--- /dev/null
+/var/log/asterisk/messages /var/log/asterisk/full /var/log/asterisk/security /var/log/asterisk/*_log {
+ weekly
+ missingok
+ rotate 4
+ sharedscripts
+ postrotate
+ /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null
+ endscript
+}
+++ /dev/null
-MENUSELECT_ADDONS=format_mp3
-MENUSELECT_APPS=app_flash app_meetme app_page app_dahdiras app_fax app_jack app_osplookup app_dahdibarge
-MENUSELECT_BRIDGES=
-MENUSELECT_CDR=cdr_adaptive_odbc cdr_odbc cdr_pgsql cdr_radius cdr_tds cdr_sqlite
-MENUSELECT_CEL=cel_odbc cel_pgsql cel_radius cel_tds
-MENUSELECT_CHANNELS=chan_dahdi chan_console chan_gtalk chan_jingle chan_misdn chan_nbs chan_vpb chan_h323
-MENUSELECT_CODECS=codec_dahdi codec_resample codec_speex
-MENUSELECT_FORMATS=
-MENUSELECT_FUNCS=func_odbc func_speex
-MENUSELECT_PBX=pbx_lua
-MENUSELECT_RES=res_calendar_caldav res_calendar_ews res_calendar_exchange res_calendar_icalendar res_config_odbc res_http_post res_odbc res_srtp res_timing_dahdi res_ais res_config_pgsql res_config_sqlite res_jabber res_timing_kqueue
-MENUSELECT_TESTS=test_acl test_amihooks test_aoc test_app test_ast_format_str_reduce test_astobj2 test_config test_db test_devicestate test_dlinklists test_event test_expr test_func_file test_gosub test_heap test_linkedlists test_locale test_logger test_netsock2 test_pbx test_poll test_sched test_security_events test_skel test_stringfields test_strings test_substitution test_time test_utils
-MENUSELECT_CFLAGS=LOADABLE_MODULES
-MENUSELECT_OPTS_app_voicemail=FILE_STORAGE
-MENUSELECT_UTILS=astcanary aelparse astman check_expr check_expr2 conf2ael hashtest hashtest2 muted refcounter smsq stereorize streamplayer
-MENUSELECT_AGIS=
-MENUSELECT_EMBED=
-MENUSELECT_CORE_SOUNDS=CORE-SOUNDS-EN-GSM
-MENUSELECT_MOH=MOH-OPSOUND-GSM
-MENUSELECT_EXTRA_SOUNDS=EXTRA-SOUNDS-EN-GSM
-MENUSELECT_BUILD_DEPS=chan_local app_voicemail res_monitor res_agi res_adsi res_smdi res_crypto res_pktccops res_ael_share res_fax G711_NEW_ALGORITHM
-MENUSELECT_DEPSFAILED=MENUSELECT_APPS=app_flash
-MENUSELECT_DEPSFAILED=MENUSELECT_APPS=app_meetme
-MENUSELECT_DEPSFAILED=MENUSELECT_APPS=app_page
-MENUSELECT_DEPSFAILED=MENUSELECT_APPS=app_dahdiras
-MENUSELECT_DEPSFAILED=MENUSELECT_APPS=app_jack
-MENUSELECT_DEPSFAILED=MENUSELECT_APPS=app_osplookup
-MENUSELECT_DEPSFAILED=MENUSELECT_APPS=app_dahdibarge
-MENUSELECT_DEPSFAILED=MENUSELECT_CDR=cdr_adaptive_odbc
-MENUSELECT_DEPSFAILED=MENUSELECT_CDR=cdr_odbc
-MENUSELECT_DEPSFAILED=MENUSELECT_CDR=cdr_pgsql
-MENUSELECT_DEPSFAILED=MENUSELECT_CDR=cdr_radius
-MENUSELECT_DEPSFAILED=MENUSELECT_CDR=cdr_tds
-MENUSELECT_DEPSFAILED=MENUSELECT_CDR=cdr_sqlite
-MENUSELECT_DEPSFAILED=MENUSELECT_CEL=cel_odbc
-MENUSELECT_DEPSFAILED=MENUSELECT_CEL=cel_pgsql
-MENUSELECT_DEPSFAILED=MENUSELECT_CEL=cel_radius
-MENUSELECT_DEPSFAILED=MENUSELECT_CEL=cel_tds
-MENUSELECT_DEPSFAILED=MENUSELECT_CHANNELS=chan_dahdi
-MENUSELECT_DEPSFAILED=MENUSELECT_CHANNELS=chan_console
-MENUSELECT_DEPSFAILED=MENUSELECT_CHANNELS=chan_gtalk
-MENUSELECT_DEPSFAILED=MENUSELECT_CHANNELS=chan_jingle
-MENUSELECT_DEPSFAILED=MENUSELECT_CHANNELS=chan_misdn
-MENUSELECT_DEPSFAILED=MENUSELECT_CHANNELS=chan_nbs
-MENUSELECT_DEPSFAILED=MENUSELECT_CHANNELS=chan_vpb
-MENUSELECT_DEPSFAILED=MENUSELECT_CHANNELS=chan_h323
-MENUSELECT_DEPSFAILED=MENUSELECT_CODECS=codec_dahdi
-MENUSELECT_DEPSFAILED=MENUSELECT_CODECS=codec_resample
-MENUSELECT_DEPSFAILED=MENUSELECT_CODECS=codec_speex
-MENUSELECT_DEPSFAILED=MENUSELECT_FUNCS=func_odbc
-MENUSELECT_DEPSFAILED=MENUSELECT_FUNCS=func_speex
-MENUSELECT_DEPSFAILED=MENUSELECT_PBX=pbx_lua
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_calendar_caldav
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_calendar_ews
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_calendar_exchange
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_calendar_icalendar
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_config_odbc
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_http_post
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_odbc
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_srtp
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_timing_dahdi
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_ais
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_config_pgsql
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_config_sqlite
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_jabber
-MENUSELECT_DEPSFAILED=MENUSELECT_RES=res_timing_kqueue
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_acl
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_amihooks
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_aoc
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_app
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_ast_format_str_reduce
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_astobj2
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_config
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_db
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_devicestate
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_dlinklists
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_event
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_expr
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_func_file
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_gosub
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_heap
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_linkedlists
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_locale
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_logger
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_netsock2
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_pbx
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_poll
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_sched
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_security_events
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_skel
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_stringfields
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_strings
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_substitution
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_time
-MENUSELECT_DEPSFAILED=MENUSELECT_TESTS=test_utils
-MENUSELECT_DEPSFAILED=MENUSELECT_CFLAGS=BUILD_NATIVE
+++ /dev/null
-ktiv;Mon;Tue;Wed;Thu;Fri;;;05:00\r
-Channel: SIP/536\r
-MaxRetries: 3\r
-RetryTime: 45\r
-WaitTime: 30\r
-Context: service\r
-Extension: 609\r
-Callerid: WakeUP <536>\r
+++ /dev/null
-Aktiv;Mon;Tue;Wed;Thu;Fri;Sat;Sun;05:00\r
-Channel: SIP/536\r
-MaxRetries: 3\r
-RetryTime: 45\r
-WaitTime: 30\r
-Context: service\r
-Extension: 609\r
-Callerid: WakeUP <536>\r
+++ /dev/null
-#!/bin/bash
-
-CALL_P=/var/spool/asterisk/outgoing/
-SOURCE=/var/ipfire/asterisk/wakeup/source/
-TMP=/var/ipfire/asterisk/wakeup/tmp/
-EXT=".call"
-DAY=$(/bin/date '+%a')
-NOW=$(/bin/date '+%H:%M')
-
-for f in $(/bin/find ${SOURCE} -type f -name "*${EXT}")
-do
- if $(/bin/head -1 $f | /bin/egrep -i -q "aktiv")
- then
- if [ "${1}#" = "debug#" ]; then echo "File Aktiv"; fi
- BASEN=$(/usr/bin/basename $f)
- if $(/bin/head -1 $f | /bin/egrep -i -q "${DAY}")
- then
- if [ "${1}#" = "debug#" ]; then echo "Tag vorhanden in ${BASEN}"; fi
- NOW2=$(cat $f | head -1 | sed 's/.*;//g' | sed 's/\r//g')
- if test "${NOW}#" = "${NOW2}#"
- then
- if [ "${1}#" = "debug#" ]; then echo "Weckruf wird gestartet"; fi
- LAENG=$(wc -l $f)
- if [ "${1}#" = "debug#" ]; then echo "/usr/bin/tail -n$(( ${LAENG%% *}-1 )) $f >${TMP}${BASEN}"; else /usr/bin/tail -n$(( ${LAENG%% *}-1 )) $f >${TMP}${BASEN}; fi
- if [ "${1}#" = "debug#" ]; then echo /bin/mv ${TMP}${BASEN} ${CALL_P}; else /bin/mv ${TMP}${BASEN} ${CALL_P}; fi
- else if [ "${1}#" = "debug#" ]; then echo "Tag ok aber Zeit noch nicht #${NOW}!=${NOW2}#"; fi
- fi
- else if [ "${1}#" = "debug#" ]; then echo "Tag nicht vorhanden in ${f}"; fi
- fi
- else if [ "${1}#" = "debug#" ]; then echo "File ${f} nicht aktiv"; fi
- fi
-done
-
-# /usr/bin/logger -t ipfire Asterisk Wakeup Run
-
-# wenn als erster Parameter debug mit gegeben wird, wird alles nur via echo behandelt
-# Infos unter: http://www.das-asterisk-buch.de/unstable/call-file.html
-# oder: http://www.voip-info.org/wiki-Asterisk+auto-dial+out
-
-##EOF##
--- /dev/null
+/etc/monitrc
+/etc/monit.d
+++ /dev/null
-/opt/teamspeak/bad_names.txt
-/opt/teamspeak/server.dbs
-/opt/teamspeak/server.ini
-/opt/teamspeak/server.log
-/opt/teamspeak/whitelist.txt
-
-
print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
}
+sub updatevpngraph {
+ my $interface = $_[0];
+ my $period = $_[1];
+ RRDs::graph(
+ "-",
+ "--start",
+ "-1".$period,
+ "-aPNG",
+ "-i",
+ "-z",
+ "-W www.ipfire.org",
+ "--alt-y-grid",
+ "-w 600",
+ "-h 125",
+ "-r",
+ "-t ".$Lang::tr{'traffic on'}." ".$interface." ".$Lang::tr{'graph per'}." ".$Lang::tr{$period."-graph"},
+ "-v ".$Lang::tr{'bytes per second'},
+ "--color=SHADEA".$color{"color19"},
+ "--color=SHADEB".$color{"color19"},
+ "--color=BACK".$color{"color21"},
+ "DEF:incoming=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive.rrd:rx:AVERAGE",
+ "DEF:outgoing=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive.rrd:tx:AVERAGE",
+ "CDEF:outgoingn=outgoing,-1,*",
+ "COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+ "AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+ "GPRINT:incoming:MAX:%8.1lf %sBps",
+ "GPRINT:incoming:AVERAGE:%8.1lf %sBps",
+ "GPRINT:incoming:MIN:%8.1lf %sBps",
+ "GPRINT:incoming:LAST:%8.1lf %sBps\\j",
+ "AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+ "GPRINT:outgoing:MAX:%8.1lf %sBps",
+ "GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
+ "GPRINT:outgoing:MIN:%8.1lf %sBps",
+ "GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
+ );
+ $ERROR = RRDs::error;
+ print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
+}
+
+sub updatevpnn2ngraph {
+ my $interface = $_[0];
+ my $period = $_[1];
+ RRDs::graph(
+ "-",
+ "--start",
+ "-1".$period,
+ "-aPNG",
+ "-i",
+ "-z",
+ "-W www.ipfire.org",
+ "--alt-y-grid",
+ "-w 600",
+ "-h 125",
+ "-r",
+ "-t ".$Lang::tr{'traffic on'}." ".$interface." ".$Lang::tr{'graph per'}." ".$Lang::tr{$period."-graph"},
+ "-v ".$Lang::tr{'bytes per second'},
+ "--color=SHADEA".$color{"color19"},
+ "--color=SHADEB".$color{"color19"},
+ "--color=BACK".$color{"color21"},
+ "DEF:incoming=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-traffic.rrd:rx:AVERAGE",
+ "DEF:outgoing=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-traffic.rrd:tx:AVERAGE",
+ "DEF:overhead_in=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-overhead.rrd:rx:AVERAGE",
+ "DEF:overhead_out=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-overhead.rrd:tx:AVERAGE",
+ "DEF:compression_in=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/compression_derive-data_in.rrd:uncompressed:AVERAGE",
+ "DEF:compression_out=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/compression_derive-data_out.rrd:uncompressed:AVERAGE",
+ "CDEF:outgoingn=outgoing,-1,*",
+ "CDEF:overhead_outn=overhead_out,-1,*",
+ "CDEF:compression_outn=compression_out,-1,*",
+ "COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+ "AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+ "GPRINT:incoming:MAX:%8.1lf %sBps",
+ "GPRINT:incoming:AVERAGE:%8.1lf %sBps",
+ "GPRINT:incoming:MIN:%8.1lf %sBps",
+ "GPRINT:incoming:LAST:%8.1lf %sBps\\j",
+ "STACK:overhead_in#116B11:".sprintf("%-20s",$Lang::tr{'incoming overhead in bytes per second'}),
+ "GPRINT:overhead_in:MAX:%8.1lf %sBps",
+ "GPRINT:overhead_in:AVERAGE:%8.1lf %sBps",
+ "GPRINT:overhead_in:MIN:%8.1lf %sBps",
+ "GPRINT:overhead_in:LAST:%8.1lf %sBps\\j",
+ "LINE1:compression_in#ff00ff:".sprintf("%-20s",$Lang::tr{'incoming compression in bytes per second'}),
+ "GPRINT:compression_in:MAX:%8.1lf %sBps",
+ "GPRINT:compression_in:AVERAGE:%8.1lf %sBps",
+ "GPRINT:compression_in:MIN:%8.1lf %sBps",
+ "GPRINT:compression_in:LAST:%8.1lf %sBps\\j",
+ "AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+ "GPRINT:outgoing:MAX:%8.1lf %sBps",
+ "GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
+ "GPRINT:outgoing:MIN:%8.1lf %sBps",
+ "GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
+ "STACK:overhead_outn#870C0C:".sprintf("%-20s",$Lang::tr{'outgoing overhead in bytes per second'}),
+ "GPRINT:overhead_out:MAX:%8.1lf %sBps",
+ "GPRINT:overhead_out:AVERAGE:%8.1lf %sBps",
+ "GPRINT:overhead_out:MIN:%8.1lf %sBps",
+ "GPRINT:overhead_out:LAST:%8.1lf %sBps\\j",
+ "LINE1:compression_outn#000000:".sprintf("%-20s",$Lang::tr{'outgoing compression in bytes per second'}),
+ "GPRINT:compression_out:MAX:%8.1lf %sBps",
+ "GPRINT:compression_out:AVERAGE:%8.1lf %sBps",
+ "GPRINT:compression_out:MIN:%8.1lf %sBps",
+ "GPRINT:compression_out:LAST:%8.1lf %sBps\\j",
+ );
+ $ERROR = RRDs::error;
+ print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
+}
+
# Generate the Firewall Graph for the current period of time for values given by collecd
sub updatefwhitsgraph {
#include "/etc/collectd.thermal"
include "/etc/collectd.custom"
+include "/etc/collectd.vpn"
--- /dev/null
+LoadPlugin openvpn
+
+<Plugin openvpn>
+StatusFile "/var/run/ovpnserver.log"
+</Plugin>
'title' => "$Lang::tr{'network other'}",
'enabled' => 1,
};
+ $substatus->{'53.networkovpn'} = {
+ 'caption' => "$Lang::tr{'openvpn client'}",
+ 'uri' => '/cgi-bin/netovpnrw.cgi',
+ 'title' => "$Lang::tr{'openvpn client'}",
+ 'enabled' => 1,
+ };
+ $substatus->{'54.networkovpnsrv'} = {
+ 'caption' => "$Lang::tr{'openvpn server'}",
+ 'uri' => '/cgi-bin/netovpnsrv.cgi',
+ 'title' => "$Lang::tr{'openvpn server'}",
+ 'enabled' => 1,
+ };
$substatus->{'60.hardwaregraphs'} = {
'caption' => "$Lang::tr{'hardware graphs'}",
'uri' => '/cgi-bin/hardwaregraphs.cgi',
--- /dev/null
+###############################################################################
+## Monit control file
+###############################################################################
+##
+## Comments begin with a '#' and extend through the end of the line. Keywords
+## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
+##
+## Below you will find examples of some frequently used statements. For
+## information about the control file and a complete list of statements and
+## options, please have a look in the Monit manual.
+##
+##
+###############################################################################
+## Global section
+###############################################################################
+##
+## Start Monit in the background (run as a daemon):
+#
+set daemon 60 # check services at 1-minute intervals
+# with start delay 240 # optional: delay the first check by 4-minutes (by
+# # default Monit check immediately after Monit start)
+#
+#
+## Set syslog logging with the 'daemon' facility. If the FACILITY option is
+## omitted, Monit will use 'user' facility by default. If you want to log to
+## a standalone log file instead, specify the full path to the log file
+#
+set logfile syslog facility log_daemon
+#
+#
+## Set the location of the Monit lock file which stores the process id of the
+## running Monit instance. By default this file is stored in $HOME/.monit.pid
+#
+set pidfile /var/run/monit.pid
+#
+## Set the location of the Monit id file which stores the unique id for the
+## Monit instance. The id is generated and stored on first Monit start. By
+## default the file is placed in $HOME/.monit.id.
+#
+set idfile /var/lib/monit/id
+#
+## Set the location of the Monit state file which saves monitoring states
+## on each cycle. By default the file is placed in $HOME/.monit.state. If
+## the state file is stored on a persistent filesystem, Monit will recover
+## the monitoring state across reboots. If it is on temporary filesystem, the
+## state will be lost on reboot which may be convenient in some situations.
+#
+set statefile /var/lib/monit/state
+#
+## Set the list of mail servers for alert delivery. Multiple servers may be
+## specified using a comma separator. If the first mail server fails, Monit
+# will use the second mail server in the list and so on. By default Monit uses
+# port 25 - it is possible to override this with the PORT option.
+#
+# set mailserver mail.bar.baz, # primary mailserver
+# backup.bar.baz port 10025, # backup mailserver on port 10025
+# localhost # fallback relay
+#
+#
+## By default Monit will drop alert events if no mail servers are available.
+## If you want to keep the alerts for later delivery retry, you can use the
+## EVENTQUEUE statement. The base directory where undelivered alerts will be
+## stored is specified by the BASEDIR option. You can limit the queue size
+## by using the SLOTS option (if omitted, the queue is limited by space
+## available in the back end filesystem).
+#
+set eventqueue
+ basedir /var/lib/monit # set the base directory where events will be stored
+ slots 100 # optionally limit the queue size
+#
+#
+## Send status and events to M/Monit (for more informations about M/Monit
+## see http://mmonit.com/). By default Monit registers credentials with
+## M/Monit so M/Monit can smoothly communicate back to Monit and you don't
+## have to register Monit credentials manually in M/Monit. It is possible to
+## disable credential registration using the commented out option below.
+## Though, if safety is a concern we recommend instead using https when
+## communicating with M/Monit and send credentials encrypted.
+#
+# set mmonit http://monit:monit@192.168.1.10:8080/collector
+# # and register without credentials # Don't register credentials
+#
+#
+## Monit by default uses the following format for alerts if the the mail-format
+## statement is missing::
+## --8<--
+## set mail-format {
+## from: monit@$HOST
+## subject: monit alert -- $EVENT $SERVICE
+## message: $EVENT Service $SERVICE
+## Date: $DATE
+## Action: $ACTION
+## Host: $HOST
+## Description: $DESCRIPTION
+##
+## Your faithful employee,
+## Monit
+## }
+## --8<--
+##
+## You can override this message format or parts of it, such as subject
+## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
+## are expanded at runtime. For example, to override the sender, use:
+#
+# set mail-format { from: monit@foo.bar }a
+#
+#
+## You can set alert recipients whom will receive alerts if/when a
+## service defined in this file has errors. Alerts may be restricted on
+## events by using a filter as in the second example below.
+#
+# set alert sysadm@foo.bar # receive all alerts
+## Do not alert when Monit start, stop or perform a user initiated action.
+## This filter is recommended to avoid getting alerts for trivial cases
+# set alert your-name@your.domain not on { instance, action }
+#
+#
+## Monit has an embedded web server which can be used to view status of
+## services monitored and manage services from a web interface. See the
+## Monit Wiki if you want to enable SSL for the web server.
+#
+set httpd port 2812 and
+ use address localhost # only accept connection from localhost
+ allow localhost # allow localhost to connect to the server and
+# allow admin:monit # require user 'admin' with password 'monit'
+# allow @monit # allow users of group 'monit' to connect (rw)
+# allow @users readonly # allow users of group 'users' to connect readonly
+
+###############################################################################
+## Services
+###############################################################################
+##
+## Check general system resources such as load average, cpu and memory
+## usage. Each test specifies a resource, conditions and the action to be
+## performed should a test fail.
+#
+# check system myhost.mydomain.tld
+# if loadavg (1min) > 4 then alert
+# if loadavg (5min) > 2 then alert
+# if memory usage > 75% then alert
+# if swap usage > 25% then alert
+# if cpu usage (user) > 70% then alert
+# if cpu usage (system) > 30% then alert
+# if cpu usage (wait) > 20% then alert
+#
+#
+## Check if a file exists, checksum, permissions, uid and gid. In addition
+## to alert recipients in the global section, customized alert can be sent to
+## additional recipients by specifying a local alert handler. The service may
+## be grouped using the GROUP option. More than one group can be specified by
+## repeating the 'group name' statement.
+#
+# check file apache_bin with path /usr/local/apache/bin/httpd
+# if failed checksum and
+# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
+# if failed permission 755 then unmonitor
+# if failed uid root then unmonitor
+# if failed gid root then unmonitor
+# alert security@foo.bar on {
+# checksum, permission, uid, gid, unmonitor
+# } with the mail-format { subject: Alarm! }
+# group server
+#
+#
+## Check that a process is running, in this case Apache, and that it respond
+## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
+## and number of children. If the process is not running, Monit will restart
+## it by default. In case the service is restarted very often and the
+## problem remains, it is possible to disable monitoring using the TIMEOUT
+## statement. This service depends on another service (apache_bin) which
+## is defined above.
+#
+# check process apache with pidfile /usr/local/apache/logs/httpd.pid
+# start program = "/etc/init.d/httpd start" with timeout 60 seconds
+# stop program = "/etc/init.d/httpd stop"
+# if cpu > 60% for 2 cycles then alert
+# if cpu > 80% for 5 cycles then restart
+# if totalmem > 200.0 MB for 5 cycles then restart
+# if children > 250 then restart
+# if loadavg(5min) greater than 10 for 8 cycles then stop
+# if failed host www.tildeslash.com port 80 protocol http
+# and request "/somefile.html"
+# then restart
+# if failed port 443 type tcpssl protocol http
+# with timeout 15 seconds
+# then restart
+# if 3 restarts within 5 cycles then timeout
+# depends on apache_bin
+# group server
+#
+#
+## Check filesystem permissions, uid, gid, space and inode usage. Other services,
+## such as databases, may depend on this resource and an automatically graceful
+## stop may be cascaded to them before the filesystem will become full and data
+## lost.
+#
+# check filesystem datafs with path /dev/sdb1
+# start program = "/bin/mount /data"
+# stop program = "/bin/umount /data"
+# if failed permission 660 then unmonitor
+# if failed uid root then unmonitor
+# if failed gid disk then unmonitor
+# if space usage > 80% for 5 times within 15 cycles then alert
+# if space usage > 99% then stop
+# if inode usage > 30000 then alert
+# if inode usage > 99% then stop
+# group server
+#
+#
+## Check a file's timestamp. In this example, we test if a file is older
+## than 15 minutes and assume something is wrong if its not updated. Also,
+## if the file size exceed a given limit, execute a script
+#
+# check file database with path /data/mydatabase.db
+# if failed permission 700 then alert
+# if failed uid data then alert
+# if failed gid data then alert
+# if timestamp > 15 minutes then alert
+# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba
+#
+#
+## Check directory permission, uid and gid. An event is triggered if the
+## directory does not belong to the user with uid 0 and gid 0. In addition,
+## the permissions have to match the octal description of 755 (see chmod(1)).
+#
+# check directory bin with path /bin
+# if failed permission 755 then unmonitor
+# if failed uid 0 then unmonitor
+# if failed gid 0 then unmonitor
+#
+#
+## Check a remote host availability by issuing a ping test and check the
+## content of a response from a web server. Up to three pings are sent and
+## connection to a port and an application level network check is performed.
+#
+# check host myserver with address 192.168.1.1
+# if failed icmp type echo count 3 with timeout 3 seconds then alert
+# if failed port 3306 protocol mysql with timeout 15 seconds then alert
+# if failed port 80 protocol http
+# and request /monit/ with content = "Monit [0-9.]+ Download"
+# then alert
+#
+#
+###############################################################################
+## Includes
+###############################################################################
+##
+## It is possible to include additional configuration parts from other files or
+## directories.
+#
+include /etc/monit.d/*
+#
srv/web/ipfire/cgi-bin/netexternal.cgi
srv/web/ipfire/cgi-bin/netinternal.cgi
srv/web/ipfire/cgi-bin/netother.cgi
+srv/web/ipfire/cgi-bin/netovpnrw.cgi
+srv/web/ipfire/cgi-bin/netovpnsrv.cgi
srv/web/ipfire/cgi-bin/optionsfw.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/p2p-block.cgi
#etc/rc.d/init.d/mldonkey
etc/rc.d/init.d/modules
#etc/rc.d/init.d/motion
+#etc/rc.d/init.d/monit
etc/rc.d/init.d/mountfs
etc/rc.d/init.d/mountkernfs
etc/rc.d/init.d/mounttmpfs
etc/rc.d/init.d/swconfig
etc/rc.d/init.d/sysctl
etc/rc.d/init.d/sysklogd
-etc/rc.d/init.d/teamspeak
etc/rc.d/init.d/template
#etc/rc.d/init.d/tftpd
etc/rc.d/init.d/tmpfs
etc/collectd.custom
etc/collectd.precache
etc/collectd.thermal
+etc/collectd.vpn
etc/rc.d/init.d/collectd
etc/rc.d/rc0.d/K50collectd
etc/rc.d/rc3.d/S29collectd
usr/lib/libcollectdclient.so
usr/lib/libcollectdclient.so.0
usr/lib/libcollectdclient.so.0.0.0
-#usr/lib/perl5/site_perl/5.12.3/Collectd
-#usr/lib/perl5/site_perl/5.12.3/Collectd.pm
-#usr/lib/perl5/site_perl/5.12.3/Collectd/Plugins
-#usr/lib/perl5/site_perl/5.12.3/Collectd/Plugins/Monitorus.pm
-#usr/lib/perl5/site_perl/5.12.3/Collectd/Plugins/OpenVZ.pm
-#usr/lib/perl5/site_perl/5.12.3/Collectd/Unixsock.pm
-#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Collectd
-#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Collectd/.packlist
+#usr/lib/perl5/Collectd
+#usr/lib/perl5/Collectd.pm
+#usr/lib/perl5/Collectd/Plugins
+#usr/lib/perl5/Collectd/Plugins/OpenVZ.pm
+#usr/lib/perl5/Collectd/Unixsock.pm
+#usr/lib/perl5/i586-linux-thread-multi
+#usr/lib/perl5/i586-linux-thread-multi/auto
+#usr/lib/perl5/i586-linux-thread-multi/auto/Collectd
+#usr/lib/perl5/i586-linux-thread-multi/auto/Collectd/.packlist
+#usr/lib/perl5/i586-linux-thread-multi/perllocal.pod
#usr/lib/pkgconfig/libcollectdclient.pc
+#usr/man/man3/Collectd::Unixsock.3
usr/sbin/collectd
usr/sbin/collectdmon
#usr/share/collectd
#usr/share/man/man1/collectd-nagios.1
#usr/share/man/man1/collectd.1
#usr/share/man/man1/collectdmon.1
-#usr/share/man/man3/Collectd::Unixsock.3
#usr/share/man/man5/collectd-email.5
#usr/share/man/man5/collectd-exec.5
#usr/share/man/man5/collectd-java.5
#usr/lib/libdaq.la
#usr/lib/libdaq.so
usr/lib/libdaq.so.2
-usr/lib/libdaq.so.2.0.2
+usr/lib/libdaq.so.2.0.4
#usr/lib/libdaq_static.a
#usr/lib/libdaq_static.la
#usr/lib/libdaq_static_modules.a
usr/lib/python2.7/site-packages/ddns/__version__.py
usr/lib/python2.7/site-packages/ddns/__version__.pyc
usr/lib/python2.7/site-packages/ddns/__version__.pyo
+usr/lib/python2.7/site-packages/ddns/database.py
+usr/lib/python2.7/site-packages/ddns/database.pyc
+usr/lib/python2.7/site-packages/ddns/database.pyo
usr/lib/python2.7/site-packages/ddns/errors.py
usr/lib/python2.7/site-packages/ddns/errors.pyc
usr/lib/python2.7/site-packages/ddns/errors.pyo
usr/bin/fcronsighup
usr/bin/fcrontab
usr/sbin/fcron
-#usr/share/doc/fcron-3.0.4
-#usr/share/doc/fcron-3.0.4/en
-#usr/share/doc/fcron-3.0.4/en/HTML
-#usr/share/doc/fcron-3.0.4/en/HTML/LEGALNOTICE.html
-#usr/share/doc/fcron-3.0.4/en/HTML/changes.html
-#usr/share/doc/fcron-3.0.4/en/HTML/faq.html
-#usr/share/doc/fcron-3.0.4/en/HTML/fcron.8.html
-#usr/share/doc/fcron-3.0.4/en/HTML/fcron.conf.5.html
-#usr/share/doc/fcron-3.0.4/en/HTML/fcrondyn.1.html
-#usr/share/doc/fcron-3.0.4/en/HTML/fcrontab.1.html
-#usr/share/doc/fcron-3.0.4/en/HTML/fcrontab.5.html
-#usr/share/doc/fcron-3.0.4/en/HTML/fdl.html
-#usr/share/doc/fcron-3.0.4/en/HTML/gpl.html
-#usr/share/doc/fcron-3.0.4/en/HTML/how-and-why.html
-#usr/share/doc/fcron-3.0.4/en/HTML/index.html
-#usr/share/doc/fcron-3.0.4/en/HTML/install.html
-#usr/share/doc/fcron-3.0.4/en/HTML/manpages.html
-#usr/share/doc/fcron-3.0.4/en/HTML/readme.html
-#usr/share/doc/fcron-3.0.4/en/HTML/relnotes.html
-#usr/share/doc/fcron-3.0.4/en/HTML/thanks.html
-#usr/share/doc/fcron-3.0.4/en/HTML/todo.html
-#usr/share/doc/fcron-3.0.4/en/HTML/using-fcron.html
-#usr/share/doc/fcron-3.0.4/en/txt
-#usr/share/doc/fcron-3.0.4/en/txt/changes.txt
-#usr/share/doc/fcron-3.0.4/en/txt/faq.txt
-#usr/share/doc/fcron-3.0.4/en/txt/gpl.txt
-#usr/share/doc/fcron-3.0.4/en/txt/install.txt
-#usr/share/doc/fcron-3.0.4/en/txt/readme.txt
-#usr/share/doc/fcron-3.0.4/en/txt/relnotes.txt
-#usr/share/doc/fcron-3.0.4/en/txt/thanks.txt
-#usr/share/doc/fcron-3.0.4/en/txt/todo.txt
-#usr/share/doc/fcron-3.0.4/fr
-#usr/share/doc/fcron-3.0.4/fr/HTML
-#usr/share/doc/fcron-3.0.4/fr/HTML/LEGALNOTICE.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/changes.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/faq.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/fcron.8.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/fcron.conf.5.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/fcrondyn.1.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/fcrontab.1.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/fcrontab.5.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/fdl.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/gpl.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/how-and-why.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/index.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/install.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/manpages.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/readme.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/relnotes.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/thanks.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/todo.html
-#usr/share/doc/fcron-3.0.4/fr/HTML/using-fcron.html
-#usr/share/doc/fcron-3.0.4/fr/txt
-#usr/share/doc/fcron-3.0.4/fr/txt/changes.txt
-#usr/share/doc/fcron-3.0.4/fr/txt/faq.txt
-#usr/share/doc/fcron-3.0.4/fr/txt/gpl.txt
-#usr/share/doc/fcron-3.0.4/fr/txt/install.txt
-#usr/share/doc/fcron-3.0.4/fr/txt/readme.txt
-#usr/share/doc/fcron-3.0.4/fr/txt/relnotes.txt
-#usr/share/doc/fcron-3.0.4/fr/txt/thanks.txt
-#usr/share/doc/fcron-3.0.4/fr/txt/todo.txt
+#usr/share/doc/fcron-3.2.0
+#usr/share/doc/fcron-3.2.0/en
+#usr/share/doc/fcron-3.2.0/en/HTML
+#usr/share/doc/fcron-3.2.0/en/HTML/LEGALNOTICE.html
+#usr/share/doc/fcron-3.2.0/en/HTML/changes.html
+#usr/share/doc/fcron-3.2.0/en/HTML/faq.html
+#usr/share/doc/fcron-3.2.0/en/HTML/fcron.8.html
+#usr/share/doc/fcron-3.2.0/en/HTML/fcron.conf.5.html
+#usr/share/doc/fcron-3.2.0/en/HTML/fcrondyn.1.html
+#usr/share/doc/fcron-3.2.0/en/HTML/fcrontab.1.html
+#usr/share/doc/fcron-3.2.0/en/HTML/fcrontab.5.html
+#usr/share/doc/fcron-3.2.0/en/HTML/fdl.html
+#usr/share/doc/fcron-3.2.0/en/HTML/gpl.html
+#usr/share/doc/fcron-3.2.0/en/HTML/how-and-why.html
+#usr/share/doc/fcron-3.2.0/en/HTML/index.html
+#usr/share/doc/fcron-3.2.0/en/HTML/install.html
+#usr/share/doc/fcron-3.2.0/en/HTML/manpages.html
+#usr/share/doc/fcron-3.2.0/en/HTML/readme.html
+#usr/share/doc/fcron-3.2.0/en/HTML/relnotes.html
+#usr/share/doc/fcron-3.2.0/en/HTML/thanks.html
+#usr/share/doc/fcron-3.2.0/en/HTML/todo.html
+#usr/share/doc/fcron-3.2.0/en/HTML/using-fcron.html
+#usr/share/doc/fcron-3.2.0/en/txt
+#usr/share/doc/fcron-3.2.0/en/txt/changes.txt
+#usr/share/doc/fcron-3.2.0/en/txt/faq.txt
+#usr/share/doc/fcron-3.2.0/en/txt/gpl.txt
+#usr/share/doc/fcron-3.2.0/en/txt/install.txt
+#usr/share/doc/fcron-3.2.0/en/txt/readme.txt
+#usr/share/doc/fcron-3.2.0/en/txt/relnotes.txt
+#usr/share/doc/fcron-3.2.0/en/txt/thanks.txt
+#usr/share/doc/fcron-3.2.0/en/txt/todo.txt
+#usr/share/doc/fcron-3.2.0/fr
+#usr/share/doc/fcron-3.2.0/fr/HTML
+#usr/share/doc/fcron-3.2.0/fr/HTML/LEGALNOTICE.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/changes.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/faq.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/fcron.8.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/fcron.conf.5.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/fcrondyn.1.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/fcrontab.1.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/fcrontab.5.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/fdl.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/gpl.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/how-and-why.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/index.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/install.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/manpages.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/readme.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/relnotes.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/thanks.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/todo.html
+#usr/share/doc/fcron-3.2.0/fr/HTML/using-fcron.html
+#usr/share/doc/fcron-3.2.0/fr/txt
+#usr/share/doc/fcron-3.2.0/fr/txt/changes.txt
+#usr/share/doc/fcron-3.2.0/fr/txt/faq.txt
+#usr/share/doc/fcron-3.2.0/fr/txt/gpl.txt
+#usr/share/doc/fcron-3.2.0/fr/txt/install.txt
+#usr/share/doc/fcron-3.2.0/fr/txt/readme.txt
+#usr/share/doc/fcron-3.2.0/fr/txt/relnotes.txt
+#usr/share/doc/fcron-3.2.0/fr/txt/thanks.txt
+#usr/share/doc/fcron-3.2.0/fr/txt/todo.txt
#usr/share/man/fr
#usr/share/man/fr/man1
#usr/share/man/fr/man1/fcrondyn.1
#etc/rc.d/init.d/miniupnpd
#etc/rc.d/init.d/mldonkey
etc/rc.d/init.d/modules
+#etc/rc.d/init.d/monit
#etc/rc.d/init.d/motion
etc/rc.d/init.d/mountfs
etc/rc.d/init.d/mountkernfs
etc/rc.d/init.d/swap
etc/rc.d/init.d/sysctl
etc/rc.d/init.d/sysklogd
-etc/rc.d/init.d/teamspeak
etc/rc.d/init.d/template
#etc/rc.d/init.d/tftpd
etc/rc.d/init.d/tmpfs
#usr/lib/libart_lgpl_2.la
usr/lib/libart_lgpl_2.so
usr/lib/libart_lgpl_2.so.2
-usr/lib/libart_lgpl_2.so.2.3.17
+usr/lib/libart_lgpl_2.so.2.3.21
#usr/lib/pkgconfig/libart-2.0.pc
lib/libcap.so
lib/libcap.so.1
lib/libcap.so.2
-lib/libcap.so.2.19
+lib/libcap.so.2.24
lib/security/pam_cap.so
sbin/capsh
sbin/getcap
sbin/getpcaps
sbin/setcap
#usr/include/sys/capability.h
+#usr/lib/pkgconfig/libcap.pc
#usr/share/man/man1/capsh.1
#usr/share/man/man3/cap_clear.3
#usr/share/man/man3/cap_clear_flag.3
#usr/share/man/man3/cap_compare.3
#usr/share/man/man3/cap_copy_ext.3
#usr/share/man/man3/cap_copy_int.3
+#usr/share/man/man3/cap_drop_bound.3
#usr/share/man/man3/cap_dup.3
#usr/share/man/man3/cap_free.3
#usr/share/man/man3/cap_from_name.3
#usr/share/man/man3/cap_from_text.3
+#usr/share/man/man3/cap_get_bound.3
#usr/share/man/man3/cap_get_fd.3
#usr/share/man/man3/cap_get_file.3
#usr/share/man/man3/cap_get_flag.3
-#usr/lib/libffi-3.0.11
-#usr/lib/libffi-3.0.11/include
-#usr/lib/libffi-3.0.11/include/ffi.h
-#usr/lib/libffi-3.0.11/include/ffitarget.h
+#usr/lib/libffi-3.2.1
+#usr/lib/libffi-3.2.1/include
+#usr/lib/libffi-3.2.1/include/ffi.h
+#usr/lib/libffi-3.2.1/include/ffitarget.h
#usr/lib/libffi.a
#usr/lib/libffi.la
#usr/lib/libffi.so
usr/lib/libffi.so.6
-usr/lib/libffi.so.6.0.0
+usr/lib/libffi.so.6.0.4
#usr/lib/pkgconfig/libffi.pc
#usr/share/info/libffi.info
#usr/share/man/man3/ffi.3
#usr/bin/pcap-config
#usr/include/pcap
-#usr/include/pcap/bluetooth.h
#usr/include/pcap-bpf.h
-#usr/include/pcap-int.h
-#usr/include/pcap/ipnet.h
#usr/include/pcap-namedb.h
#usr/include/pcap.h
+#usr/include/pcap/bluetooth.h
#usr/include/pcap/bpf.h
+#usr/include/pcap/ipnet.h
#usr/include/pcap/namedb.h
+#usr/include/pcap/nflog.h
#usr/include/pcap/pcap.h
#usr/include/pcap/sll.h
#usr/include/pcap/usb.h
#usr/lib/libpcap.a
