'on'} = '';
+$checked{'ENABLED'}{'off'} = '';
+$checked{'ENABLED'}{$settings{'ENABLED'}} = "checked='checked'";
# Show box for errormessages..
if ($errormessage) {
# Change buttontext and headline if we edit an account.
if ($settings{'ACTION'} eq $Lang::tr{'edit'}) {
-
# Rename button and print headline for updating.
$buttontext = $Lang::tr{'update'};
&Header::openbox('100%', 'left', $Lang::tr{'edit an existing host'});
} else {
-
# Otherwise use default button text and show headline for adding a new account.
&Header::openbox('100%', 'left', $Lang::tr{'add a host'});
}
print <<END
-
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ID' value='$settings{'ID'}' />
<table width='100%'>
# Loop to print the providerlist.
foreach my $provider (@providers) {
-
# Check if the current provider needs to be selected.
if ($provider eq $settings{'SERVICE'}) {
$selected = 'selected';
<tr>
<td class='base'>$Lang::tr{'enabled'}</td>
- <td><input type='checkbox' name='ENABLED' value='on' $checked{'ENABLED'}{'on'} /></td>
+ <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
<td class='base'>$Lang::tr{'username'}</td>
<td><input type='text' name='LOGIN' value='$settings{'LOGIN'}' /></td>
</tr>
chomp(@current);
my @temp = split(/\,/,$line);
+ # Handle hostname details. Only connect the values with a dott if both are available.
+ my $hostname="";
+
+ if (($temp[1]) && ($temp[2])) {
+ $hostname="$temp[1].$temp[2]";
+ } else {
+ $hostname="$temp[1]";
+ }
+
# Generate value for enable/disable checkbox.
- my $sync = "<font color='blue'>";
+ my $sync = '';
my $gif = '';
my $gdesc = '';
if ($temp[7] eq "on") {
$gif = 'on.gif';
$gdesc = $Lang::tr{'click to disable'};
- $sync = (&General::DyndnsServiceSync ($ip,$temp[1], $temp[2]) ? "<font color='green'>": "<font color='red'>") ;
+
+ # Check if the given hostname is a FQDN before doing a nslookup.
+ if (&General::validfqdn($hostname)) {
+ $sync = (&General::DyndnsServiceSync ($ip,$temp[1], $temp[2]) ? "<font color='green'>": "<font color='red'>") ;
+ }
+
$toggle_enabled = 'off';
} else {
+ $sync = "<font color='blue'>";
$gif = 'off.gif';
$gdesc = $Lang::tr{'click to enable'};
$toggle_enabled = 'on';
while (<SETTINGS>) {
my $line = $_;
+ chomp($line);
# Generate array based on the line content (seperator is a single or multiple space's)
my @settings = split(/,/, $line);
next unless ($provider ~~ @providers);
# Skip disabled entries.
- next if ($enabled eq "off");
+ next unless ($enabled eq "on");
# Handle hostname details. Only connect the values with a dott if both are available.
if (($hostname) && ($domain)) {
if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com"] && $username eq "token") {
$use_token = 1;
- # Handle token auth for freedns.afraid.org.
- } elsif ($provider eq "freedns.afraid.org" && $password eq "") {
+ # Handle token auth for freedns.afraid.org and regfish.com.
+ } elsif ($provider ~~ ["freedns.afraid.org", "regfish.com"] && $password eq "") {
$use_token = 1;
$password = $username;
####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') {
- $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2961.tar.gz/$snortsettings{'OINKCODE'}";
+ $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'registered') {
- $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/$snortsettings{'OINKCODE'}";
+ $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'community') {
- $url=" http://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz";
+ $url=" https://www.snort.org/rules/community";
} else {
$url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
}
DIR_APP = $(DIR_SRC)/check_mk-${VER}
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = check_mk_agent
-PAK_VER = 3
+PAK_VER = 4
DEPS = ""
include Config
-VER = 003
+VER = 004
THISAPP = ddns-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9ff8ab5fa716859b51f63b0a241f1337
+$(DL_FILE)_MD5 = ff77cb72d0cb06c73bde70419b15bae8
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch
-
cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh
cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/var/ipfire
cd $(DIR_APP) && make $(MAKETUNING)
include Config
-VER = 2.08
+VER = 2.06
THISAPP = lzo-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = fcec64c26a0f4f4901468f360029678f
+$(DL_FILE)_MD5 = 95380bd4081f85ef08c5209f4107e9f8
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lzo-2.06-CVE-2014-4607.patch
cd $(DIR_APP) && ./configure --prefix=/usr --enable-shared
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
include Config
-VER = 1.0.1h
+VER = 1.0.1i
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8d6d684a9430d5cc98a62a5d8fbda8cf
+$(DL_FILE)_MD5 = c8dc151a671b9b92ff3e4c118b174972
install : $(TARGET)
include Config
-VER = 0.2.4.22
+VER = 0.2.4.23
THISAPP = tor-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tor
-PAK_VER = 7
+PAK_VER = 8
DEPS = "libevent2"
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5a7eee0d9df87233255d78b25c6f8270
+$(DL_FILE)_MD5 = 9e39928e310612c3bffee727f554c63f
install : $(TARGET)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.15" # Version number
-CORE="80" # Core Level (Filename)
-PAKFIRE_CORE="80" # Core Level (PAKFIRE)
+CORE="81" # Core Level (Filename)
+PAKFIRE_CORE="81" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
############################################################################
#
. /opt/pakfire/lib/functions.sh
+extract_backup_includes
make_backup ${NAME}
remove_files
+++ /dev/null
-From 21fd4b8d26d01d622185ab8de971a9ee934220a3 Mon Sep 17 00:00:00 2001
-From: Michael Tremer <michael.tremer@ipfire.org>
-Date: Thu, 24 Jul 2014 13:23:36 +0200
-Subject: [PATCH] Add a program prefix to syslog messages.