usr/lib/libpcap.so
usr/lib/libpcap.so.1
-usr/lib/libpcap.so.1.4.0
+usr/lib/libpcap.so.1.6.2
#usr/share/man/man1/pcap-config.1
#usr/share/man/man3/pcap.3pcap
#usr/share/man/man3/pcap_activate.3pcap
#usr/share/man/man3/pcap_fileno.3pcap
#usr/share/man/man3/pcap_findalldevs.3pcap
#usr/share/man/man3/pcap_fopen_offline.3pcap
+#usr/share/man/man3/pcap_fopen_offline_with_tstamp_precision.3pcap
#usr/share/man/man3/pcap_free_datalinks.3pcap
#usr/share/man/man3/pcap_free_tstamp_types.3pcap
#usr/share/man/man3/pcap_freealldevs.3pcap
#usr/share/man/man3/pcap_freecode.3pcap
#usr/share/man/man3/pcap_get_selectable_fd.3pcap
+#usr/share/man/man3/pcap_get_tstamp_precision.3pcap
#usr/share/man/man3/pcap_geterr.3pcap
#usr/share/man/man3/pcap_getnonblock.3pcap
#usr/share/man/man3/pcap_inject.3pcap
#usr/share/man/man3/pcap_next_ex.3pcap
#usr/share/man/man3/pcap_offline_filter.3pcap
#usr/share/man/man3/pcap_open_dead.3pcap
+#usr/share/man/man3/pcap_open_dead_with_tstamp_precision.3pcap
#usr/share/man/man3/pcap_open_live.3pcap
#usr/share/man/man3/pcap_open_offline.3pcap
+#usr/share/man/man3/pcap_open_offline_with_tstamp_precision.3pcap
#usr/share/man/man3/pcap_perror.3pcap
#usr/share/man/man3/pcap_sendpacket.3pcap
#usr/share/man/man3/pcap_set_buffer_size.3pcap
#usr/share/man/man3/pcap_set_datalink.3pcap
+#usr/share/man/man3/pcap_set_immediate_mode.3pcap
#usr/share/man/man3/pcap_set_promisc.3pcap
#usr/share/man/man3/pcap_set_rfmon.3pcap
#usr/share/man/man3/pcap_set_snaplen.3pcap
#usr/share/man/man3/pcap_set_timeout.3pcap
+#usr/share/man/man3/pcap_set_tstamp_precision.3pcap
#usr/share/man/man3/pcap_set_tstamp_type.3pcap
#usr/share/man/man3/pcap_setdirection.3pcap
#usr/share/man/man3/pcap_setfilter.3pcap
#usr/share/man/man3/pcap_statustostr.3pcap
#usr/share/man/man3/pcap_strerror.3pcap
#usr/share/man/man3/pcap_tstamp_type_name_to_val.3pcap
+#usr/share/man/man3/pcap_tstamp_type_val_to_description.3pcap
#usr/share/man/man3/pcap_tstamp_type_val_to_name.3pcap
#usr/share/man/man5/pcap-savefile.5
#usr/share/man/man7/pcap-filter.7
+#etc/logrotate.d
+etc/logrotate.d/.empty
#usr/man/man8/logrotate.8
usr/sbin/logrotate
var/lib/logrotate.status
#usr/share/doc/openvpn/README.polarssl
#usr/share/doc/openvpn/management-notes.txt
#usr/share/man/man8/openvpn.8
-var/ipfire/ovpn
var/ipfire/ovpn/ca
var/ipfire/ovpn/caconfig
var/ipfire/ovpn/ccd
var/ipfire/ovpn/ovpnconfig
var/ipfire/ovpn/scripts
var/ipfire/ovpn/settings
+var/log/openvpn
#usr/lib/libpcre.la
usr/lib/libpcre.so
usr/lib/libpcre.so.1
-usr/lib/libpcre.so.1.0.1
+usr/lib/libpcre.so.1.2.4
#usr/lib/libpcrecpp.la
usr/lib/libpcrecpp.so
usr/lib/libpcrecpp.so.0
-usr/lib/libpcrecpp.so.0.0.0
+usr/lib/libpcrecpp.so.0.0.1
#usr/lib/libpcreposix.la
usr/lib/libpcreposix.so
usr/lib/libpcreposix.so.0
-usr/lib/libpcreposix.so.0.0.1
+usr/lib/libpcreposix.so.0.0.3
#usr/lib/pkgconfig/libpcre.pc
#usr/lib/pkgconfig/libpcrecpp.pc
#usr/lib/pkgconfig/libpcreposix.pc
#usr/share/doc/pcre/NEWS
#usr/share/doc/pcre/README
#usr/share/doc/pcre/html
+#usr/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt
+#usr/share/doc/pcre/html/README.txt
#usr/share/doc/pcre/html/index.html
#usr/share/doc/pcre/html/pcre-config.html
#usr/share/doc/pcre/html/pcre.html
#usr/share/doc/pcre/html/pcre16.html
+#usr/share/doc/pcre/html/pcre32.html
#usr/share/doc/pcre/html/pcre_assign_jit_stack.html
#usr/share/doc/pcre/html/pcre_compile.html
#usr/share/doc/pcre/html/pcre_compile2.html
#usr/share/doc/pcre/html/pcre_get_stringtable_entries.html
#usr/share/doc/pcre/html/pcre_get_substring.html
#usr/share/doc/pcre/html/pcre_get_substring_list.html
+#usr/share/doc/pcre/html/pcre_jit_exec.html
#usr/share/doc/pcre/html/pcre_jit_stack_alloc.html
#usr/share/doc/pcre/html/pcre_jit_stack_free.html
#usr/share/doc/pcre/html/pcre_maketables.html
#usr/share/doc/pcre/html/pcre_refcount.html
#usr/share/doc/pcre/html/pcre_study.html
#usr/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html
+#usr/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html
#usr/share/doc/pcre/html/pcre_version.html
#usr/share/doc/pcre/html/pcreapi.html
#usr/share/doc/pcre/html/pcrebuild.html
#usr/share/man/man3/pcre16_get_stringtable_entries.3
#usr/share/man/man3/pcre16_get_substring.3
#usr/share/man/man3/pcre16_get_substring_list.3
+#usr/share/man/man3/pcre16_jit_exec.3
#usr/share/man/man3/pcre16_jit_stack_alloc.3
#usr/share/man/man3/pcre16_jit_stack_free.3
#usr/share/man/man3/pcre16_maketables.3
#usr/share/man/man3/pcre16_study.3
#usr/share/man/man3/pcre16_utf16_to_host_byte_order.3
#usr/share/man/man3/pcre16_version.3
+#usr/share/man/man3/pcre32.3
+#usr/share/man/man3/pcre32_assign_jit_stack.3
+#usr/share/man/man3/pcre32_compile.3
+#usr/share/man/man3/pcre32_compile2.3
+#usr/share/man/man3/pcre32_config.3
+#usr/share/man/man3/pcre32_copy_named_substring.3
+#usr/share/man/man3/pcre32_copy_substring.3
+#usr/share/man/man3/pcre32_dfa_exec.3
+#usr/share/man/man3/pcre32_exec.3
+#usr/share/man/man3/pcre32_free_study.3
+#usr/share/man/man3/pcre32_free_substring.3
+#usr/share/man/man3/pcre32_free_substring_list.3
+#usr/share/man/man3/pcre32_fullinfo.3
+#usr/share/man/man3/pcre32_get_named_substring.3
+#usr/share/man/man3/pcre32_get_stringnumber.3
+#usr/share/man/man3/pcre32_get_stringtable_entries.3
+#usr/share/man/man3/pcre32_get_substring.3
+#usr/share/man/man3/pcre32_get_substring_list.3
+#usr/share/man/man3/pcre32_jit_exec.3
+#usr/share/man/man3/pcre32_jit_stack_alloc.3
+#usr/share/man/man3/pcre32_jit_stack_free.3
+#usr/share/man/man3/pcre32_maketables.3
+#usr/share/man/man3/pcre32_pattern_to_host_byte_order.3
+#usr/share/man/man3/pcre32_refcount.3
+#usr/share/man/man3/pcre32_study.3
+#usr/share/man/man3/pcre32_utf32_to_host_byte_order.3
+#usr/share/man/man3/pcre32_version.3
#usr/share/man/man3/pcre_assign_jit_stack.3
#usr/share/man/man3/pcre_compile.3
#usr/share/man/man3/pcre_compile2.3
#usr/share/man/man3/pcre_get_stringtable_entries.3
#usr/share/man/man3/pcre_get_substring.3
#usr/share/man/man3/pcre_get_substring_list.3
+#usr/share/man/man3/pcre_jit_exec.3
#usr/share/man/man3/pcre_jit_stack_alloc.3
#usr/share/man/man3/pcre_jit_stack_free.3
#usr/share/man/man3/pcre_maketables.3
#usr/share/man/man3/pcre_refcount.3
#usr/share/man/man3/pcre_study.3
#usr/share/man/man3/pcre_utf16_to_host_byte_order.3
+#usr/share/man/man3/pcre_utf32_to_host_byte_order.3
#usr/share/man/man3/pcre_version.3
#usr/share/man/man3/pcreapi.3
#usr/share/man/man3/pcrebuild.3
#usr/share/man/man3/pcrecallout.3
#usr/share/man/man3/pcrecompat.3
#usr/share/man/man3/pcrecpp.3
+#usr/share/man/man3/pcredemo.3
#usr/share/man/man3/pcrejit.3
#usr/share/man/man3/pcrelimits.3
#usr/share/man/man3/pcrematching.3
etc/screenrc
usr/bin/screen
-usr/bin/screen-4.0.3
+usr/bin/screen-4.2.1
#usr/info/screen.info
#usr/info/screen.info-1
#usr/info/screen.info-2
#usr/info/screen.info-4
#usr/info/screen.info-5
#usr/man/man1/screen.1
+#usr/share/info/screen.info
+#usr/share/man/man1/screen.1
#usr/share/screen
#usr/share/screen/utf8encodings
#usr/share/screen/utf8encodings/01
#usr/etc/rc.d/init.d
#usr/etc/rc.d/init.d/smartd
#usr/etc/smartd.conf
+#usr/etc/smartd_warning.d
#usr/etc/smartd_warning.sh
usr/sbin/smartctl
#usr/sbin/smartd
#usr/share/doc/smartmontools/examplescripts/Example2
#usr/share/doc/smartmontools/examplescripts/Example3
#usr/share/doc/smartmontools/examplescripts/Example4
+#usr/share/doc/smartmontools/examplescripts/Example5
+#usr/share/doc/smartmontools/examplescripts/Example6
#usr/share/doc/smartmontools/examplescripts/README
#usr/share/doc/smartmontools/smartd.conf
#usr/share/man/man5/smartd.conf.5
#usr/share/man/man8/smartctl.8
#usr/share/man/man8/smartd.8
+#usr/share/man/man8/update-smart-drivedb.8
#usr/share/smartmontools
usr/share/smartmontools/drivedb.h
#usr/include/snort/dynamic_output/snort_debug.h
#usr/include/snort/dynamic_output/stream_api.h
#usr/include/snort/dynamic_preproc
+#usr/include/snort/dynamic_preproc/appId.h
#usr/include/snort/dynamic_preproc/bitop.h
#usr/include/snort/dynamic_preproc/cpuclock.h
#usr/include/snort/dynamic_preproc/file_api.h
+#usr/include/snort/dynamic_preproc/file_mail_common.h
#usr/include/snort/dynamic_preproc/idle_processing.h
#usr/include/snort/dynamic_preproc/ipv6_port.h
#usr/include/snort/dynamic_preproc/mempool.h
+#usr/include/snort/dynamic_preproc/mpse_methods.h
#usr/include/snort/dynamic_preproc/obfuscation.h
+#usr/include/snort/dynamic_preproc/packet_time.h
#usr/include/snort/dynamic_preproc/preprocids.h
#usr/include/snort/dynamic_preproc/profiler.h
#usr/include/snort/dynamic_preproc/segment_mem.h
+#usr/include/snort/dynamic_preproc/session_api.h
#usr/include/snort/dynamic_preproc/sfPolicy.h
#usr/include/snort/dynamic_preproc/sfPolicyUserData.h
#usr/include/snort/dynamic_preproc/sf_decompression.h
#usr/include/snort/dynamic_preproc/sf_snort_plugin_api.h
#usr/include/snort/dynamic_preproc/sfcommon.h
#usr/include/snort/dynamic_preproc/sfcontrol.h
+#usr/include/snort/dynamic_preproc/sfdebug.h
#usr/include/snort/dynamic_preproc/sfrt.h
#usr/include/snort/dynamic_preproc/sfrt_dir.h
#usr/include/snort/dynamic_preproc/sfrt_flat.h
#usr/include/snort/dynamic_preproc/sfrt_flat_dir.h
#usr/include/snort/dynamic_preproc/sfrt_trie.h
+#usr/include/snort/dynamic_preproc/sidechannel_define.h
+#usr/include/snort/dynamic_preproc/sip_common.h
#usr/include/snort/dynamic_preproc/snort_bounds.h
#usr/include/snort/dynamic_preproc/snort_debug.h
#usr/include/snort/dynamic_preproc/ssl.h
+#usr/include/snort/dynamic_preproc/ssl_config.h
+#usr/include/snort/dynamic_preproc/ssl_ha.h
+#usr/include/snort/dynamic_preproc/ssl_include.h
+#usr/include/snort/dynamic_preproc/ssl_inspect.h
+#usr/include/snort/dynamic_preproc/ssl_session.h
#usr/include/snort/dynamic_preproc/str_search.h
#usr/include/snort/dynamic_preproc/stream_api.h
#usr/lib/pkgconfig/snort.pc
#usr/share/doc/snort/CREDITS
#usr/share/doc/snort/INSTALL
#usr/share/doc/snort/NEWS
+#usr/share/doc/snort/OpenDetectorDeveloperGuide.pdf
#usr/share/doc/snort/PROBLEMS
#usr/share/doc/snort/README
#usr/share/doc/snort/README.GTP
#usr/share/doc/snort/README.WIN32
#usr/share/doc/snort/README.active
#usr/share/doc/snort/README.alert_order
+#usr/share/doc/snort/README.appid
#usr/share/doc/snort/README.asn1
#usr/share/doc/snort/README.counts
#usr/share/doc/snort/README.csv
#usr/share/doc/snort/README.ppm
#usr/share/doc/snort/README.reload
#usr/share/doc/snort/README.reputation
-#usr/share/doc/snort/README.rzb_saac
#usr/share/doc/snort/README.sensitive_data
#usr/share/doc/snort/README.sfportscan
#usr/share/doc/snort/README.sip
#usr/share/man/man8/sysklogd.8
var/log/dhcpcd.log
var/log/messages
-var/log/ovpnserver.log
#usr/share/info/tar.info
#usr/share/info/tar.info-1
#usr/share/info/tar.info-2
+#usr/share/info/tar.info-3
+#usr/share/man/man1/tar.1
+#usr/share/man/man8/rmt.8
#usr/sbin/rmt
+
lib/libz.so
lib/libz.so.1
-lib/libz.so.1.2.7
+lib/libz.so.1.2.8
#usr/include/zconf.h
#usr/include/zlib.h
#usr/lib/libz.a
-#usr/lib/libz.so
#usr/lib/pkgconfig
#usr/lib/pkgconfig/zlib.pc
#usr/share/man/man3/zlib.3
--- /dev/null
+../../../common/hwdata
\ No newline at end of file
--- /dev/null
+boot/config.txt
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/ovpn
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+../../../common/daq
\ No newline at end of file
--- /dev/null
+../../../common/ddns
\ No newline at end of file
--- /dev/null
+../../../common/dnsmasq
\ No newline at end of file
--- /dev/null
+../../../common/ethtool
\ No newline at end of file
--- /dev/null
+../../../common/fcron
\ No newline at end of file
--- /dev/null
+../../../common/file
\ No newline at end of file
--- /dev/null
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/fwhosts.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+var/ipfire/langs
--- /dev/null
+../../../common/gnupg
\ No newline at end of file
--- /dev/null
+../../../common/grep
\ No newline at end of file
--- /dev/null
+../../../common/hdparm
\ No newline at end of file
--- /dev/null
+../../../common/libart
\ No newline at end of file
--- /dev/null
+../../../common/libcap
\ No newline at end of file
--- /dev/null
+../../../common/libffi
\ No newline at end of file
--- /dev/null
+../../../common/libpcap
\ No newline at end of file
--- /dev/null
+../../../common/pcre
\ No newline at end of file
--- /dev/null
+../../../common/screen
\ No newline at end of file
--- /dev/null
+../../../common/smartmontools
\ No newline at end of file
--- /dev/null
+../../../common/snort
\ No newline at end of file
--- /dev/null
+../../../common/sqlite
\ No newline at end of file
--- /dev/null
+../../../common/squid
\ No newline at end of file
--- /dev/null
+../../../common/tar
\ No newline at end of file
--- /dev/null
+../../../common/wget
\ No newline at end of file
--- /dev/null
+../../../common/zlib
\ No newline at end of file
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation; either version 2 of the License, or #
+# the Free Software Foundation; either version 3 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
-# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
-stop_service ${NAME}
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
-if [ ! -e "/var/ipfire/backup/addons/includes/teamspeak" ]; then
- echo /opt/teamspeak/bad_names.txt > /var/ipfire/backup/addons/includes/teamspeak
- echo /opt/teamspeak/server.dbs >> /var/ipfire/backup/addons/includes/teamspeak
- echo /opt/teamspeak/server.ini >> /var/ipfire/backup/addons/includes/teamspeak
- echo /opt/teamspeak/server.log >> /var/ipfire/backup/addons/includes/teamspeak
- echo /opt/teamspeak/whitelist.txt >> /var/ipfire/backup/addons/includes/teamspeak
-fi
-make_backup ${NAME}
-rm -rf /opt/teamspeak
-userdel teamspeak
-rm -rf /etc/rc.d/rc*.d/*teamspeak
+# Remove old core updates from pakfire cache to save space...
+core=88
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+# Stop services
+# Remove old files
+
+# Extract files
+extract_files
+
+# Start services
+
+# Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+# Uninstall the sqlite package.
+rm -f \
+ /opt/pakfire/db/installed/meta-sqlite \
+ /opt/pakfire/db/rootfiles/sqlite
+
+# Fix #10625
+mkdir -p /etc/logrotate.d
+
+sync
+
+# This update need a reboot...
+#touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Don't report the exitcode last command
+exit 0
etc/asterisk
-etc/fcron.minutely/wakeup.sh
+etc/logrotate.d/asterisk
+etc/rc.d/init.d/asterisk
etc/rc.d/rc0.d/K30asterisk
etc/rc.d/rc3.d/S30asterisk
etc/rc.d/rc6.d/K30asterisk
#usr/include/asterisk/ccss.h
#usr/include/asterisk/cdr.h
#usr/include/asterisk/cel.h
+#usr/include/asterisk/celt.h
#usr/include/asterisk/channel.h
+#usr/include/asterisk/channel_internal.h
#usr/include/asterisk/channelstate.h
#usr/include/asterisk/chanvars.h
#usr/include/asterisk/cli.h
#usr/include/asterisk/compat.h
#usr/include/asterisk/compiler.h
#usr/include/asterisk/config.h
+#usr/include/asterisk/config_options.h
#usr/include/asterisk/crypto.h
#usr/include/asterisk/data.h
#usr/include/asterisk/datastore.h
#usr/include/asterisk/extconf.h
#usr/include/asterisk/features.h
#usr/include/asterisk/file.h
+#usr/include/asterisk/format.h
+#usr/include/asterisk/format_cap.h
+#usr/include/asterisk/format_pref.h
#usr/include/asterisk/frame.h
#usr/include/asterisk/frame_defs.h
#usr/include/asterisk/framehook.h
#usr/include/asterisk/hashtab.h
#usr/include/asterisk/heap.h
#usr/include/asterisk/http.h
+#usr/include/asterisk/http_websocket.h
#usr/include/asterisk/image.h
#usr/include/asterisk/indications.h
#usr/include/asterisk/inline_api.h
#usr/include/asterisk/logger.h
#usr/include/asterisk/manager.h
#usr/include/asterisk/md5.h
+#usr/include/asterisk/message.h
#usr/include/asterisk/mod_format.h
#usr/include/asterisk/module.h
#usr/include/asterisk/monitor.h
#usr/include/asterisk/pktccops.h
#usr/include/asterisk/plc.h
#usr/include/asterisk/poll-compat.h
+#usr/include/asterisk/presencestate.h
#usr/include/asterisk/privacy.h
#usr/include/asterisk/pval.h
#usr/include/asterisk/res_fax.h
#usr/include/asterisk/security_events_defs.h
#usr/include/asterisk/select.h
#usr/include/asterisk/sha1.h
+#usr/include/asterisk/silk.h
+#usr/include/asterisk/sip_api.h
#usr/include/asterisk/slin.h
#usr/include/asterisk/slinfactory.h
#usr/include/asterisk/smdi.h
#usr/include/asterisk/version.h
#usr/include/asterisk/xml.h
#usr/include/asterisk/xmldoc.h
+#usr/include/asterisk/xmpp.h
#usr/lib/asterisk
#usr/lib/asterisk/modules
usr/lib/asterisk/modules/app_adsiprog.so
usr/lib/asterisk/modules/app_getcpeid.so
usr/lib/asterisk/modules/app_ices.so
usr/lib/asterisk/modules/app_image.so
-usr/lib/asterisk/modules/app_ivrdemo.so
usr/lib/asterisk/modules/app_macro.so
usr/lib/asterisk/modules/app_milliwatt.so
usr/lib/asterisk/modules/app_minivm.so
usr/lib/asterisk/modules/app_mysql.so
usr/lib/asterisk/modules/app_nbscat.so
usr/lib/asterisk/modules/app_originate.so
+usr/lib/asterisk/modules/app_page.so
usr/lib/asterisk/modules/app_parkandannounce.so
usr/lib/asterisk/modules/app_playback.so
usr/lib/asterisk/modules/app_playtones.so
usr/lib/asterisk/modules/app_queue.so
usr/lib/asterisk/modules/app_read.so
usr/lib/asterisk/modules/app_readexten.so
-usr/lib/asterisk/modules/app_readfile.so
usr/lib/asterisk/modules/app_record.so
-usr/lib/asterisk/modules/app_saycounted.so
-usr/lib/asterisk/modules/app_saycountpl.so
usr/lib/asterisk/modules/app_sayunixtime.so
usr/lib/asterisk/modules/app_senddtmf.so
usr/lib/asterisk/modules/app_sendtext.so
-usr/lib/asterisk/modules/app_setcallerid.so
-usr/lib/asterisk/modules/app_skel.so
usr/lib/asterisk/modules/app_sms.so
usr/lib/asterisk/modules/app_softhangup.so
usr/lib/asterisk/modules/app_speech_utils.so
usr/lib/asterisk/modules/chan_agent.so
usr/lib/asterisk/modules/chan_alsa.so
usr/lib/asterisk/modules/chan_bridge.so
-usr/lib/asterisk/modules/chan_capi.so
usr/lib/asterisk/modules/chan_iax2.so
usr/lib/asterisk/modules/chan_local.so
usr/lib/asterisk/modules/chan_mgcp.so
-usr/lib/asterisk/modules/chan_mobile.so
usr/lib/asterisk/modules/chan_multicast_rtp.so
-usr/lib/asterisk/modules/chan_ooh323.so
-usr/lib/asterisk/modules/chan_oss.so
usr/lib/asterisk/modules/chan_phone.so
usr/lib/asterisk/modules/chan_sip.so
usr/lib/asterisk/modules/chan_skinny.so
usr/lib/asterisk/modules/codec_gsm.so
usr/lib/asterisk/modules/codec_ilbc.so
usr/lib/asterisk/modules/codec_lpc10.so
+usr/lib/asterisk/modules/codec_resample.so
usr/lib/asterisk/modules/codec_ulaw.so
usr/lib/asterisk/modules/format_g719.so
usr/lib/asterisk/modules/format_g723.so
usr/lib/asterisk/modules/format_h264.so
usr/lib/asterisk/modules/format_ilbc.so
usr/lib/asterisk/modules/format_jpeg.so
-usr/lib/asterisk/modules/format_ogg_vorbis.so
usr/lib/asterisk/modules/format_pcm.so
usr/lib/asterisk/modules/format_siren14.so
usr/lib/asterisk/modules/format_siren7.so
usr/lib/asterisk/modules/format_sln.so
-usr/lib/asterisk/modules/format_sln16.so
usr/lib/asterisk/modules/format_vox.so
usr/lib/asterisk/modules/format_wav.so
usr/lib/asterisk/modules/format_wav_gsm.so
usr/lib/asterisk/modules/func_frame_trace.so
usr/lib/asterisk/modules/func_global.so
usr/lib/asterisk/modules/func_groupcount.so
+usr/lib/asterisk/modules/func_hangupcause.so
usr/lib/asterisk/modules/func_iconv.so
+usr/lib/asterisk/modules/func_jitterbuffer.so
usr/lib/asterisk/modules/func_lock.so
usr/lib/asterisk/modules/func_logic.so
usr/lib/asterisk/modules/func_math.so
usr/lib/asterisk/modules/func_md5.so
usr/lib/asterisk/modules/func_module.so
usr/lib/asterisk/modules/func_pitchshift.so
+usr/lib/asterisk/modules/func_presencestate.so
usr/lib/asterisk/modules/func_rand.so
usr/lib/asterisk/modules/func_realtime.so
usr/lib/asterisk/modules/func_sha1.so
usr/lib/asterisk/modules/res_config_curl.so
usr/lib/asterisk/modules/res_config_ldap.so
usr/lib/asterisk/modules/res_config_mysql.so
+usr/lib/asterisk/modules/res_config_sqlite3.so
usr/lib/asterisk/modules/res_convert.so
usr/lib/asterisk/modules/res_crypto.so
usr/lib/asterisk/modules/res_curl.so
usr/lib/asterisk/modules/res_fax.so
-usr/lib/asterisk/modules/res_fax_spandsp.so
+usr/lib/asterisk/modules/res_format_attr_celt.so
+usr/lib/asterisk/modules/res_format_attr_h263.so
+usr/lib/asterisk/modules/res_format_attr_h264.so
+usr/lib/asterisk/modules/res_format_attr_silk.so
+usr/lib/asterisk/modules/res_http_websocket.so
usr/lib/asterisk/modules/res_limit.so
usr/lib/asterisk/modules/res_monitor.so
usr/lib/asterisk/modules/res_musiconhold.so
usr/lib/asterisk/modules/res_mutestream.so
usr/lib/asterisk/modules/res_phoneprov.so
-usr/lib/asterisk/modules/res_pktccops.so
usr/lib/asterisk/modules/res_realtime.so
usr/lib/asterisk/modules/res_rtp_asterisk.so
usr/lib/asterisk/modules/res_rtp_multicast.so
usr/lib/asterisk/modules/res_security_log.so
usr/lib/asterisk/modules/res_smdi.so
-usr/lib/asterisk/modules/res_snmp.so
usr/lib/asterisk/modules/res_speech.so
+usr/lib/asterisk/modules/res_srtp.so
usr/lib/asterisk/modules/res_stun_monitor.so
usr/lib/asterisk/modules/res_timing_pthread.so
usr/lib/asterisk/modules/res_timing_timerfd.so
+usr/lib/libasteriskssl.so
+usr/lib/libasteriskssl.so.1
#usr/lib/pkgconfig/asterisk.pc
-usr/sbin/aelparse
usr/sbin/astcanary
+usr/sbin/astdb2bdb
+usr/sbin/astdb2sqlite3
usr/sbin/asterisk
usr/sbin/astgenkey
-usr/sbin/astman
usr/sbin/autosupport
-usr/sbin/check_expr
-usr/sbin/check_expr2
-usr/sbin/conf2ael
-usr/sbin/hashtest
-usr/sbin/hashtest2
-usr/sbin/muted
usr/sbin/rasterisk
-usr/sbin/refcounter
usr/sbin/safe_asterisk
-usr/sbin/smsq
-usr/sbin/stereorize
-usr/sbin/streamplayer
+#usr/share/man/man8/astdb2bdb.8
+#usr/share/man/man8/astdb2sqlite3.8
#usr/share/man/man8/asterisk.8
#usr/share/man/man8/astgenkey.8
#usr/share/man/man8/autosupport.8
#usr/share/man/man8/safe_asterisk.8
#var/ipfire/asterisk
+var/ipfire/asterisk/acl.conf
var/ipfire/asterisk/adsi.conf
var/ipfire/asterisk/agents.conf
-var/ipfire/asterisk/ais.conf
var/ipfire/asterisk/alarmreceiver.conf
var/ipfire/asterisk/alsa.conf
var/ipfire/asterisk/amd.conf
var/ipfire/asterisk/app_mysql.conf
+var/ipfire/asterisk/app_skel.conf
var/ipfire/asterisk/asterisk.adsi
var/ipfire/asterisk/asterisk.conf
-#var/ipfire/asterisk/asterisk.makeopts
+var/ipfire/asterisk/asterisk.logrotate
var/ipfire/asterisk/calendar.conf
var/ipfire/asterisk/ccss.conf
var/ipfire/asterisk/cdr.conf
var/ipfire/asterisk/cel_tds.conf
var/ipfire/asterisk/chan_dahdi.conf
var/ipfire/asterisk/chan_mobile.conf
-var/ipfire/asterisk/chan_ooh323.conf
var/ipfire/asterisk/cli.conf
var/ipfire/asterisk/cli_aliases.conf
var/ipfire/asterisk/cli_permissions.conf
var/ipfire/asterisk/codecs.conf
+var/ipfire/asterisk/confbridge.conf
+var/ipfire/asterisk/config_test.conf
var/ipfire/asterisk/console.conf
var/ipfire/asterisk/dbsep.conf
var/ipfire/asterisk/dnsmgr.conf
var/ipfire/asterisk/minivm.conf
var/ipfire/asterisk/misdn.conf
var/ipfire/asterisk/modules.conf
+var/ipfire/asterisk/motif.conf
var/ipfire/asterisk/musiconhold.conf
var/ipfire/asterisk/muted.conf
+var/ipfire/asterisk/ooh323.conf
var/ipfire/asterisk/osp.conf
var/ipfire/asterisk/oss.conf
var/ipfire/asterisk/phone.conf
var/ipfire/asterisk/queues.conf
var/ipfire/asterisk/res_config_mysql.conf
var/ipfire/asterisk/res_config_sqlite.conf
+var/ipfire/asterisk/res_config_sqlite3.conf
+var/ipfire/asterisk/res_corosync.conf
var/ipfire/asterisk/res_curl.conf
var/ipfire/asterisk/res_fax.conf
var/ipfire/asterisk/res_ldap.conf
var/ipfire/asterisk/users.conf
var/ipfire/asterisk/voicemail.conf
var/ipfire/asterisk/vpb.conf
-#var/ipfire/asterisk/wakeup
-#var/ipfire/asterisk/wakeup/source
-var/ipfire/asterisk/wakeup/source/536.call
-var/ipfire/asterisk/wakeup/source/bsp.call.tpl
-var/ipfire/asterisk/wakeup/wakeup.sh
+var/ipfire/asterisk/xmpp.conf
var/ipfire/backup/addons/includes/asterisk
#var/lib/asterisk
-#var/lib/asterisk/agi-bin
+var/lib/asterisk/agi-bin
#var/lib/asterisk/documentation
#var/lib/asterisk/documentation/appdocsxml.dtd
#var/lib/asterisk/documentation/core-en_US.xml
#var/lib/asterisk/documentation/thirdparty
#var/lib/asterisk/firmware
-#var/lib/asterisk/firmware/iax
+var/lib/asterisk/firmware/iax
#var/lib/asterisk/images
-var/lib/asterisk/images/asterisk-intro.jpg
-var/lib/asterisk/images/kpad2.jpg
-#var/lib/asterisk/keys
+#var/lib/asterisk/images/asterisk-intro.jpg
+#var/lib/asterisk/images/kpad2.jpg
+var/lib/asterisk/keys
#var/lib/asterisk/moh
var/lib/asterisk/moh/.asterisk-moh-opsound-gsm-2.03
+var/lib/asterisk/moh/.asterisk-moh-opsound-wav-2.03
var/lib/asterisk/moh/CHANGES-asterisk-moh-opsound-gsm
+var/lib/asterisk/moh/CHANGES-asterisk-moh-opsound-wav
var/lib/asterisk/moh/CREDITS-asterisk-moh-opsound-gsm
+var/lib/asterisk/moh/CREDITS-asterisk-moh-opsound-wav
var/lib/asterisk/moh/LICENSE-asterisk-moh-opsound-gsm
+var/lib/asterisk/moh/LICENSE-asterisk-moh-opsound-wav
var/lib/asterisk/moh/macroform-cold_day.gsm
+var/lib/asterisk/moh/macroform-cold_day.wav
var/lib/asterisk/moh/macroform-robot_dity.gsm
+var/lib/asterisk/moh/macroform-robot_dity.wav
var/lib/asterisk/moh/macroform-the_simplicity.gsm
+var/lib/asterisk/moh/macroform-the_simplicity.wav
var/lib/asterisk/moh/manolo_camp-morning_coffee.gsm
+var/lib/asterisk/moh/manolo_camp-morning_coffee.wav
var/lib/asterisk/moh/reno_project-system.gsm
+var/lib/asterisk/moh/reno_project-system.wav
var/lib/asterisk/phoneprov
var/lib/asterisk/phoneprov/000000000000-directory.xml
var/lib/asterisk/phoneprov/000000000000-phone.cfg
var/lib/asterisk/sounds/digits/de/xh-9x.gsm
var/lib/asterisk/sounds/digits/de/yesterday.gsm
var/lib/asterisk/sounds/en
-var/lib/asterisk/sounds/en/.asterisk-core-sounds-en-gsm-1.4.22
-var/lib/asterisk/sounds/en/.asterisk-extra-sounds-en-gsm-1.4.11
+var/lib/asterisk/sounds/en/.asterisk-core-sounds-en-gsm-1.4.26
+var/lib/asterisk/sounds/en/.asterisk-extra-sounds-en-gsm-1.4.15
var/lib/asterisk/sounds/en/1-for-am-2-for-pm.gsm
var/lib/asterisk/sounds/en/1-yes-2-no.gsm
-var/lib/asterisk/sounds/en/CHANGES-asterisk-core-en-1.4.22
-var/lib/asterisk/sounds/en/CHANGES-asterisk-extra-en-1.4.11
-var/lib/asterisk/sounds/en/CREDITS-asterisk-core-en-1.4.22
-var/lib/asterisk/sounds/en/LICENSE-asterisk-core-en-1.4.22
+#var/lib/asterisk/sounds/en/CHANGES-asterisk-core-en-1.4.26
+#var/lib/asterisk/sounds/en/CHANGES-asterisk-extra-en-1.4.15
+#var/lib/asterisk/sounds/en/CREDITS-asterisk-core-en-1.4.26
+#var/lib/asterisk/sounds/en/CREDITS-asterisk-extra-en-1.4.15
+#var/lib/asterisk/sounds/en/LICENSE-asterisk-core-en-1.4.26
+#var/lib/asterisk/sounds/en/LICENSE-asterisk-extra-en-1.4.15
+var/lib/asterisk/sounds/en/OfficeSpace.gsm
+var/lib/asterisk/sounds/en/Randulo-allison.gsm
+var/lib/asterisk/sounds/en/SIP_Test_Failure.gsm
+var/lib/asterisk/sounds/en/SIP_Test_Success.gsm
var/lib/asterisk/sounds/en/T-changed-to.gsm
var/lib/asterisk/sounds/en/T-is-not-available.gsm
var/lib/asterisk/sounds/en/T-to-disable-ancmnt.gsm
var/lib/asterisk/sounds/en/access-granted.gsm
var/lib/asterisk/sounds/en/accessible-through-system.gsm
var/lib/asterisk/sounds/en/account-balance-is.gsm
+var/lib/asterisk/sounds/en/account_number.gsm
var/lib/asterisk/sounds/en/accounting.gsm
var/lib/asterisk/sounds/en/accounts-payable.gsm
var/lib/asterisk/sounds/en/accounts-receivable.gsm
var/lib/asterisk/sounds/en/administration.gsm
var/lib/asterisk/sounds/en/advised-to-seek-shelter.gsm
var/lib/asterisk/sounds/en/after-the-tone.gsm
+var/lib/asterisk/sounds/en/after_tone.gsm
var/lib/asterisk/sounds/en/afternoon.gsm
var/lib/asterisk/sounds/en/agent-alreadyon.gsm
var/lib/asterisk/sounds/en/agent-incorrect.gsm
var/lib/asterisk/sounds/en/all-your-base.gsm
var/lib/asterisk/sounds/en/altitude.gsm
var/lib/asterisk/sounds/en/ampersand.gsm
-var/lib/asterisk/sounds/en/an-error-has-occured.gsm
var/lib/asterisk/sounds/en/an-error-has-occurred.gsm
var/lib/asterisk/sounds/en/and-area-code.gsm
var/lib/asterisk/sounds/en/and-or.gsm
var/lib/asterisk/sounds/en/and-prs-pound-whn-finished.gsm
var/lib/asterisk/sounds/en/and.gsm
+var/lib/asterisk/sounds/en/andnowstandby.gsm
var/lib/asterisk/sounds/en/another-time.gsm
var/lib/asterisk/sounds/en/approaching.gsm
var/lib/asterisk/sounds/en/approximately.gsm
var/lib/asterisk/sounds/en/at-following-number.gsm
var/lib/asterisk/sounds/en/at-sign.gsm
var/lib/asterisk/sounds/en/at-tone-time-exactly.gsm
+var/lib/asterisk/sounds/en/at_tone.gsm
var/lib/asterisk/sounds/en/athletics.gsm
var/lib/asterisk/sounds/en/atlanta.gsm
var/lib/asterisk/sounds/en/atlantic.gsm
var/lib/asterisk/sounds/en/avg-speed-answer.gsm
var/lib/asterisk/sounds/en/away-naughty-boy.gsm
var/lib/asterisk/sounds/en/away-naughty-girl.gsm
+var/lib/asterisk/sounds/en/awkward.gsm
var/lib/asterisk/sounds/en/backslash.gsm
var/lib/asterisk/sounds/en/bad.gsm
var/lib/asterisk/sounds/en/baltimore.gsm
var/lib/asterisk/sounds/en/billing-and-collections.gsm
var/lib/asterisk/sounds/en/billing.gsm
var/lib/asterisk/sounds/en/billionth.gsm
+var/lib/asterisk/sounds/en/binary.gsm
var/lib/asterisk/sounds/en/bits.gsm
var/lib/asterisk/sounds/en/blue-eyed-polar-bear.gsm
+var/lib/asterisk/sounds/en/bombsquad.gsm
var/lib/asterisk/sounds/en/bookstore.gsm
var/lib/asterisk/sounds/en/boston.gsm
var/lib/asterisk/sounds/en/box.gsm
var/lib/asterisk/sounds/en/cents-per-minute.gsm
var/lib/asterisk/sounds/en/cents.gsm
var/lib/asterisk/sounds/en/ceo-office.gsm
+var/lib/asterisk/sounds/en/challenge_try_again.gsm
var/lib/asterisk/sounds/en/chance-of.gsm
var/lib/asterisk/sounds/en/changing.gsm
var/lib/asterisk/sounds/en/channel-insecure-warn.gsm
var/lib/asterisk/sounds/en/cleveland.gsm
var/lib/asterisk/sounds/en/clli.gsm
var/lib/asterisk/sounds/en/close-parenthesis.gsm
+var/lib/asterisk/sounds/en/closed.gsm
var/lib/asterisk/sounds/en/clouds.gsm
var/lib/asterisk/sounds/en/cloudy.gsm
var/lib/asterisk/sounds/en/collections.gsm
var/lib/asterisk/sounds/en/colorado-springs.gsm
var/lib/asterisk/sounds/en/colorado.gsm
var/lib/asterisk/sounds/en/columbus.gsm
+var/lib/asterisk/sounds/en/comedyclub.gsm
var/lib/asterisk/sounds/en/comma.gsm
var/lib/asterisk/sounds/en/communications.gsm
var/lib/asterisk/sounds/en/company-dir-411.gsm
var/lib/asterisk/sounds/en/computer-friend1.gsm
var/lib/asterisk/sounds/en/computer-friend2.gsm
var/lib/asterisk/sounds/en/conditions.gsm
+var/lib/asterisk/sounds/en/conf-1-to-list-users.gsm
+var/lib/asterisk/sounds/en/conf-2-to-kick-nonadmin.gsm
+var/lib/asterisk/sounds/en/conf-3-mute-or-unmute-nonadmin.gsm
+var/lib/asterisk/sounds/en/conf-4-to-record-conf.gsm
+var/lib/asterisk/sounds/en/conf-8-for-more-options.gsm
+var/lib/asterisk/sounds/en/conf-8-to-exit-return-to-conf.gsm
var/lib/asterisk/sounds/en/conf-adminmenu-162.gsm
+var/lib/asterisk/sounds/en/conf-adminmenu-18.gsm
+var/lib/asterisk/sounds/en/conf-adminmenu-menu8.gsm
var/lib/asterisk/sounds/en/conf-adminmenu.gsm
var/lib/asterisk/sounds/en/conf-banned.gsm
var/lib/asterisk/sounds/en/conf-enteringno.gsm
var/lib/asterisk/sounds/en/could-lose-a-few-pounds.gsm
var/lib/asterisk/sounds/en/counseling-services.gsm
var/lib/asterisk/sounds/en/count.gsm
+var/lib/asterisk/sounds/en/countdown.gsm
var/lib/asterisk/sounds/en/crash.gsm
+var/lib/asterisk/sounds/en/crashing_conf.gsm
var/lib/asterisk/sounds/en/current-time-is.gsm
+var/lib/asterisk/sounds/en/current_account_balance.gsm
var/lib/asterisk/sounds/en/currently.gsm
var/lib/asterisk/sounds/en/customer-accounts.gsm
var/lib/asterisk/sounds/en/customer-relations.gsm
var/lib/asterisk/sounds/en/dns.gsm
var/lib/asterisk/sounds/en/do-not-disturb.gsm
var/lib/asterisk/sounds/en/doing-enum-lookup.gsm
+var/lib/asterisk/sounds/en/donotcall1.gsm
+var/lib/asterisk/sounds/en/donotcall2.gsm
var/lib/asterisk/sounds/en/dont-know-who-sent.gsm
var/lib/asterisk/sounds/en/doppler-radar.gsm
var/lib/asterisk/sounds/en/down.gsm
var/lib/asterisk/sounds/en/eighth.gsm
var/lib/asterisk/sounds/en/eightieth.gsm
var/lib/asterisk/sounds/en/el-paso.gsm
+var/lib/asterisk/sounds/en/eletelephony.gsm
var/lib/asterisk/sounds/en/eleventh.gsm
var/lib/asterisk/sounds/en/email.gsm
var/lib/asterisk/sounds/en/emergency.gsm
var/lib/asterisk/sounds/en/enter-num-blacklist.gsm
var/lib/asterisk/sounds/en/enter-password.gsm
var/lib/asterisk/sounds/en/enter-phone-number10.gsm
+var/lib/asterisk/sounds/en/enter_account.gsm
var/lib/asterisk/sounds/en/entering-conf-number.gsm
var/lib/asterisk/sounds/en/entr-num-rmv-blklist.gsm
var/lib/asterisk/sounds/en/enum-lookup-failed.gsm
var/lib/asterisk/sounds/en/enum-lookup-successful.gsm
var/lib/asterisk/sounds/en/error-number.gsm
+var/lib/asterisk/sounds/en/error.gsm
var/lib/asterisk/sounds/en/est-hold-time-is.gsm
var/lib/asterisk/sounds/en/euro.gsm
var/lib/asterisk/sounds/en/european.gsm
var/lib/asterisk/sounds/en/falling.gsm
var/lib/asterisk/sounds/en/fast.gsm
var/lib/asterisk/sounds/en/feature-not-avail-line.gsm
+var/lib/asterisk/sounds/en/feeling_lucky_punk.gsm
var/lib/asterisk/sounds/en/feet.gsm
var/lib/asterisk/sounds/en/female.gsm
var/lib/asterisk/sounds/en/fifteenth.gsm
var/lib/asterisk/sounds/en/fog.gsm
var/lib/asterisk/sounds/en/foggy.gsm
var/lib/asterisk/sounds/en/followed-by.gsm
+var/lib/asterisk/sounds/en/followed_hash.gsm
+var/lib/asterisk/sounds/en/followed_pound.gsm
var/lib/asterisk/sounds/en/followme
var/lib/asterisk/sounds/en/followme/call-from.gsm
var/lib/asterisk/sounds/en/followme/no-recording.gsm
var/lib/asterisk/sounds/en/for-wakeup-call.gsm
var/lib/asterisk/sounds/en/for-yes-press.gsm
var/lib/asterisk/sounds/en/for.gsm
+var/lib/asterisk/sounds/en/forget_about_it.gsm
var/lib/asterisk/sounds/en/fort-worth.gsm
var/lib/asterisk/sounds/en/fortieth.gsm
var/lib/asterisk/sounds/en/fourteenth.gsm
var/lib/asterisk/sounds/en/gale.gsm
var/lib/asterisk/sounds/en/gambling-drunk.gsm
var/lib/asterisk/sounds/en/georgia.gsm
+var/lib/asterisk/sounds/en/get-in-line-sales-guy.gsm
+var/lib/asterisk/sounds/en/get_bleep_outta.gsm
+var/lib/asterisk/sounds/en/get_information.gsm
+var/lib/asterisk/sounds/en/get_information_first.gsm
var/lib/asterisk/sounds/en/gigabits.gsm
var/lib/asterisk/sounds/en/gigabytes.gsm
var/lib/asterisk/sounds/en/gigahertz.gsm
var/lib/asterisk/sounds/en/good-morning.gsm
var/lib/asterisk/sounds/en/good.gsm
var/lib/asterisk/sounds/en/goodbye.gsm
+var/lib/asterisk/sounds/en/goodbye_for_the_best.gsm
+var/lib/asterisk/sounds/en/goodbye_love.gsm
+var/lib/asterisk/sounds/en/got_kidding.gsm
+var/lib/asterisk/sounds/en/grammar.gsm
var/lib/asterisk/sounds/en/greater-than.gsm
var/lib/asterisk/sounds/en/groovy.gsm
var/lib/asterisk/sounds/en/ha
var/lib/asterisk/sounds/en/ha/xmas-tree.gsm
var/lib/asterisk/sounds/en/ha/yard.gsm
var/lib/asterisk/sounds/en/hail.gsm
+var/lib/asterisk/sounds/en/hal_goodbye.gsm
var/lib/asterisk/sounds/en/half.gsm
var/lib/asterisk/sounds/en/hang-on-a-second-angry.gsm
var/lib/asterisk/sounds/en/hang-on-a-second.gsm
var/lib/asterisk/sounds/en/hangup-try-again.gsm
+var/lib/asterisk/sounds/en/happy_saved.gsm
var/lib/asterisk/sounds/en/has-arrived-at.gsm
var/lib/asterisk/sounds/en/has-been-changed-to.gsm
var/lib/asterisk/sounds/en/has-been-cleared.gsm
var/lib/asterisk/sounds/en/kansas-city.gsm
var/lib/asterisk/sounds/en/kansas.gsm
var/lib/asterisk/sounds/en/kentucky.gsm
+var/lib/asterisk/sounds/en/keywords_cross_fingers.gsm
var/lib/asterisk/sounds/en/kilobits.gsm
var/lib/asterisk/sounds/en/kilobytes.gsm
var/lib/asterisk/sounds/en/kilohertz.gsm
var/lib/asterisk/sounds/en/letters/zed.gsm
var/lib/asterisk/sounds/en/library.gsm
var/lib/asterisk/sounds/en/lightning.gsm
+var/lib/asterisk/sounds/en/like_to_tell_valid_ext.gsm
var/lib/asterisk/sounds/en/limit-simul-calls.gsm
var/lib/asterisk/sounds/en/lines-complaining-customers.gsm
var/lib/asterisk/sounds/en/linux.gsm
var/lib/asterisk/sounds/en/lots-o-monkeys.gsm
var/lib/asterisk/sounds/en/louisiana.gsm
var/lib/asterisk/sounds/en/low.gsm
+var/lib/asterisk/sounds/en/lowercase.gsm
var/lib/asterisk/sounds/en/lunch.gsm
var/lib/asterisk/sounds/en/lyrics-louie-louie.gsm
var/lib/asterisk/sounds/en/machine.gsm
var/lib/asterisk/sounds/en/manufacturing.gsm
var/lib/asterisk/sounds/en/marketing.gsm
var/lib/asterisk/sounds/en/marryme.gsm
+var/lib/asterisk/sounds/en/martini.gsm
var/lib/asterisk/sounds/en/maryland.gsm
var/lib/asterisk/sounds/en/massachusetts.gsm
var/lib/asterisk/sounds/en/mathematics.gsm
var/lib/asterisk/sounds/en/mesa.gsm
var/lib/asterisk/sounds/en/message-from.gsm
var/lib/asterisk/sounds/en/message-number.gsm
+var/lib/asterisk/sounds/en/messages_curious.gsm
var/lib/asterisk/sounds/en/meter.gsm
var/lib/asterisk/sounds/en/meters.gsm
var/lib/asterisk/sounds/en/miami.gsm
var/lib/asterisk/sounds/en/miles.gsm
var/lib/asterisk/sounds/en/millionth.gsm
var/lib/asterisk/sounds/en/milwaukee.gsm
+var/lib/asterisk/sounds/en/mind_repeating.gsm
var/lib/asterisk/sounds/en/minimum.gsm
+var/lib/asterisk/sounds/en/minions-not-answering-leave-message.gsm
var/lib/asterisk/sounds/en/minneapolis.gsm
var/lib/asterisk/sounds/en/minnesota.gsm
var/lib/asterisk/sounds/en/minute.gsm
var/lib/asterisk/sounds/en/mississippi.gsm
var/lib/asterisk/sounds/en/missouri.gsm
var/lib/asterisk/sounds/en/misty.gsm
+var/lib/asterisk/sounds/en/mode.gsm
var/lib/asterisk/sounds/en/monitored.gsm
var/lib/asterisk/sounds/en/montana.gsm
var/lib/asterisk/sounds/en/month.gsm
var/lib/asterisk/sounds/en/new-mexico.gsm
var/lib/asterisk/sounds/en/new-orleans.gsm
var/lib/asterisk/sounds/en/new-york.gsm
+var/lib/asterisk/sounds/en/night.gsm
var/lib/asterisk/sounds/en/nineteenth.gsm
var/lib/asterisk/sounds/en/ninetieth.gsm
var/lib/asterisk/sounds/en/ninth.gsm
var/lib/asterisk/sounds/en/no-longer-in-service.gsm
var/lib/asterisk/sounds/en/no-reply-no-mailbox.gsm
var/lib/asterisk/sounds/en/no-route-exists-to-dest.gsm
+var/lib/asterisk/sounds/en/no_invite_to_conf.gsm
+var/lib/asterisk/sounds/en/no_longer_conf.gsm
+var/lib/asterisk/sounds/en/no_problem_help.gsm
+var/lib/asterisk/sounds/en/no_worries_try_again.gsm
var/lib/asterisk/sounds/en/nobody-but-chickens.gsm
var/lib/asterisk/sounds/en/node.gsm
+var/lib/asterisk/sounds/en/none_of_my_business1.gsm
+var/lib/asterisk/sounds/en/none_of_my_business2.gsm
var/lib/asterisk/sounds/en/north-carolina.gsm
var/lib/asterisk/sounds/en/north-dakota.gsm
var/lib/asterisk/sounds/en/north.gsm
var/lib/asterisk/sounds/en/not-taking-your-call.gsm
var/lib/asterisk/sounds/en/not-yet-assigned.gsm
var/lib/asterisk/sounds/en/not-yet-connected.gsm
+var/lib/asterisk/sounds/en/not_me.gsm
+var/lib/asterisk/sounds/en/not_pass.gsm
+var/lib/asterisk/sounds/en/not_siri.gsm
+var/lib/asterisk/sounds/en/not_you.gsm
var/lib/asterisk/sounds/en/nothing-recorded.gsm
var/lib/asterisk/sounds/en/now.gsm
var/lib/asterisk/sounds/en/num-not-in-db.gsm
var/lib/asterisk/sounds/en/oakland.gsm
var/lib/asterisk/sounds/en/octothorpe.gsm
var/lib/asterisk/sounds/en/off-duty.gsm
+var/lib/asterisk/sounds/en/off.gsm
var/lib/asterisk/sounds/en/office-code.gsm
var/lib/asterisk/sounds/en/office-iguanas.gsm
var/lib/asterisk/sounds/en/office.gsm
+var/lib/asterisk/sounds/en/ogm_home.gsm
var/lib/asterisk/sounds/en/ohio.gsm
var/lib/asterisk/sounds/en/oklahoma-city.gsm
var/lib/asterisk/sounds/en/oklahoma.gsm
var/lib/asterisk/sounds/en/oops2.gsm
var/lib/asterisk/sounds/en/oops3.gsm
var/lib/asterisk/sounds/en/open-parenthesis.gsm
+var/lib/asterisk/sounds/en/open.gsm
var/lib/asterisk/sounds/en/operations.gsm
var/lib/asterisk/sounds/en/option-is-invalid.gsm
var/lib/asterisk/sounds/en/option-not-implemented.gsm
var/lib/asterisk/sounds/en/partly.gsm
var/lib/asterisk/sounds/en/pascal.gsm
var/lib/asterisk/sounds/en/pascal2.gsm
+var/lib/asterisk/sounds/en/passwords_not_match.gsm
var/lib/asterisk/sounds/en/patchy.gsm
var/lib/asterisk/sounds/en/pbx-invalid.gsm
var/lib/asterisk/sounds/en/pbx-invalidpark.gsm
var/lib/asterisk/sounds/en/physics.gsm
var/lib/asterisk/sounds/en/pin-invalid.gsm
var/lib/asterisk/sounds/en/pin-number-accepted.gsm
+var/lib/asterisk/sounds/en/pin_number.gsm
var/lib/asterisk/sounds/en/ping.gsm
var/lib/asterisk/sounds/en/pipe.gsm
var/lib/asterisk/sounds/en/planning.gsm
var/lib/asterisk/sounds/en/please-enter-your.gsm
var/lib/asterisk/sounds/en/please-hang-up-and-dial-operator.gsm
var/lib/asterisk/sounds/en/please-hang-up-and-try-again.gsm
+var/lib/asterisk/sounds/en/please-hold-minion-connect.gsm
+var/lib/asterisk/sounds/en/please-hold-while-minion.gsm
var/lib/asterisk/sounds/en/please-try-again-later.gsm
var/lib/asterisk/sounds/en/please-try-again.gsm
var/lib/asterisk/sounds/en/please-try.gsm
var/lib/asterisk/sounds/en/pls-hold-process-tx.gsm
var/lib/asterisk/sounds/en/pls-hold-silent30.gsm
var/lib/asterisk/sounds/en/pls-hold-while-try.gsm
+var/lib/asterisk/sounds/en/pls-listen-options-changed.gsm
var/lib/asterisk/sounds/en/pls-lv-msg-will-contact.gsm
var/lib/asterisk/sounds/en/pls-rcrd-name-at-tone.gsm
var/lib/asterisk/sounds/en/pls-stay-on-line.gsm
var/lib/asterisk/sounds/en/press-enter.gsm
var/lib/asterisk/sounds/en/press-escape.gsm
var/lib/asterisk/sounds/en/press-hash.gsm
+var/lib/asterisk/sounds/en/press-or-say-0.gsm
+var/lib/asterisk/sounds/en/press-or-say-1.gsm
+var/lib/asterisk/sounds/en/press-or-say-2.gsm
+var/lib/asterisk/sounds/en/press-or-say-3.gsm
+var/lib/asterisk/sounds/en/press-or-say-4.gsm
+var/lib/asterisk/sounds/en/press-or-say-5.gsm
+var/lib/asterisk/sounds/en/press-or-say-6.gsm
+var/lib/asterisk/sounds/en/press-or-say-7.gsm
+var/lib/asterisk/sounds/en/press-or-say-8.gsm
+var/lib/asterisk/sounds/en/press-or-say-9.gsm
var/lib/asterisk/sounds/en/press-pound-save-changes.gsm
var/lib/asterisk/sounds/en/press-pound-to-login-star-to-hangup.gsm
var/lib/asterisk/sounds/en/press-pound.gsm
var/lib/asterisk/sounds/en/press-the-space-bar.gsm
var/lib/asterisk/sounds/en/press-tilde.gsm
var/lib/asterisk/sounds/en/press.gsm
+var/lib/asterisk/sounds/en/press_pound_hash.gsm
+var/lib/asterisk/sounds/en/press_pound_hash_key.gsm
var/lib/asterisk/sounds/en/pressure.gsm
+var/lib/asterisk/sounds/en/prime_number.gsm
var/lib/asterisk/sounds/en/printing.gsm
var/lib/asterisk/sounds/en/priv-callee-options.gsm
var/lib/asterisk/sounds/en/priv-callpending.gsm
var/lib/asterisk/sounds/en/product.gsm
var/lib/asterisk/sounds/en/production.gsm
var/lib/asterisk/sounds/en/projects.gsm
+var/lib/asterisk/sounds/en/prompt-not-found.gsm
var/lib/asterisk/sounds/en/protocol.gsm
var/lib/asterisk/sounds/en/public-relations.gsm
var/lib/asterisk/sounds/en/purchasing.gsm
var/lib/asterisk/sounds/en/q-dot-9thirty1.gsm
var/lib/asterisk/sounds/en/quality-assurance.gsm
var/lib/asterisk/sounds/en/quality-control.gsm
+var/lib/asterisk/sounds/en/quality_control.gsm
var/lib/asterisk/sounds/en/quarter.gsm
var/lib/asterisk/sounds/en/queue-callswaiting.gsm
var/lib/asterisk/sounds/en/queue-holdtime.gsm
var/lib/asterisk/sounds/en/reception.gsm
var/lib/asterisk/sounds/en/recorded.gsm
var/lib/asterisk/sounds/en/registrar.gsm
+var/lib/asterisk/sounds/en/regret_not_saved.gsm
var/lib/asterisk/sounds/en/remote-already-in-this-mode-2.gsm
var/lib/asterisk/sounds/en/remote-already-in-this-mode.gsm
var/lib/asterisk/sounds/en/remote-base.gsm
var/lib/asterisk/sounds/en/removed.gsm
var/lib/asterisk/sounds/en/repair.gsm
var/lib/asterisk/sounds/en/repeat-only.gsm
+var/lib/asterisk/sounds/en/repeat_pin.gsm
var/lib/asterisk/sounds/en/repeater.gsm
var/lib/asterisk/sounds/en/research-and-development.gsm
var/lib/asterisk/sounds/en/research.gsm
var/lib/asterisk/sounds/en/route-sip.gsm
var/lib/asterisk/sounds/en/rqsted-wakeup-for.gsm
var/lib/asterisk/sounds/en/sacramento.gsm
+var/lib/asterisk/sounds/en/said_hold_on.gsm
var/lib/asterisk/sounds/en/saint-louis.gsm
var/lib/asterisk/sounds/en/sales-floor.gsm
var/lib/asterisk/sounds/en/sales.gsm
+var/lib/asterisk/sounds/en/saleshell.gsm
var/lib/asterisk/sounds/en/san-antonio.gsm
var/lib/asterisk/sounds/en/san-diego.gsm
var/lib/asterisk/sounds/en/san-francisco.gsm
var/lib/asterisk/sounds/en/security.gsm
var/lib/asterisk/sounds/en/self-destruct-in.gsm
var/lib/asterisk/sounds/en/self-destruct.gsm
+var/lib/asterisk/sounds/en/sendhelp.gsm
var/lib/asterisk/sounds/en/server.gsm
var/lib/asterisk/sounds/en/service-not-implemented.gsm
var/lib/asterisk/sounds/en/service.gsm
var/lib/asterisk/sounds/en/sorry-youre-having-problems.gsm
var/lib/asterisk/sounds/en/sorry.gsm
var/lib/asterisk/sounds/en/sorry2.gsm
+var/lib/asterisk/sounds/en/sorry_caller_number.gsm
+var/lib/asterisk/sounds/en/sorry_didnt_get.gsm
+var/lib/asterisk/sounds/en/sorry_didnt_quite_get.gsm
+var/lib/asterisk/sounds/en/sorry_login_incorrect.gsm
+var/lib/asterisk/sounds/en/sorry_missed.gsm
+var/lib/asterisk/sounds/en/sorry_no_messages.gsm
+var/lib/asterisk/sounds/en/sorrydave.gsm
var/lib/asterisk/sounds/en/south-carolina.gsm
var/lib/asterisk/sounds/en/south-dakota.gsm
var/lib/asterisk/sounds/en/south.gsm
var/lib/asterisk/sounds/en/status.gsm
var/lib/asterisk/sounds/en/step-in-stream.gsm
var/lib/asterisk/sounds/en/sterling.gsm
+var/lib/asterisk/sounds/en/still_on_phone.gsm
var/lib/asterisk/sounds/en/store-accounting.gsm
var/lib/asterisk/sounds/en/storm.gsm
var/lib/asterisk/sounds/en/sun.gsm
var/lib/asterisk/sounds/en/sunny.gsm
var/lib/asterisk/sounds/en/support.gsm
+var/lib/asterisk/sounds/en/sure_help.gsm
var/lib/asterisk/sounds/en/swap.gsm
var/lib/asterisk/sounds/en/system-crashed.gsm
var/lib/asterisk/sounds/en/system-status-msg.gsm
var/lib/asterisk/sounds/en/system.gsm
var/lib/asterisk/sounds/en/systems.gsm
+var/lib/asterisk/sounds/en/talkin_me.gsm
var/lib/asterisk/sounds/en/talking-to-myself.gsm
var/lib/asterisk/sounds/en/target-attendant.gsm
var/lib/asterisk/sounds/en/tcp.gsm
var/lib/asterisk/sounds/en/technical-support.gsm
+var/lib/asterisk/sounds/en/telemarketercalling.gsm
var/lib/asterisk/sounds/en/telephone-in-your-pocket.gsm
var/lib/asterisk/sounds/en/telephone-in-your-pocket2.gsm
var/lib/asterisk/sounds/en/telephone-number.gsm
var/lib/asterisk/sounds/en/texas.gsm
var/lib/asterisk/sounds/en/thank-you-cooperation.gsm
var/lib/asterisk/sounds/en/thank-you-for-calling.gsm
+var/lib/asterisk/sounds/en/thank_you_calling.gsm
+var/lib/asterisk/sounds/en/thanks-annoyance.gsm
var/lib/asterisk/sounds/en/thanks-for-calling-today.gsm
var/lib/asterisk/sounds/en/thanks-for-using.gsm
var/lib/asterisk/sounds/en/that-is-not-rec-phn-num.gsm
var/lib/asterisk/sounds/en/tide.gsm
var/lib/asterisk/sounds/en/time.gsm
var/lib/asterisk/sounds/en/times.gsm
+var/lib/asterisk/sounds/en/timewarp.gsm
var/lib/asterisk/sounds/en/to-accept-recording.gsm
var/lib/asterisk/sounds/en/to-be-called-back.gsm
var/lib/asterisk/sounds/en/to-blklist-last-caller.gsm
var/lib/asterisk/sounds/en/to-snooze-for.gsm
var/lib/asterisk/sounds/en/to-use-def-attendant.gsm
var/lib/asterisk/sounds/en/tomorrow-night.gsm
+var/lib/asterisk/sounds/en/tone_time.gsm
var/lib/asterisk/sounds/en/tones-that-follow-are-for-the-deaf.gsm
var/lib/asterisk/sounds/en/tonight.gsm
var/lib/asterisk/sounds/en/too-low.gsm
var/lib/asterisk/sounds/en/traffic.gsm
var/lib/asterisk/sounds/en/training.gsm
var/lib/asterisk/sounds/en/transfer.gsm
+var/lib/asterisk/sounds/en/transfer_to_agent.gsm
var/lib/asterisk/sounds/en/transportation.gsm
var/lib/asterisk/sounds/en/travel.gsm
var/lib/asterisk/sounds/en/treasury.gsm
var/lib/asterisk/sounds/en/uk.gsm
var/lib/asterisk/sounds/en/unavailable.gsm
var/lib/asterisk/sounds/en/unconditional.gsm
+var/lib/asterisk/sounds/en/unicorn_blood.gsm
+var/lib/asterisk/sounds/en/unicorn_blood_MIXDOWN.gsm
var/lib/asterisk/sounds/en/unidentified-no-callback.gsm
var/lib/asterisk/sounds/en/units.gsm
var/lib/asterisk/sounds/en/unix.gsm
+var/lib/asterisk/sounds/en/unwelcomecall.gsm
var/lib/asterisk/sounds/en/up.gsm
+var/lib/asterisk/sounds/en/uppercase.gsm
var/lib/asterisk/sounds/en/uptime.gsm
var/lib/asterisk/sounds/en/user.gsm
var/lib/asterisk/sounds/en/users.gsm
var/lib/asterisk/sounds/en/vm-messages.gsm
var/lib/asterisk/sounds/en/vm-minutes.gsm
var/lib/asterisk/sounds/en/vm-mismatch.gsm
+var/lib/asterisk/sounds/en/vm-msgforwarded.gsm
var/lib/asterisk/sounds/en/vm-msginstruct.gsm
var/lib/asterisk/sounds/en/vm-msgsaved.gsm
var/lib/asterisk/sounds/en/vm-newpassword.gsm
var/lib/asterisk/sounds/en/washington-dc.gsm
var/lib/asterisk/sounds/en/washington.gsm
var/lib/asterisk/sounds/en/watch.gsm
+var/lib/asterisk/sounds/en/watson.gsm
var/lib/asterisk/sounds/en/we-apologize.gsm
var/lib/asterisk/sounds/en/we-dont-have-tech-support.gsm
var/lib/asterisk/sounds/en/weasels-eaten-phonesys.gsm
var/lib/asterisk/sounds/en/what-time-it-is2.gsm
var/lib/asterisk/sounds/en/when-dialing-this-number.gsm
var/lib/asterisk/sounds/en/who-would-you-like-to-call.gsm
+var/lib/asterisk/sounds/en/whoareyou.gsm
var/lib/asterisk/sounds/en/why-no-answer-mystery.gsm
var/lib/asterisk/sounds/en/wichita.gsm
var/lib/asterisk/sounds/en/will-apply.gsm
var/lib/asterisk/sounds/en/windy.gsm
var/lib/asterisk/sounds/en/wisconsin.gsm
var/lib/asterisk/sounds/en/wish-to-continue.gsm
+var/lib/asterisk/sounds/en/wish_command_totally.gsm
var/lib/asterisk/sounds/en/with.gsm
var/lib/asterisk/sounds/en/within.gsm
+var/lib/asterisk/sounds/en/woo_hoo_call_first.gsm
var/lib/asterisk/sounds/en/work.gsm
var/lib/asterisk/sounds/en/wrong-try-again-smarty.gsm
var/lib/asterisk/sounds/en/wtng-to-spk-w-rep.gsm
var/lib/asterisk/sounds/en/you-seem-impatient.gsm
var/lib/asterisk/sounds/en/you-sound-cute.gsm
var/lib/asterisk/sounds/en/you-wish-to-join.gsm
+var/lib/asterisk/sounds/en/you_say_yes.gsm
var/lib/asterisk/sounds/en/your-account.gsm
var/lib/asterisk/sounds/en/your-msg-has-been-saved.gsm
var/lib/asterisk/sounds/en/your-msg-is-too-short.gsm
var/lib/asterisk/sounds/en/your-req-notification.gsm
var/lib/asterisk/sounds/en/your-temp-greeting.gsm
var/lib/asterisk/sounds/en/your.gsm
+var/lib/asterisk/sounds/en/yourcallisimportant.gsm
+var/lib/asterisk/sounds/en/yourcallisimpotent.gsm
var/lib/asterisk/sounds/en/zip-code.gsm
+var/lib/asterisk/sounds/en/zombies.gsm
#var/lib/asterisk/sounds/letters
#var/lib/asterisk/sounds/letters/de
var/lib/asterisk/sounds/letters/de/a.gsm
var/lib/asterisk/sounds/phonetic/de/y_p.gsm
var/lib/asterisk/sounds/phonetic/de/z_p.gsm
#var/lib/asterisk/static-http
-var/lib/asterisk/static-http/ajamdemo.html
-var/lib/asterisk/static-http/astman.css
-var/lib/asterisk/static-http/astman.js
-var/lib/asterisk/static-http/core-en_US.xml
-var/lib/asterisk/static-http/mantest.html
-var/lib/asterisk/static-http/prototype.js
+#var/lib/asterisk/static-http/ajamdemo.html
+#var/lib/asterisk/static-http/astman.css
+#var/lib/asterisk/static-http/astman.js
+#var/lib/asterisk/static-http/core-en_US.xml
+#var/lib/asterisk/static-http/mantest.html
+#var/lib/asterisk/static-http/prototype.js
#var/log/asterisk
var/log/asterisk/cdr-csv
var/log/asterisk/cdr-custom
var/log/asterisk/cel-custom
-#var/run/asterisk
#var/spool/asterisk
var/spool/asterisk/dictate
var/spool/asterisk/meetme
var/spool/asterisk/voicemail/default/1234/en
var/spool/asterisk/voicemail/default/1234/en/busy.gsm
var/spool/asterisk/voicemail/default/1234/en/unavail.gsm
-etc/rc.d/init.d/asterisk
-srv/web/ipfire/cgi-bin/asterisk
-var/ipfire/menu.d/EX-asterisk.menu
#usr/lib/libassuan.la
usr/lib/libassuan.so
usr/lib/libassuan.so.0
-usr/lib/libassuan.so.0.3.0
+usr/lib/libassuan.so.0.4.3
#usr/share/aclocal/libassuan.m4
#usr/share/info/assuan.info
#usr/include/dvbpsi
+#usr/include/dvbpsi/atsc_eit.h
+#usr/include/dvbpsi/atsc_ett.h
+#usr/include/dvbpsi/atsc_mgt.h
+#usr/include/dvbpsi/atsc_stt.h
+#usr/include/dvbpsi/atsc_vct.h
+#usr/include/dvbpsi/bat.h
#usr/include/dvbpsi/cat.h
#usr/include/dvbpsi/demux.h
#usr/include/dvbpsi/descriptor.h
#usr/include/dvbpsi/dr_0d.h
#usr/include/dvbpsi/dr_0e.h
#usr/include/dvbpsi/dr_0f.h
+#usr/include/dvbpsi/dr_13.h
+#usr/include/dvbpsi/dr_14.h
+#usr/include/dvbpsi/dr_40.h
+#usr/include/dvbpsi/dr_41.h
#usr/include/dvbpsi/dr_42.h
+#usr/include/dvbpsi/dr_43.h
+#usr/include/dvbpsi/dr_44.h
+#usr/include/dvbpsi/dr_45.h
#usr/include/dvbpsi/dr_47.h
#usr/include/dvbpsi/dr_48.h
+#usr/include/dvbpsi/dr_49.h
+#usr/include/dvbpsi/dr_4a.h
+#usr/include/dvbpsi/dr_4b.h
+#usr/include/dvbpsi/dr_4c.h
#usr/include/dvbpsi/dr_4d.h
#usr/include/dvbpsi/dr_4e.h
+#usr/include/dvbpsi/dr_4f.h
+#usr/include/dvbpsi/dr_50.h
#usr/include/dvbpsi/dr_52.h
+#usr/include/dvbpsi/dr_53.h
+#usr/include/dvbpsi/dr_54.h
#usr/include/dvbpsi/dr_55.h
#usr/include/dvbpsi/dr_56.h
+#usr/include/dvbpsi/dr_58.h
#usr/include/dvbpsi/dr_59.h
+#usr/include/dvbpsi/dr_5a.h
+#usr/include/dvbpsi/dr_62.h
+#usr/include/dvbpsi/dr_66.h
#usr/include/dvbpsi/dr_69.h
+#usr/include/dvbpsi/dr_73.h
+#usr/include/dvbpsi/dr_76.h
+#usr/include/dvbpsi/dr_7c.h
+#usr/include/dvbpsi/dr_81.h
+#usr/include/dvbpsi/dr_83.h
+#usr/include/dvbpsi/dr_86.h
+#usr/include/dvbpsi/dr_8a.h
+#usr/include/dvbpsi/dr_a0.h
+#usr/include/dvbpsi/dr_a1.h
#usr/include/dvbpsi/dvbpsi.h
#usr/include/dvbpsi/eit.h
+#usr/include/dvbpsi/nit.h
#usr/include/dvbpsi/pat.h
#usr/include/dvbpsi/pmt.h
#usr/include/dvbpsi/psi.h
+#usr/include/dvbpsi/rst.h
#usr/include/dvbpsi/sdt.h
+#usr/include/dvbpsi/sis.h
+#usr/include/dvbpsi/tot.h
#usr/lib/libdvbpsi.a
#usr/lib/libdvbpsi.la
usr/lib/libdvbpsi.so
-usr/lib/libdvbpsi.so.5
-usr/lib/libdvbpsi.so.5.0.0
+usr/lib/libdvbpsi.so.9
+usr/lib/libdvbpsi.so.9.0.0
+#usr/lib/pkgconfig/libdvbpsi.pc
#usr/include/event2/thread.h
#usr/include/event2/util.h
usr/lib/libevent-2.0.so.5
-usr/lib/libevent-2.0.so.5.1.2
+usr/lib/libevent-2.0.so.5.1.9
usr/lib/libevent_core-2.0.so.5
-usr/lib/libevent_core-2.0.so.5.1.2
+usr/lib/libevent_core-2.0.so.5.1.9
usr/lib/libevent_extra-2.0.so.5
-usr/lib/libevent_extra-2.0.so.5.1.2
+usr/lib/libevent_extra-2.0.so.5.1.9
usr/lib/libevent_openssl-2.0.so.5
-usr/lib/libevent_openssl-2.0.so.5.1.2
+usr/lib/libevent_openssl-2.0.so.5.1.9
#usr/lib/libevent_openssl.a
#usr/lib/libevent_openssl.la
#usr/lib/libevent_openssl.so
usr/lib/libevent_pthreads-2.0.so.5
-usr/lib/libevent_pthreads-2.0.so.5.1.2
+usr/lib/libevent_pthreads-2.0.so.5.1.9
#usr/lib/libevent_pthreads.a
#usr/lib/libevent_pthreads.la
#usr/lib/libevent_pthreads.so
--- /dev/null
+#usr/include/srtp
+#usr/include/srtp/aes.h
+#usr/include/srtp/aes_cbc.h
+#usr/include/srtp/aes_gcm_ossl.h
+#usr/include/srtp/aes_icm.h
+#usr/include/srtp/aes_icm_ossl.h
+#usr/include/srtp/alloc.h
+#usr/include/srtp/auth.h
+#usr/include/srtp/cipher.h
+#usr/include/srtp/config.h
+#usr/include/srtp/crypto.h
+#usr/include/srtp/crypto_kernel.h
+#usr/include/srtp/crypto_math.h
+#usr/include/srtp/crypto_types.h
+#usr/include/srtp/cryptoalg.h
+#usr/include/srtp/datatypes.h
+#usr/include/srtp/ekt.h
+#usr/include/srtp/err.h
+#usr/include/srtp/getopt_s.h
+#usr/include/srtp/gf2_8.h
+#usr/include/srtp/hmac.h
+#usr/include/srtp/integers.h
+#usr/include/srtp/kernel_compat.h
+#usr/include/srtp/key.h
+#usr/include/srtp/null_auth.h
+#usr/include/srtp/null_cipher.h
+#usr/include/srtp/prng.h
+#usr/include/srtp/rand_source.h
+#usr/include/srtp/rdb.h
+#usr/include/srtp/rdbx.h
+#usr/include/srtp/rtp.h
+#usr/include/srtp/rtp_priv.h
+#usr/include/srtp/sha1.h
+#usr/include/srtp/srtp.h
+#usr/include/srtp/srtp_priv.h
+#usr/include/srtp/stat.h
+#usr/include/srtp/ut_sim.h
+#usr/include/srtp/xfm.h
+usr/lib/libsrtp.so
+#usr/lib/pkgconfig/libsrtp.pc
-var/ipfire/lynis-1.2.9
-var/ipfire/lynis-1.2.9/db
-var/ipfire/lynis-1.2.9/db/fileperms.db
-var/ipfire/lynis-1.2.9/db/hints.db
-var/ipfire/lynis-1.2.9/db/integrity.db
-var/ipfire/lynis-1.2.9/db/malware-susp.db
-var/ipfire/lynis-1.2.9/db/malware.db
-var/ipfire/lynis-1.2.9/db/sbl.db
-var/ipfire/lynis-1.2.9/default.prf
-var/ipfire/lynis-1.2.9/include
-var/ipfire/lynis-1.2.9/include/binaries
-var/ipfire/lynis-1.2.9/include/consts
-var/ipfire/lynis-1.2.9/include/functions
-var/ipfire/lynis-1.2.9/include/osdetection
-var/ipfire/lynis-1.2.9/include/parameters
-var/ipfire/lynis-1.2.9/include/profiles
-var/ipfire/lynis-1.2.9/include/report
-var/ipfire/lynis-1.2.9/include/tests_accounting
-var/ipfire/lynis-1.2.9/include/tests_authentication
-var/ipfire/lynis-1.2.9/include/tests_banners
-var/ipfire/lynis-1.2.9/include/tests_boot_services
-var/ipfire/lynis-1.2.9/include/tests_crypto
-var/ipfire/lynis-1.2.9/include/tests_databases
-var/ipfire/lynis-1.2.9/include/tests_file_integrity
-var/ipfire/lynis-1.2.9/include/tests_file_permissions
-var/ipfire/lynis-1.2.9/include/tests_filesystems
-var/ipfire/lynis-1.2.9/include/tests_firewalls
-var/ipfire/lynis-1.2.9/include/tests_hardening
-var/ipfire/lynis-1.2.9/include/tests_hardening_tools
-var/ipfire/lynis-1.2.9/include/tests_homedirs
-var/ipfire/lynis-1.2.9/include/tests_insecure_services
-var/ipfire/lynis-1.2.9/include/tests_kernel
-var/ipfire/lynis-1.2.9/include/tests_kernel_hardening
-var/ipfire/lynis-1.2.9/include/tests_ldap
-var/ipfire/lynis-1.2.9/include/tests_logging
-var/ipfire/lynis-1.2.9/include/tests_mac_frameworks
-var/ipfire/lynis-1.2.9/include/tests_mail_messaging
-var/ipfire/lynis-1.2.9/include/tests_malware
-var/ipfire/lynis-1.2.9/include/tests_memory_processes
-var/ipfire/lynis-1.2.9/include/tests_nameservices
-var/ipfire/lynis-1.2.9/include/tests_networking
-var/ipfire/lynis-1.2.9/include/tests_php
-var/ipfire/lynis-1.2.9/include/tests_ports_packages
-var/ipfire/lynis-1.2.9/include/tests_printers_spools
-var/ipfire/lynis-1.2.9/include/tests_scheduling
-var/ipfire/lynis-1.2.9/include/tests_shells
-var/ipfire/lynis-1.2.9/include/tests_snmp
-var/ipfire/lynis-1.2.9/include/tests_solaris
-var/ipfire/lynis-1.2.9/include/tests_squid
-var/ipfire/lynis-1.2.9/include/tests_ssh
-var/ipfire/lynis-1.2.9/include/tests_storage
-var/ipfire/lynis-1.2.9/include/tests_storage_nfs
-var/ipfire/lynis-1.2.9/include/tests_time
-var/ipfire/lynis-1.2.9/include/tests_virtualization
-var/ipfire/lynis-1.2.9/include/tests_webservers
-var/ipfire/lynis-1.2.9/lynis
-var/ipfire/lynis-1.2.9/lynis.8
-var/ipfire/lynis-1.2.9/plugins
-var/ipfire/lynis-1.2.9/plugins/README
-var/ipfire/lynis-1.2.9/plugins/plugin_access_files
-var/ipfire/lynis-1.2.9/plugins/plugin_compliance_pci
-var/ipfire/lynis-1.2.9/plugins/plugin_homedirs
-var/ipfire/lynis-1.2.9/plugins/plugin_webserver_data
\ No newline at end of file
+var/ipfire/lynis
+#var/ipfire/lynis/CONTRIBUTORS
+#var/ipfire/lynis/db
+var/ipfire/lynis/db/fileperms.db
+var/ipfire/lynis/db/hints.db
+var/ipfire/lynis/db/integrity.db
+var/ipfire/lynis/db/malware-susp.db
+var/ipfire/lynis/db/malware.db
+var/ipfire/lynis/db/sbl.db
+var/ipfire/lynis/default.prf
+#var/ipfire/lynis/extras
+var/ipfire/lynis/extras/.bzrignore
+#var/ipfire/lynis/extras/README
+#var/ipfire/lynis/extras/bash_completion.d
+var/ipfire/lynis/extras/bash_completion.d/lynis
+var/ipfire/lynis/extras/build-lynis.sh
+var/ipfire/lynis/extras/check-lynis.sh
+var/ipfire/lynis/extras/files.dat
+var/ipfire/lynis/extras/lynis.spec
+#var/ipfire/lynis/extras/openbsd
+#var/ipfire/lynis/extras/openbsd/+CONTENTS
+#var/ipfire/lynis/extras/systemd
+#var/ipfire/lynis/extras/systemd/lynis.service
+#var/ipfire/lynis/extras/systemd/lynis.timer
+#var/ipfire/lynis/include
+var/ipfire/lynis/include/binaries
+var/ipfire/lynis/include/consts
+var/ipfire/lynis/include/data_upload
+var/ipfire/lynis/include/functions
+var/ipfire/lynis/include/osdetection
+var/ipfire/lynis/include/parameters
+var/ipfire/lynis/include/profiles
+var/ipfire/lynis/include/report
+var/ipfire/lynis/include/tests_accounting
+var/ipfire/lynis/include/tests_authentication
+var/ipfire/lynis/include/tests_banners
+var/ipfire/lynis/include/tests_boot_services
+var/ipfire/lynis/include/tests_crypto
+var/ipfire/lynis/include/tests_custom.template
+var/ipfire/lynis/include/tests_databases
+var/ipfire/lynis/include/tests_file_integrity
+var/ipfire/lynis/include/tests_file_permissions
+var/ipfire/lynis/include/tests_filesystems
+var/ipfire/lynis/include/tests_firewalls
+var/ipfire/lynis/include/tests_hardening
+var/ipfire/lynis/include/tests_hardening_tools
+var/ipfire/lynis/include/tests_homedirs
+var/ipfire/lynis/include/tests_insecure_services
+var/ipfire/lynis/include/tests_kernel
+var/ipfire/lynis/include/tests_kernel_hardening
+var/ipfire/lynis/include/tests_ldap
+var/ipfire/lynis/include/tests_logging
+var/ipfire/lynis/include/tests_mac_frameworks
+var/ipfire/lynis/include/tests_mail_messaging
+var/ipfire/lynis/include/tests_malware
+var/ipfire/lynis/include/tests_memory_processes
+var/ipfire/lynis/include/tests_nameservices
+var/ipfire/lynis/include/tests_networking
+var/ipfire/lynis/include/tests_php
+var/ipfire/lynis/include/tests_ports_packages
+var/ipfire/lynis/include/tests_printers_spools
+var/ipfire/lynis/include/tests_scheduling
+var/ipfire/lynis/include/tests_shells
+var/ipfire/lynis/include/tests_snmp
+#var/ipfire/lynis/include/tests_solaris
+var/ipfire/lynis/include/tests_squid
+var/ipfire/lynis/include/tests_ssh
+var/ipfire/lynis/include/tests_storage
+var/ipfire/lynis/include/tests_storage_nfs
+var/ipfire/lynis/include/tests_tcpwrappers
+var/ipfire/lynis/include/tests_time
+var/ipfire/lynis/include/tests_tooling
+var/ipfire/lynis/include/tests_virtualization
+var/ipfire/lynis/include/tests_webservers
+var/ipfire/lynis/lynis
+var/ipfire/lynis/lynis.8
+#var/ipfire/lynis/plugins
+var/ipfire/lynis/plugins/README
+var/ipfire/lynis/plugins/custom_plugin.template
usr/share/mc/skins/double-lines.ini
usr/share/mc/skins/featured.ini
usr/share/mc/skins/gotar.ini
+usr/share/mc/skins/gray-green-purple256.ini
+usr/share/mc/skins/gray-orange-blue256.ini
usr/share/mc/skins/mc46.ini
usr/share/mc/skins/modarcon16-defbg.ini
usr/share/mc/skins/modarcon16.ini
--- /dev/null
+etc/monitrc
+usr/bin/monit
+#usr/share/man/man1/monit.1
+var/ipfire/backup/addons/includes/monit
+etc/rc.d/init.d/monit
+etc/rc.d/rc0.d/K40monit
+etc/rc.d/rc3.d/S60monit
+etc/rc.d/rc6.d/K40monit
usr/bin/ndiff
usr/bin/nmap
usr/bin/nping
+usr/lib/python2.7/site-packages/ndiff.py
+usr/lib/python2.7/site-packages/ndiff.pyc
#usr/share/man/de/man1/nmap.1
#usr/share/man/es/man1/nmap.1
#usr/share/man/fr/man1/nmap.1
#usr/share/man/hu/man1
#usr/share/man/hu/man1/nmap.1
#usr/share/man/it/man1/nmap.1
-#usr/share/man/jp
-#usr/share/man/jp/man1
-#usr/share/man/jp/man1/nmap.1
+#usr/share/man/ja/man1/nmap.1
#usr/share/man/man1/ncat.1
#usr/share/man/man1/ndiff.1
#usr/share/man/man1/nmap.1
#usr/share/man/zh/man1
#usr/share/man/zh/man1/nmap.1
#usr/share/ncat
-usr/share/ncat/ca-bundle.crt
+#usr/share/ncat/ca-bundle.crt
#usr/share/nmap
usr/share/nmap/nmap-mac-prefixes
usr/share/nmap/nmap-os-db
usr/share/nmap/nmap.dtd
usr/share/nmap/nmap.xsl
usr/share/nmap/nse_main.lua
-#usr/share/nmap/nselib
+usr/share/nmap/nselib
usr/share/nmap/nselib/afp.lua
+usr/share/nmap/nselib/ajp.lua
usr/share/nmap/nselib/amqp.lua
usr/share/nmap/nselib/asn1.lua
+usr/share/nmap/nselib/base32.lua
usr/share/nmap/nselib/base64.lua
+usr/share/nmap/nselib/bin.luadoc
+usr/share/nmap/nselib/bit.luadoc
usr/share/nmap/nselib/bitcoin.lua
usr/share/nmap/nselib/bittorrent.lua
+usr/share/nmap/nselib/bjnp.lua
usr/share/nmap/nselib/brute.lua
+usr/share/nmap/nselib/cassandra.lua
usr/share/nmap/nselib/citrixxml.lua
usr/share/nmap/nselib/comm.lua
usr/share/nmap/nselib/creds.lua
usr/share/nmap/nselib/cvs.lua
-#usr/share/nmap/nselib/data
+usr/share/nmap/nselib/data
+usr/share/nmap/nselib/data/dns-srv-names
+usr/share/nmap/nselib/data/drupal-modules.lst
usr/share/nmap/nselib/data/favicon-db
usr/share/nmap/nselib/data/http-default-accounts-fingerprints.lua
+usr/share/nmap/nselib/data/http-devframework-fingerprints.lua
usr/share/nmap/nselib/data/http-fingerprints.lua
usr/share/nmap/nselib/data/http-folders.txt
+usr/share/nmap/nselib/data/http-sql-errors.lst
+usr/share/nmap/nselib/data/http-web-files-extensions.lst
+usr/share/nmap/nselib/data/ike-fingerprints.lua
+#usr/share/nmap/nselib/data/jdwp-class
+#usr/share/nmap/nselib/data/jdwp-class/JDWPExecCmd.class
+#usr/share/nmap/nselib/data/jdwp-class/JDWPExecCmd.java
+#usr/share/nmap/nselib/data/jdwp-class/JDWPSystemInfo.class
+#usr/share/nmap/nselib/data/jdwp-class/JDWPSystemInfo.java
+#usr/share/nmap/nselib/data/jdwp-class/README.txt
+usr/share/nmap/nselib/data/mgroupnames.db
usr/share/nmap/nselib/data/mysql-cis.audit
usr/share/nmap/nselib/data/oracle-default-accounts.lst
usr/share/nmap/nselib/data/oracle-sids
usr/share/nmap/nselib/data/packetdecoders.lua
usr/share/nmap/nselib/data/passwords.lst
+#usr/share/nmap/nselib/data/pixel.gif
#usr/share/nmap/nselib/data/psexec
-usr/share/nmap/nselib/data/psexec/README
+#usr/share/nmap/nselib/data/psexec/README
usr/share/nmap/nselib/data/psexec/backdoor.lua
usr/share/nmap/nselib/data/psexec/default.lua
usr/share/nmap/nselib/data/psexec/drives.lua
usr/share/nmap/nselib/data/ssl-fingerprints
usr/share/nmap/nselib/data/tftplist.txt
usr/share/nmap/nselib/data/usernames.lst
+usr/share/nmap/nselib/data/vhosts-default.lst
+usr/share/nmap/nselib/data/vhosts-full.lst
usr/share/nmap/nselib/data/wp-plugins.lst
usr/share/nmap/nselib/datafiles.lua
usr/share/nmap/nselib/dhcp.lua
usr/share/nmap/nselib/dnssd.lua
usr/share/nmap/nselib/drda.lua
usr/share/nmap/nselib/eap.lua
+usr/share/nmap/nselib/eigrp.lua
+usr/share/nmap/nselib/formulas.lua
usr/share/nmap/nselib/ftp.lua
usr/share/nmap/nselib/giop.lua
+usr/share/nmap/nselib/gps.lua
usr/share/nmap/nselib/http.lua
usr/share/nmap/nselib/httpspider.lua
usr/share/nmap/nselib/iax2.lua
+usr/share/nmap/nselib/ike.lua
usr/share/nmap/nselib/imap.lua
usr/share/nmap/nselib/informix.lua
usr/share/nmap/nselib/ipOps.lua
+usr/share/nmap/nselib/ipp.lua
usr/share/nmap/nselib/iscsi.lua
+usr/share/nmap/nselib/isns.lua
+usr/share/nmap/nselib/jdwp.lua
usr/share/nmap/nselib/json.lua
usr/share/nmap/nselib/ldap.lua
+usr/share/nmap/nselib/lfs.luadoc
usr/share/nmap/nselib/listop.lua
usr/share/nmap/nselib/match.lua
usr/share/nmap/nselib/membase.lua
+usr/share/nmap/nselib/mobileme.lua
usr/share/nmap/nselib/mongodb.lua
usr/share/nmap/nselib/msrpc.lua
usr/share/nmap/nselib/msrpcperformance.lua
usr/share/nmap/nselib/ncp.lua
usr/share/nmap/nselib/ndmp.lua
usr/share/nmap/nselib/netbios.lua
+usr/share/nmap/nselib/nmap.luadoc
usr/share/nmap/nselib/nrpc.lua
usr/share/nmap/nselib/nsedebug.lua
usr/share/nmap/nselib/omp2.lua
+usr/share/nmap/nselib/openssl.luadoc
+usr/share/nmap/nselib/ospf.lua
usr/share/nmap/nselib/packet.lua
+usr/share/nmap/nselib/pcre.luadoc
usr/share/nmap/nselib/pgsql.lua
usr/share/nmap/nselib/pop3.lua
usr/share/nmap/nselib/pppoe.lua
usr/share/nmap/nselib/proxy.lua
+usr/share/nmap/nselib/rdp.lua
usr/share/nmap/nselib/redis.lua
usr/share/nmap/nselib/rmi.lua
usr/share/nmap/nselib/rpc.lua
usr/share/nmap/nselib/tab.lua
usr/share/nmap/nselib/target.lua
usr/share/nmap/nselib/tftp.lua
+usr/share/nmap/nselib/tls.lua
usr/share/nmap/nselib/tns.lua
+usr/share/nmap/nselib/unicode.lua
+usr/share/nmap/nselib/unittest.lua
usr/share/nmap/nselib/unpwdb.lua
usr/share/nmap/nselib/upnp.lua
usr/share/nmap/nselib/url.lua
usr/share/nmap/scripts/afp-path-vuln.nse
usr/share/nmap/scripts/afp-serverinfo.nse
usr/share/nmap/scripts/afp-showmount.nse
+usr/share/nmap/scripts/ajp-auth.nse
+usr/share/nmap/scripts/ajp-brute.nse
+usr/share/nmap/scripts/ajp-headers.nse
+usr/share/nmap/scripts/ajp-methods.nse
+usr/share/nmap/scripts/ajp-request.nse
+usr/share/nmap/scripts/allseeingeye-info.nse
usr/share/nmap/scripts/amqp-info.nse
usr/share/nmap/scripts/asn-query.nse
usr/share/nmap/scripts/auth-owners.nse
usr/share/nmap/scripts/bitcoin-info.nse
usr/share/nmap/scripts/bitcoinrpc-info.nse
usr/share/nmap/scripts/bittorrent-discovery.nse
+usr/share/nmap/scripts/bjnp-discover.nse
+usr/share/nmap/scripts/broadcast-ataoe-discover.nse
usr/share/nmap/scripts/broadcast-avahi-dos.nse
+usr/share/nmap/scripts/broadcast-bjnp-discover.nse
usr/share/nmap/scripts/broadcast-db2-discover.nse
usr/share/nmap/scripts/broadcast-dhcp-discover.nse
usr/share/nmap/scripts/broadcast-dhcp6-discover.nse
usr/share/nmap/scripts/broadcast-dns-service-discovery.nse
usr/share/nmap/scripts/broadcast-dropbox-listener.nse
+usr/share/nmap/scripts/broadcast-eigrp-discovery.nse
+usr/share/nmap/scripts/broadcast-igmp-discovery.nse
usr/share/nmap/scripts/broadcast-listener.nse
usr/share/nmap/scripts/broadcast-ms-sql-discover.nse
usr/share/nmap/scripts/broadcast-netbios-master-browser.nse
usr/share/nmap/scripts/broadcast-novell-locate.nse
usr/share/nmap/scripts/broadcast-pc-anywhere.nse
usr/share/nmap/scripts/broadcast-pc-duo.nse
+usr/share/nmap/scripts/broadcast-pim-discovery.nse
usr/share/nmap/scripts/broadcast-ping.nse
usr/share/nmap/scripts/broadcast-pppoe-discover.nse
usr/share/nmap/scripts/broadcast-rip-discover.nse
usr/share/nmap/scripts/broadcast-ripng-discover.nse
usr/share/nmap/scripts/broadcast-sybase-asa-discover.nse
+usr/share/nmap/scripts/broadcast-tellstick-discover.nse
usr/share/nmap/scripts/broadcast-upnp-info.nse
usr/share/nmap/scripts/broadcast-versant-locate.nse
usr/share/nmap/scripts/broadcast-wake-on-lan.nse
usr/share/nmap/scripts/broadcast-wpad-discover.nse
usr/share/nmap/scripts/broadcast-wsdd-discover.nse
usr/share/nmap/scripts/broadcast-xdmcp-discover.nse
+usr/share/nmap/scripts/cassandra-brute.nse
+usr/share/nmap/scripts/cassandra-info.nse
usr/share/nmap/scripts/cccam-version.nse
usr/share/nmap/scripts/citrix-brute-xml.nse
usr/share/nmap/scripts/citrix-enum-apps-xml.nse
usr/share/nmap/scripts/couchdb-databases.nse
usr/share/nmap/scripts/couchdb-stats.nse
usr/share/nmap/scripts/creds-summary.nse
+usr/share/nmap/scripts/cups-info.nse
+usr/share/nmap/scripts/cups-queue-info.nse
usr/share/nmap/scripts/cvs-brute-repository.nse
usr/share/nmap/scripts/cvs-brute.nse
usr/share/nmap/scripts/daap-get-library.nse
usr/share/nmap/scripts/db2-das-info.nse
usr/share/nmap/scripts/db2-discover.nse
usr/share/nmap/scripts/dhcp-discover.nse
+usr/share/nmap/scripts/dict-info.nse
+usr/share/nmap/scripts/distcc-cve2004-2687.nse
usr/share/nmap/scripts/dns-blacklist.nse
usr/share/nmap/scripts/dns-brute.nse
usr/share/nmap/scripts/dns-cache-snoop.nse
+usr/share/nmap/scripts/dns-check-zone.nse
usr/share/nmap/scripts/dns-client-subnet-scan.nse
usr/share/nmap/scripts/dns-fuzz.nse
+usr/share/nmap/scripts/dns-ip6-arpa-scan.nse
usr/share/nmap/scripts/dns-nsec-enum.nse
+usr/share/nmap/scripts/dns-nsec3-enum.nse
usr/share/nmap/scripts/dns-nsid.nse
usr/share/nmap/scripts/dns-random-srcport.nse
usr/share/nmap/scripts/dns-random-txid.nse
usr/share/nmap/scripts/duplicates.nse
usr/share/nmap/scripts/eap-info.nse
usr/share/nmap/scripts/epmd-info.nse
+usr/share/nmap/scripts/eppc-enum-processes.nse
usr/share/nmap/scripts/finger.nse
usr/share/nmap/scripts/firewalk.nse
+usr/share/nmap/scripts/firewall-bypass.nse
+usr/share/nmap/scripts/flume-master-info.nse
+usr/share/nmap/scripts/freelancer-info.nse
usr/share/nmap/scripts/ftp-anon.nse
usr/share/nmap/scripts/ftp-bounce.nse
usr/share/nmap/scripts/ftp-brute.nse
usr/share/nmap/scripts/ftp-vuln-cve2010-4221.nse
usr/share/nmap/scripts/ganglia-info.nse
usr/share/nmap/scripts/giop-info.nse
+usr/share/nmap/scripts/gkrellm-info.nse
usr/share/nmap/scripts/gopher-ls.nse
+usr/share/nmap/scripts/gpsd-info.nse
usr/share/nmap/scripts/hadoop-datanode-info.nse
usr/share/nmap/scripts/hadoop-jobtracker-info.nse
usr/share/nmap/scripts/hadoop-namenode-info.nse
usr/share/nmap/scripts/hbase-region-info.nse
usr/share/nmap/scripts/hddtemp-info.nse
usr/share/nmap/scripts/hostmap-bfk.nse
+usr/share/nmap/scripts/hostmap-ip2hosts.nse
+usr/share/nmap/scripts/hostmap-robtex.nse
+usr/share/nmap/scripts/http-adobe-coldfusion-apsa1301.nse
usr/share/nmap/scripts/http-affiliate-id.nse
usr/share/nmap/scripts/http-apache-negotiation.nse
usr/share/nmap/scripts/http-auth-finder.nse
usr/share/nmap/scripts/http-brute.nse
usr/share/nmap/scripts/http-cakephp-version.nse
usr/share/nmap/scripts/http-chrono.nse
+usr/share/nmap/scripts/http-coldfusion-subzero.nse