-
----
- src/ddns/__init__.py | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/ddns/__init__.py b/src/ddns/__init__.py
-index 22764e6..6fe3a33 100644
---- a/src/ddns/__init__.py
-+++ b/src/ddns/__init__.py
-@@ -42,6 +42,8 @@ def setup_logging():
- handler = logging.handlers.SysLogHandler(address="/dev/log",
- facility=logging.handlers.SysLogHandler.LOG_DAEMON
- )
-+ formatter = logging.Formatter("ddns[%(process)d]: %(message)s")
-+ handler.setFormatter(formatter)
- handler.setLevel(logging.INFO)
- rootlogger.addHandler(handler)
-
---
-1.9.3
-
--- /dev/null
+diff --git a/minilzo/minilzo.c b/minilzo/minilzo.c
+index 34ce0f0..ecfdf66 100644
+--- a/minilzo/minilzo.c
++++ b/minilzo/minilzo.c
+@@ -3547,6 +3547,8 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len,
+ #undef TEST_LBO
+ #undef NEED_IP
+ #undef NEED_OP
++#undef TEST_IV
++#undef TEST_OV
+ #undef HAVE_TEST_IP
+ #undef HAVE_TEST_OP
+ #undef HAVE_NEED_IP
+@@ -3561,6 +3563,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len,
+ # if (LZO_TEST_OVERRUN_INPUT >= 2)
+ # define NEED_IP(x) \
+ if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun
++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun
+ # endif
+ #endif
+
+@@ -3572,6 +3575,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len,
+ # undef TEST_OP
+ # define NEED_OP(x) \
+ if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun
++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun
+ # endif
+ #endif
+
+@@ -3602,11 +3606,13 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len,
+ # define HAVE_NEED_IP 1
+ #else
+ # define NEED_IP(x) ((void) 0)
++# define TEST_IV(x) ((void) 0)
+ #endif
+ #if defined(NEED_OP)
+ # define HAVE_NEED_OP 1
+ #else
+ # define NEED_OP(x) ((void) 0)
++# define TEST_OV(x) ((void) 0)
+ #endif
+
+ #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP)
+@@ -3687,6 +3693,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len,
+ {
+ t += 255;
+ ip++;
++ TEST_IV(t);
+ NEED_IP(1);
+ }
+ t += 15 + *ip++;
+@@ -3835,6 +3842,7 @@ match:
+ {
+ t += 255;
+ ip++;
++ TEST_OV(t);
+ NEED_IP(1);
+ }
+ t += 31 + *ip++;
+@@ -3879,6 +3887,7 @@ match:
+ {
+ t += 255;
+ ip++;
++ TEST_OV(t);
+ NEED_IP(1);
+ }
+ t += 7 + *ip++;
+@@ -4073,6 +4082,8 @@ lookbehind_overrun:
+ #undef TEST_LBO
+ #undef NEED_IP
+ #undef NEED_OP
++#undef TEST_IV
++#undef TEST_OV
+ #undef HAVE_TEST_IP
+ #undef HAVE_TEST_OP
+ #undef HAVE_NEED_IP
+@@ -4087,6 +4098,7 @@ lookbehind_overrun:
+ # if (LZO_TEST_OVERRUN_INPUT >= 2)
+ # define NEED_IP(x) \
+ if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun
++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun
+ # endif
+ #endif
+
+@@ -4098,6 +4110,7 @@ lookbehind_overrun:
+ # undef TEST_OP
+ # define NEED_OP(x) \
+ if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun
++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun
+ # endif
+ #endif
+
+@@ -4128,11 +4141,13 @@ lookbehind_overrun:
+ # define HAVE_NEED_IP 1
+ #else
+ # define NEED_IP(x) ((void) 0)