+usr/share/nmap/scripts/http-comments-displayer.nse
usr/share/nmap/scripts/http-config-backup.nse
usr/share/nmap/scripts/http-cors.nse
+usr/share/nmap/scripts/http-csrf.nse
usr/share/nmap/scripts/http-date.nse
usr/share/nmap/scripts/http-default-accounts.nse
+usr/share/nmap/scripts/http-devframework.nse
+usr/share/nmap/scripts/http-dlink-backdoor.nse
+usr/share/nmap/scripts/http-dombased-xss.nse
usr/share/nmap/scripts/http-domino-enum-passwords.nse
+usr/share/nmap/scripts/http-drupal-enum-users.nse
+usr/share/nmap/scripts/http-drupal-modules.nse
usr/share/nmap/scripts/http-email-harvest.nse
usr/share/nmap/scripts/http-enum.nse
+usr/share/nmap/scripts/http-errors.nse
+usr/share/nmap/scripts/http-exif-spider.nse
usr/share/nmap/scripts/http-favicon.nse
+usr/share/nmap/scripts/http-feed.nse
+usr/share/nmap/scripts/http-fileupload-exploiter.nse
usr/share/nmap/scripts/http-form-brute.nse
+usr/share/nmap/scripts/http-form-fuzzer.nse
+usr/share/nmap/scripts/http-frontpage-login.nse
usr/share/nmap/scripts/http-generator.nse
+usr/share/nmap/scripts/http-git.nse
+usr/share/nmap/scripts/http-gitweb-projects-enum.nse
usr/share/nmap/scripts/http-google-malware.nse
usr/share/nmap/scripts/http-grep.nse
usr/share/nmap/scripts/http-headers.nse
+usr/share/nmap/scripts/http-huawei-hg5xx-vuln.nse
+usr/share/nmap/scripts/http-icloud-findmyiphone.nse
+usr/share/nmap/scripts/http-icloud-sendmsg.nse
+usr/share/nmap/scripts/http-iis-short-name-brute.nse
usr/share/nmap/scripts/http-iis-webdav-vuln.nse
usr/share/nmap/scripts/http-joomla-brute.nse
usr/share/nmap/scripts/http-litespeed-sourcecode-download.nse
usr/share/nmap/scripts/http-malware-host.nse
usr/share/nmap/scripts/http-method-tamper.nse
usr/share/nmap/scripts/http-methods.nse
+usr/share/nmap/scripts/http-mobileversion-checker.nse
+usr/share/nmap/scripts/http-ntlm-info.nse
usr/share/nmap/scripts/http-open-proxy.nse
usr/share/nmap/scripts/http-open-redirect.nse
usr/share/nmap/scripts/http-passwd.nse
usr/share/nmap/scripts/http-php-version.nse
+usr/share/nmap/scripts/http-phpmyadmin-dir-traversal.nse
+usr/share/nmap/scripts/http-phpself-xss.nse
usr/share/nmap/scripts/http-proxy-brute.nse
usr/share/nmap/scripts/http-put.nse
usr/share/nmap/scripts/http-qnap-nas-info.nse
+usr/share/nmap/scripts/http-referer-checker.nse
+usr/share/nmap/scripts/http-rfi-spider.nse
usr/share/nmap/scripts/http-robots.txt.nse
usr/share/nmap/scripts/http-robtex-reverse-ip.nse
+usr/share/nmap/scripts/http-robtex-shared-ns.nse
+usr/share/nmap/scripts/http-server-header.nse
+usr/share/nmap/scripts/http-sitemap-generator.nse
+usr/share/nmap/scripts/http-slowloris-check.nse
+usr/share/nmap/scripts/http-slowloris.nse
+usr/share/nmap/scripts/http-sql-injection.nse
+usr/share/nmap/scripts/http-stored-xss.nse
usr/share/nmap/scripts/http-title.nse
+usr/share/nmap/scripts/http-tplink-dir-traversal.nse
usr/share/nmap/scripts/http-trace.nse
+usr/share/nmap/scripts/http-traceroute.nse
usr/share/nmap/scripts/http-unsafe-output-escaping.nse
+usr/share/nmap/scripts/http-useragent-tester.nse
usr/share/nmap/scripts/http-userdir-enum.nse
usr/share/nmap/scripts/http-vhosts.nse
+usr/share/nmap/scripts/http-virustotal.nse
+usr/share/nmap/scripts/http-vlcstreamer-ls.nse
usr/share/nmap/scripts/http-vmware-path-vuln.nse
usr/share/nmap/scripts/http-vuln-cve2009-3960.nse
+usr/share/nmap/scripts/http-vuln-cve2010-0738.nse
usr/share/nmap/scripts/http-vuln-cve2010-2861.nse
usr/share/nmap/scripts/http-vuln-cve2011-3192.nse
usr/share/nmap/scripts/http-vuln-cve2011-3368.nse
usr/share/nmap/scripts/http-vuln-cve2012-1823.nse
+usr/share/nmap/scripts/http-vuln-cve2013-0156.nse
+usr/share/nmap/scripts/http-vuln-zimbra-lfi.nse
usr/share/nmap/scripts/http-waf-detect.nse
+usr/share/nmap/scripts/http-waf-fingerprint.nse
usr/share/nmap/scripts/http-wordpress-brute.nse
usr/share/nmap/scripts/http-wordpress-enum.nse
usr/share/nmap/scripts/http-wordpress-plugins.nse
+usr/share/nmap/scripts/http-xssed.nse
usr/share/nmap/scripts/iax2-brute.nse
usr/share/nmap/scripts/iax2-version.nse
+usr/share/nmap/scripts/icap-info.nse
+usr/share/nmap/scripts/ike-version.nse
usr/share/nmap/scripts/imap-brute.nse
usr/share/nmap/scripts/imap-capabilities.nse
usr/share/nmap/scripts/informix-brute.nse
usr/share/nmap/scripts/informix-query.nse
usr/share/nmap/scripts/informix-tables.nse
+usr/share/nmap/scripts/ip-forwarding.nse
usr/share/nmap/scripts/ip-geolocation-geobytes.nse
usr/share/nmap/scripts/ip-geolocation-geoplugin.nse
usr/share/nmap/scripts/ip-geolocation-ipinfodb.nse
usr/share/nmap/scripts/ip-geolocation-maxmind.nse
usr/share/nmap/scripts/ipidseq.nse
usr/share/nmap/scripts/ipv6-node-info.nse
+usr/share/nmap/scripts/ipv6-ra-flood.nse
usr/share/nmap/scripts/irc-botnet-channels.nse
usr/share/nmap/scripts/irc-brute.nse
usr/share/nmap/scripts/irc-info.nse
+usr/share/nmap/scripts/irc-sasl-brute.nse
usr/share/nmap/scripts/irc-unrealircd-backdoor.nse
usr/share/nmap/scripts/iscsi-brute.nse
usr/share/nmap/scripts/iscsi-info.nse
+usr/share/nmap/scripts/isns-info.nse
+usr/share/nmap/scripts/jdwp-exec.nse
+usr/share/nmap/scripts/jdwp-info.nse
+usr/share/nmap/scripts/jdwp-inject.nse
usr/share/nmap/scripts/jdwp-version.nse
usr/share/nmap/scripts/krb5-enum-users.nse
usr/share/nmap/scripts/ldap-brute.nse
usr/share/nmap/scripts/ldap-rootdse.nse
usr/share/nmap/scripts/ldap-search.nse
usr/share/nmap/scripts/lexmark-config.nse
+usr/share/nmap/scripts/llmnr-resolve.nse
usr/share/nmap/scripts/lltd-discovery.nse
usr/share/nmap/scripts/maxdb-info.nse
+usr/share/nmap/scripts/mcafee-epo-agent.nse
usr/share/nmap/scripts/membase-brute.nse
usr/share/nmap/scripts/membase-http-info.nse
usr/share/nmap/scripts/memcached-info.nse
+usr/share/nmap/scripts/metasploit-info.nse
+usr/share/nmap/scripts/metasploit-msgrpc-brute.nse
usr/share/nmap/scripts/metasploit-xmlrpc-brute.nse
+usr/share/nmap/scripts/mmouse-brute.nse
+usr/share/nmap/scripts/mmouse-exec.nse
usr/share/nmap/scripts/modbus-discover.nse
usr/share/nmap/scripts/mongodb-brute.nse
usr/share/nmap/scripts/mongodb-databases.nse
usr/share/nmap/scripts/mongodb-info.nse
+usr/share/nmap/scripts/mrinfo.nse
usr/share/nmap/scripts/ms-sql-brute.nse
usr/share/nmap/scripts/ms-sql-config.nse
+usr/share/nmap/scripts/ms-sql-dac.nse
usr/share/nmap/scripts/ms-sql-dump-hashes.nse
usr/share/nmap/scripts/ms-sql-empty-password.nse
usr/share/nmap/scripts/ms-sql-hasdbaccess.nse
usr/share/nmap/scripts/ms-sql-query.nse
usr/share/nmap/scripts/ms-sql-tables.nse
usr/share/nmap/scripts/ms-sql-xp-cmdshell.nse
+usr/share/nmap/scripts/msrpc-enum.nse
+usr/share/nmap/scripts/mtrace.nse
+usr/share/nmap/scripts/murmur-version.nse
usr/share/nmap/scripts/mysql-audit.nse
usr/share/nmap/scripts/mysql-brute.nse
usr/share/nmap/scripts/mysql-databases.nse
+usr/share/nmap/scripts/mysql-dump-hashes.nse
usr/share/nmap/scripts/mysql-empty-password.nse
+usr/share/nmap/scripts/mysql-enum.nse
usr/share/nmap/scripts/mysql-info.nse
+usr/share/nmap/scripts/mysql-query.nse
usr/share/nmap/scripts/mysql-users.nse
usr/share/nmap/scripts/mysql-variables.nse
+usr/share/nmap/scripts/mysql-vuln-cve2012-2122.nse
usr/share/nmap/scripts/nat-pmp-info.nse
usr/share/nmap/scripts/nat-pmp-mapport.nse
usr/share/nmap/scripts/nbstat.nse
usr/share/nmap/scripts/omp2-enum-targets.nse
usr/share/nmap/scripts/openlookup-info.nse
usr/share/nmap/scripts/openvas-otp-brute.nse
+usr/share/nmap/scripts/oracle-brute-stealth.nse
usr/share/nmap/scripts/oracle-brute.nse
usr/share/nmap/scripts/oracle-enum-users.nse
usr/share/nmap/scripts/oracle-sid-brute.nse
usr/share/nmap/scripts/ovs-agent-version.nse
usr/share/nmap/scripts/p2p-conficker.nse
usr/share/nmap/scripts/path-mtu.nse
+usr/share/nmap/scripts/pcanywhere-brute.nse
usr/share/nmap/scripts/pgsql-brute.nse
usr/share/nmap/scripts/pjl-ready-message.nse
usr/share/nmap/scripts/pop3-brute.nse
usr/share/nmap/scripts/pop3-capabilities.nse
usr/share/nmap/scripts/pptp-version.nse
+usr/share/nmap/scripts/qconn-exec.nse
usr/share/nmap/scripts/qscan.nse
+usr/share/nmap/scripts/quake1-info.nse
usr/share/nmap/scripts/quake3-info.nse
usr/share/nmap/scripts/quake3-master-getservers.nse
+usr/share/nmap/scripts/rdp-enum-encryption.nse
usr/share/nmap/scripts/rdp-vuln-ms12-020.nse
usr/share/nmap/scripts/realvnc-auth-bypass.nse
usr/share/nmap/scripts/redis-brute.nse
usr/share/nmap/scripts/resolveall.nse
usr/share/nmap/scripts/reverse-index.nse
usr/share/nmap/scripts/rexec-brute.nse
+usr/share/nmap/scripts/rfc868-time.nse
usr/share/nmap/scripts/riak-http-info.nse
usr/share/nmap/scripts/rlogin-brute.nse
usr/share/nmap/scripts/rmi-dumpregistry.nse
+usr/share/nmap/scripts/rmi-vuln-classloader.nse
+usr/share/nmap/scripts/rpc-grind.nse
usr/share/nmap/scripts/rpcap-brute.nse
usr/share/nmap/scripts/rpcap-info.nse
usr/share/nmap/scripts/rpcinfo.nse
usr/share/nmap/scripts/script.db
usr/share/nmap/scripts/servicetags.nse
usr/share/nmap/scripts/sip-brute.nse
+usr/share/nmap/scripts/sip-call-spoof.nse
usr/share/nmap/scripts/sip-enum-users.nse
+usr/share/nmap/scripts/sip-methods.nse
usr/share/nmap/scripts/skypev2-version.nse
usr/share/nmap/scripts/smb-brute.nse
usr/share/nmap/scripts/smb-check-vulns.nse
usr/share/nmap/scripts/smb-enum-shares.nse
usr/share/nmap/scripts/smb-enum-users.nse
usr/share/nmap/scripts/smb-flood.nse
+usr/share/nmap/scripts/smb-ls.nse
usr/share/nmap/scripts/smb-mbenum.nse
usr/share/nmap/scripts/smb-os-discovery.nse
+usr/share/nmap/scripts/smb-print-text.nse
usr/share/nmap/scripts/smb-psexec.nse
usr/share/nmap/scripts/smb-security-mode.nse
usr/share/nmap/scripts/smb-server-stats.nse
usr/share/nmap/scripts/smb-system-info.nse
+usr/share/nmap/scripts/smb-vuln-ms10-054.nse
+usr/share/nmap/scripts/smb-vuln-ms10-061.nse
usr/share/nmap/scripts/smbv2-enabled.nse
usr/share/nmap/scripts/smtp-brute.nse
usr/share/nmap/scripts/smtp-commands.nse
usr/share/nmap/scripts/smtp-vuln-cve2011-1764.nse
usr/share/nmap/scripts/sniffer-detect.nse
usr/share/nmap/scripts/snmp-brute.nse
+usr/share/nmap/scripts/snmp-hh3c-logins.nse
usr/share/nmap/scripts/snmp-interfaces.nse
usr/share/nmap/scripts/snmp-ios-config.nse
usr/share/nmap/scripts/snmp-netstat.nse
usr/share/nmap/scripts/socks-auth-info.nse
usr/share/nmap/scripts/socks-brute.nse
usr/share/nmap/scripts/socks-open-proxy.nse
-usr/share/nmap/scripts/sql-injection.nse
usr/share/nmap/scripts/ssh-hostkey.nse
usr/share/nmap/scripts/ssh2-enum-algos.nse
usr/share/nmap/scripts/sshv1.nse
usr/share/nmap/scripts/ssl-cert.nse
+usr/share/nmap/scripts/ssl-date.nse
usr/share/nmap/scripts/ssl-enum-ciphers.nse
usr/share/nmap/scripts/ssl-google-cert-catalog.nse
+usr/share/nmap/scripts/ssl-heartbleed.nse
usr/share/nmap/scripts/ssl-known-key.nse
usr/share/nmap/scripts/sslv2.nse
+usr/share/nmap/scripts/sstp-discover.nse
usr/share/nmap/scripts/stun-info.nse
usr/share/nmap/scripts/stun-version.nse
usr/share/nmap/scripts/stuxnet-detect.nse
usr/share/nmap/scripts/targets-ipv6-multicast-slaac.nse
usr/share/nmap/scripts/targets-sniffer.nse
usr/share/nmap/scripts/targets-traceroute.nse
+usr/share/nmap/scripts/teamspeak2-version.nse
usr/share/nmap/scripts/telnet-brute.nse
usr/share/nmap/scripts/telnet-encryption.nse
usr/share/nmap/scripts/tftp-enum.nse
+usr/share/nmap/scripts/tls-nextprotoneg.nse
+usr/share/nmap/scripts/traceroute-geolocation.nse
+usr/share/nmap/scripts/unittest.nse
usr/share/nmap/scripts/unusual-port.nse
usr/share/nmap/scripts/upnp-info.nse
usr/share/nmap/scripts/url-snarf.nse
+usr/share/nmap/scripts/ventrilo-info.nse
usr/share/nmap/scripts/versant-info.nse
usr/share/nmap/scripts/vmauthd-brute.nse
usr/share/nmap/scripts/vnc-brute.nse
usr/share/nmap/scripts/voldemort-info.nse
usr/share/nmap/scripts/vuze-dht-info.nse
usr/share/nmap/scripts/wdb-version.nse
-usr/share/nmap/scripts/whois.nse
+usr/share/nmap/scripts/weblogic-t3-info.nse
+usr/share/nmap/scripts/whois-domain.nse
+usr/share/nmap/scripts/whois-ip.nse
usr/share/nmap/scripts/wsdd-discover.nse
usr/share/nmap/scripts/x11-access.nse
usr/share/nmap/scripts/xdmcp-discover.nse
#srv/web/owncloud/3rdparty/fontawesome/font/fontawesome-webfont.svg
#srv/web/owncloud/3rdparty/fontawesome/font/fontawesome-webfont.ttf
#srv/web/owncloud/3rdparty/fontawesome/font/fontawesome-webfont.woff
-#srv/web/owncloud/3rdparty/getid3
-#srv/web/owncloud/3rdparty/getid3/extension.cache.dbm.php
-#srv/web/owncloud/3rdparty/getid3/extension.cache.mysql.php
-#srv/web/owncloud/3rdparty/getid3/extension.cache.sqlite3.php
-#srv/web/owncloud/3rdparty/getid3/getid3.lib.php
-#srv/web/owncloud/3rdparty/getid3/getid3.php
-#srv/web/owncloud/3rdparty/getid3/license.txt
-#srv/web/owncloud/3rdparty/getid3/module.archive.gzip.php
-#srv/web/owncloud/3rdparty/getid3/module.archive.rar.php
-#srv/web/owncloud/3rdparty/getid3/module.archive.szip.php
-#srv/web/owncloud/3rdparty/getid3/module.archive.tar.php
-#srv/web/owncloud/3rdparty/getid3/module.archive.zip.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.asf.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.bink.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.flv.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.matroska.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.mpeg.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.nsv.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.quicktime.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.real.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.riff.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.swf.php
-#srv/web/owncloud/3rdparty/getid3/module.audio-video.ts.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.aa.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.aac.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.ac3.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.au.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.avr.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.bonk.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.dss.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.dts.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.flac.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.la.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.lpac.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.midi.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.mod.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.monkey.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.mp3.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.mpc.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.ogg.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.optimfrog.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.rkau.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.shorten.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.tta.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.voc.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.vqf.php
-#srv/web/owncloud/3rdparty/getid3/module.audio.wavpack.php
-#srv/web/owncloud/3rdparty/getid3/module.graphic.bmp.php
-#srv/web/owncloud/3rdparty/getid3/module.graphic.efax.php
-#srv/web/owncloud/3rdparty/getid3/module.graphic.gif.php
-#srv/web/owncloud/3rdparty/getid3/module.graphic.jpg.php
-#srv/web/owncloud/3rdparty/getid3/module.graphic.pcd.php
-#srv/web/owncloud/3rdparty/getid3/module.graphic.png.php
-#srv/web/owncloud/3rdparty/getid3/module.graphic.svg.php
-#srv/web/owncloud/3rdparty/getid3/module.graphic.tiff.php
-#srv/web/owncloud/3rdparty/getid3/module.misc.cue.php
-#srv/web/owncloud/3rdparty/getid3/module.misc.exe.php
-#srv/web/owncloud/3rdparty/getid3/module.misc.iso.php
-#srv/web/owncloud/3rdparty/getid3/module.misc.msoffice.php
-#srv/web/owncloud/3rdparty/getid3/module.misc.par2.php
-#srv/web/owncloud/3rdparty/getid3/module.misc.pdf.php
-#srv/web/owncloud/3rdparty/getid3/module.tag.apetag.php
-#srv/web/owncloud/3rdparty/getid3/module.tag.id3v1.php
-#srv/web/owncloud/3rdparty/getid3/module.tag.id3v2.php
-#srv/web/owncloud/3rdparty/getid3/module.tag.lyrics3.php
-#srv/web/owncloud/3rdparty/getid3/module.tag.xmp.php
-#srv/web/owncloud/3rdparty/getid3/write.apetag.php
-#srv/web/owncloud/3rdparty/getid3/write.id3v1.php
-#srv/web/owncloud/3rdparty/getid3/write.id3v2.php
-#srv/web/owncloud/3rdparty/getid3/write.lyrics3.php
-#srv/web/owncloud/3rdparty/getid3/write.metaflac.php
-#srv/web/owncloud/3rdparty/getid3/write.php
-#srv/web/owncloud/3rdparty/getid3/write.real.php
-#srv/web/owncloud/3rdparty/getid3/write.vorbiscomment.php
#srv/web/owncloud/3rdparty/guzzle
#srv/web/owncloud/3rdparty/guzzle/common
#srv/web/owncloud/3rdparty/guzzle/common/Guzzle
#srv/web/owncloud/3rdparty/guzzle/stream/Guzzle/Stream/StreamInterface.php
#srv/web/owncloud/3rdparty/guzzle/stream/Guzzle/Stream/StreamRequestFactoryInterface.php
#srv/web/owncloud/3rdparty/guzzle/stream/Guzzle/Stream/composer.json
-#srv/web/owncloud/3rdparty/isoft
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Driver
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Driver/PDODblib
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Driver/PDODblib/Connection.php
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Driver/PDODblib/Driver.php
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Platforms
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Platforms/DblibPlatform.php
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Readme.md
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/RealestateMssqlBundle.php
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Schema
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Schema/DblibSchemaManager.php
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Types
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Types/DateTimeType.php
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Types/DateType.php
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Types/RealestateDateTime.php
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/Types/UniqueidentifierType.php
-#srv/web/owncloud/3rdparty/isoft/mssql-bundle/Realestate/MssqlBundle/composer.json
+#srv/web/owncloud/3rdparty/james-heinrich
+#srv/web/owncloud/3rdparty/james-heinrich/getid3
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/.gitattributes
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/README.md
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/changelog.txt
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/composer.json
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/dependencies.txt
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/extension.cache.dbm.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/extension.cache.mysql.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/extension.cache.sqlite3.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/getid3.lib.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/getid3.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.archive.gzip.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.archive.rar.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.archive.szip.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.archive.tar.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.archive.zip.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.asf.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.bink.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.flv.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.matroska.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.mpeg.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.nsv.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.quicktime.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.real.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.riff.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.swf.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio-video.ts.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.aa.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.aac.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.ac3.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.amr.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.au.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.avr.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.bonk.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.dss.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.dts.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.flac.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.la.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.lpac.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.midi.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.mod.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.monkey.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.mp3.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.mpc.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.ogg.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.optimfrog.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.rkau.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.shorten.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.tta.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.voc.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.vqf.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.audio.wavpack.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.graphic.bmp.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.graphic.efax.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.graphic.gif.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.graphic.jpg.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.graphic.pcd.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.graphic.png.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.graphic.svg.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.graphic.tiff.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.misc.cue.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.misc.exe.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.misc.iso.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.misc.msoffice.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.misc.par2.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.misc.pdf.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.tag.apetag.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.tag.id3v1.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.tag.id3v2.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.tag.lyrics3.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/module.tag.xmp.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/write.apetag.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/write.id3v1.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/write.id3v2.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/write.lyrics3.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/write.metaflac.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/write.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/write.real.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/getid3/write.vorbiscomment.php
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/license.txt
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/licenses
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/licenses/licence.gpl-10.txt
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/licenses/licence.gpl-20.txt
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/licenses/licence.gpl-30.txt
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/licenses/licence.lgpl-30.txt
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/licenses/licence.mpl-20.txt
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/licenses/license.commercial.txt
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/readme.txt
+#srv/web/owncloud/3rdparty/james-heinrich/getid3/structure.txt
#srv/web/owncloud/3rdparty/js
#srv/web/owncloud/3rdparty/js/chosen
#srv/web/owncloud/3rdparty/js/chosen/LICENSE.md
#srv/web/owncloud/3rdparty/patches.txt
#srv/web/owncloud/3rdparty/phpass
#srv/web/owncloud/3rdparty/phpass/PasswordHash.php
-#srv/web/owncloud/3rdparty/phpass/c
-#srv/web/owncloud/3rdparty/phpass/c/Makefile
-#srv/web/owncloud/3rdparty/phpass/c/crypt_private.c
#srv/web/owncloud/3rdparty/phpass/test.php
#srv/web/owncloud/3rdparty/phpmailer
#srv/web/owncloud/3rdparty/phpmailer/phpmailer
#srv/web/owncloud/apps/activity/l10n/hy.php
#srv/web/owncloud/apps/activity/l10n/ia.php
#srv/web/owncloud/apps/activity/l10n/id.php
+#srv/web/owncloud/apps/activity/l10n/io.php
#srv/web/owncloud/apps/activity/l10n/is.php
#srv/web/owncloud/apps/activity/l10n/it.php
#srv/web/owncloud/apps/activity/l10n/ja.php
-#srv/web/owncloud/apps/activity/l10n/ja_JP.php
#srv/web/owncloud/apps/activity/l10n/jv.php
#srv/web/owncloud/apps/activity/l10n/ka_GE.php
#srv/web/owncloud/apps/activity/l10n/km.php
#srv/web/owncloud/apps/activity/l10n/kn.php
#srv/web/owncloud/apps/activity/l10n/ko.php
#srv/web/owncloud/apps/activity/l10n/ku_IQ.php
-#srv/web/owncloud/apps/activity/l10n/l10n.pl
#srv/web/owncloud/apps/activity/l10n/lb.php
#srv/web/owncloud/apps/activity/l10n/lt_LT.php
#srv/web/owncloud/apps/activity/l10n/lv.php
#srv/web/owncloud/apps/activity/tests/hooksdeleteusertest.php
#srv/web/owncloud/apps/activity/tests/mailqueuehandlertest.php
#srv/web/owncloud/apps/activity/tests/navigationtest.php
+#srv/web/owncloud/apps/activity/tests/parameterhelpertest.php
#srv/web/owncloud/apps/activity/tests/phpunit.xml
#srv/web/owncloud/apps/activity/tests/usersettingstest.php
#srv/web/owncloud/apps/admin_dependencies_chk
#srv/web/owncloud/apps/bookmarks/js/full_tags.php
#srv/web/owncloud/apps/bookmarks/js/settings.js
#srv/web/owncloud/apps/bookmarks/l10n
-#srv/web/owncloud/apps/bookmarks/l10n/ach
-#srv/web/owncloud/apps/bookmarks/l10n/ach/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ady
-#srv/web/owncloud/apps/bookmarks/l10n/ady/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/af
-#srv/web/owncloud/apps/bookmarks/l10n/af/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/af_ZA
#srv/web/owncloud/apps/bookmarks/l10n/af_ZA.php
-#srv/web/owncloud/apps/bookmarks/l10n/af_ZA/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ak
-#srv/web/owncloud/apps/bookmarks/l10n/ak/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/am_ET
-#srv/web/owncloud/apps/bookmarks/l10n/am_ET/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ar
+#srv/web/owncloud/apps/bookmarks/l10n/ar.js
+#srv/web/owncloud/apps/bookmarks/l10n/ar.json
#srv/web/owncloud/apps/bookmarks/l10n/ar.php
-#srv/web/owncloud/apps/bookmarks/l10n/ar/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ast
+#srv/web/owncloud/apps/bookmarks/l10n/ast.js
+#srv/web/owncloud/apps/bookmarks/l10n/ast.json
#srv/web/owncloud/apps/bookmarks/l10n/ast.php
-#srv/web/owncloud/apps/bookmarks/l10n/ast/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/az
-#srv/web/owncloud/apps/bookmarks/l10n/az/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/be
+#srv/web/owncloud/apps/bookmarks/l10n/az.js
+#srv/web/owncloud/apps/bookmarks/l10n/az.json
+#srv/web/owncloud/apps/bookmarks/l10n/az.php
#srv/web/owncloud/apps/bookmarks/l10n/be.php
-#srv/web/owncloud/apps/bookmarks/l10n/be/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/bg_BG
+#srv/web/owncloud/apps/bookmarks/l10n/bg_BG.js
+#srv/web/owncloud/apps/bookmarks/l10n/bg_BG.json
#srv/web/owncloud/apps/bookmarks/l10n/bg_BG.php
-#srv/web/owncloud/apps/bookmarks/l10n/bg_BG/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/bn_BD
+#srv/web/owncloud/apps/bookmarks/l10n/bn_BD.js
+#srv/web/owncloud/apps/bookmarks/l10n/bn_BD.json
#srv/web/owncloud/apps/bookmarks/l10n/bn_BD.php
-#srv/web/owncloud/apps/bookmarks/l10n/bn_BD/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/bn_IN
-#srv/web/owncloud/apps/bookmarks/l10n/bn_IN/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/bs
+#srv/web/owncloud/apps/bookmarks/l10n/bn_IN.js
+#srv/web/owncloud/apps/bookmarks/l10n/bn_IN.json
+#srv/web/owncloud/apps/bookmarks/l10n/bn_IN.php
#srv/web/owncloud/apps/bookmarks/l10n/bs.php
-#srv/web/owncloud/apps/bookmarks/l10n/bs/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ca
+#srv/web/owncloud/apps/bookmarks/l10n/ca.js
+#srv/web/owncloud/apps/bookmarks/l10n/ca.json
#srv/web/owncloud/apps/bookmarks/l10n/ca.php
-#srv/web/owncloud/apps/bookmarks/l10n/ca/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ca@valencia
-#srv/web/owncloud/apps/bookmarks/l10n/ca@valencia/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/cs_CZ
+#srv/web/owncloud/apps/bookmarks/l10n/cs_CZ.js
+#srv/web/owncloud/apps/bookmarks/l10n/cs_CZ.json
#srv/web/owncloud/apps/bookmarks/l10n/cs_CZ.php
-#srv/web/owncloud/apps/bookmarks/l10n/cs_CZ/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/cy_GB
+#srv/web/owncloud/apps/bookmarks/l10n/cy_GB.js
+#srv/web/owncloud/apps/bookmarks/l10n/cy_GB.json
#srv/web/owncloud/apps/bookmarks/l10n/cy_GB.php
-#srv/web/owncloud/apps/bookmarks/l10n/cy_GB/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/da
+#srv/web/owncloud/apps/bookmarks/l10n/da.js
+#srv/web/owncloud/apps/bookmarks/l10n/da.json
#srv/web/owncloud/apps/bookmarks/l10n/da.php
-#srv/web/owncloud/apps/bookmarks/l10n/da/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/de
+#srv/web/owncloud/apps/bookmarks/l10n/de.js
+#srv/web/owncloud/apps/bookmarks/l10n/de.json
#srv/web/owncloud/apps/bookmarks/l10n/de.php
-#srv/web/owncloud/apps/bookmarks/l10n/de/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/de_AT
#srv/web/owncloud/apps/bookmarks/l10n/de_AT.php
-#srv/web/owncloud/apps/bookmarks/l10n/de_AT/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/de_CH
+#srv/web/owncloud/apps/bookmarks/l10n/de_CH.js
+#srv/web/owncloud/apps/bookmarks/l10n/de_CH.json
#srv/web/owncloud/apps/bookmarks/l10n/de_CH.php
-#srv/web/owncloud/apps/bookmarks/l10n/de_CH/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/de_DE
+#srv/web/owncloud/apps/bookmarks/l10n/de_DE.js
+#srv/web/owncloud/apps/bookmarks/l10n/de_DE.json
#srv/web/owncloud/apps/bookmarks/l10n/de_DE.php
-#srv/web/owncloud/apps/bookmarks/l10n/de_DE/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/el
+#srv/web/owncloud/apps/bookmarks/l10n/el.js
+#srv/web/owncloud/apps/bookmarks/l10n/el.json
#srv/web/owncloud/apps/bookmarks/l10n/el.php
-#srv/web/owncloud/apps/bookmarks/l10n/el/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/en@pirate
-#srv/web/owncloud/apps/bookmarks/l10n/en@pirate/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/en_GB
+#srv/web/owncloud/apps/bookmarks/l10n/en_GB.js
+#srv/web/owncloud/apps/bookmarks/l10n/en_GB.json
#srv/web/owncloud/apps/bookmarks/l10n/en_GB.php
-#srv/web/owncloud/apps/bookmarks/l10n/en_GB/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/en_NZ
-#srv/web/owncloud/apps/bookmarks/l10n/en_NZ/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/eo
+#srv/web/owncloud/apps/bookmarks/l10n/eo.js
+#srv/web/owncloud/apps/bookmarks/l10n/eo.json
#srv/web/owncloud/apps/bookmarks/l10n/eo.php
-#srv/web/owncloud/apps/bookmarks/l10n/eo/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es
+#srv/web/owncloud/apps/bookmarks/l10n/es.js
+#srv/web/owncloud/apps/bookmarks/l10n/es.json
#srv/web/owncloud/apps/bookmarks/l10n/es.php
-#srv/web/owncloud/apps/bookmarks/l10n/es/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_AR
+#srv/web/owncloud/apps/bookmarks/l10n/es_AR.js
+#srv/web/owncloud/apps/bookmarks/l10n/es_AR.json
#srv/web/owncloud/apps/bookmarks/l10n/es_AR.php
-#srv/web/owncloud/apps/bookmarks/l10n/es_AR/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_BO
-#srv/web/owncloud/apps/bookmarks/l10n/es_BO/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_CL
#srv/web/owncloud/apps/bookmarks/l10n/es_CL.php
-#srv/web/owncloud/apps/bookmarks/l10n/es_CL/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_CO
-#srv/web/owncloud/apps/bookmarks/l10n/es_CO/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_CR
-#srv/web/owncloud/apps/bookmarks/l10n/es_CR/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_EC
-#srv/web/owncloud/apps/bookmarks/l10n/es_EC/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_MX
+#srv/web/owncloud/apps/bookmarks/l10n/es_MX.js
+#srv/web/owncloud/apps/bookmarks/l10n/es_MX.json
#srv/web/owncloud/apps/bookmarks/l10n/es_MX.php
-#srv/web/owncloud/apps/bookmarks/l10n/es_MX/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_PE
-#srv/web/owncloud/apps/bookmarks/l10n/es_PE/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_PY
-#srv/web/owncloud/apps/bookmarks/l10n/es_PY/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_US
-#srv/web/owncloud/apps/bookmarks/l10n/es_US/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/es_UY
-#srv/web/owncloud/apps/bookmarks/l10n/es_UY/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/et_EE
+#srv/web/owncloud/apps/bookmarks/l10n/et_EE.js
+#srv/web/owncloud/apps/bookmarks/l10n/et_EE.json
#srv/web/owncloud/apps/bookmarks/l10n/et_EE.php
-#srv/web/owncloud/apps/bookmarks/l10n/et_EE/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/eu
+#srv/web/owncloud/apps/bookmarks/l10n/eu.js
+#srv/web/owncloud/apps/bookmarks/l10n/eu.json
#srv/web/owncloud/apps/bookmarks/l10n/eu.php
-#srv/web/owncloud/apps/bookmarks/l10n/eu/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/eu_ES
#srv/web/owncloud/apps/bookmarks/l10n/eu_ES.php
-#srv/web/owncloud/apps/bookmarks/l10n/eu_ES/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/fa
+#srv/web/owncloud/apps/bookmarks/l10n/fa.js
+#srv/web/owncloud/apps/bookmarks/l10n/fa.json
#srv/web/owncloud/apps/bookmarks/l10n/fa.php
-#srv/web/owncloud/apps/bookmarks/l10n/fa/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/fi
#srv/web/owncloud/apps/bookmarks/l10n/fi.php
-#srv/web/owncloud/apps/bookmarks/l10n/fi/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/fi_FI
+#srv/web/owncloud/apps/bookmarks/l10n/fi_FI.js
+#srv/web/owncloud/apps/bookmarks/l10n/fi_FI.json
#srv/web/owncloud/apps/bookmarks/l10n/fi_FI.php
-#srv/web/owncloud/apps/bookmarks/l10n/fi_FI/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/fr
+#srv/web/owncloud/apps/bookmarks/l10n/fr.js
+#srv/web/owncloud/apps/bookmarks/l10n/fr.json
#srv/web/owncloud/apps/bookmarks/l10n/fr.php
-#srv/web/owncloud/apps/bookmarks/l10n/fr/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/fr_CA
-#srv/web/owncloud/apps/bookmarks/l10n/fr_CA/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/gl
+#srv/web/owncloud/apps/bookmarks/l10n/gl.js
+#srv/web/owncloud/apps/bookmarks/l10n/gl.json
#srv/web/owncloud/apps/bookmarks/l10n/gl.php
-#srv/web/owncloud/apps/bookmarks/l10n/gl/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/he
+#srv/web/owncloud/apps/bookmarks/l10n/he.js
+#srv/web/owncloud/apps/bookmarks/l10n/he.json
#srv/web/owncloud/apps/bookmarks/l10n/he.php
-#srv/web/owncloud/apps/bookmarks/l10n/he/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/hi
#srv/web/owncloud/apps/bookmarks/l10n/hi.php
-#srv/web/owncloud/apps/bookmarks/l10n/hi/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/hi_IN
-#srv/web/owncloud/apps/bookmarks/l10n/hi_IN/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/hr
#srv/web/owncloud/apps/bookmarks/l10n/hr.php
-#srv/web/owncloud/apps/bookmarks/l10n/hr/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/hu_HU
+#srv/web/owncloud/apps/bookmarks/l10n/hu_HU.js
+#srv/web/owncloud/apps/bookmarks/l10n/hu_HU.json
#srv/web/owncloud/apps/bookmarks/l10n/hu_HU.php
-#srv/web/owncloud/apps/bookmarks/l10n/hu_HU/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/hy
#srv/web/owncloud/apps/bookmarks/l10n/hy.php
-#srv/web/owncloud/apps/bookmarks/l10n/hy/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ia
+#srv/web/owncloud/apps/bookmarks/l10n/ia.js
+#srv/web/owncloud/apps/bookmarks/l10n/ia.json
#srv/web/owncloud/apps/bookmarks/l10n/ia.php
-#srv/web/owncloud/apps/bookmarks/l10n/ia/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/id
+#srv/web/owncloud/apps/bookmarks/l10n/id.js
+#srv/web/owncloud/apps/bookmarks/l10n/id.json
#srv/web/owncloud/apps/bookmarks/l10n/id.php
-#srv/web/owncloud/apps/bookmarks/l10n/id/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/is
+#srv/web/owncloud/apps/bookmarks/l10n/is.js
+#srv/web/owncloud/apps/bookmarks/l10n/is.json
#srv/web/owncloud/apps/bookmarks/l10n/is.php
-#srv/web/owncloud/apps/bookmarks/l10n/is/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/it
+#srv/web/owncloud/apps/bookmarks/l10n/it.js
+#srv/web/owncloud/apps/bookmarks/l10n/it.json
#srv/web/owncloud/apps/bookmarks/l10n/it.php
-#srv/web/owncloud/apps/bookmarks/l10n/it/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ja
+#srv/web/owncloud/apps/bookmarks/l10n/ja.js
+#srv/web/owncloud/apps/bookmarks/l10n/ja.json
#srv/web/owncloud/apps/bookmarks/l10n/ja.php
-#srv/web/owncloud/apps/bookmarks/l10n/ja/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ja_JP.php
-#srv/web/owncloud/apps/bookmarks/l10n/jv
#srv/web/owncloud/apps/bookmarks/l10n/jv.php
-#srv/web/owncloud/apps/bookmarks/l10n/jv/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ka
-#srv/web/owncloud/apps/bookmarks/l10n/ka/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ka_GE
+#srv/web/owncloud/apps/bookmarks/l10n/ka_GE.js
+#srv/web/owncloud/apps/bookmarks/l10n/ka_GE.json
#srv/web/owncloud/apps/bookmarks/l10n/ka_GE.php
-#srv/web/owncloud/apps/bookmarks/l10n/ka_GE/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/km
+#srv/web/owncloud/apps/bookmarks/l10n/km.js
+#srv/web/owncloud/apps/bookmarks/l10n/km.json
#srv/web/owncloud/apps/bookmarks/l10n/km.php
-#srv/web/owncloud/apps/bookmarks/l10n/km/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/kn
-#srv/web/owncloud/apps/bookmarks/l10n/kn/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ko
+#srv/web/owncloud/apps/bookmarks/l10n/ko.js
+#srv/web/owncloud/apps/bookmarks/l10n/ko.json
#srv/web/owncloud/apps/bookmarks/l10n/ko.php
-#srv/web/owncloud/apps/bookmarks/l10n/ko/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ku_IQ
#srv/web/owncloud/apps/bookmarks/l10n/ku_IQ.php
-#srv/web/owncloud/apps/bookmarks/l10n/ku_IQ/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/l10n.pl
-#srv/web/owncloud/apps/bookmarks/l10n/lb
+#srv/web/owncloud/apps/bookmarks/l10n/lb.js
+#srv/web/owncloud/apps/bookmarks/l10n/lb.json
#srv/web/owncloud/apps/bookmarks/l10n/lb.php
-#srv/web/owncloud/apps/bookmarks/l10n/lb/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/lt_LT
+#srv/web/owncloud/apps/bookmarks/l10n/lt_LT.js
+#srv/web/owncloud/apps/bookmarks/l10n/lt_LT.json
#srv/web/owncloud/apps/bookmarks/l10n/lt_LT.php
-#srv/web/owncloud/apps/bookmarks/l10n/lt_LT/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/lv
+#srv/web/owncloud/apps/bookmarks/l10n/lv.js
+#srv/web/owncloud/apps/bookmarks/l10n/lv.json
#srv/web/owncloud/apps/bookmarks/l10n/lv.php
-#srv/web/owncloud/apps/bookmarks/l10n/lv/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/mk
+#srv/web/owncloud/apps/bookmarks/l10n/mk.js
+#srv/web/owncloud/apps/bookmarks/l10n/mk.json
#srv/web/owncloud/apps/bookmarks/l10n/mk.php
-#srv/web/owncloud/apps/bookmarks/l10n/mk/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ml
-#srv/web/owncloud/apps/bookmarks/l10n/ml/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ml_IN
-#srv/web/owncloud/apps/bookmarks/l10n/ml_IN/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/mn
-#srv/web/owncloud/apps/bookmarks/l10n/mn/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ms_MY
#srv/web/owncloud/apps/bookmarks/l10n/ms_MY.php
-#srv/web/owncloud/apps/bookmarks/l10n/ms_MY/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/my_MM
#srv/web/owncloud/apps/bookmarks/l10n/my_MM.php
-#srv/web/owncloud/apps/bookmarks/l10n/my_MM/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/nb_NO
+#srv/web/owncloud/apps/bookmarks/l10n/nb_NO.js
+#srv/web/owncloud/apps/bookmarks/l10n/nb_NO.json
#srv/web/owncloud/apps/bookmarks/l10n/nb_NO.php
-#srv/web/owncloud/apps/bookmarks/l10n/nb_NO/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/nds
-#srv/web/owncloud/apps/bookmarks/l10n/nds/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ne
-#srv/web/owncloud/apps/bookmarks/l10n/ne/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/nl
+#srv/web/owncloud/apps/bookmarks/l10n/nl.js
+#srv/web/owncloud/apps/bookmarks/l10n/nl.json
#srv/web/owncloud/apps/bookmarks/l10n/nl.php
-#srv/web/owncloud/apps/bookmarks/l10n/nl/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/nn_NO
+#srv/web/owncloud/apps/bookmarks/l10n/nn_NO.js
+#srv/web/owncloud/apps/bookmarks/l10n/nn_NO.json
#srv/web/owncloud/apps/bookmarks/l10n/nn_NO.php
-#srv/web/owncloud/apps/bookmarks/l10n/nn_NO/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/nqo
-#srv/web/owncloud/apps/bookmarks/l10n/nqo/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/oc
#srv/web/owncloud/apps/bookmarks/l10n/oc.php
-#srv/web/owncloud/apps/bookmarks/l10n/oc/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/or_IN
-#srv/web/owncloud/apps/bookmarks/l10n/or_IN/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/pa
#srv/web/owncloud/apps/bookmarks/l10n/pa.php
-#srv/web/owncloud/apps/bookmarks/l10n/pa/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/pl
+#srv/web/owncloud/apps/bookmarks/l10n/pl.js
+#srv/web/owncloud/apps/bookmarks/l10n/pl.json
#srv/web/owncloud/apps/bookmarks/l10n/pl.php
-#srv/web/owncloud/apps/bookmarks/l10n/pl/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/pl_PL
#srv/web/owncloud/apps/bookmarks/l10n/pl_PL.php
-#srv/web/owncloud/apps/bookmarks/l10n/pl_PL/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/pt_BR
+#srv/web/owncloud/apps/bookmarks/l10n/pt_BR.js
+#srv/web/owncloud/apps/bookmarks/l10n/pt_BR.json
#srv/web/owncloud/apps/bookmarks/l10n/pt_BR.php
-#srv/web/owncloud/apps/bookmarks/l10n/pt_BR/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/pt_PT
+#srv/web/owncloud/apps/bookmarks/l10n/pt_PT.js
+#srv/web/owncloud/apps/bookmarks/l10n/pt_PT.json
#srv/web/owncloud/apps/bookmarks/l10n/pt_PT.php
-#srv/web/owncloud/apps/bookmarks/l10n/pt_PT/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ro
+#srv/web/owncloud/apps/bookmarks/l10n/ro.js
+#srv/web/owncloud/apps/bookmarks/l10n/ro.json
#srv/web/owncloud/apps/bookmarks/l10n/ro.php
-#srv/web/owncloud/apps/bookmarks/l10n/ro/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ru
+#srv/web/owncloud/apps/bookmarks/l10n/ru.js
+#srv/web/owncloud/apps/bookmarks/l10n/ru.json
#srv/web/owncloud/apps/bookmarks/l10n/ru.php
-#srv/web/owncloud/apps/bookmarks/l10n/ru/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ru_RU
#srv/web/owncloud/apps/bookmarks/l10n/ru_RU.php
-#srv/web/owncloud/apps/bookmarks/l10n/ru_RU/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/si_LK
+#srv/web/owncloud/apps/bookmarks/l10n/si_LK.js
+#srv/web/owncloud/apps/bookmarks/l10n/si_LK.json
#srv/web/owncloud/apps/bookmarks/l10n/si_LK.php
-#srv/web/owncloud/apps/bookmarks/l10n/si_LK/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/sk
#srv/web/owncloud/apps/bookmarks/l10n/sk.php
-#srv/web/owncloud/apps/bookmarks/l10n/sk/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/sk_SK
+#srv/web/owncloud/apps/bookmarks/l10n/sk_SK.js
+#srv/web/owncloud/apps/bookmarks/l10n/sk_SK.json
#srv/web/owncloud/apps/bookmarks/l10n/sk_SK.php
-#srv/web/owncloud/apps/bookmarks/l10n/sk_SK/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/sl
+#srv/web/owncloud/apps/bookmarks/l10n/sl.js
+#srv/web/owncloud/apps/bookmarks/l10n/sl.json
#srv/web/owncloud/apps/bookmarks/l10n/sl.php
-#srv/web/owncloud/apps/bookmarks/l10n/sl/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/sq
#srv/web/owncloud/apps/bookmarks/l10n/sq.php
-#srv/web/owncloud/apps/bookmarks/l10n/sq/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/sr
+#srv/web/owncloud/apps/bookmarks/l10n/sr.js
+#srv/web/owncloud/apps/bookmarks/l10n/sr.json
#srv/web/owncloud/apps/bookmarks/l10n/sr.php
-#srv/web/owncloud/apps/bookmarks/l10n/sr/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/sr@latin
#srv/web/owncloud/apps/bookmarks/l10n/sr@latin.php
-#srv/web/owncloud/apps/bookmarks/l10n/sr@latin/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/su
-#srv/web/owncloud/apps/bookmarks/l10n/su/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/sv
+#srv/web/owncloud/apps/bookmarks/l10n/sv.js
+#srv/web/owncloud/apps/bookmarks/l10n/sv.json
#srv/web/owncloud/apps/bookmarks/l10n/sv.php
-#srv/web/owncloud/apps/bookmarks/l10n/sv/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/sw_KE
-#srv/web/owncloud/apps/bookmarks/l10n/sw_KE/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ta_IN
-#srv/web/owncloud/apps/bookmarks/l10n/ta_IN/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ta_LK
+#srv/web/owncloud/apps/bookmarks/l10n/ta_IN.php
+#srv/web/owncloud/apps/bookmarks/l10n/ta_LK.js
+#srv/web/owncloud/apps/bookmarks/l10n/ta_LK.json
#srv/web/owncloud/apps/bookmarks/l10n/ta_LK.php
-#srv/web/owncloud/apps/bookmarks/l10n/ta_LK/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/te
#srv/web/owncloud/apps/bookmarks/l10n/te.php
-#srv/web/owncloud/apps/bookmarks/l10n/te/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/templates
-#srv/web/owncloud/apps/bookmarks/l10n/templates/bookmarks.pot
-#srv/web/owncloud/apps/bookmarks/l10n/th_TH
+#srv/web/owncloud/apps/bookmarks/l10n/th_TH.js
+#srv/web/owncloud/apps/bookmarks/l10n/th_TH.json
#srv/web/owncloud/apps/bookmarks/l10n/th_TH.php
-#srv/web/owncloud/apps/bookmarks/l10n/th_TH/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/tr
+#srv/web/owncloud/apps/bookmarks/l10n/tr.js
+#srv/web/owncloud/apps/bookmarks/l10n/tr.json
#srv/web/owncloud/apps/bookmarks/l10n/tr.php
-#srv/web/owncloud/apps/bookmarks/l10n/tr/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/tzm
-#srv/web/owncloud/apps/bookmarks/l10n/tzm/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ug
+#srv/web/owncloud/apps/bookmarks/l10n/ug.js
+#srv/web/owncloud/apps/bookmarks/l10n/ug.json
#srv/web/owncloud/apps/bookmarks/l10n/ug.php
-#srv/web/owncloud/apps/bookmarks/l10n/ug/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/uk
+#srv/web/owncloud/apps/bookmarks/l10n/uk.js
+#srv/web/owncloud/apps/bookmarks/l10n/uk.json
#srv/web/owncloud/apps/bookmarks/l10n/uk.php
-#srv/web/owncloud/apps/bookmarks/l10n/uk/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ur
-#srv/web/owncloud/apps/bookmarks/l10n/ur/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/ur_PK
#srv/web/owncloud/apps/bookmarks/l10n/ur_PK.php
-#srv/web/owncloud/apps/bookmarks/l10n/ur_PK/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/uz
-#srv/web/owncloud/apps/bookmarks/l10n/uz/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/vi
+#srv/web/owncloud/apps/bookmarks/l10n/vi.js
+#srv/web/owncloud/apps/bookmarks/l10n/vi.json
#srv/web/owncloud/apps/bookmarks/l10n/vi.php
-#srv/web/owncloud/apps/bookmarks/l10n/vi/bookmarks.po
#srv/web/owncloud/apps/bookmarks/l10n/xgettextfiles
-#srv/web/owncloud/apps/bookmarks/l10n/zh_CN
-#srv/web/owncloud/apps/bookmarks/l10n/zh_CN.GB2312
-#srv/web/owncloud/apps/bookmarks/l10n/zh_CN.GB2312.php
-#srv/web/owncloud/apps/bookmarks/l10n/zh_CN.GB2312/bookmarks.po
+#srv/web/owncloud/apps/bookmarks/l10n/zh_CN.js
+#srv/web/owncloud/apps/bookmarks/l10n/zh_CN.json
#srv/web/owncloud/apps/bookmarks/l10n/zh_CN.php
-#srv/web/owncloud/apps/bookmarks/l10n/zh_CN/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/zh_HK
#srv/web/owncloud/apps/bookmarks/l10n/zh_HK.php
-#srv/web/owncloud/apps/bookmarks/l10n/zh_HK/bookmarks.po
-#srv/web/owncloud/apps/bookmarks/l10n/zh_TW
+#srv/web/owncloud/apps/bookmarks/l10n/zh_TW.js
+#srv/web/owncloud/apps/bookmarks/l10n/zh_TW.json
#srv/web/owncloud/apps/bookmarks/l10n/zh_TW.php
-#srv/web/owncloud/apps/bookmarks/l10n/zh_TW/bookmarks.po
#srv/web/owncloud/apps/bookmarks/lib
#srv/web/owncloud/apps/bookmarks/lib/bookmarks.php
#srv/web/owncloud/apps/bookmarks/lib/search.php
#srv/web/owncloud/apps/bookmarks/templates/list.php
#srv/web/owncloud/apps/bookmarks/templates/settings.php
#srv/web/owncloud/apps/bookmarks/tests
-#srv/web/owncloud/apps/bookmarks/tests/lib_bookmark.php
+#srv/web/owncloud/apps/bookmarks/tests/bootstrap.php
+#srv/web/owncloud/apps/bookmarks/tests/lib_bookmark_test.php
+#srv/web/owncloud/apps/bookmarks/tests/phpunit.xml
#srv/web/owncloud/apps/calendar
#srv/web/owncloud/apps/calendar/3rdparty
#srv/web/owncloud/apps/calendar/3rdparty/fullcalendar
#srv/web/owncloud/apps/contacts/lib/jsonresponse.php
#srv/web/owncloud/apps/contacts/lib/middleware
#srv/web/owncloud/apps/contacts/lib/middleware/http.php
-#srv/web/owncloud/apps/contacts/lib/searchprovider.php
+#srv/web/owncloud/apps/contacts/lib/search
+#srv/web/owncloud/apps/contacts/lib/search/contact.php
+#srv/web/owncloud/apps/contacts/lib/search/provider.php
#srv/web/owncloud/apps/contacts/lib/share
#srv/web/owncloud/apps/contacts/lib/share/addressbook.php
#srv/web/owncloud/apps/contacts/lib/share/contact.php
#srv/web/owncloud/apps/files_external/ajax
#srv/web/owncloud/apps/files_external/ajax/addMountPoint.php
#srv/web/owncloud/apps/files_external/ajax/addRootCertificate.php
+#srv/web/owncloud/apps/files_external/ajax/applicable.php
#srv/web/owncloud/apps/files_external/ajax/dropbox.php
#srv/web/owncloud/apps/files_external/ajax/google.php
#srv/web/owncloud/apps/files_external/ajax/removeMountPoint.php
#srv/web/owncloud/apps/files_external/lib/api.php
#srv/web/owncloud/apps/files_external/lib/config.php
#srv/web/owncloud/apps/files_external/lib/dropbox.php
+#srv/web/owncloud/apps/files_external/lib/etagpropagator.php
#srv/web/owncloud/apps/files_external/lib/ftp.php
#srv/web/owncloud/apps/files_external/lib/google.php
#srv/web/owncloud/apps/files_external/lib/owncloud.php
#srv/web/owncloud/apps/files_external/templates/settings.php
#srv/web/owncloud/apps/files_external/tests
#srv/web/owncloud/apps/files_external/tests/amazons3.php
+#srv/web/owncloud/apps/files_external/tests/amazons3migration.php
#srv/web/owncloud/apps/files_external/tests/appSpec.js
#srv/web/owncloud/apps/files_external/tests/config.php
#srv/web/owncloud/apps/files_external/tests/dropbox.php
#srv/web/owncloud/apps/files_external/tests/dynamicmountconfig.php
+#srv/web/owncloud/apps/files_external/tests/etagpropagator.php
#srv/web/owncloud/apps/files_external/tests/ftp.php
#srv/web/owncloud/apps/files_external/tests/google.php
#srv/web/owncloud/apps/files_external/tests/js
#srv/web/owncloud/apps/files_external/tests/js/mountsfilelistSpec.js
#srv/web/owncloud/apps/files_external/tests/mountconfig.php
#srv/web/owncloud/apps/files_external/tests/owncloud.php
+#srv/web/owncloud/apps/files_external/tests/owncloudfunctions.php
#srv/web/owncloud/apps/files_external/tests/sftp.php
#srv/web/owncloud/apps/files_external/tests/smb.php
#srv/web/owncloud/apps/files_external/tests/smbfunctions.php
#srv/web/owncloud/apps/files_sharing/lib/cache.php
#srv/web/owncloud/apps/files_sharing/lib/connector
#srv/web/owncloud/apps/files_sharing/lib/connector/publicauth.php
+#srv/web/owncloud/apps/files_sharing/lib/exceptions.php
#srv/web/owncloud/apps/files_sharing/lib/external
#srv/web/owncloud/apps/files_sharing/lib/external/cache.php
#srv/web/owncloud/apps/files_sharing/lib/external/manager.php
#srv/web/owncloud/apps/files_sharing/templates/settings-admin.php
#srv/web/owncloud/apps/files_sharing/tests
#srv/web/owncloud/apps/files_sharing/tests/api.php
+#srv/web/owncloud/apps/files_sharing/tests/backend.php
#srv/web/owncloud/apps/files_sharing/tests/base.php
#srv/web/owncloud/apps/files_sharing/tests/cache.php
#srv/web/owncloud/apps/files_sharing/tests/externalstorage.php
+#srv/web/owncloud/apps/files_sharing/tests/helper.php
#srv/web/owncloud/apps/files_sharing/tests/js
#srv/web/owncloud/apps/files_sharing/tests/js/appSpec.js
#srv/web/owncloud/apps/files_sharing/tests/js/shareSpec.js
#srv/web/owncloud/apps/updater/admin.php
#srv/web/owncloud/apps/updater/ajax
#srv/web/owncloud/apps/updater/ajax/backup
+#srv/web/owncloud/apps/updater/ajax/backup.php
#srv/web/owncloud/apps/updater/ajax/backup/delete.php
#srv/web/owncloud/apps/updater/ajax/backup/download.php
#srv/web/owncloud/apps/updater/ajax/backup/list.php
+#srv/web/owncloud/apps/updater/ajax/download.php
#srv/web/owncloud/apps/updater/ajax/update.php
#srv/web/owncloud/apps/updater/appinfo
#srv/web/owncloud/apps/updater/appinfo/app.php
#srv/web/owncloud/apps/updater/lib
#srv/web/owncloud/apps/updater/lib/app.php
#srv/web/owncloud/apps/updater/lib/backup.php
+#srv/web/owncloud/apps/updater/lib/collection.php
#srv/web/owncloud/apps/updater/lib/downloader.php
+#srv/web/owncloud/apps/updater/lib/fsexception.php
#srv/web/owncloud/apps/updater/lib/helper.php
#srv/web/owncloud/apps/updater/lib/location
#srv/web/owncloud/apps/updater/lib/location.php
#srv/web/owncloud/apps/updater/lib/location/3rdparty.php
#srv/web/owncloud/apps/updater/lib/location/apps.php
#srv/web/owncloud/apps/updater/lib/location/core.php
+#srv/web/owncloud/apps/updater/lib/permissionexception.php
#srv/web/owncloud/apps/updater/lib/updater.php
#srv/web/owncloud/apps/updater/templates
#srv/web/owncloud/apps/updater/templates/admin.php
#srv/web/owncloud/apps/user_ldap/group_ldap.php
#srv/web/owncloud/apps/user_ldap/group_proxy.php
#srv/web/owncloud/apps/user_ldap/js
+#srv/web/owncloud/apps/user_ldap/js/experiencedAdmin.js
#srv/web/owncloud/apps/user_ldap/js/ldapFilter.js
#srv/web/owncloud/apps/user_ldap/js/settings.js
#srv/web/owncloud/apps/user_ldap/l10n
#srv/web/owncloud/apps/user_ldap/tests/data
#srv/web/owncloud/apps/user_ldap/tests/data/sid.dat
#srv/web/owncloud/apps/user_ldap/tests/group_ldap.php
+#srv/web/owncloud/apps/user_ldap/tests/helper.php
#srv/web/owncloud/apps/user_ldap/tests/user
#srv/web/owncloud/apps/user_ldap/tests/user/manager.php
#srv/web/owncloud/apps/user_ldap/tests/user/user.php
#srv/web/owncloud/core/css/jquery.ocdialog.css
#srv/web/owncloud/core/css/mobile.css
#srv/web/owncloud/core/css/multiselect.css
+#srv/web/owncloud/core/css/select2
+#srv/web/owncloud/core/css/select2/select2-spinner.gif
+#srv/web/owncloud/core/css/select2/select2.css
+#srv/web/owncloud/core/css/select2/select2.png
+#srv/web/owncloud/core/css/select2/select2x2.png
#srv/web/owncloud/core/css/share.css
#srv/web/owncloud/core/css/styles.css
#srv/web/owncloud/core/doc
#srv/web/owncloud/core/doc/admin
#srv/web/owncloud/core/doc/admin/_images
-#srv/web/owncloud/core/doc/admin/_images/100000000000003800000018D49F1CE7.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000050000000DB83B8FA5B.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000950000004412998BE7.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000A800000073F49785A6.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000B600000120706C3C75.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000CD000000ECA8DE7780.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000F1000000F56125BDBA.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000F1000000F6704F46D3.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000F300000068AF0ECD53.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000F40000019A110DD159.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000F5000000675DC5F68C.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000F500000067A8845EF8.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000F60000006754ED2A1E.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000000F6000000685DFB3767.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000012C0000009C444B4720.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000013C0000017D4FC6CEF5.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001400000008A557EF7E3.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001440000005A2989832F.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000160000000DBB2FB0223.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000165000000D3FF2168AB.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000167000000B43E4BF478.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001800000009A9494E037.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001880000007EA4444400.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000018B000000A090F31164.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000018E000000C4BA62B2A3.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000193000001AE9AB8B0A2.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000194000000498325A766.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000194000000FAD39BC0D8.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001980000009271BE0D26.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000019E0000004CD2A0F407.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001A3000000AAFE82893A.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001AC000000477C76808F.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001BF00000012349EAE2F.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001C1000000FE663748B2.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001C9000000AF9C1CE57F.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001CF00000176B0BE1EBC.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001D30000014DC251C948.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001E50000006E3ECDC427.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000001FD000000DF8D2D7546.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000200000000BCCCC35DEB.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002170000004A27056037.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000021C0000004CACBF786C.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002210000002DE3BE7515.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000227000000935D9B1EF6.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000023B000000125381F51B.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000247000000A77440E4D3.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002720000013FB6EDA793.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000027B0000011D10F70F88.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002840000016729388B7F.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000288000001A1D5BE4881.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000289000001A9D7F3941F.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002910000018B31D51F03.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000291000001951B69B9A6.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002950000019EF5732E36.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002950000021E245F6883.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000298000001870B0581FA.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000298000001874D3CA506.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000029B0000018885B5282E.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002A6000000BFBE298238.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002B1000002258C08D304.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002B3000000365E1CD00D.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002BB000000266DB6AD1A.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000002F3000000926CA65D02.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000304000001B964698779.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000336000000F38C3FAF84.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000372000002AF943ADDA0.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000003730000002B6865E951.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000003A60000011E274A1A28.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000003A6000002A9C7A660BE.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000003A800000039364066E4.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000003B30000021B5EE5D338.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000003DF00000071A41D8A1F.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000003DF000000D953A456B6.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000003E8000001524A147A04.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000003EC000000AB60616FA7.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000003FB000002359BAFB40E.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000004010000017E4A6552BC.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000403000001632F0B76F6.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000404000000FCFC13E732.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000004100000005657010336.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000004170000016ACB5E15AE.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000041D0000017D8D1BC4D9.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000042500000163D2B339D5.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000427000000324F58266D.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000042E000001D3EEB9978B.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000042F000000CC3EDDE79E.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000430000000AF9D6E724E.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000043000000164DA0CE8C9.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000043200000169BCD20493.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000044C000002B0B421E27E.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000045800000197FE462F2B.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000462000000D44541CF9A.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000046C000000C2D3E5CF30.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000004770000008AAF3CFFDB.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000004920000028D9C8DC2CB.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000004C0000000795BB2C146.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000004CA000002B52116BE0C.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000004ED000000BE3B9E25D5.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000523000000C6F786381C.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000052500000088DBB95005.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000525000000BE30CF0423.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000527000000A7AB409FE0.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000052F000000C2867B7294.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000530000001410CF0028A.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000053100000142D9A4C916.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000532000000285DDBBF37.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000053A00000067708C8F53.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000552000000BF22E90239.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000557000002E148BAB6D4.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005970000006AE23997C9.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005AF00000074604B1A67.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005B90000007866D92D14.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005BB0000007C1DF71FA7.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005C30000006CAFFAAD61.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005D00000003B29340A7A.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005D50000009458C5EE48.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005E20000009B1BA5A8CF.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005E6000000676902E040.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005EB000000A68BA73E2D.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005EC00000073E678DFEC.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005F30000030F1372448D.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005F70000005F0912E904.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005F70000007E43DB8026.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005FA0000005CE8491B77.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000005FF0000005F35710398.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000006000000005EDA7B96BE.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000060300000065DF96536B.png
-#srv/web/owncloud/core/doc/admin/_images/10000000000006060000006A0106CA0C.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000061A0000006FC014C3A4.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000061D0000007047877972.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000061E0000006BCF9ECC0B.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000062A0000005F61A18950.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000631000000E19D116AA0.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000063F00000090AAE1FA4A.png
-#srv/web/owncloud/core/doc/admin/_images/1000000000000668000002D29EAD9899.png
-#srv/web/owncloud/core/doc/admin/_images/100000000000066D000001AAD8CE8256.png
-#srv/web/owncloud/core/doc/admin/_images/10000201000002FC000001DC2DDAD2F1.png
-#srv/web/owncloud/core/doc/admin/_images/1000020100000359000000A8B848DE68.png
-#srv/web/owncloud/core/doc/admin/_images/10000201000005F90000029D8BA200FB.png
-#srv/web/owncloud/core/doc/admin/_images/custom_mount_config_gui-1.png
-#srv/web/owncloud/core/doc/admin/_images/custom_mount_config_gui-2.png
-#srv/web/owncloud/core/doc/admin/_images/custom_mount_config_gui-3.png
-#srv/web/owncloud/core/doc/admin/_images/custom_mount_config_gui-4.png
-#srv/web/owncloud/core/doc/admin/_images/edit_encrypted_file.png
+#srv/web/owncloud/core/doc/admin/_images/antivirus-app.png
+#srv/web/owncloud/core/doc/admin/_images/antivirus-config.png
+#srv/web/owncloud/core/doc/admin/_images/antivirus-daemon-socket.png
+#srv/web/owncloud/core/doc/admin/_images/antivirus-executable.png
+#srv/web/owncloud/core/doc/admin/_images/antivirus-logging.png
+#srv/web/owncloud/core/doc/admin/_images/create_public_share.png
+#srv/web/owncloud/core/doc/admin/_images/documents_app_enable.png
+#srv/web/owncloud/core/doc/admin/_images/encryption1.png
+#srv/web/owncloud/core/doc/admin/_images/encryption2.png
+#srv/web/owncloud/core/doc/admin/_images/encryption3.png
+#srv/web/owncloud/core/doc/admin/_images/encryption4.png
+#srv/web/owncloud/core/doc/admin/_images/encryption5.png
+#srv/web/owncloud/core/doc/admin/_images/encryption6.png
+#srv/web/owncloud/core/doc/admin/_images/encryption7.png
+#srv/web/owncloud/core/doc/admin/_images/encryption8.png
+#srv/web/owncloud/core/doc/admin/_images/encryption9.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-amazons3.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-app-add.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-app-enable.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-app-local.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-app-usermounts.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-dropbox-allowshare.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-dropbox-app.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-dropbox-configapp.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-dropbox-oc.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-dropbox.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-ftp.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-google-drive-0auth.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-google-drive-9.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-google-drive-sdk.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-google-drive.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-google-drive1.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-google-drive2.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-google-drive5.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-google-drive7.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-google-drive8.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-smb.png
+#srv/web/owncloud/core/doc/admin/_images/external-storage-webdav.png
#srv/web/owncloud/core/doc/admin/_images/install-wizard-advanced.png
#srv/web/owncloud/core/doc/admin/_images/install-wizard.png
#srv/web/owncloud/core/doc/admin/_images/ldap-advanced-1-connection.png
#srv/web/owncloud/core/doc/admin/_images/ldap-wizard-2-user.png
#srv/web/owncloud/core/doc/admin/_images/ldap-wizard-3-login.png
#srv/web/owncloud/core/doc/admin/_images/ldap-wizard-4-group.png
+#srv/web/owncloud/core/doc/admin/_images/lucene-search-enable.png
+#srv/web/owncloud/core/doc/admin/_images/lucene-search-user.png
#srv/web/owncloud/core/doc/admin/_images/oc_admin_app_page.png
-#srv/web/owncloud/core/doc/admin/_images/oc_admin_user_manage.png
+#srv/web/owncloud/core/doc/admin/_images/preview_images.png
+#srv/web/owncloud/core/doc/admin/_images/remote_shares.png
+#srv/web/owncloud/core/doc/admin/_images/sharing-admin.png
+#srv/web/owncloud/core/doc/admin/_images/sharing-user-local.png
+#srv/web/owncloud/core/doc/admin/_images/sharing-user.png
+#srv/web/owncloud/core/doc/admin/_images/smtp-config-php-sendmail.png
+#srv/web/owncloud/core/doc/admin/_images/smtp-config-smtp.png
+#srv/web/owncloud/core/doc/admin/_images/smtp-config-wizard.png
#srv/web/owncloud/core/doc/admin/_images/ucs-app-center-install.png
#srv/web/owncloud/core/doc/admin/_images/ucs-app-center-module.png
#srv/web/owncloud/core/doc/admin/_images/ucsint.png
#srv/web/owncloud/core/doc/admin/_images/ucsint1.png
#srv/web/owncloud/core/doc/admin/_images/ucsint2.png
#srv/web/owncloud/core/doc/admin/_images/untrusted-domain.png
+#srv/web/owncloud/core/doc/admin/_images/updater-1.png
+#srv/web/owncloud/core/doc/admin/_images/updater-2.png
+#srv/web/owncloud/core/doc/admin/_images/updater-3.png
+#srv/web/owncloud/core/doc/admin/_images/updater-4.png
+#srv/web/owncloud/core/doc/admin/_images/updater-5.png
+#srv/web/owncloud/core/doc/admin/_images/updater-6.png
+#srv/web/owncloud/core/doc/admin/_images/updater-7.png
+#srv/web/owncloud/core/doc/admin/_images/users-config.png
+#srv/web/owncloud/core/doc/admin/_images/users-create.png
+#srv/web/owncloud/core/doc/admin/_images/users-groups.png
#srv/web/owncloud/core/doc/admin/_images/win7features.jpg
#srv/web/owncloud/core/doc/admin/_images/winserverroles.jpg
#srv/web/owncloud/core/doc/admin/_sources
-#srv/web/owncloud/core/doc/admin/_sources/apps
-#srv/web/owncloud/core/doc/admin/_sources/apps/activity
-#srv/web/owncloud/core/doc/admin/_sources/apps/activity/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/admin_dependencies_chk
-#srv/web/owncloud/core/doc/admin/_sources/apps/admin_dependencies_chk/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_antivirus
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_antivirus/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_encryption
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_encryption/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_external
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_external/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_sharing
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_sharing/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_trashbin
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_trashbin/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_versions