++# define TEST_IV(x) ((void) 0)
+ #endif
+ #if defined(NEED_OP)
+ # define HAVE_NEED_OP 1
+ #else
+ # define NEED_OP(x) ((void) 0)
++# define TEST_OV(x) ((void) 0)
+ #endif
+
+ #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP)
+@@ -4213,6 +4228,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len,
+ {
+ t += 255;
+ ip++;
++ TEST_IV(t);
+ NEED_IP(1);
+ }
+ t += 15 + *ip++;
+@@ -4361,6 +4377,7 @@ match:
+ {
+ t += 255;
+ ip++;
++ TEST_OV(t);
+ NEED_IP(1);
+ }
+ t += 31 + *ip++;
+@@ -4405,6 +4422,7 @@ match:
+ {
+ t += 255;
+ ip++;
++ TEST_OV(t);
+ NEED_IP(1);
+ }
+ t += 7 + *ip++;
+diff --git a/src/lzo1_d.ch b/src/lzo1_d.ch
+index 40a5bfd..c442d9c 100644
+--- a/src/lzo1_d.ch
++++ b/src/lzo1_d.ch
+@@ -76,6 +76,8 @@
+ #undef TEST_LBO
+ #undef NEED_IP
+ #undef NEED_OP
++#undef TEST_IV
++#undef TEST_OV
+ #undef HAVE_TEST_IP
+ #undef HAVE_TEST_OP
+ #undef HAVE_NEED_IP
+@@ -91,6 +93,7 @@
+ # if (LZO_TEST_OVERRUN_INPUT >= 2)
+ # define NEED_IP(x) \
+ if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun
++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun
+ # endif
+ #endif
+
+@@ -102,6 +105,7 @@
+ # undef TEST_OP /* don't need both of the tests here */
+ # define NEED_OP(x) \
+ if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun
++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun
+ # endif
+ #endif
+
+@@ -135,11 +139,13 @@
+ # define HAVE_NEED_IP 1
+ #else
+ # define NEED_IP(x) ((void) 0)
++# define TEST_IV(x) ((void) 0)
+ #endif
+ #if defined(NEED_OP)
+ # define HAVE_NEED_OP 1
+ #else
+ # define NEED_OP(x) ((void) 0)
++# define TEST_OV(x) ((void) 0)
+ #endif
+
+
+diff --git a/src/lzo1b_d.ch b/src/lzo1b_d.ch
+index fe5f361..36b4b6b 100644
+--- a/src/lzo1b_d.ch
++++ b/src/lzo1b_d.ch
+@@ -187,6 +187,7 @@ match:
+ {
+ t += 255;
+ ip++;
++ TEST_OV(t);
+ NEED_IP(1);
+ }
+ t += (M4_MIN_LEN - M3_MIN_LEN) + *ip++;
+diff --git a/src/lzo1f_d.ch b/src/lzo1f_d.ch
+index 9e942f5..0c2199e 100644
+--- a/src/lzo1f_d.ch
++++ b/src/lzo1f_d.ch
+@@ -84,6 +84,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len,
+ {
+ t += 255;
+ ip++;
++ TEST_IV(t);
+ NEED_IP(1);
+ }
+ t += 31 + *ip++;
+@@ -138,6 +139,7 @@ match:
+ {
+ t += 255;
+ ip++;
++ TEST_OV(t);
+ NEED_IP(1);
+ }
+ t += 31 + *ip++;
+diff --git a/src/lzo1x_d.ch b/src/lzo1x_d.ch
+index 49cf326..c804cc7 100644
+--- a/src/lzo1x_d.ch
++++ b/src/lzo1x_d.ch
+@@ -120,6 +120,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len,
+ {
+ t += 255;
+ ip++;
++ TEST_IV(t);
+ NEED_IP(1);
+ }
+ t += 15 + *ip++;
+@@ -273,6 +274,7 @@ match:
+ {
+ t += 255;
+ ip++;
++ TEST_OV(t);
+ NEED_IP(1);
+ }
+ t += 31 + *ip++;
+@@ -317,6 +319,7 @@ match:
+ {
+ t += 255;
+ ip++;
++ TEST_OV(t);
+ NEED_IP(1);
+ }
+ t += 7 + *ip++;
+diff --git a/src/lzo2a_d.ch b/src/lzo2a_d.ch
+index 48e51ca..954f07e 100644
+--- a/src/lzo2a_d.ch
++++ b/src/lzo2a_d.ch
+@@ -131,6 +131,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len,
+ {
+ t += 255;
+ ip++;
++ TEST_OV(t);
+ NEED_IP(1);
+ }
+ t += *ip++;