-#srv/web/owncloud/core/doc/admin/_sources/apps/files_versions/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/firstrunwizard
-#srv/web/owncloud/core/doc/admin/_sources/apps/firstrunwizard/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/user_ldap
-#srv/web/owncloud/core/doc/admin/_sources/apps/user_ldap/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/apps/viewers
-#srv/web/owncloud/core/doc/admin/_sources/apps/viewers/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/config
-#srv/web/owncloud/core/doc/admin/_sources/config/apps.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/code_locations.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/default_parameters.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/deleted_items.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/logging.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/mail_parameters.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/maintenance.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/miscellaneous.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/previews.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/reverse_proxy_configurations.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/session_info.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/user_experience.txt
-#srv/web/owncloud/core/doc/admin/_sources/config/verification.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration
#srv/web/owncloud/core/doc/admin/_sources/configuration/auth_ldap.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/background_jobs.txt
+#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration-antivirus.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_3rdparty.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_apps.txt
+#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_assets.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_automation.txt
+#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_config_sample_php.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_custom_clients.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_database.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_encryption.txt
+#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_file_sharing.txt
+#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_files_locking.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_knowledgebase.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_language.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_logging.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_mail.txt
-#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_maintenance.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_preview.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_reverseproxy.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuration_users.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/configuring_big_file_upload.txt
+#srv/web/owncloud/core/doc/admin/_sources/configuration/configuring_documents.txt
+#srv/web/owncloud/core/doc/admin/_sources/configuration/configuring_search.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/custom_mount_config.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/custom_mount_config_gui.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/custom_user_backend.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/index.txt
+#srv/web/owncloud/core/doc/admin/_sources/configuration/server_to_server_managing.txt
#srv/web/owncloud/core/doc/admin/_sources/configuration/xsendfile.txt
#srv/web/owncloud/core/doc/admin/_sources/contents.txt
-#srv/web/owncloud/core/doc/admin/_sources/cron
-#srv/web/owncloud/core/doc/admin/_sources/cron/index.txt
#srv/web/owncloud/core/doc/admin/_sources/index.txt
#srv/web/owncloud/core/doc/admin/_sources/installation
+#srv/web/owncloud/core/doc/admin/_sources/installation/configuration_hiawatha.txt
+#srv/web/owncloud/core/doc/admin/_sources/installation/configuration_lighttpd.txt
+#srv/web/owncloud/core/doc/admin/_sources/installation/configuration_nginx.txt
+#srv/web/owncloud/core/doc/admin/_sources/installation/configuration_yaws.txt
#srv/web/owncloud/core/doc/admin/_sources/installation/index.txt
#srv/web/owncloud/core/doc/admin/_sources/installation/installation_appliance.txt
#srv/web/owncloud/core/doc/admin/_sources/installation/installation_linux.txt
#srv/web/owncloud/core/doc/admin/_sources/issues/index.txt
#srv/web/owncloud/core/doc/admin/_sources/maintenance
#srv/web/owncloud/core/doc/admin/_sources/maintenance/backup.txt
+#srv/web/owncloud/core/doc/admin/_sources/maintenance/convert_db.txt
+#srv/web/owncloud/core/doc/admin/_sources/maintenance/enable_maintenance.txt
#srv/web/owncloud/core/doc/admin/_sources/maintenance/index.txt
#srv/web/owncloud/core/doc/admin/_sources/maintenance/migrating.txt
#srv/web/owncloud/core/doc/admin/_sources/maintenance/restore.txt
#srv/web/owncloud/core/doc/admin/_sources/maintenance/update.txt
-#srv/web/owncloud/core/doc/admin/_sources/quota
-#srv/web/owncloud/core/doc/admin/_sources/quota/index.txt
-#srv/web/owncloud/core/doc/admin/_sources/sharing_api
-#srv/web/owncloud/core/doc/admin/_sources/sharing_api/create_a_new_share.txt
-#srv/web/owncloud/core/doc/admin/_sources/sharing_api/delete_share.txt
-#srv/web/owncloud/core/doc/admin/_sources/sharing_api/get_all_shares.txt
-#srv/web/owncloud/core/doc/admin/_sources/sharing_api/get_information_about_a_known_share.txt
-#srv/web/owncloud/core/doc/admin/_sources/sharing_api/get_shares_from_a_specific_file_or_folder.txt
-#srv/web/owncloud/core/doc/admin/_sources/sharing_api/index.txt
+#srv/web/owncloud/core/doc/admin/_sources/maintenance/upgrade.txt
+#srv/web/owncloud/core/doc/admin/_sources/whats_new_admin.txt
#srv/web/owncloud/core/doc/admin/_static
#srv/web/owncloud/core/doc/admin/_static/ajax-loader.gif
#srv/web/owncloud/core/doc/admin/_static/basic.css
#srv/web/owncloud/core/doc/admin/_static/up-pressed.png
#srv/web/owncloud/core/doc/admin/_static/up.png
#srv/web/owncloud/core/doc/admin/_static/websupport.js
-#srv/web/owncloud/core/doc/admin/apps
-#srv/web/owncloud/core/doc/admin/apps/activity
-#srv/web/owncloud/core/doc/admin/apps/activity/index.html
-#srv/web/owncloud/core/doc/admin/apps/admin_dependencies_chk
-#srv/web/owncloud/core/doc/admin/apps/admin_dependencies_chk/index.html
-#srv/web/owncloud/core/doc/admin/apps/files_antivirus
-#srv/web/owncloud/core/doc/admin/apps/files_antivirus/index.html
-#srv/web/owncloud/core/doc/admin/apps/files_encryption
-#srv/web/owncloud/core/doc/admin/apps/files_encryption/index.html
-#srv/web/owncloud/core/doc/admin/apps/files_external
-#srv/web/owncloud/core/doc/admin/apps/files_external/index.html
-#srv/web/owncloud/core/doc/admin/apps/files_sharing
-#srv/web/owncloud/core/doc/admin/apps/files_sharing/index.html
-#srv/web/owncloud/core/doc/admin/apps/files_trashbin
-#srv/web/owncloud/core/doc/admin/apps/files_trashbin/index.html
-#srv/web/owncloud/core/doc/admin/apps/files_versions
-#srv/web/owncloud/core/doc/admin/apps/files_versions/index.html
-#srv/web/owncloud/core/doc/admin/apps/firstrunwizard
-#srv/web/owncloud/core/doc/admin/apps/firstrunwizard/index.html
-#srv/web/owncloud/core/doc/admin/apps/index.html
-#srv/web/owncloud/core/doc/admin/apps/user_ldap
-#srv/web/owncloud/core/doc/admin/apps/user_ldap/index.html
-#srv/web/owncloud/core/doc/admin/apps/viewers
-#srv/web/owncloud/core/doc/admin/apps/viewers/index.html
-#srv/web/owncloud/core/doc/admin/config
-#srv/web/owncloud/core/doc/admin/config/apps.html
-#srv/web/owncloud/core/doc/admin/config/code_locations.html
-#srv/web/owncloud/core/doc/admin/config/default_parameters.html
-#srv/web/owncloud/core/doc/admin/config/deleted_items.html
-#srv/web/owncloud/core/doc/admin/config/index.html
-#srv/web/owncloud/core/doc/admin/config/logging.html
-#srv/web/owncloud/core/doc/admin/config/mail_parameters.html
-#srv/web/owncloud/core/doc/admin/config/maintenance.html
-#srv/web/owncloud/core/doc/admin/config/miscellaneous.html
-#srv/web/owncloud/core/doc/admin/config/previews.html
-#srv/web/owncloud/core/doc/admin/config/reverse_proxy_configurations.html
-#srv/web/owncloud/core/doc/admin/config/session_info.html
-#srv/web/owncloud/core/doc/admin/config/user_experience.html
-#srv/web/owncloud/core/doc/admin/config/verification.html
#srv/web/owncloud/core/doc/admin/configuration
#srv/web/owncloud/core/doc/admin/configuration/auth_ldap.html
#srv/web/owncloud/core/doc/admin/configuration/background_jobs.html
+#srv/web/owncloud/core/doc/admin/configuration/configuration-antivirus.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_3rdparty.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_apps.html
+#srv/web/owncloud/core/doc/admin/configuration/configuration_assets.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_automation.html
+#srv/web/owncloud/core/doc/admin/configuration/configuration_config_sample_php.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_custom_clients.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_database.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_encryption.html
+#srv/web/owncloud/core/doc/admin/configuration/configuration_file_sharing.html
+#srv/web/owncloud/core/doc/admin/configuration/configuration_files_locking.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_knowledgebase.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_language.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_logging.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_mail.html
-#srv/web/owncloud/core/doc/admin/configuration/configuration_maintenance.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_preview.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_reverseproxy.html
#srv/web/owncloud/core/doc/admin/configuration/configuration_users.html
#srv/web/owncloud/core/doc/admin/configuration/configuring_big_file_upload.html
+#srv/web/owncloud/core/doc/admin/configuration/configuring_documents.html
+#srv/web/owncloud/core/doc/admin/configuration/configuring_search.html
#srv/web/owncloud/core/doc/admin/configuration/custom_mount_config.html
#srv/web/owncloud/core/doc/admin/configuration/custom_mount_config_gui.html
#srv/web/owncloud/core/doc/admin/configuration/custom_user_backend.html
#srv/web/owncloud/core/doc/admin/configuration/index.html
+#srv/web/owncloud/core/doc/admin/configuration/server_to_server_managing.html
#srv/web/owncloud/core/doc/admin/configuration/xsendfile.html
#srv/web/owncloud/core/doc/admin/contents.html
-#srv/web/owncloud/core/doc/admin/cron
-#srv/web/owncloud/core/doc/admin/cron/index.html
#srv/web/owncloud/core/doc/admin/genindex.html
#srv/web/owncloud/core/doc/admin/index.html
#srv/web/owncloud/core/doc/admin/installation
+#srv/web/owncloud/core/doc/admin/installation/configuration_hiawatha.html
+#srv/web/owncloud/core/doc/admin/installation/configuration_lighttpd.html
+#srv/web/owncloud/core/doc/admin/installation/configuration_nginx.html
+#srv/web/owncloud/core/doc/admin/installation/configuration_yaws.html
#srv/web/owncloud/core/doc/admin/installation/index.html
#srv/web/owncloud/core/doc/admin/installation/installation_appliance.html
#srv/web/owncloud/core/doc/admin/installation/installation_linux.html
#srv/web/owncloud/core/doc/admin/issues/index.html
#srv/web/owncloud/core/doc/admin/maintenance
#srv/web/owncloud/core/doc/admin/maintenance/backup.html
+#srv/web/owncloud/core/doc/admin/maintenance/convert_db.html
+#srv/web/owncloud/core/doc/admin/maintenance/enable_maintenance.html
#srv/web/owncloud/core/doc/admin/maintenance/index.html
#srv/web/owncloud/core/doc/admin/maintenance/migrating.html
#srv/web/owncloud/core/doc/admin/maintenance/restore.html
#srv/web/owncloud/core/doc/admin/maintenance/update.html
+#srv/web/owncloud/core/doc/admin/maintenance/upgrade.html
#srv/web/owncloud/core/doc/admin/objects.inv
-#srv/web/owncloud/core/doc/admin/quota
-#srv/web/owncloud/core/doc/admin/quota/index.html
#srv/web/owncloud/core/doc/admin/search.html
#srv/web/owncloud/core/doc/admin/searchindex.js
-#srv/web/owncloud/core/doc/admin/sharing_api
-#srv/web/owncloud/core/doc/admin/sharing_api/create_a_new_share.html
-#srv/web/owncloud/core/doc/admin/sharing_api/delete_share.html
-#srv/web/owncloud/core/doc/admin/sharing_api/get_all_shares.html
-#srv/web/owncloud/core/doc/admin/sharing_api/get_information_about_a_known_share.html
-#srv/web/owncloud/core/doc/admin/sharing_api/get_shares_from_a_specific_file_or_folder.html
-#srv/web/owncloud/core/doc/admin/sharing_api/index.html
+#srv/web/owncloud/core/doc/admin/whats_new_admin.html
#srv/web/owncloud/core/doc/user
#srv/web/owncloud/core/doc/user/_images
-#srv/web/owncloud/core/doc/user/_images/1000000000000163000000E9CDA84C92.png
-#srv/web/owncloud/core/doc/user/_images/1000000000000175000000FAB2A2B294.png
-#srv/web/owncloud/core/doc/user/_images/1000000000000195000000EF7E44082C.png
-#srv/web/owncloud/core/doc/user/_images/10000000000001CE000000F2E2084BA1.png
-#srv/web/owncloud/core/doc/user/_images/100000000000041D0000003D52225C0D.png
-#srv/web/owncloud/core/doc/user/_images/1000000000000453000001BFFCF48776.png
-#srv/web/owncloud/core/doc/user/_images/1000000000000467000002B63162E59B.png
-#srv/web/owncloud/core/doc/user/_images/10000000000004690000026615360BEB.png
-#srv/web/owncloud/core/doc/user/_images/100000000000046D0000015F4B5494A9.png
-#srv/web/owncloud/core/doc/user/_images/100000000000046F000000DEA2BFCD9B.png
-#srv/web/owncloud/core/doc/user/_images/1000000000000470000001B68AE60DD3.png
-#srv/web/owncloud/core/doc/user/_images/10000000000004710000014BBC34499D.png
-#srv/web/owncloud/core/doc/user/_images/100000000000047200000129CB014025.png
-#srv/web/owncloud/core/doc/user/_images/100000000000047700000219A3013A92.png
-#srv/web/owncloud/core/doc/user/_images/1000000000000479000002887E7F48EA.png
-#srv/web/owncloud/core/doc/user/_images/100000000000047A000000B727198874.png
-#srv/web/owncloud/core/doc/user/_images/100000000000047A000000FB86FF2A9A.png
-#srv/web/owncloud/core/doc/user/_images/100000000000047A0000011C6682A254.png
-#srv/web/owncloud/core/doc/user/_images/100000000000048100000245268CDB7A.png
#srv/web/owncloud/core/doc/user/_images/bookmark_addurl.png
#srv/web/owncloud/core/doc/user/_images/bookmark_setting.png
-#srv/web/owncloud/core/doc/user/_images/calendar_createevent.png
+#srv/web/owncloud/core/doc/user/_images/calendar_create_event.png
+#srv/web/owncloud/core/doc/user/_images/calendar_create_event_repeat.png
+#srv/web/owncloud/core/doc/user/_images/calendar_create_event_share.png
+#srv/web/owncloud/core/doc/user/_images/calendar_create_new.png
+#srv/web/owncloud/core/doc/user/_images/calendar_default.png
+#srv/web/owncloud/core/doc/user/_images/calendar_edit_event.png
#srv/web/owncloud/core/doc/user/_images/calendar_export.png
#srv/web/owncloud/core/doc/user/_images/calendar_import.png
-#srv/web/owncloud/core/doc/user/_images/calendar_manage-calendars.png
#srv/web/owncloud/core/doc/user/_images/calendar_newtimezone1.png
+#srv/web/owncloud/core/doc/user/_images/calendar_settings.png
+#srv/web/owncloud/core/doc/user/_images/contact_address_book_add.png
#srv/web/owncloud/core/doc/user/_images/contact_bottombar.png
#srv/web/owncloud/core/doc/user/_images/contact_crop.jpg
-#srv/web/owncloud/core/doc/user/_images/contact_del_ab.png
-#srv/web/owncloud/core/doc/user/_images/contact_emptycontact.png
-#srv/web/owncloud/core/doc/user/_images/contact_picture.jpg
+#srv/web/owncloud/core/doc/user/_images/contact_new.png
+#srv/web/owncloud/core/doc/user/_images/contact_picture.png
+#srv/web/owncloud/core/doc/user/_images/contact_picture_default.png
#srv/web/owncloud/core/doc/user/_images/contact_syncopt.jpg
#srv/web/owncloud/core/doc/user/_images/contact_thunderbird-Symbol_Gear.jpg
#srv/web/owncloud/core/doc/user/_images/contact_thunderbird-Symbol_Impeller.jpg
#srv/web/owncloud/core/doc/user/_images/contact_thunderbird-URL_config.jpg
#srv/web/owncloud/core/doc/user/_images/contact_uploadbutton.png
#srv/web/owncloud/core/doc/user/_images/contact_vcfpick.jpg
+#srv/web/owncloud/core/doc/user/_images/contacts_empty.png
+#srv/web/owncloud/core/doc/user/_images/contacts_settings.png
+#srv/web/owncloud/core/doc/user/_images/deleted_files.png
+#srv/web/owncloud/core/doc/user/_images/documents_personal_settings.png
#srv/web/owncloud/core/doc/user/_images/dolphin_webdav.png
+#srv/web/owncloud/core/doc/user/_images/download.png
+#srv/web/owncloud/core/doc/user/_images/email_address_personal_settings.png
+#srv/web/owncloud/core/doc/user/_images/encryption1.png
+#srv/web/owncloud/core/doc/user/_images/encryption2.png
+#srv/web/owncloud/core/doc/user/_images/encryption3.png
+#srv/web/owncloud/core/doc/user/_images/encryption4.png
+#srv/web/owncloud/core/doc/user/_images/event_export.png
#srv/web/owncloud/core/doc/user/_images/explorer_webdav.png
-#srv/web/owncloud/core/doc/user/_images/external_google_drive_1_sign_in.png
-#srv/web/owncloud/core/doc/user/_images/external_google_drive_2_verify.png
-#srv/web/owncloud/core/doc/user/_images/external_google_drive_3_create_project.png
-#srv/web/owncloud/core/doc/user/_images/external_google_drive_4_enable_api.png
-#srv/web/owncloud/core/doc/user/_images/external_google_drive_5_setup_ownCloud.png
-#srv/web/owncloud/core/doc/user/_images/external_google_drive_6_accept.png
#srv/web/owncloud/core/doc/user/_images/files_versioning.png
+#srv/web/owncloud/core/doc/user/_images/full_name.png
#srv/web/owncloud/core/doc/user/_images/gnome3_nautilus_webdav.png
#srv/web/owncloud/core/doc/user/_images/kdes.png
#srv/web/owncloud/core/doc/user/_images/kdes1.png
#srv/web/owncloud/core/doc/user/_images/kdes6.png
#srv/web/owncloud/core/doc/user/_images/kdes7.png
#srv/web/owncloud/core/doc/user/_images/kdes9.png
+#srv/web/owncloud/core/doc/user/_images/language_personal_settings.png
+#srv/web/owncloud/core/doc/user/_images/notifications_personal_settings.png
#srv/web/owncloud/core/doc/user/_images/oc_connect.png
#srv/web/owncloud/core/doc/user/_images/oc_documents.png
#srv/web/owncloud/core/doc/user/_images/oc_documents_col_edit.png
#srv/web/owncloud/core/doc/user/_images/oc_documents_edit.png
#srv/web/owncloud/core/doc/user/_images/oc_documents_share.png
-#srv/web/owncloud/core/doc/user/_images/oc_files_share.png
-#srv/web/owncloud/core/doc/user/_images/oc_filesweb.png
#srv/web/owncloud/core/doc/user/_images/oc_filesweb_navigate.png
#srv/web/owncloud/core/doc/user/_images/oc_filesweb_new.png
-#srv/web/owncloud/core/doc/user/_images/oc_ui.png
-#srv/web/owncloud/core/doc/user/_images/oc_user_preferences.png
+#srv/web/owncloud/core/doc/user/_images/oc_main_web.png
+#srv/web/owncloud/core/doc/user/_images/oc_main_web_labelled.png
+#srv/web/owncloud/core/doc/user/_images/oc_personal_settings_dropdown.png
#srv/web/owncloud/core/doc/user/_images/osx_webdav1.png
#srv/web/owncloud/core/doc/user/_images/osx_webdav2.png
+#srv/web/owncloud/core/doc/user/_images/password_change.png
+#srv/web/owncloud/core/doc/user/_images/personal_settings.png
+#srv/web/owncloud/core/doc/user/_images/profile_picture_personal_settings.png
+#srv/web/owncloud/core/doc/user/_images/quota1.png
+#srv/web/owncloud/core/doc/user/_images/s2s-add-remote-share.png
+#srv/web/owncloud/core/doc/user/_images/s2s-connect-to-remote-share.png
+#srv/web/owncloud/core/doc/user/_images/s2s-create_public_share.png
+#srv/web/owncloud/core/doc/user/_images/s2s-remote-share-labeled.png
+#srv/web/owncloud/core/doc/user/_images/usage_indicator.png
+#srv/web/owncloud/core/doc/user/_images/users-files.png
+#srv/web/owncloud/core/doc/user/_images/users-overlays-sharepoint.png
+#srv/web/owncloud/core/doc/user/_images/users-overlays-win-net-drive.png
+#srv/web/owncloud/core/doc/user/_images/users-overlays.png
+#srv/web/owncloud/core/doc/user/_images/users-share-local.png
+#srv/web/owncloud/core/doc/user/_images/users-share-local2.png
+#srv/web/owncloud/core/doc/user/_images/users-share-public.png
#srv/web/owncloud/core/doc/user/_sources
#srv/web/owncloud/core/doc/user/_sources/bookmarks.txt
#srv/web/owncloud/core/doc/user/_sources/contents.txt
#srv/web/owncloud/core/doc/user/_sources/files/filesweb.txt
#srv/web/owncloud/core/doc/user/_sources/files/index.txt
#srv/web/owncloud/core/doc/user/_sources/files/quota.txt
+#srv/web/owncloud/core/doc/user/_sources/files/server_to_server_using.txt
#srv/web/owncloud/core/doc/user/_sources/files/sync.txt
#srv/web/owncloud/core/doc/user/_sources/files/versioncontrol.txt
#srv/web/owncloud/core/doc/user/_sources/index.txt
-#srv/web/owncloud/core/doc/user/_sources/migration.txt
+#srv/web/owncloud/core/doc/user/_sources/installing_apps.txt
#srv/web/owncloud/core/doc/user/_sources/pim
#srv/web/owncloud/core/doc/user/_sources/pim/calendar.txt
#srv/web/owncloud/core/doc/user/_sources/pim/contacts.txt
#srv/web/owncloud/core/doc/user/_sources/pim/sync_thunderbird.txt
#srv/web/owncloud/core/doc/user/_sources/pim/troubleshooting.txt
#srv/web/owncloud/core/doc/user/_sources/userpreferences.txt
-#srv/web/owncloud/core/doc/user/_sources/web_guide
-#srv/web/owncloud/core/doc/user/_sources/web_guide/index.txt
#srv/web/owncloud/core/doc/user/_sources/webinterface.txt
+#srv/web/owncloud/core/doc/user/_sources/whats_new.txt
#srv/web/owncloud/core/doc/user/_static
#srv/web/owncloud/core/doc/user/_static/ajax-loader.gif
#srv/web/owncloud/core/doc/user/_static/basic.css
#srv/web/owncloud/core/doc/user/files/filesweb.html
#srv/web/owncloud/core/doc/user/files/index.html
#srv/web/owncloud/core/doc/user/files/quota.html
+#srv/web/owncloud/core/doc/user/files/server_to_server_using.html
#srv/web/owncloud/core/doc/user/files/sync.html
#srv/web/owncloud/core/doc/user/files/versioncontrol.html
#srv/web/owncloud/core/doc/user/genindex.html
#srv/web/owncloud/core/doc/user/index.html
-#srv/web/owncloud/core/doc/user/migration.html
+#srv/web/owncloud/core/doc/user/installing_apps.html
#srv/web/owncloud/core/doc/user/objects.inv
#srv/web/owncloud/core/doc/user/pim
#srv/web/owncloud/core/doc/user/pim/calendar.html
#srv/web/owncloud/core/doc/user/search.html
#srv/web/owncloud/core/doc/user/searchindex.js
#srv/web/owncloud/core/doc/user/userpreferences.html
-#srv/web/owncloud/core/doc/user/web_guide
-#srv/web/owncloud/core/doc/user/web_guide/index.html
#srv/web/owncloud/core/doc/user/webinterface.html
+#srv/web/owncloud/core/doc/user/whats_new.html
#srv/web/owncloud/core/fonts
#srv/web/owncloud/core/fonts/LICENSE.txt
#srv/web/owncloud/core/fonts/OpenSans-Bold.woff
#srv/web/owncloud/core/img/actions/public.svg
#srv/web/owncloud/core/img/actions/rename.png
#srv/web/owncloud/core/img/actions/rename.svg
+#srv/web/owncloud/core/img/actions/search-white.png
+#srv/web/owncloud/core/img/actions/search-white.svg
#srv/web/owncloud/core/img/actions/search.png
#srv/web/owncloud/core/img/actions/search.svg
#srv/web/owncloud/core/img/actions/settings.png
#srv/web/owncloud/core/js/octemplate.js
#srv/web/owncloud/core/js/placeholder.js
#srv/web/owncloud/core/js/placeholders.js
+#srv/web/owncloud/core/js/select2
+#srv/web/owncloud/core/js/select2/LICENSE
+#srv/web/owncloud/core/js/select2/README.md
+#srv/web/owncloud/core/js/select2/bower.json
+#srv/web/owncloud/core/js/select2/component.json
+#srv/web/owncloud/core/js/select2/composer.json
+#srv/web/owncloud/core/js/select2/package.json
+#srv/web/owncloud/core/js/select2/release.sh
+#srv/web/owncloud/core/js/select2/select2-bootstrap.css
+#srv/web/owncloud/core/js/select2/select2.jquery.json
+#srv/web/owncloud/core/js/select2/select2.js
+#srv/web/owncloud/core/js/select2/select2_locale_ar.js
+#srv/web/owncloud/core/js/select2/select2_locale_bg.js
+#srv/web/owncloud/core/js/select2/select2_locale_ca.js
+#srv/web/owncloud/core/js/select2/select2_locale_cs.js
+#srv/web/owncloud/core/js/select2/select2_locale_da.js
+#srv/web/owncloud/core/js/select2/select2_locale_de.js
+#srv/web/owncloud/core/js/select2/select2_locale_el.js
+#srv/web/owncloud/core/js/select2/select2_locale_en.js.template
+#srv/web/owncloud/core/js/select2/select2_locale_es.js
+#srv/web/owncloud/core/js/select2/select2_locale_et.js
+#srv/web/owncloud/core/js/select2/select2_locale_eu.js
+#srv/web/owncloud/core/js/select2/select2_locale_fa.js
+#srv/web/owncloud/core/js/select2/select2_locale_fi.js
+#srv/web/owncloud/core/js/select2/select2_locale_fr.js
+#srv/web/owncloud/core/js/select2/select2_locale_gl.js
+#srv/web/owncloud/core/js/select2/select2_locale_he.js
+#srv/web/owncloud/core/js/select2/select2_locale_hr.js
+#srv/web/owncloud/core/js/select2/select2_locale_hu.js
+#srv/web/owncloud/core/js/select2/select2_locale_id.js
+#srv/web/owncloud/core/js/select2/select2_locale_is.js
+#srv/web/owncloud/core/js/select2/select2_locale_it.js
+#srv/web/owncloud/core/js/select2/select2_locale_ja.js
+#srv/web/owncloud/core/js/select2/select2_locale_ka.js
+#srv/web/owncloud/core/js/select2/select2_locale_ko.js
+#srv/web/owncloud/core/js/select2/select2_locale_lt.js
+#srv/web/owncloud/core/js/select2/select2_locale_lv.js
+#srv/web/owncloud/core/js/select2/select2_locale_mk.js
+#srv/web/owncloud/core/js/select2/select2_locale_ms.js
+#srv/web/owncloud/core/js/select2/select2_locale_nl.js
+#srv/web/owncloud/core/js/select2/select2_locale_no.js
+#srv/web/owncloud/core/js/select2/select2_locale_pl.js
+#srv/web/owncloud/core/js/select2/select2_locale_pt-BR.js
+#srv/web/owncloud/core/js/select2/select2_locale_pt-PT.js
+#srv/web/owncloud/core/js/select2/select2_locale_ro.js
+#srv/web/owncloud/core/js/select2/select2_locale_rs.js
+#srv/web/owncloud/core/js/select2/select2_locale_ru.js
+#srv/web/owncloud/core/js/select2/select2_locale_sk.js
+#srv/web/owncloud/core/js/select2/select2_locale_sv.js
+#srv/web/owncloud/core/js/select2/select2_locale_th.js
+#srv/web/owncloud/core/js/select2/select2_locale_tr.js
+#srv/web/owncloud/core/js/select2/select2_locale_uk.js
+#srv/web/owncloud/core/js/select2/select2_locale_vi.js
+#srv/web/owncloud/core/js/select2/select2_locale_zh-CN.js
+#srv/web/owncloud/core/js/select2/select2_locale_zh-TW.js
#srv/web/owncloud/core/js/setup.js
+#srv/web/owncloud/core/js/setupchecks.js
#srv/web/owncloud/core/js/share.js
#srv/web/owncloud/core/js/singleselect.js
#srv/web/owncloud/core/js/snap.js
#srv/web/owncloud/core/templates/message.html
#srv/web/owncloud/core/templates/singleuser.user.php
#srv/web/owncloud/core/templates/tags.html
+#srv/web/owncloud/core/templates/untrustedDomain.php
#srv/web/owncloud/core/templates/update.admin.php
#srv/web/owncloud/core/templates/update.user.php
#srv/web/owncloud/cron.php
#srv/web/owncloud/lib/private/connector/sabre/quotaplugin.php
#srv/web/owncloud/lib/private/connector/sabre/request.php
#srv/web/owncloud/lib/private/connector/sabre/server.php
+#srv/web/owncloud/lib/private/contacts
+#srv/web/owncloud/lib/private/contacts/localaddressbook.php
#srv/web/owncloud/lib/private/contactsmanager.php
#srv/web/owncloud/lib/private/davclient.php
#srv/web/owncloud/lib/private/db
#srv/web/owncloud/lib/private/db.php
#srv/web/owncloud/lib/private/db/adapter.php
+#srv/web/owncloud/lib/private/db/adaptermysql.php
#srv/web/owncloud/lib/private/db/adapteroci8.php
#srv/web/owncloud/lib/private/db/adapterpgsql.php
#srv/web/owncloud/lib/private/db/adaptersqlite.php
#srv/web/owncloud/lib/private/db/mdb2schemawriter.php
#srv/web/owncloud/lib/private/db/migrationexception.php
#srv/web/owncloud/lib/private/db/migrator.php
+#srv/web/owncloud/lib/private/db/mssqlmigrator.php
#srv/web/owncloud/lib/private/db/mysqlmigrator.php
#srv/web/owncloud/lib/private/db/nocheckmigrator.php
#srv/web/owncloud/lib/private/db/oracleconnection.php
#srv/web/owncloud/lib/private/db/oraclemigrator.php
#srv/web/owncloud/lib/private/db/pgsqltools.php
#srv/web/owncloud/lib/private/db/sqlitemigrator.php
+#srv/web/owncloud/lib/private/db/sqlitesessioninit.php
#srv/web/owncloud/lib/private/db/statementwrapper.php
#srv/web/owncloud/lib/private/defaults.php
#srv/web/owncloud/lib/private/eventsource.php
#srv/web/owncloud/lib/private/hooks/forwardingemitter.php
#srv/web/owncloud/lib/private/hooks/legacyemitter.php
#srv/web/owncloud/lib/private/hooks/publicemitter.php
+#srv/web/owncloud/lib/private/httphelper.php
#srv/web/owncloud/lib/private/image.php
#srv/web/owncloud/lib/private/installer.php
#srv/web/owncloud/lib/private/json.php
#srv/web/owncloud/lib/private/migration/provider.php
#srv/web/owncloud/lib/private/mimetypes.list.php
#srv/web/owncloud/lib/private/navigationmanager.php
+#srv/web/owncloud/lib/private/needsupdateexception.php
#srv/web/owncloud/lib/private/notsquareexception.php
#srv/web/owncloud/lib/private/ocs
#srv/web/owncloud/lib/private/ocs.php
#srv/web/owncloud/lib/private/preview/provider.php
#srv/web/owncloud/lib/private/preview/svg.php
#srv/web/owncloud/lib/private/preview/txt.php
-#srv/web/owncloud/lib/private/preview/unknown.php
#srv/web/owncloud/lib/private/previewmanager.php
#srv/web/owncloud/lib/private/repair.php
#srv/web/owncloud/lib/private/repairstep.php
#srv/web/owncloud/lib/private/search/result/folder.php
#srv/web/owncloud/lib/private/search/result/image.php
#srv/web/owncloud/lib/private/server.php
+#srv/web/owncloud/lib/private/serviceunavailableexception.php
#srv/web/owncloud/lib/private/session
#srv/web/owncloud/lib/private/session/internal.php
#srv/web/owncloud/lib/private/session/memory.php
#srv/web/owncloud/lib/public/icontainer.php
#srv/web/owncloud/lib/public/idb.php
#srv/web/owncloud/lib/public/idbconnection.php
+#srv/web/owncloud/lib/public/igroup.php
+#srv/web/owncloud/lib/public/igroupmanager.php
#srv/web/owncloud/lib/public/ihelper.php
#srv/web/owncloud/lib/public/il10n.php
#srv/web/owncloud/lib/public/ilogger.php
#srv/web/owncloud/lib/repair
#srv/web/owncloud/lib/repair/collation.php
#srv/web/owncloud/lib/repair/innodb.php
+#srv/web/owncloud/lib/repair/preview.php
#srv/web/owncloud/lib/repair/repairmimetypes.php
+#srv/web/owncloud/lib/repair/searchlucenetables.php
#srv/web/owncloud/occ
#srv/web/owncloud/ocs
#srv/web/owncloud/ocs/providers.php
#srv/web/owncloud/search/templates
#srv/web/owncloud/search/templates/part.results.php
#srv/web/owncloud/settings
-#srv/web/owncloud/settings/admin
#srv/web/owncloud/settings/admin.php
-#srv/web/owncloud/settings/admin/controller.php
#srv/web/owncloud/settings/ajax
#srv/web/owncloud/settings/ajax/apps
#srv/web/owncloud/settings/ajax/apps/ocs.php
#srv/web/owncloud/settings/ajax/changedisplayname.php
+#srv/web/owncloud/settings/ajax/checksetup.php
#srv/web/owncloud/settings/ajax/creategroup.php
#srv/web/owncloud/settings/ajax/createuser.php
#srv/web/owncloud/settings/ajax/decryptall.php
#srv/web/owncloud/settings/ajax/deletekeys.php
#srv/web/owncloud/settings/ajax/disableapp.php
#srv/web/owncloud/settings/ajax/enableapp.php
-#srv/web/owncloud/settings/ajax/excludegroups.php
+#srv/web/owncloud/settings/ajax/geteveryonecount.php
#srv/web/owncloud/settings/ajax/getlog.php
#srv/web/owncloud/settings/ajax/grouplist.php
#srv/web/owncloud/settings/ajax/installapp.php
#srv/web/owncloud/settings/ajax/uninstallapp.php
#srv/web/owncloud/settings/ajax/updateapp.php
#srv/web/owncloud/settings/ajax/userlist.php
+#srv/web/owncloud/settings/application.php
#srv/web/owncloud/settings/apps.php
#srv/web/owncloud/settings/changepassword
#srv/web/owncloud/settings/changepassword/controller.php
+#srv/web/owncloud/settings/controller
+#srv/web/owncloud/settings/controller/mailsettingscontroller.php
#srv/web/owncloud/settings/css
#srv/web/owncloud/settings/css/settings.css
#srv/web/owncloud/settings/help.php
#srv/web/owncloud/settings/js/apps.js
#srv/web/owncloud/settings/js/log.js
#srv/web/owncloud/settings/js/personal.js
+#srv/web/owncloud/settings/js/settings.js
#srv/web/owncloud/settings/js/users
#srv/web/owncloud/settings/js/users/deleteHandler.js
#srv/web/owncloud/settings/js/users/filter.js
#srv/web/owncloud/settings/templates/users/part.grouplist.php
#srv/web/owncloud/settings/templates/users/part.setquota.php
#srv/web/owncloud/settings/templates/users/part.userlist.php
+#srv/web/owncloud/settings/tests
+#srv/web/owncloud/settings/tests/js
+#srv/web/owncloud/settings/tests/js/users
+#srv/web/owncloud/settings/tests/js/users/deleteHandlerSpec.js
#srv/web/owncloud/settings/users.php
#srv/web/owncloud/status.php
#srv/web/owncloud/themes
+++ /dev/null
-etc/rc.d/init.d/teamspeak
-opt/teamspeak
-var/ipfire/backup/addons/includes/teamspeak
--- /dev/null
+# Options for the charon IKE daemon.
+charon {
+ # Accept unencrypted ID and HASH payloads in IKEv1 Main Mode.
+ accept_unencrypted_mainmode_messages = yes
+
+ # Maximum number of half-open IKE_SAs for a single peer IP.
+ # block_threshold = 5
+
+ # Whether relations in validated certificate chains should be cached in
+ # memory.
+ # cert_cache = yes
+
+ # Send Cisco Unity vendor ID payload (IKEv1 only).
+ cisco_unity = yes
+
+ # Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
+ # close_ike_on_child_failure = no
+
+ # Number of half-open IKE_SAs that activate the cookie mechanism.
+ # cookie_threshold = 10
+
+ # Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
+ # strength.
+ # dh_exponent_ansi_x9_42 = yes
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns1 =
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns2 =
+
+ # Enable Denial of Service protection using cookies and aggressiveness
+ # checks.
+ # dos_protection = yes
+
+ # Compliance with the errata for RFC 4753.
+ # ecp_x_coordinate_only = yes
+
+ # Free objects during authentication (might conflict with plugins).
+ # flush_auth_cfg = no
+
+ # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
+ # when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for
+ # address family specific default values). If specified this limit is
+ # used for both IPv4 and IPv6.
+ # fragment_size = 0
+
+ # Name of the group the daemon changes to after startup.
+ # group =
+
+ # Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
+ # half_open_timeout = 30
+
+ # Enable hash and URL support.
+ # hash_and_url = no
+
+ # Allow IKEv1 Aggressive Mode with pre-shared keys as responder.
+ # i_dont_care_about_security_and_use_aggressive_mode_psk = no
+
+ # A space-separated list of routing tables to be excluded from route
+ # lookups.
+ # ignore_routing_tables =
+
+ # Maximum number of IKE_SAs that can be established at the same time before
+ # new connection attempts are blocked.
+ # ikesa_limit = 0
+
+ # Number of exclusively locked segments in the hash table.
+ ikesa_table_segments = 4
+
+ # Size of the IKE_SA hash table.
+ ikesa_table_size = 32
+
+ # Whether to close IKE_SA if the only CHILD_SA closed due to inactivity.
+ # inactivity_close_ike = no
+
+ # Limit new connections based on the current number of half open IKE_SAs,
+ # see IKE_SA_INIT DROPPING in strongswan.conf(5).
+ init_limit_half_open = 1000
+
+ # Limit new connections based on the number of queued jobs.
+ # init_limit_job_load = 0
+
+ # Causes charon daemon to ignore IKE initiation requests.
+ # initiator_only = no
+
+ # Install routes into a separate routing table for established IPsec
+ # tunnels.
+ # install_routes = yes
+
+ # Install virtual IP addresses.
+ # install_virtual_ip = yes
+
+ # The name of the interface on which virtual IP addresses should be
+ # installed.
+ # install_virtual_ip_on =
+
+ # Check daemon, libstrongswan and plugin integrity at startup.
+ # integrity_test = no
+
+ # A comma-separated list of network interfaces that should be ignored, if
+ # interfaces_use is specified this option has no effect.
+ # interfaces_ignore =
+
+ # A comma-separated list of network interfaces that should be used by
+ # charon. All other interfaces are ignored.
+ # interfaces_use =
+
+ # NAT keep alive interval.
+ # keep_alive = 20s
+
+ # Plugins to load in the IKE daemon charon.
+ # load =
+
+ # Determine plugins to load via each plugin's load option.
+ # load_modular = no
+
+ # Maximum packet size accepted by charon.
+ # max_packet = 10000
+
+ # Enable multiple authentication exchanges (RFC 4739).
+ # multiple_authentication = yes
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns1 =
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns2 =
+
+ # UDP port used locally. If set to 0 a random port will be allocated.
+ # port = 500
+
+ # UDP port used locally in case of NAT-T. If set to 0 a random port will be
+ # allocated. Has to be different from charon.port, otherwise a random port
+ # will be allocated.
+ # port_nat_t = 4500
+
+ # By default public IPv6 addresses are preferred over temporary ones (RFC
+ # 4941), to make connections more stable. Enable this option to reverse
+ # this.
+ # prefer_temporary_addrs = no
+
+ # Process RTM_NEWROUTE and RTM_DELROUTE events.
+ # process_route = yes
+
+ # Delay in ms for receiving packets, to simulate larger RTT.
+ # receive_delay = 0
+
+ # Delay request messages.
+ # receive_delay_request = yes
+
+ # Delay response messages.
+ # receive_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # receive_delay_type = 0
+
+ # Size of the AH/ESP replay window, in packets.
+ # replay_window = 32
+
+ # Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
+ # in strongswan.conf(5).
+ # retransmit_base = 1.8
+
+ # Timeout in seconds before sending first retransmit.
+ # retransmit_timeout = 4.0
+
+ # Number of times to retransmit a packet before giving up.
+ # retransmit_tries = 5
+
+ # Interval to use when retrying to initiate an IKE_SA (e.g. if DNS
+ # resolution failed), 0 to disable retries.
+ # retry_initiate_interval = 0
+
+ # Initiate CHILD_SA within existing IKE_SAs.
+ # reuse_ikesa = yes
+
+ # Numerical routing table to install routes to.
+ # routing_table =
+
+ # Priority of the routing table.
+ # routing_table_prio =
+
+ # Delay in ms for sending packets, to simulate larger RTT.
+ # send_delay = 0
+
+ # Delay request messages.
+ # send_delay_request = yes
+
+ # Delay response messages.
+ # send_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # send_delay_type = 0
+
+ # Send strongSwan vendor ID payload
+ # send_vendor_id = no
+
+ # Number of worker threads in charon.
+ # threads = 16
+
+ # Name of the user the daemon changes to after startup.
+ # user =
+
+ crypto_test {
+
+ # Benchmark crypto algorithms and order them by efficiency.
+ # bench = no
+
+ # Buffer size used for crypto benchmark.
+ # bench_size = 1024
+
+ # Number of iterations to test each algorithm.
+ # bench_time = 50
+
+ # Test crypto algorithms during registration (requires test vectors
+ # provided by the test-vectors plugin).
+ # on_add = no
+
+ # Test crypto algorithms on each crypto primitive instantiation.
+ # on_create = no
+
+ # Strictly require at least one test vector to enable an algorithm.
+ # required = no
+
+ # Whether to test RNG with TRUE quality; requires a lot of entropy.
+ # rng_true = no
+
+ }
+
+ host_resolver {
+
+ # Maximum number of concurrent resolver threads (they are terminated if
+ # unused).
+ # max_threads = 3
+
+ # Minimum number of resolver threads to keep around.
+ # min_threads = 0
+
+ }
+
+ leak_detective {
+
+ # Includes source file names and line numbers in leak detective output.
+ # detailed = yes
+
+ # Threshold in bytes for leaks to be reported (0 to report all).
+ # usage_threshold = 10240
+
+ # Threshold in number of allocations for leaks to be reported (0 to
+ # report all).
+ # usage_threshold_count = 0
+
+ }
+
+ processor {
+
+ # Section to configure the number of reserved threads per priority class
+ # see JOB PRIORITY MANAGEMENT in strongswan.conf(5).
+ priority_threads {
+
+ }
+
+ }
+
+ # Section containing a list of scripts (name = path) that are executed when
+ # the daemon is started.
+ start-scripts {
+
+ }
+
+ # Section containing a list of scripts (name = path) that are executed when
+ # the daemon is terminated.
+ stop-scripts {
+
+ }
+
+ tls {
+
+ # List of TLS encryption ciphers.
+ # cipher =
+
+ # List of TLS key exchange methods.
+ # key_exchange =
+
+ # List of TLS MAC algorithms.
+ # mac =
+
+ # List of TLS cipher suites.
+ # suites =
+
+ }
+
+ x509 {
+
+ # Discard certificates with unsupported or unknown critical extensions.
+ # enforce_critical = yes
+
+ }
+
+}
+
WARNING: untranslated string: dead peer detection
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: no data
WARNING: untranslated string: qos add subclass
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: no data
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: hardware support
WARNING: untranslated string: imei
WARNING: untranslated string: imsi
+WARNING: untranslated string: incoming compression in bytes per second
WARNING: untranslated string: incoming firewall access
+WARNING: untranslated string: incoming overhead in bytes per second
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
WARNING: untranslated string: invalid input for dpd timeout
+WARNING: untranslated string: invalid input for valid till days
WARNING: untranslated string: ipsec
WARNING: untranslated string: ipsec network
WARNING: untranslated string: last
WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
WARNING: untranslated string: nameserver
+WARNING: untranslated string: no data
WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn prefix remote subnet
WARNING: untranslated string: openvpn subnet is used
WARNING: untranslated string: other
+WARNING: untranslated string: outgoing compression in bytes per second
WARNING: untranslated string: outgoing firewall access
WARNING: untranslated string: outgoing firewall p2p allow
WARNING: untranslated string: outgoing firewall p2p deny
+WARNING: untranslated string: outgoing overhead in bytes per second
+WARNING: untranslated string: ovpn add conf
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh new key
WARNING: untranslated string: hardware support
WARNING: untranslated string: imei
WARNING: untranslated string: imsi
+WARNING: untranslated string: incoming compression in bytes per second
WARNING: untranslated string: incoming firewall access
+WARNING: untranslated string: incoming overhead in bytes per second
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
WARNING: untranslated string: invalid input for dpd timeout
+WARNING: untranslated string: invalid input for valid till days
WARNING: untranslated string: ipsec
WARNING: untranslated string: ipsec network
WARNING: untranslated string: last
WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
WARNING: untranslated string: nameserver
+WARNING: untranslated string: no data
WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn prefix remote subnet
WARNING: untranslated string: openvpn subnet is used
WARNING: untranslated string: other
+WARNING: untranslated string: outgoing compression in bytes per second
WARNING: untranslated string: outgoing firewall access
+WARNING: untranslated string: outgoing overhead in bytes per second
+WARNING: untranslated string: ovpn add conf
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh new key
WARNING: untranslated string: generate dh key
WARNING: untranslated string: imei
WARNING: untranslated string: imsi
+WARNING: untranslated string: incoming compression in bytes per second
+WARNING: untranslated string: incoming overhead in bytes per second
+WARNING: untranslated string: invalid input for valid till days
WARNING: untranslated string: masquerade blue
WARNING: untranslated string: masquerade green
WARNING: untranslated string: masquerade orange
WARNING: untranslated string: modem status
WARNING: untranslated string: monitor interface
WARNING: untranslated string: nameserver
+WARNING: untranslated string: no data
WARNING: untranslated string: not a valid dh key
+WARNING: untranslated string: outgoing compression in bytes per second
+WARNING: untranslated string: outgoing overhead in bytes per second
+WARNING: untranslated string: ovpn add conf
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh new key
WARNING: untranslated string: hardware support
WARNING: untranslated string: imei
WARNING: untranslated string: imsi
+WARNING: untranslated string: incoming compression in bytes per second
WARNING: untranslated string: incoming firewall access
+WARNING: untranslated string: incoming overhead in bytes per second
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
WARNING: untranslated string: invalid input for dpd timeout
+WARNING: untranslated string: invalid input for valid till days
WARNING: untranslated string: ipsec
WARNING: untranslated string: ipsec network
WARNING: untranslated string: last
WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
WARNING: untranslated string: nameserver
+WARNING: untranslated string: no data
WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn prefix remote subnet
WARNING: untranslated string: openvpn subnet is used
WARNING: untranslated string: other
+WARNING: untranslated string: outgoing compression in bytes per second
WARNING: untranslated string: outgoing firewall access
WARNING: untranslated string: outgoing firewall p2p allow
WARNING: untranslated string: outgoing firewall p2p deny
+WARNING: untranslated string: outgoing overhead in bytes per second
+WARNING: untranslated string: ovpn add conf
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh new key
WARNING: untranslated string: hardware support
WARNING: untranslated string: imei
WARNING: untranslated string: imsi
+WARNING: untranslated string: incoming compression in bytes per second
WARNING: untranslated string: incoming firewall access
+WARNING: untranslated string: incoming overhead in bytes per second
WARNING: untranslated string: incoming traffic in bytes per second
WARNING: untranslated string: integrity
WARNING: untranslated string: invalid input for dpd delay
WARNING: untranslated string: invalid input for dpd timeout
+WARNING: untranslated string: invalid input for valid till days
WARNING: untranslated string: ipsec
WARNING: untranslated string: ipsec network
WARNING: untranslated string: last
WARNING: untranslated string: monitor interface
WARNING: untranslated string: most preferred
WARNING: untranslated string: nameserver
+WARNING: untranslated string: no data
WARNING: untranslated string: no hardware random number generator
WARNING: untranslated string: not a valid dh key
WARNING: untranslated string: notice
WARNING: untranslated string: openvpn prefix remote subnet
WARNING: untranslated string: openvpn subnet is used
WARNING: untranslated string: other
+WARNING: untranslated string: outgoing compression in bytes per second
WARNING: untranslated string: outgoing firewall access
+WARNING: untranslated string: outgoing overhead in bytes per second
WARNING: untranslated string: outgoing traffic in bytes per second
+WARNING: untranslated string: ovpn add conf
WARNING: untranslated string: ovpn crypt options
WARNING: untranslated string: ovpn dh
WARNING: untranslated string: ovpn dh new key
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
WARNING: untranslated string: fwhost err hostip
+WARNING: untranslated string: incoming compression in bytes per second
+WARNING: untranslated string: incoming overhead in bytes per second
+WARNING: untranslated string: invalid input for valid till days
+WARNING: untranslated string: no data
+WARNING: untranslated string: outgoing compression in bytes per second
+WARNING: untranslated string: outgoing overhead in bytes per second
+WARNING: untranslated string: ovpn add conf
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
< hardware support
< imei
< imsi
+< incoming compression in bytes per second
< incoming firewall access
+< incoming overhead in bytes per second
< integrity
< invalid input for dpd delay
< invalid input for dpd timeout
+< invalid input for valid till days
< ipsec
< ipsec network
< ipsec no connections
< openvpn subnet is used
< other
< our donors
+< outgoing compression in bytes per second
< outgoing firewall access
+< outgoing overhead in bytes per second
+< ovpn add conf
< ovpn crypt options
< ovpn dh
< ovpn dh new key
< hardware support
< imei
< imsi
+< incoming compression in bytes per second
< incoming firewall access
+< incoming overhead in bytes per second
< integrity
< invalid input for dpd delay
< invalid input for dpd timeout
+< invalid input for valid till days
< ipsec
< ipsec network
< ipsec no connections
< openvpn subnet is used
< other
< our donors
+< outgoing compression in bytes per second
< outgoing firewall access
< outgoing firewall add ip group
< outgoing firewall add mac group
< outgoing firewall p2p description 2
< outgoing firewall p2p description 3
< outgoing firewall view group
+< outgoing overhead in bytes per second
+< ovpn add conf
< ovpn crypt options
< ovpn dh
< ovpn dh new key
< hardware support
< imei
< imsi
+< incoming compression in bytes per second
< incoming firewall access
+< incoming overhead in bytes per second
< integrity
< invalid input for dpd delay
< invalid input for dpd timeout
+< invalid input for valid till days
< ipsec
< ipsec network
< ipsec no connections
< openvpn subnet is used
< other
< our donors
+< outgoing compression in bytes per second
< outgoing firewall access
+< outgoing overhead in bytes per second
+< ovpn add conf
< ovpn crypt options
< ovpn dh
< ovpn dh new key
< hour-graph
< imei
< imsi
+< incoming compression in bytes per second
< incoming firewall access
+< incoming overhead in bytes per second
< incoming traffic in bytes per second
< integrity
< invalid input for dpd delay
< invalid input for dpd timeout
+< invalid input for valid till days
< ipsec
< ipsec network
< ipsec no connections
< openvpn subnet is used
< other
< our donors
+< outgoing compression in bytes per second
< outgoing firewall access
+< outgoing overhead in bytes per second
< outgoing traffic in bytes per second
+< ovpn add conf
< ovpn crypt options
< ovpn dh
< ovpn dh new key
my $use_token = 0;
# Handle token based auth for various providers.
- if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com"] && $username eq "token") {
+ if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com", "spdns.de"] && $username eq "token") {
$use_token = 1;
# Handle token auth for freedns.afraid.org and regfish.com.
my %aliases=();
my %optionsfw=();
my %ifaces=();
+my %rulehash=();
my @PROTOCOLS = ("TCP", "UDP", "ICMP", "IGMP", "AH", "ESP", "GRE","IPv6","IPIP");
&General::readhasharray("$configfwdfw", \%configfwdfw);
&General::readhasharray("$configinput", \%configinputfw);
&General::readhasharray("$configoutgoing", \%configoutgoingfw);
+ my $maxkey;
#Set Variables according to the JQuery code in protocol section
if ($fwdfwsettings{'PROT'} eq 'TCP' || $fwdfwsettings{'PROT'} eq 'UDP')
{
if( $fwdfwsettings{'grp1'} eq 'ipfire_src' && $fwdfwsettings{'grp2'} eq 'ipfire'){
$errormessage=$Lang::tr{'fwdfw err same'};
}
- #INPUT part
- if($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
+ # INPUT part
+ if ($fwdfwsettings{'grp2'} eq 'ipfire' && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ORANGE'){
$fwdfwsettings{'config'}=$configinput;
$fwdfwsettings{'chain'} = 'INPUTFW';
- my $maxkey=&General::findhasharraykey(\%configinputfw);
- #check if we have an identical rule already
- if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
- foreach my $key (sort keys %configinputfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
- eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31],$configinputfw{$key}[32],$configinputfw{$key}[33],$configinputfw{$key}[34],$configinputfw{$key}[35],$configinputfw{$key}[36]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
- $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
- }
- if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
- $errormessage='';
- }
- if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
- $fwdfwsettings{'nosave'} = 'on';
- }
- }
- }
- }
- #check Rulepos on new Rule
- if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
- $fwdfwsettings{'oldrulenumber'}=$maxkey;
- foreach my $key (sort keys %configinputfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
- eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31],$configinputfw{$key}[32],$configinputfw{$key}[33],$configinputfw{$key}[34],$configinputfw{$key}[35],$configinputfw{$key}[36]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
- }
- }
- #check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'} ) {
- if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
- $errormessage='';
- $fwdfwsettings{'nosave2'} = 'on';
- }
- }
- if (!$errormessage){
- if($fwdfwsettings{'nosave2'} ne 'on'){
- &saverule(\%configinputfw,$configinput);
- }
- }
- }elsif($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
+ $maxkey=&General::findhasharraykey(\%configinputfw);
+ %rulehash=%configinputfw;
+ }elsif ($fwdfwsettings{'grp1'} eq 'ipfire_src' ){
# OUTGOING PART
$fwdfwsettings{'config'}=$configoutgoing;
$fwdfwsettings{'chain'} = 'OUTGOINGFW';
- my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
- if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
- foreach my $key (sort keys %configoutgoingfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
- eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31],$configoutgoingfw{$key}[32],$configoutgoingfw{$key}[33],$configoutgoingfw{$key}[34],$configoutgoingfw{$key}[35],$configoutgoingfw{$key}[36]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
- $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
- }
- if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
- $errormessage='';
- }
- if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
- $fwdfwsettings{'nosave'} = 'on';
- }
- }
- }
- }
- #check Rulepos on new Rule
- if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
- $fwdfwsettings{'oldrulenumber'}=$maxkey;
- foreach my $key (sort keys %configoutgoingfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
- eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31],$configoutgoingfw{$key}[32],$configoutgoingfw{$key}[33],$configoutgoingfw{$key}[34],$configoutgoingfw{$key}[35],$configoutgoingfw{$key}[36]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
- }
- }
- #check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'} ) {
- if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
- $fwdfwsettings{'nosave2'} = 'on';
- $errormessage='';
- }
- }
- #increase counters
- if (!$errormessage){
- if ($fwdfwsettings{'nosave2'} ne 'on'){
- &saverule(\%configoutgoingfw,$configoutgoing);
- }
- }
- }else{
- #FORWARD PART
+ $maxkey=&General::findhasharraykey(\%configoutgoingfw);
+ %rulehash=%configoutgoingfw;
+ }else {
+ # FORWARD PART
$fwdfwsettings{'config'}=$configfwdfw;
$fwdfwsettings{'chain'} = 'FORWARDFW';
- my $maxkey=&General::findhasharraykey(\%configfwdfw);
- if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
- #check if we have an identical rule already
- foreach my $key (sort keys %configfwdfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31],$configfwdfw{$key}[32],$configfwdfw{$key}[33],$configfwdfw{$key}[34],$configfwdfw{$key}[35],$configfwdfw{$key}[36]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
- $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
- }
- if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
- $errormessage='';
- }
- if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
- $fwdfwsettings{'nosave'} = 'on';
- }
- }
+ $maxkey=&General::findhasharraykey(\%configfwdfw);
+ %rulehash=%configfwdfw;
+ }
+ #check if we have an identical rule already
+ if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
+ foreach my $key (sort keys %rulehash){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
+ eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$key}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehash{$key}[16],$rulehash{$key}[17],$rulehash{$key}[18],$rulehash{$key}[19],$rulehash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$rulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27],$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$key}[35],$rulehash{$key}[36]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
+ if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
+ }
+ if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){
+ $errormessage='';
+ }
+ if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){
+ $fwdfwsettings{'nosave'} = 'on';
+ }
}
}
- #check Rulepos on new Rule
- if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
- $fwdfwsettings{'oldrulenumber'}=$maxkey;
- foreach my $key (sort keys %configfwdfw){
- if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
- eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31],$configfwdfw{$key}[32],$configfwdfw{$key}[33],$configfwdfw{$key}[34],$configfwdfw{$key}[35],$configfwdfw{$key}[36]"){
- $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
- }
+ }
+ #check Rulepos on new Rule
+ if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
+ $fwdfwsettings{'oldrulenumber'}=$maxkey;
+ foreach my $key (sort keys %rulehash){
+ if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
+ eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$key}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehash{$key}[18],$rulehash{$key}[19],$rulehash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$rulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27],$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$key}[35],$rulehash{$key}[36]"){
+ $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
}
}
- #check if we just close a rule
- if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}){
- if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
- $fwdfwsettings{'nosave2'} = 'on';
- $errormessage='';
- }
+ }
+ #check if we just close a rule
+ if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}){
+ if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
+ $fwdfwsettings{'nosave2'} = 'on';
+ $errormessage='';
}
- #check max concurrent connections per ip address
- if ($fwdfwsettings{'LIMIT_CON_CON'} eq 'ON'){
- if (!($fwdfwsettings{'concon'} =~ /^(\d+)$/)) {
- $errormessage.=$Lang::tr{'fwdfw err concon'};
- }
- }else{
- $fwdfwsettings{'concon'}='';
+ }
+ #check max concurrent connections per ip address
+ if ($fwdfwsettings{'LIMIT_CON_CON'} eq 'ON'){
+ if (!($fwdfwsettings{'concon'} =~ /^(\d+)$/)) {
+ $errormessage.=$Lang::tr{'fwdfw err concon'};
}
- #check ratelimit value
- if ($fwdfwsettings{'RATE_LIMIT'} eq 'ON'){
- if (!($fwdfwsettings{'ratecon'} =~ /^(\d+)$/)) {
- $errormessage.=$Lang::tr{'fwdfw err ratecon'};
- }
- }else{
- $fwdfwsettings{'ratecon'}='';
+ }else{
+ $fwdfwsettings{'concon'}='';
+ }
+ #check ratelimit value
+ if ($fwdfwsettings{'RATE_LIMIT'} eq 'ON'){
+ if (!($fwdfwsettings{'ratecon'} =~ /^(\d+)$/)) {
+ $errormessage.=$Lang::tr{'fwdfw err ratecon'};
}
- #increase counters
- if (!$errormessage){
- if ($fwdfwsettings{'nosave2'} ne 'on'){
- &saverule(\%configfwdfw,$configfwdfw);
- }
+ }else{
+ $fwdfwsettings{'ratecon'}='';
+ }
+ #increase counters
+ if (!$errormessage){
+ if ($fwdfwsettings{'nosave2'} ne 'on'){
+ &saverule(\%rulehash,$fwdfwsettings{'config'});
}
}
if ($errormessage){
$errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
}
#check if source and target identical
- if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){
+ if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL' && $fwdfwsettings{'grp2'} ne 'ipfire'){
$errormessage=$Lang::tr{'fwdfw err same'};
return $errormessage;
}
}
}
}
- if ($tcpcounter > 15){
+ if ($tcpcounter > 14){
$errormessage=$Lang::tr{'fwhost err maxservicetcp'};
}
- if ($udpcounter > 15){
+ if ($udpcounter > 14){
$errormessage=$Lang::tr{'fwhost err maxserviceudp'};
}
$tcpcounter=0;
####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') {
- $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
+ $url=" https://www.snort.org/rules/snortrules-snapshot-2970.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'registered') {
- $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
+ $url=" https://www.snort.org/rules/snortrules-snapshot-2970.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'community') {
$url=" https://www.snort.org/rules/community";
} else {
</tr>
<tr>
<td><br />
- $Lang::tr{'ids rules license'} <a href='https://www.snort.org/signup' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
+ $Lang::tr{'ids rules license'} <a href='https://www.snort.org/subscribe' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
$Lang::tr{'ids rules license2'} <a href='https://www.snort.org/account/oinkcode' target='_blank'>Get an Oinkcode</a>, $Lang::tr{'ids rules license3'}
</td>
</tr>
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 Alexander Marx #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/graphs.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+my @vpns=();
+
+my @querry = split(/\?/,$ENV{'QUERY_STRING'});
+$querry[0] = '' unless defined $querry[0];
+$querry[1] = 'week' unless defined $querry[1];
+
+if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){
+ print "Content-type: image/png\n\n";
+ binmode(STDOUT);
+ &Graphs::updatevpngraph($querry[0],$querry[1]);
+}else{
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'host to net vpn'}, 1, '');
+ &Header::openbigbox('100%', 'left');
+
+ my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not -path *openvpn-UNDEF* -not -path *openvpn-*n2n* -name *.rrd|sort`;
+ foreach (@vpngraphs){
+ if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive.rrd/){
+ push(@vpns,$2);
+ }
+ }
+ if(@vpns){
+ foreach (@vpns) {
+ &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
+ &Graphs::makegraphbox("netovpnrw.cgi",$_,"week");
+ &Header::closebox();
+ }
+ }else{
+ print "<center>".$Lang::tr{'no data'}."</center>";
+ }
+ my $output = '';
+
+ &Header::closebigbox();
+ &Header::closepage();
+}
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 Alexnder Marx #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/graphs.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+my @vpns=();
+
+my @querry = split(/\?/,$ENV{'QUERY_STRING'});
+$querry[0] = '' unless defined $querry[0];
+$querry[1] = 'week' unless defined $querry[1];
+
+if ( $querry[0] ne ""){
+ print "Content-type: image/png\n\n";
+ binmode(STDOUT);
+ &Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
+}else{
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'openvpn server'}, 1, '');
+ &Header::openbigbox('100%', 'left');
+
+ my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not -path *openvpn-UNDEF* -name *traffic.rrd|sort`;
+ foreach (@vpngraphs){
+ if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive-traffic.rrd/){
+ push(@vpns,$2);
+ }
+ }
+ if (@vpns){
+ foreach (@vpns) {
+ &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
+ &Graphs::makegraphbox("netovpnsrv.cgi",$_,"week");
+ &Header::closebox();
+ }
+ }else{
+ print "<center>".$Lang::tr{'no data'}."</center>";
+ }
+ my $output = '';
+
+ &Header::closebigbox();
+ &Header::closepage();
+}
my $customnet="${General::swroot}/fwhosts/customnetworks";
my $name;
my $col="";
+my $local_serverconf = "${General::swroot}/ovpn/scripts/server.conf.local";
+my $local_clientconf = "${General::swroot}/ovpn/scripts/client.conf.local";
+
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ENABLED_BLUE'} = 'off';
$cgiparams{'DAUTH'} = '';
$cgiparams{'TLSAUTH'} = '';
$routes_push_file = "${General::swroot}/ovpn/routes_push";
-unless (-e $routes_push_file) { system("touch $routes_push_file"); }
-unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); }
-unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); }
-unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); }
+
+# Add CCD files if not already presant
+unless (-e $routes_push_file) {
+ open(RPF, ">$routes_push_file");
+ close(RPF);
+}
+unless (-e "${General::swroot}/ovpn/ccd.conf") {
+ open(CCDC, ">${General::swroot}/ovpn/ccd.conf");
+ close (CCDC);
+}
+unless (-e "${General::swroot}/ovpn/ccdroute") {
+ open(CCDR, ">${General::swroot}/ovpn/ccdroute");
+ close (CCDR);
+}
+unless (-e "${General::swroot}/ovpn/ccdroute2") {
+ open(CCDRT, ">${General::swroot}/ovpn/ccdroute2");
+ close (CCDRT);
+}
+# Add additional configs if not already presant
+unless (-e "$local_serverconf") {
+ open(LSC, ">$local_serverconf");
+ close (LSC);
+}
+unless (-e "$local_clientconf") {
+ open(LCC, ">$local_clientconf");
+ close (LCC);
+}
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
}
print CONF "status-version 1\n";
- print CONF "status /var/log/ovpnserver.log 30\n";
+ print CONF "status /var/run/ovpnserver.log 30\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
if ($sovpnsettings{'DAUTH'} eq '') {
print CONF "";
print CONF "verb $sovpnsettings{LOG_VERB}\n";
} else {
print CONF "verb 3\n";
- }
+ }
+ # Print server.conf.local if entries exist to server.conf
+ if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
+ open (LSC, "$local_serverconf");
+ print CONF "\n#---------------------------\n";
+ print CONF "# Start of custom directives\n";
+ print CONF "# from server.conf.local\n";
+ print CONF "#---------------------------\n\n";
+ while (<LSC>) {
+ print CONF $_;
+ }
+ print CONF "\n#-----------------------------\n";
+ print CONF "# End of custom directives\n";
+ print CONF "#-----------------------------\n";
+ close (LSC);
+ }
print CONF "\n";
close(CONF);
}
sub emptyserverlog{
- if (open(FILE, ">/var/log/ovpnserver.log")) {
+ if (open(FILE, ">/var/run/ovpnserver.log")) {
flock FILE, 2;
print FILE "";
close FILE;
$vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
$vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
$vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
+ $vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
$vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
$vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
$vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
print SERVERCONF "# tun Device\n";
print SERVERCONF "dev tun\n";
+ print SERVERCONF "#Logfile for statistics\n";
+ print SERVERCONF "status-version 1\n";
+ print SERVERCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
print SERVERCONF "# Port and Protokol\n";
print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
-
+
if ($cgiparams{'PROTOCOL'} eq 'tcp') {
print SERVERCONF "proto tcp-server\n";
print SERVERCONF "# Packet size\n";
while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
unlink $file
}
+# Delete all RRD files for Roadwarrior connections
+ chdir('/var/ipfire/ovpn/ccd');
+ while ($file = glob("*")) {
+ system ("/usr/local/bin/openvpnctrl -drrd $file");
+ }
+ while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
+ unlink $file
+ }
if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
print FILE "";
close FILE;
unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
}
# Create Diffie Hellmann Parameter
- system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
- '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
+ system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
goto ROOTCERT_ERROR;
}
} else { # child
- unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
+ unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes',
'-days', '999999', '-newkey', 'rsa:4096', '-sha512',
'-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
'-out', "${General::swroot}/ovpn/ca/cacert.pem",
goto ROOTCERT_ERROR;
}
} else { # child
- unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
+ unless (exec ('/usr/bin/openssl', 'req', '-nodes',
'-newkey', 'rsa:2048',
'-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
'-out', "${General::swroot}/ovpn/certs/serverreq.pem",
# &cleanssldatabase();
}
# Create Diffie Hellmann Parameter
- system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
- '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
+ system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n";
}
}
+ # Print client.conf.local if entries exist to client.ovpn
+ if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
+ open (LCC, "$local_clientconf");
+ print CLIENTCONF "\n#---------------------------\n";
+ print CLIENTCONF "# Start of custom directives\n";
+ print CLIENTCONF "# from client.conf.local\n";
+ print CLIENTCONF "#---------------------------\n\n";
+ while (<LCC>) {
+ print CLIENTCONF $_;
+ }
+ print CLIENTCONF "\n#---------------------------\n";
+ print CLIENTCONF "# End of custom directives\n";
+ print CLIENTCONF "#---------------------------\n\n";
+ close (LCC);
+ }
close(CLIENTCONF);
$zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
# CCD end
-
+###
+### Delete all RRD's for client
+###
+ system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
delete $confighash{$cgiparams{'KEY'}};
my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
$checked{'REDIRECT_GW_DEF1'}{'off'} = '';
$checked{'REDIRECT_GW_DEF1'}{'on'} = '';
$checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
+ $checked{'ADDITIONAL_CONFIGS'}{'off'} = '';
+ $checked{'ADDITIONAL_CONFIGS'}{'on'} = '';
+ $checked{'ADDITIONAL_CONFIGS'}{$cgiparams{'ADDITIONAL_CONFIGS'}} = 'CHECKED';
$checked{'MSSFIX'}{'off'} = '';
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
</table>
<hr size='1'>
<table width='100%'>
- <tr>
+ <tr>
<td class'base'><b>$Lang::tr{'misc-options'}</b></td>
- </tr>
- <tr>
+ </tr>
+
+ <tr>
<td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
- </tr>
- <tr>
+ </tr>
+
+ <tr>
<td class='base'>Client-To-Client</td>
<td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
- </tr>
- <tr>
+ </tr>
+
+ <tr>
<td class='base'>Redirect-Gateway def1</td>
<td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
- </tr>
- <tr>
- <td class='base'>Max-Clients</td>
- <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
- </tr>
+ </tr>
+
<tr>
- <td class='base'>Keepalive <br />
- (ping/ping-restart)</td>
- <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
- <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
- </tr>
+ <td class='base'>$Lang::tr{'ovpn add conf'}</td>
+ <td><input type='checkbox' name='ADDITIONAL_CONFIGS' $checked{'ADDITIONAL_CONFIGS'}{'on'} /></td>
+ <td>$Lang::tr{'openvpn default'}: off</td>
+ </tr>
+
<tr>
- <td class='base'>fragment <br></td>
- <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
- </tr>
- <tr>
- <td class='base'>mssfix</td>
- <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
- <td>$Lang::tr{'openvpn default'}: off</td>
- </tr>
+ <td class='base'>mssfix</td>
+ <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
+ <td>$Lang::tr{'openvpn default'}: off</td>
+ </tr>
+
+ <tr>
+ <td class='base'>fragment <br></td>
+ <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
+ </tr>
+
+
+ <tr>
+ <td class='base'>Max-Clients</td>
+ <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
+ </tr>
+ <tr>
+ <td class='base'>Keepalive <br />
+ (ping/ping-restart)</td>
+ <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
+ <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
+ </tr>
<tr>
<td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
</tr>
END
;
- my $filename = "/var/log/ovpnserver.log";
+ my $filename = "/var/run/ovpnserver.log";
open(FILE, $filename) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
$errormessage = $Lang::tr{'passwords do not match'};
goto VPNCONF_ERROR;
}
+ if ($cgiparams{'DAYS_VALID'} ne '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
+ $errormessage = $Lang::tr{'invalid input for valid till days'};
+ goto VPNCONF_ERROR;
+ }
# Replace empty strings with a .
(my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
goto VPNCONF_ERROR;
}
} else { # child
- unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
+ unless (exec ('/usr/bin/openssl', 'req', '-nodes',
'-newkey', 'rsa:2048',
'-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
'-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
$cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
$cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
$cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
+ $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'};
}
VPNCONF_ERROR:
if ($cgiparams{'TYPE'} eq 'host') {
print <<END;
- </select></td></tr>
-
- <td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td>
- <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
- <tr><td> </td>
+ </select></td></tr>
+ <td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td>
+ <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
+ <tr><td> </td>
<td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
- <tr><td> </td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td>
+ <tr><td> </td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td>
<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
- <tr><td colspan='3'> </td></tr>
- <tr><td colspan='3'><hr /></td></tr>
- <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr>
- </table>
+ <tr><td colspan='3'> </td></tr>
+ <tr><td colspan='3'><hr /></td></tr>
+
<tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr>
+ </table>
END
}else{
print <<END;
- </select></td></tr>
- <tr><td> </td><td> </td><td> </td></tr>
- <tr><td> </td><td> </td><td> </td></tr>
- <tr><td colspan='3'><hr /></td></tr>
- <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr>
+ </select></td></tr>
+ <td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td>
+ <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td> </td><td> </td></tr>
+ <tr><td> </td><td> </td><td> </td></tr>
+ <tr><td colspan='3'><hr /></td></tr>
+ <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr>
</table>
END
&General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- my @status = `/bin/cat /var/log/ovpnserver.log`;
+ my @status = `/bin/cat /var/run/ovpnserver.log`;
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
}
print CONF "\n";
}#foreach key
+
+ # Add post user includes to config file
+ # After the GUI-connections allows to patch connections.
+ if (-e "/etc/ipsec.user-post.conf") {
+ print CONF "include /etc/ipsec.user-post.conf\n";
+ print CONF "\n";
+ }
+
print SECRETS $last_secrets if ($last_secrets);
close(CONF);
close(SECRETS);
$errormessage = $Lang::tr{'invalid input for ike lifetime'};
goto ADVANCED_ERROR;
}
- if ($cgiparams{'IKE_LIFETIME'} < 1 || $cgiparams{'IKE_LIFETIME'} > 8) {
- $errormessage = $Lang::tr{'ike lifetime should be between 1 and 8 hours'};
+ if ($cgiparams{'IKE_LIFETIME'} < 1 || $cgiparams{'IKE_LIFETIME'} > 24) {
+ $errormessage = $Lang::tr{'ike lifetime should be between 1 and 24 hours'};
goto ADVANCED_ERROR;
}
@temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
'ike grouptype' => 'IKE Gruppentyp:',
'ike integrity' => 'IKE Integrität:',
'ike lifetime' => 'IKE Lebensdauer:',
-'ike lifetime should be between 1 and 8 hours' => 'IKE Lebensdauer sollte zwischen 1 und 8 Stunden betragen.',
+'ike lifetime should be between 1 and 24 hours' => 'IKE Lebensdauer sollte zwischen 1 und 24 Stunden betragen.',
'imei' => 'IMEI',
'import' => 'Import',
'importkey' => 'PSK importieren',
'inactive' => 'inaktiv',
'include logfiles' => 'mit Logdateien',
'incoming' => 'eingehend',
+'incoming compression in bytes per second' => 'Eingehende Kompression',
'incoming firewall access' => 'Eingehender Firewallzugang',
+'incoming overhead in bytes per second' => 'Eingehender Overhead',
'incoming traffic in bytes per second' => 'Eingehender Verkehr',
'incorrect password' => 'Fehlerhaftes Passwort',
'info' => 'Info',
'invalid input for organization' => 'Ungültige Eingabe für Organisation',
'invalid input for remote host/ip' => 'Ungültige Eingabe für Remote Host/IP',
'invalid input for state or province' => 'Ungültige Eingabe für Bundesstaat oder Provinz.',
+'invalid input for valid till days' => 'Ungültige Eingabe für Gültig bis (Tage).',
'invalid ip' => 'Ungültige IP-Adresse',
'invalid keep time' => 'Die Aufbewahrungszeit muss eine gültige Zahl sein',
'invalid key' => 'Ungültiger Schlüssel.',
'our donors' => 'Unsere Unterstützer',
'out' => 'Aus',
'outgoing' => 'ausgehend',
+'outgoing compression in bytes per second' => 'Abgehende Kompression',
'outgoing firewall' => 'Ausgehende Firewall',
'outgoing firewall access' => 'Ausgehender Firewallzugang',
'outgoing firewall add ip group' => 'IP Adressgruppen hinzufügen',
'outgoing firewall reset' => 'Alle Regeln löschen',
'outgoing firewall view group' => 'Gruppe anzeigen',
'outgoing firewall warning' => 'Nur die Auswahl Quell IP / MAC aktiviert diese',
+'outgoing overhead in bytes per second' => 'Abgehender Overhead',
'outgoing traffic in bytes per second' => 'Abgehender Verkehr',
'override mtu' => 'Ãœberschreibe Standard MTU',
'ovpn' => 'OpenVPN',
+'ovpn add conf' => 'Erweiterte Konfiguration',
'ovpn con stat' => 'OpenVPN Verbindungs-Statistik',
'ovpn config' => 'OVPN-Konfiguration',
'ovpn crypt options' => 'Kryptografieoptionen',
'ike grouptype' => 'IKE Grouptype:',
'ike integrity' => 'IKE Integrity:',
'ike lifetime' => 'IKE Lifetime:',
-'ike lifetime should be between 1 and 8 hours' => 'IKE lifetime should be between 1 and 8 hours.',
+'ike lifetime should be between 1 and 24 hours' => 'IKE lifetime should be between 1 and 24 hours.',
'imei' => 'IMEI',
'import' => 'Import',
'importkey' => 'Import PSK',
'inactive' => 'inactive',
'include logfiles' => 'Include logfiles',
'incoming' => 'incoming',
+'incoming compression in bytes per second' => 'Incoming Compression',
'incoming firewall access' => 'Incoming Firewall Access',
+'incoming overhead in bytes per second' => 'Incoming Overhead',
'incoming traffic in bytes per second' => 'Incoming Traffic',
'incorrect password' => 'Incorrect password',
'info' => 'Info',
'invalid input for organization' => 'Invalid input for organization',
'invalid input for remote host/ip' => 'Invalid input for remote host/ip.',
'invalid input for state or province' => 'Invalid input for state or province.',
+'invalid input for valid till days' => 'Invalid input for Valid till (days).',
'invalid ip' => 'Invalid IP Address',
'invalid keep time' => 'Keep time must be a valid number',
'invalid key' => 'Invalid key.',
'our donors' => 'Our donors',
'out' => 'Out',
'outgoing' => 'outgoing',
+'outgoing compression in bytes per second' => 'Outgoing compression',
'outgoing firewall' => 'Outgoing Firewall',
'outgoing firewall access' => 'Outgoing Firewall Access',
'outgoing firewall add ip group' => 'Add IP Address Group',
'outgoing firewall reset' => 'Reset all',
'outgoing firewall view group' => 'View group',
'outgoing firewall warning' => 'Not selecting source ip or mac ignores them',
+'outgoing overhead in bytes per second' => 'Outgoing Overhead',
'outgoing traffic in bytes per second' => 'Outgoing Traffic',
'override mtu' => 'Override default MTU',
'ovpn' => 'OpenVPN',
+'ovpn add conf' => 'Additional configuration',
'ovpn con stat' => 'OpenVPN Connection Statistics',
'ovpn config' => 'OVPN-Config',
'ovpn crypt options' => 'Cryptographic options',
'ike grouptype' => 'Tipo de grupo IKE:',
'ike integrity' => 'Integridad IKE:',
'ike lifetime' => 'Tiempo de vida IKE:',
-'ike lifetime should be between 1 and 8 hours' => 'Tiempo de vida IKE entre 1 y 8 horas.',
+'ike lifetime should be between 1 and 24 hours' => 'Tiempo de vida IKE entre 1 y 24 horas.',
'import' => 'Importar',
'importkey' => 'Importar PSK',
'in' => 'En',
'ike grouptype' => 'Type de groupe IKE :',
'ike integrity' => 'Intégrité IKE :',
'ike lifetime' => 'Durée de vie IKE :',
-'ike lifetime should be between 1 and 8 hours' => 'La durée de vie IKE devrait être comprise entre 1 et 8 heures.',
+'ike lifetime should be between 1 and 24 hours' => 'La durée de vie IKE devrait être comprise entre 1 et 24 heures.',
'import' => 'Importer',
'importkey' => 'Importer PSK',
'in' => 'Dans',
'ike grouptype' => 'IKE Grouptype:',
'ike integrity' => 'IKE Integrity:',
'ike lifetime' => 'IKE Lifetime:',
-'ike lifetime should be between 1 and 8 hours' => 'IKE lifetime should be between 1 and 8 hours.',
+'ike lifetime should be between 1 and 24 hours' => 'IKE lifetime should be between 1 and 24 hours.',
'imei' => 'IMEI',
'import' => 'Import',
'importkey' => 'Import PSK',
'ike grouptype' => 'IKE Groepstype:',
'ike integrity' => 'IKE Integriteit:',
'ike lifetime' => 'IKE Levensduur:',
-'ike lifetime should be between 1 and 8 hours' => 'IKE levensduur moet tussen 1 en 8 uur liggen.',
+'ike lifetime should be between 1 and 24 hours' => 'IKE levensduur moet tussen 1 en 24 uur liggen.',
'import' => 'Importeer',
'importkey' => 'Importeer PSK',
'in' => 'In',
'ike grouptype' => 'Typ grupy IKE:',
'ike integrity' => 'Spójność IKE:',
'ike lifetime' => 'Czas ważności IKE:',
-'ike lifetime should be between 1 and 8 hours' => 'Czas ważności IKE powinien wynosić od 1 do 8 godzin.',
+'ike lifetime should be between 1 and 24 hours' => 'Czas ważności IKE powinien wynosić od 1 do 24 godzin.',
'import' => 'Import',
'importkey' => 'Import PSK',
'in' => 'W',
'ike grouptype' => 'IKE Grouptype:',
'ike integrity' => 'IKE Integrity:',
'ike lifetime' => 'IKE Lifetime:',
-'ike lifetime should be between 1 and 8 hours' => 'IKE lifetime should be between 1 and 8 hours.',
+'ike lifetime should be between 1 and 24 hours' => 'IKE lifetime should be between 1 and 24 hours.',
'import' => 'Import',
'importkey' => 'Import PSK',
'in' => 'In',
'ike grouptype' => 'IKE Grup Türü:',
'ike integrity' => 'IKE Bütünlüğü:',
'ike lifetime' => 'IKE Yaşam Süresi:',
-'ike lifetime should be between 1 and 8 hours' => 'IKE yaşam süresi 1 ila 8 saat arasında olmalıdır.',
+'ike lifetime should be between 1 and 24 hours' => 'IKE yaşam süresi 1 ila 24 saat arasında olmalıdır.',
'imei' => 'IMEI',
'import' => 'Al',
'importkey' => 'PSK Al',
# #
###############################################################################
-###############################################################################
-# Definitions
-###############################################################################
-
include Config
-VER = 1.8.19.0
+VER = 11.15.0
THISAPP = asterisk-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = asterisk
-PAK_VER = 8
-
-CHAN_CAPI = chan_capi-20120614
+PAK_VER = 14
-DEPS = "libpri libtiff libvorbis libogg spandsp netsnmpd"
+DEPS = "libsrtp"
###############################################################################
# Top-level Rules
objects = $(DL_FILE) \
asterisk-1.4-de-prompts.tar.gz \
- asterisk-extra-sounds-en-gsm-1.4.11.tar.gz \
- asterisk-moh-opsound-gsm-2.03.tar.gz \
- $(CHAN_CAPI).tgz
+ asterisk-extra-sounds-en-gsm-1.4.15.tar.gz \
+ asterisk-moh-opsound-gsm-2.03.tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-asterisk-extra-sounds-en-gsm-1.4.11.tar.gz = $(URL_IPFIRE)/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz
+asterisk-extra-sounds-en-gsm-1.4.15.tar.gz = $(URL_IPFIRE)/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz
asterisk-moh-opsound-gsm-2.03.tar.gz = $(URL_IPFIRE)/asterisk-moh-opsound-gsm-2.03.tar.gz
asterisk-1.4-de-prompts.tar.gz = $(URL_IPFIRE)/asterisk-1.4-de-prompts.tar.gz
-$(CHAN_CAPI).tgz = $(URL_IPFIRE)/$(CHAN_CAPI).tgz
-$(DL_FILE)_MD5 = dc98436846cc2de57100d78747b1bdd1
-asterisk-extra-sounds-en-gsm-1.4.11.tar.gz_MD5 = 5479cb4cb81d678304d96f35e4933a11
+$(DL_FILE)_MD5 = 71e8c2e207255f7ef12b81b7f0da30ea
+asterisk-extra-sounds-en-gsm-1.4.15.tar.gz_MD5 = 5099fc65f49008e33ba7fb043a4ec995
asterisk-moh-opsound-gsm-2.03.tar.gz_MD5 = 09066f55f1358f298bc1a6e4678a3ddf
asterisk-1.4-de-prompts.tar.gz_MD5 = 626a2b95071a5505851e43874dfbfd5c
-$(CHAN_CAPI).tgz_MD5 = c190f44eb362bf258b27f92c3458e4bf
install : $(TARGET)
@$(PREBUILD)
# remove old directories and extract asterisk
- @rm -rf $(DIR_APP) $(DIR_SRC)/asterisk-* $(DIR_SRC)/$(CHAN_CAPI) $(DIR_SRC)/agx-ast-addons && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-
- # confiure asterisk
- cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/var/ipfire
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
+ # patch asterisk
+ cd $(DIR_APP) && patch -p4 < $(DIR_SRC)/src/patches/asterisk-no-ffmpeg.patch
+
+ # configure asterisk
+ cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/var/ipfire \
+ --without-oss \
+ --without-sdl \
+ --without-SDL_image \
+ --without-netsnmp \
+ --without-avcodec \
+ --without-vorbis \
+ --without-ogg \
+ --without-spandsp \
+ --disable-xmldoc
# enable additional features (include following sound-tars)
- cd $(DIR_APP) && cp -fv $(DIR_SRC)/config/asterisk/asterisk.makeopts menuselect.makeopts
+ cd $(DIR_APP) && make menuselect.makeopts && menuselect/menuselect \
+ --enable res_srtp \
+ --enable app_mysql \
+ --enable cdr_mysql \
+ --enable res_config_mysql \
+ --enable EXTRA-SOUNDS-EN-GSM \
+ --enable MOH-OPSOUND-GSM \
+ menuselect.makeopts
# add additional sounds
- cd $(DIR_APP) && cp -fv $(DIR_DL)/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz $(DIR_APP)/sounds/
+ cd $(DIR_APP) && cp -fv $(DIR_DL)/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz $(DIR_APP)/sounds/
cd $(DIR_APP) && cp -fv $(DIR_DL)/asterisk-moh-opsound-gsm-2.03.tar.gz $(DIR_APP)/sounds/
# Fix wrong cpu optimization (march=armv5tel)
cp -vrf $(DIR_SRC)/config/asterisk/* /var/ipfire/asterisk/
chmod o+w /var/ipfire/asterisk
chown nobody:nobody -R /var/ipfire/asterisk
- ln -f -s /var/ipfire/asterisk/wakeup/wakeup.sh /etc/fcron.minutely/wakeup.sh
-
- # build and install chan capi (needed for isdn)
- cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(CHAN_CAPI).tgz
- cd $(DIR_SRC)/chan-capi-HEAD && sed -i -e 's/^CFLAGS+=-Wno-unused-but-set-variable$$//' Makefile
- cd $(DIR_SRC)/chan-capi-HEAD && make $(MAKETUNING)
- cd $(DIR_SRC)/chan-capi-HEAD && make install
- @rm -rf $(DIR_SRC)/chan-capi-HEAD
+ chown nobody:nobody -R /var/lib/asterisk
- # be sure all source is removed
- @rm -rf $(DIR_APP) $(DIR_SRC)/asterisk-*
+# be sure all source is removed
+ @rm -rf $(DIR_APP) $(DIR_SRC)/asterisk-* $(DIR_SRC)/libsrtp*
# remember backup-location
install -v -m 644 $(DIR_SRC)/config/backup/includes/asterisk /var/ipfire/backup/addons/includes/asterisk
+ # Logrotate
+ mkdir -pv /etc/logrotate.d
+ install -v -m 644 $(DIR_SRC)/config/asterisk/asterisk.logrotate /etc/logrotate.d/asterisk
+
# generate softlink (or asterisk will not work properly)
ln -sf /var/ipfire/asterisk /etc/asterisk
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
+ifeq "$(MACHINE)" "armv5tel"
+ MAKETUNING = -j2
+endif
+
###############################################################################
# Top-level Rules
###############################################################################
include Config
PKG_NAME = collectd
-VER = 4.10.7
+VER = 4.10.9
THISAPP = collectd-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f4193fdb5002ddac8159c88032a726bc
+$(DL_FILE)_MD5 = 980dd3387508f9ad209df04a6f7a126c
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0001-src-utils_mount.h-Add-stdio.h.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0002-Don-t-notify-continuously-when-MySQL-slave-SQL-threa.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0003-curl_xml.c-avoid-using-uninitalized-variable-in-erro.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0004-interface.c-FreeBSD-10-support.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0005-Revert-curl_xml.c-avoid-using-uninitalized-variable-.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0006-network-set_thread_cbs-so-we-initialize-the-right-th.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0007-apache-plugin-Call-curl_global_init-from-the-init-fu.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0008-network-comment-libgcrypt-initalization-process.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0009-Call-curl_global_init-in-_init-of-plugins-using-curl.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0010-indent-wh_init-to-be-consistent-with-the-rest-of-the.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0011-Configparser-when-we-alocate-an-empty-list-we-also-n.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0012-don-t-assume-pkg-config-is-in-PATH.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0013-add-missing-backticks-which-broke-the-build.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0014-snmp-free-snmp_pdu-struct-allocated-by-snmp_pdu_crea.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0015-curl_xml-plugin-Fixed-tautological-pointer-compariso.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0016-Add-support-for-OpenVPN-2.3.0-status-files.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0017-openvpn-plugin-Don-t-signal-an-error-when-no-clients.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0018-openvpn-Remove-boguous-file-handler-check.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0019-openvpn-Ignore-not-fully-established-connections.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0020-openvpn-Make-read-functions-robust-like-in-8516f9abb.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0021-openvpn-Fix-copy-and-paste-error.patch
+ cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var \
--disable-{apple_sensors,csv,ipvs,mbmon,memcached,mysql} \
--disable-{netlink,nginx,nut,perl,serial,snmp,tape,vserver,xmms} \
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/crda-3.13-crypto_use_optional.patch
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
include Config
-VER = 2.0.2
+VER = 2.0.4
THISAPP = daq-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 865bf9b750a2a2ca632591a3c70b0ea0
+$(DL_FILE)_MD5 = 65e51d72e9d5d8b397e192e4e5857eff
install : $(TARGET)
include Config
-VER = 004
+VER = 005
THISAPP = ddns-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ff77cb72d0cb06c73bde70419b15bae8
+$(DL_FILE)_MD5 = 5fb0e7c8a775ae03074ad90d5a251a4c
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns/ddns-005-Add-changeip-com.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns/ddns-005-SPDNS-fix-auth.patch
+
cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh
cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/var/ipfire
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
ln -s $(THISAPP) /usr/src/directfb
-# @rm -rf $(DIR_APP)
+ @rm -rf $(DIR_APP)
@$(POSTBUILD)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-COPTS = -DHAVE_ISC_READER
+# We cannot use INOTIFY because our ISC reader code does not support that
+COPTS = -DHAVE_ISC_READER -DNO_INOTIFY
###############################################################################
# Top-level Rules
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.72rc2-Add-support-to-read-ISC-DHCP-lease-file.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0020-Initialise-return-value.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0021-Add-ignore-address-option.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0022-Bad-packet-protection.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0035-Update-German-translation.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0040-inotify-documentation-updates.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0042-BSD-make-support.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0044-Manpage-typo-fix.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0047-man-page-typo.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0049-Typos.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \
-e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
-e 's|/\* #define HAVE_DNSSEC \*/|#define HAVE_DNSSEC|g' \
-e 's|#define HAVE_DHCP6|//#define HAVE_DHCP6|g' \
-e 's|#define HAVE_TFTP|//#define HAVE_TFTP|g'
- cd $(DIR_APP) && make CFLAGS="$(CFLAGS)" COPTS="$(COPTS)" $(MAKETUNING)
- cd $(DIR_APP) && make PREFIX=/usr install
+ cd $(DIR_APP) && make CFLAGS="$(CFLAGS)" COPTS="$(COPTS)" \
+ PREFIX=/usr all install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
-VER = 3.0
+VER = 3.16
THISAPP = ethtool-$(VER)
-DL_FILE = $(THISAPP).tar.bz2
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = cb129398cbbf39859901b55ecac101da
+$(DL_FILE)_MD5 = 7eee202accb86104adc8463a36a1a468
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 3.0.4
+VER = 3.2.0
THISAPP = fcron-$(VER)
DL_FILE = $(THISAPP).src.tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5a26a1dfd91fdc7e87401e98aef870e6
+$(DL_FILE)_MD5 = 4b031c2fba32a98fa814d1557158b0e9
install : $(TARGET)
cd $(DIR_SRC)/ffmpeg && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_SRC)/ffmpeg && make install
cd $(DIR_SRC)/ffmpeg && make install-libs
- ldconfig
-# @rm -rf $(DIR_APP)
+ @rm -rf $(DIR_APP)
@$(POSTBUILD)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 5.11
+VER = 5.20
THISAPP = file-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 16a407bd66d6c7a832f3a5c0d609c27b
+$(DL_FILE)_MD5 = 5d5e13eb3e0e13839da869a31790faf2
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.4.12
+VER = 1.4.18
THISAPP = gnupg-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ce3742e5c7912559cab7894ad8ba7f6b
+$(DL_FILE)_MD5 = 54db1be9588b11afbbdd8b82d4ea883a
install : $(TARGET)
include Config
-VER = 2.14
+VER = 2.21
THISAPP = grep-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d4a3f03849d1e17ce56ab76aa5a24cab
+$(DL_FILE)_MD5 = 43c48064d6409862b8a850db83c8038a
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 9.42
+VER = 9.45
THISAPP = hdparm-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0af5a38b212fe08f5afbe5e37f34b40b
+$(DL_FILE)_MD5 = 1c75d0751a44928b6c4bc81fb16d7fe8
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.0.2
+VER = 1.0.3
THISAPP = htop-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = htop
-PAK_VER = 6
+PAK_VER = 7
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0d01cca8df3349c74569cefebbd9919e
+$(DL_FILE)_MD5 = e768b9b55c033d9c1dffda72db3a6ac7
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-1.0.0 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.17
+ @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-* $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-*
@cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
# cp -rf /usr/src/linux/include/linux/netfilter /usr/include/linux
cd $(DIR_SRC)/libnetfilter_cttimeout-1.0.0 && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_SRC)/libnetfilter_cttimeout-1.0.0 && make install
- @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-1.0.0 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.17
+ @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-* $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-*
@$(POSTBUILD)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_SRC)/$(THISAPP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/mitkrb-1.12.1-db2_fix-1.patch
cd $(DIR_APP) && sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
chmod -f -v 755 "/usr/lib/lib$$LIB.so"; \
done
- @rm -rf $(DIR_APP)
+ @rm -rf $(DIR_SRC)/$(THISAPP)
@$(POSTBUILD)
include Config
-VER = 20121008
+VER = 20140403
THISAPP = lcr-$(VER)
DL_FILE = $(THISAPP).tar.xz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = lcr
-PAK_VER = 5
+PAK_VER = 6
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6c5e25329be107e30436b716bafc786f
+$(DL_FILE)_MD5 = c81c5862d51720a3efc06fd2c02cd58d
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_SRC)/lcr && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_SRC)/lcr && sed -i -e "s|^EXTENSIONdir=.*|EXTENSIONdir=/var/ipfire/lcr/extensions|g" \
- Makefile.am
+ cd $(DIR_SRC)/lcr && sed -i -e "s|^EXTENSIONdir=.*|EXTENSIONdir=/var/ipfire/lcr/extensions|g" Makefile.am
+ cd $(DIR_SRC)/lcr && sed -i -e "s|-D_GNU_SOURCE|-D_GNU_SOURCE -DASTERISK_VERSION_NUM=110000|g" Makefile.am
cd $(DIR_SRC)/lcr && ./autogen.sh
cd $(DIR_SRC)/lcr && ./configure --prefix=/usr \
--sysconfdir=/var/ipfire \
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.3.17
+VER = 2.3.21
THISAPP = libart_lgpl-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dfca42529393c8a8f59dc4dc10675a46
+$(DL_FILE)_MD5 = 08559ff3c67fd95d57b0c5e91a6b4302
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.0.3
+VER = 2.1.3
THISAPP = libassuan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libassuan
-PAK_VER = 1
+PAK_VER = 2
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 179d1918325fdb928c7bd90b8a514fc7
+$(DL_FILE)_MD5 = b5373485419a7e2c23457d20811caabe
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.19
+VER = 2.24
THISAPP = libcap-$(VER)
-DL_FILE = $(THISAPP).tar.bz2
+DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = eb1ff04d39bfa2342b8e78b0fd60dc2d
+$(DL_FILE)_MD5 = ffb154f29b1d28466c6fe6add8286a2d
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
# link for old binaries
- ln -s libcap.so.2 /lib/libcap.so.1
+ ln -svf libcap.so.2 /lib/libcap.so.1
chmod +x /lib/libcap.so.*
@rm -rf $(DIR_APP)
@$(POSTBUILD)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 0.1.6
+VER = 1.2.0
-THISAPP = libdvbpsi5-$(VER)
+THISAPP = libdvbpsi-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libdvbpsi
-PAK_VER = 1
+PAK_VER = 2
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = bd2d9861be3311e1e03c91cd9345f542
+$(DL_FILE)_MD5 = 69e38e93c4db4f2a58cbd0b6f9f38228
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2011 IPFire Team <info@ipfire.de> #
+# Copyright (C) 2007-2014 IPFire Team <info@ipfire.de> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.0.13-stable
+VER = 2.0.21-stable
THISAPP = libevent-$(VER)
DL_FILE = $(THISAPP).tar.gz
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libevent2
-PAK_VER = 1
+PAK_VER = 2
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = af786b4b3f790c9d3279792edf7867fc
+$(DL_FILE)_MD5 = b2405cc9ebf264aa47ff615d9de527a2
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 3.0.11
+VER = 3.2.1
THISAPP = libffi-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f69b9693227d976835b4857b1ba7d0e3
+$(DL_FILE)_MD5 = 83b89587607e3eb65c70d361f13bab43
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.4.0
+VER = 1.6.2
THISAPP = libpcap-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 56e88a5aabdd1e04414985ac24f7e76c
+$(DL_FILE)_MD5 = 5f14191c1a684a75532c739c2c4059fa
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --enable-bluetooth=no \
+ --disable-dbus
+
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
include Config
-VER = 2.0.24.1
-
-THISAPP = teamspeak-$(VER)
+VER = 1.5.0
+THISAPP = libsrtp-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-PROG = teamspeak
-PAK_VER = 2
+PROG = libsrtp
+PAK_VER = 1
DEPS = ""
# Top-level Rules
###############################################################################
-objects =
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = ec49ba558b4fd056114df2c76935aa8e
install : $(TARGET)
-check :
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-download :
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
-md5 :
+md5 : $(subst %,%_MD5,$(objects))
dist:
@$(PAK)
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
###############################################################################
# Installation Details
###############################################################################
-$(TARGET) :
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- -mkdir -p /opt/teamspeak
- install -v -m 644 $(DIR_SRC)/config/backup/includes/teamspeak \
- /var/ipfire/backup/addons/includes/teamspeak
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+ cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && make uninstall && make $(MAKETUNING) libsrtp.so
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
@$(POSTBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
- touch /var/lib/logrotate.status
+ mkdir -pv /etc/logrotate.d
+ touch /etc/logrotate.d/.empty /var/lib/logrotate.status
@rm -rf $(DIR_APP)
@$(POSTBUILD)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2015 IPfire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.2.9
+VER = 1.6.4
THISAPP = lynis-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
+DIR_APP = $(DIR_SRC)/lynis
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = lynis
-PAK_VER = 4
+PAK_VER = 5
DEPS = ""
###############################################################################
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 69b369173ffc0f10f021035f73857e1f
+$(DL_FILE)_MD5 = dfa946388af8926bd24f772d4fa4830a
install : $(TARGET)
cd $(DIR_SRC)/mISDNuser && ./configure --prefix=/usr --with-AF_ISDN=34
cd $(DIR_SRC)/mISDNuser && make MISDNDIR=/usr/src/linux
cd $(DIR_SRC)/mISDNuser && make install MISDNDIR=/usr/src/linux
+ @rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
-VER = 4.8.12
+VER = 4.8.13
THISAPP = mc-$(VER)
DL_FILE = $(THISAPP).tar.xz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mc
-PAK_VER = 9
+PAK_VER = 10
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7ecccc03df060cd0ca1414a5a14e6649
+$(DL_FILE)_MD5 = d967caa12765eb86e52a6a63ca202500
install : $(TARGET)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mediatomb
-PAK_VER = 4
+PAK_VER = 5
-DEPS = "ffmpeg-libs libexif sqlite taglib "
+DEPS = "ffmpeg-libs libexif taglib "
###############################################################################
# Top-level Rules
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = minidlna
-PAK_VER = 3
+PAK_VER = 4
-DEPS = "ffmpeg flac libexif libid3tag libogg sqlite"
+DEPS = "ffmpeg flac libexif libid3tag libogg"
###############################################################################
# Top-level Rules
include Config
-VER = 1.8
+VER = 1.9
THISAPP = miniupnpd-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = miniupnpd
-PAK_VER = 1
+PAK_VER = 2
###############################################################################
# Top-level Rules
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0d8a8e936d5a0012cb260a3b972acbf3
+$(DL_FILE)_MD5 = 9151502f84f130b0ef1245ac938c33f9
install : $(TARGET)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 5.11
+
+THISAPP = monit-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = monit
+PAK_VER = 3
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = ff00f39d248ed7068932ed82211da9e6
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+
+ install -v -m 644 $(DIR_SRC)/config/backup/includes/monit \
+ /var/ipfire/backup/addons/includes/monit
+
+ # Install default configuration
+ install -v -m 600 $(DIR_SRC)/config/monit/monitrc /etc
+
+ # Install start links and backup include file.
+ ln -sf ../init.d/monit /etc/rc.d/rc3.d/S60monit
+ ln -sf ../init.d/monit /etc/rc.d/rc0.d/K40monit
+ ln -sf ../init.d/monit /etc/rc.d/rc6.d/K40monit
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) $(DIR_SRC)/nagios-plugins* && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && \
./configure --prefix=/usr \
--sysconfdir=/etc/nagios \
ln -s /etc/init.d/nagios /etc/rc.d/rc3.d/S67nagios
ln -s /etc/init.d/nagios /etc/rc.d/rc0.d/K33nagios
ln -s /etc/init.d/nagios /etc/rc.d/rc6.d/K33nagios
- @rm -rf $(DIR_APP)
+ @rm -rf $(DIR_APP) $(DIR_SRC)/nagios-plugins*
@$(POSTBUILD)
include Config
-VER = 1.4.4
+VER = 1.6.2
THISAPP = nginx-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nginx
-PAK_VER = 3
+PAK_VER = 4
###############################################################################
# Top-level Rules
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5dfaba1cbeae9087f3949860a02caa9f
+$(DL_FILE)_MD5 = d1b55031ae6e4bce37f8776b94d8b930
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2011 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2015 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 6.01
+VER = 6.47
THISAPP = nmap-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nmap
-PAK_VER = 6
+PAK_VER = 7
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a1a71940f238abb835dbf3ee7412bcea
+$(DL_FILE)_MD5 = edfe81f6763223c0a29bfa15a8526e2a
install : $(TARGET)
no-mdc2 \
no-rc5 \
no-srp \
+ no-ssl2 \
+ no-ssl3 \
$(CONFIGURE_ARGS) \
-DSSL_FORBID_ENULL \
-DHAVE_CRYPTODEV \
cd $(DIR_APP) && make install
cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
-mkdir -vp /usr/lib/openvpn/plugins
+ -mkdir -vp /var/log/openvpn
-mkdir -vp /var/ipfire/ovpn/ca
-mkdir -vp /var/ipfire/ovpn/ccd
-mkdir -vp /var/ipfire/ovpn/crls
chmod 700 /var/ipfire/ovpn/ovpn-leases.db
chown -R root:root /var/ipfire/ovpn/scripts
chown -R nobody:nobody /var/ipfire/ovpn
- chown root.nobody /var/log/ovpnserver.log
- chmod 660 /var/log/ovpnserver.log
chmod 700 /var/ipfire/ovpn/certs
mv -v /var/ipfire/ovpn/verify /usr/lib/openvpn/verify
chown root:root /usr/lib/openvpn/verify
include Config
-VER = 7.0.0
+VER = 7.0.3
THISAPP = owncloud-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = owncloud
-PAK_VER = 2
+PAK_VER = 4
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 28cfdc99e8ee9350fe88430b4c7d62f2
+$(DL_FILE)_MD5 = d5d2ad068046e6ddb322cf001a9bb3d5
install : $(TARGET)
/etc/httpd/conf/vhosts.d/
install -v -m 644 $(DIR_SRC)/config/backup/includes/owncloud \
/var/ipfire/backup/addons/includes/owncloud
+
+ @rm -rf $(DIR_SRC)/$(PROG)
@$(POSTBUILD)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = pakfire3
-PAK_VER = 4
+PAK_VER = 5
-DEPS = "libsolv pycurl pygpgme python-progressbar python-xattr sqlite urlgrabber"
+DEPS = "libsolv pycurl pygpgme python-progressbar python-xattr urlgrabber"
###############################################################################
# Top-level Rules
include Config
-VER = 8.31
+VER = 8.36
THISAPP = pcre-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = fab1bb3b91a4c35398263a5c1e0858c1
+$(DL_FILE)_MD5 = ff7b4bb14e355f04885cf18ff4125c98
install : $(TARGET)
--prefix=/usr \
--disable-static \
--enable-utf8 \
- --enable-jit \
+ --disable-jit \
--enable-unicode-properties
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 4.0.3
+VER = 4.2.1
THISAPP = screen-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8506fd205028a96c741e4037de6e3c42
+$(DL_FILE)_MD5 = 419a0594e2b25039239af8b90eda7d92
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/screen-4.0.3-stropts.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/screen-4.2.1-cpation-hardstatus.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/screen-4.2.1-altscreen.patch
cd $(DIR_APP) && ./configure --prefix=/usr --with-socket-dir=/var/run/screen --with-sys-screenrc=/etc/screenrc
cd $(DIR_APP) && sed -i -e "s%/usr/local/etc/screenrc%/etc/screenrc%" {etc,doc}/*
cd $(DIR_APP) && make $(MAKETUNING)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 6.1
+VER = 6.3
THISAPP = smartmontools-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 83a3a681f8183ed858392d550ae1cca6
+$(DL_FILE)_MD5 = 2ea0c62206e110192a97b59291b17f54
install : $(TARGET)
include Config
-VER = 2.9.6.1
+VER = 2.9.7.0
THISAPP = snort-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d7c0f1ddb2e70b70acdaa4664abb5fb0
+$(DL_FILE)_MD5 = c2a45bc56441ee9456478f219dd8d1e2
install : $(TARGET)
include Config
-VER = 3070603
+VER = 3080704
THISAPP = sqlite-autoconf-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-PROG = sqlite
-PAK_VER = 2
-
-DEPS = ""
###############################################################################
# Top-level Rules
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7eb41eea5ffa5cbe359a48629084c425
+$(DL_FILE)_MD5 = 33bb8db0038317ce1b0480ca1185c7ba
install : $(TARGET)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
-dist:
- @$(PAK)
-
###############################################################################
# Installation Details
###############################################################################
include Config
-VER = 3.4.8
+VER = 3.4.9
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b0c4335447248810169f58ea4d8b204a
+$(DL_FILE)_MD5 = 497e5be7b3430d12667628296760beca
install : $(TARGET)
include Config
-VER = 1.0.1
+VER = 1.0.2
THISAPP = squid-accounting-$(VER)
DIR_APP = $(DIR_SRC)/$(THISAPP)
include Config
-VER = 5.2.1
+VER = 5.2.2
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dd3717c0aa59ab4591ca1812941ebb82
+$(DL_FILE)_MD5 = 7ee1a33060b2bde35be0f6d78a1d26d0
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.1.2-5.2.1_modp_custom.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-eb25190.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
cd $(DIR_APP) && ./configure \
ln -sf $(CONFIG_ROOT)/certs /etc/ipsec.d/certs
ln -sf $(CONFIG_ROOT)/crls /etc/ipsec.d/crls
+ install -v -m 644 $(DIR_SRC)/config/strongswan/charon.conf \
+ /etc/strongswan.d/charon.conf
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
#cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)_xen_empty_buffer_check.patch
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
- touch /var/log/{dhcpcd.log,messages,ovpnserver.log}
- chmod 664 /var/log/{dhcpcd.log,messages,ovpnserver.log}
- chown 0:105 /var/log/{dhcpcd.log,messages,ovpnserver.log}
+ touch /var/log/{dhcpcd.log,messages}
+ chmod 664 /var/log/{dhcpcd.log,messages}
+ chown 0:105 /var/log/{dhcpcd.log,messages}
@rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
-VER = 1.22
+VER = 1.28
THISAPP = tar-$(VER)
DL_FILE = $(THISAPP).tar.bz2
ifeq "$(ROOT)" ""
TARGET = $(DIR_INFO)/$(THISAPP)
EXTRA_CONFIG = --prefix=/usr --bindir=/bin \
- --libexecdir=/usr/sbin --disable-nls
+ --libexecdir=/usr/sbin --disable-nls FORCE_UNSAFE_CONFIGURE=1
EXTRA_MAKE =
EXTRA_INSTALL =
else
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 07fa517027f426bb80f5f5ff91b63585
+$(DL_FILE)_MD5 = 8f32b2bc1ed7ddf4cf4e4a39711341b0
install : $(TARGET)
include Config
-VER = 4.4.0
+VER = 4.6.2
THISAPP = tcpdump-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tcpdump
-PAK_VER = 3
+PAK_VER = 4
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6f75aabcffd012f73bd7c331bb5d8232
+$(DL_FILE)_MD5 = 74d0d3728b3cdc60db872d842e7f1598
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.14
+VER = 1.16
THISAPP = wget-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 316f6f59292c9098ad81fd54f658c579
+$(DL_FILE)_MD5 = fe102975ab3a6c049777883f1bb9ad07
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/wget-1.14-texi2pod-1.patch
-
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--sysconfdir=/etc \
THISAPP = xvidcore-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
+DIR_APP = $(DIR_SRC)/xvidcore
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = xvid
PAK_VER = 2
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_SRC)/xvidcore/build/generic && ./configure --prefix=/usr
- cd $(DIR_SRC)/xvidcore/build/generic && make
- cd $(DIR_SRC)/xvidcore/build/generic && make install
+ cd $(DIR_APP)/build/generic && ./configure --prefix=/usr
+ cd $(DIR_APP)/build/generic && make
+ cd $(DIR_APP)/build/generic && make install
chmod -v 755 /usr/lib/libxvidcore.so.4.2
ln -v -sf libxvidcore.so.4.2 /usr/lib/libxvidcore.so.4
ln -v -sf libxvidcore.so.4 /usr/lib/libxvidcore.so
include Config
-VER = 1.2.7
+VER = 1.2.8
THISAPP = zlib-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 60df6a37c56e7c1366cca812414f7b85
+$(DL_FILE)_MD5 = 44d667c142d7cda120332623eab69f40
install : $(TARGET)
ipfiremake libevent2
ipfiremake portmap
ipfiremake nfs
- ipfiremake nmap
+ #ipfiremake nmap
ipfiremake ncftp
ipfiremake etherwake
ipfiremake bwm-ng
ipfiremake lm_sensors
ipfiremake liboping
ipfiremake collectd
- ipfiremake teamspeak
ipfiremake elinks
ipfiremake igmpproxy
ipfiremake fbset
ipfiremake iftop
ipfiremake motion
ipfiremake joe
+ ipfiremake monit
ipfiremake nut
ipfiremake watchdog
ipfiremake libpri
+ ipfiremake libsrtp
ipfiremake asterisk
ipfiremake lcr
ipfiremake usb_modeswitch
case "${1}" in
start)
boot_mesg "Starting Asterisk PBX..."
- loadproc /usr/sbin/asterisk -p
+ loadproc /usr/sbin/asterisk -p
;;
stop)
--- /dev/null
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/monit
+#
+# Description : monit monitoring daemon
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+case "${1}" in
+ start)
+ boot_mesg "Starting monit..."
+ loadproc /usr/bin/monit
+ ;;
+
+ stop)
+ boot_mesg "Stopping monit..."
+ killproc /usr/bin/monit
+ ;;
+
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
+
+ status)
+ statusproc /usr/bin/monit
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/monit
+++ /dev/null
-#!/bin/sh
-########################################################################
-# Begin $rc_base/init.d/teamspeak
-#
-# Description : Start/Stops the teamspeak server
-#
-# Authors : Michael Tremer
-#
-# Version : 01.00
-#
-# Notes :
-#
-########################################################################
-
-. /etc/sysconfig/rc
-. $rc_functions
-
-case "$1" in
- status)
- statusproc /opt/teamspeak/server_linux
- ;;
- *)
- export LANG=en_US.utf8
- cd /opt/teamspeak && sudo -u teamspeak ./teamspeak2-server_startscript $*
- exit 0
- ;;
-esac
-# End $rc_base/init.d/teamspeak
"%s - %s", size_str, p);
}
+ // Cut off the description string after 40 characters
+ disk->description[41] = '\0';
+
*disks++ = disk;
if (--i == 0)
printf(" -kn2n --kill-net-2-net\n");
printf(" kills all net2net connections\n");
printf(" you may pass a connection name to the switch to only start a specific one\n");
+ printf(" -drrd --delete-rrd\n");
+ printf(" Deletes the RRD data for a specific client\n");
+ printf(" you need to pass a connection name (RW) to the switch to delete the directory (case sensitive)\n");
printf(" -d --display\n");
printf(" displays OpenVPN status to syslog\n");
printf(" -fwr --firewall-rules\n");
executeCommand(command);
snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf");
executeCommand(command);
+ snprintf(command, STRING_SIZE-1, "/bin/chown root.nobody /var/run/ovpnserver.log");
+ executeCommand(command);
+ snprintf(command, STRING_SIZE-1, "/bin/chmod 644 /var/run/ovpnserver.log");
+ executeCommand(command);
}
}
return 0;
}
+int deleterrd(char *name) {
+ connection *conn = getConnections();
+
+ char rrd_file[STRING_SIZE];
+ snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name);
+
+ char rrd_dir[STRING_SIZE];
+ snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name);
+
+ while(conn) {
+ /* Find only RW-Connections with the given name. */
+ if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) {
+ remove(rrd_file);
+ remove(rrd_dir);
+ return 0;
+ }
+ conn = conn->next;
+ }
+
+ return 1;
+}
+
void startAllNet2Net() {
int exitcode = 0, _exitcode = 0;
else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
killNet2Net(argv[2]);
return 0;
+ }
+ else if( (strcmp(argv[1], "-drrd") == 0) || (strcmp(argv[1], "--delete-rrd") == 0) ) {
+ deleterrd(argv[2]);
+ return 0;
} else {
usage();
return 1;
+++ /dev/null
-#!/bin/bash
-############################################################################
-# #
-# This file is part of the IPFire Firewall. #
-# #
-# IPFire is free software; you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation; either version 2 of the License, or #
-# (at your option) any later version. #
-# #
-# IPFire is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with IPFire; if not, write to the Free Software #
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
-# #
-# Copyright (C) 2008 IPFire-Team <info@ipfire.org>. #
-# #
-############################################################################
-#
-. /opt/pakfire/lib/functions.sh
-
-extract_files
-
-[ -d /opt/teamspeak ] || mkdir -p /opt/teamspeak
-
-cd /tmp
-wget -c ftp://ftp.freenet.de/pub/4players/teamspeak.org/releases/ts2_server_rc2_202319.tar.bz2 \
- ftp://ftp.freenet.de/pub/4players/teamspeak.org/developer/server/202401/server_linux
-
-tar xvfj ts2_server_rc2_202319.tar.bz2 -C /tmp
-
-cp -av /tmp/tss2_rc2/* /opt/teamspeak
-mv /tmp/server_linux /opt/teamspeak/server_linux
-chmod 755 -v /opt/teamspeak/server_linux
-
-rm -rf /tmp/tss2_rc2 ts2_server_rc2_202319.tar.bz2
-
-groupadd teamspeak
-useradd -g teamspeak teamspeak
-
-chown teamspeak.teamspeak /opt/teamspeak -Rv
-
-restore_backup ${NAME}
-start_service --background ${NAME}
-
-ln -sf ../init.d/teamspeak /etc/rc.d/rc0.d/K00teamspeak
-ln -sf ../init.d/teamspeak /etc/rc.d/rc3.d/S99teamspeak
-ln -sf ../init.d/teamspeak /etc/rc.d/rc6.d/K00teamspeak
-
-
+++ /dev/null
-#!/bin/bash
-############################################################################
-# #
-# This file is part of the IPFire Firewall. #
-# #
-# IPFire is free software; you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation; either version 2 of the License, or #
-# (at your option) any later version. #
-# #
-# IPFire is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with IPFire; if not, write to the Free Software #
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
-# #
-# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
-# #
-############################################################################
-#
-. /opt/pakfire/lib/functions.sh
-./uninstall.sh
-./install.sh
--- /dev/null
+--- build/usr/src/asterisk-11.9.0/res/Makefile.orig 2014-04-28 20:30:50.500877461 +0200
++++ build/usr/src/asterisk-11.9.0/res/Makefile 2014-04-28 20:31:39.357034757 +0200
+@@ -75,7 +75,7 @@
+ rm -f pjproject/build.mak
+
+ pjproject/build.mak: pjproject/aconfigure
+- (cd pjproject && CFLAGS="-fPIC" ./configure --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) --disable-floating-point --disable-sound --disable-oss --disable-speex-aec --disable-l16-codec --disable-gsm-codec --disable-g722-codec --disable-g7221-codec --disable-speex-codec --disable-ilbc-codec --disable-g711-codec)
++ (cd pjproject && CFLAGS="-fPIC" ./configure --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) --disable-floating-point --disable-sound --disable-oss --disable-speex-aec --disable-l16-codec --disable-gsm-codec --disable-g722-codec --disable-g7221-codec --disable-speex-codec --disable-ilbc-codec --disable-g711-codec --disable-opencore-amrnb --disable-video --disable-sdl --disable-ffmpeg --disable-v4l2)
+
+ ifneq ($(findstring $(MAKECMDGOALS),all),)
+ -include pjproject/build.mak
--- /dev/null
+Upstream issue 18345
+Link: https://issues.asterisk.org/jira/browse/ASTERISK-18345
+Patch-By: Filip Jenicek
+
+Submitted upstream: 2012-05-31 09:12
+For Asterisk version: 1.8.4
+
+The HOOK_T ssl_read function should behave the same way as the system read function
+by blocking and waiting for (more) data from the SSL subsystem. Failure to do this
+will drop data on the floor and ultimately disconnect SSL clients.
+
+--- asterisk/main/tcptls.c
++++ asterisk/main/tcptls.c
+@@ -55,6 +55,14 @@
+ static HOOK_T ssl_read(void *cookie, char *buf, LEN_T len)
+ {
+ int i = SSL_read(cookie, buf, len-1);
++
++ /* ssl_read should block and wait for the SSL layer to provide all data */
++ while (i < 0 && SSL_get_error(cookie, i) == SSL_ERROR_WANT_READ) {
++ ast_debug(1, "SSL_read - data not ready.\n");
++ if (ast_wait_for_input(SSL_get_fd(cookie), 5000) <= 0) return 0;
++ i = SSL_read(cookie, buf, len-1);
++ }
++
+ #if 0
+ if (i >= 0)
+ buf[i] = '\0';
--- /dev/null
+From 4bbfb2b9f391f273744163cfda7bec96671e9d9c Mon Sep 17 00:00:00 2001
+From: Florian Forster <octo@collectd.org>
+Date: Thu, 18 Apr 2013 06:25:58 +0200
+Subject: [PATCH 01/22] src/utils_mount.h: Add <stdio.h>.
+
+This is required on Solaris 10. Thanks to dannypoo@ for reporting this
+problem.
+
+Github: #306
+---
+ src/utils_mount.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/utils_mount.h b/src/utils_mount.h
+index 1f2403c..83f789b 100644
+--- a/src/utils_mount.h
++++ b/src/utils_mount.h
+@@ -26,6 +26,7 @@
+ #ifndef COLLECTD_UTILS_MOUNT_H
+ #define COLLECTD_UTILS_MOUNT_H 1
+
++#include <stdio.h>
+ #if HAVE_FS_INFO_H
+ # include <fs_info.h>
+ #endif
+--
+1.9.3
+
--- /dev/null
+From f2391b9da6127e4acd5b54b7ae6c2d585df0e2a0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Joaqu=C3=ADn=20Cuenca=20Abela?= <e98cuenc@gmail.com>
+Date: Wed, 29 May 2013 16:22:09 +0200
+Subject: [PATCH 02/22] Don't notify continuously when MySQL slave SQL thread
+ is running
+
+Signed-off-by: Florian Forster <octo@collectd.org>
+---
+ src/mysql.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mysql.c b/src/mysql.c
+index 8b3cd21..f93a442 100644
+--- a/src/mysql.c
++++ b/src/mysql.c
+@@ -689,7 +689,7 @@ static int mysql_read_slave_stats (mysql_database_t *db, MYSQL *con)
+ ssnprintf (n.message, sizeof (n.message),
+ "slave SQL thread started");
+ plugin_dispatch_notification (&n);
+- db->slave_sql_running = 0;
++ db->slave_sql_running = 1;
+ }
+ }
+
+--
+1.9.3
+
--- /dev/null
+From bbbf37d55a3959951604c4be482e9a705a0f86d9 Mon Sep 17 00:00:00 2001
+From: Marc Fournier <marc.fournier@camptocamp.com>
+Date: Tue, 7 Jan 2014 11:30:59 +0100
+Subject: [PATCH 03/22] curl_xml.c: avoid using uninitalized variable in error
+ message
+
+Thanks to @trtrmitya for reporting this. Fixes GH#507
+---
+ src/curl_xml.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/curl_xml.c b/src/curl_xml.c
+index 75f5cc3..77aee60 100644
+--- a/src/curl_xml.c
++++ b/src/curl_xml.c
+@@ -551,12 +551,12 @@ static int cx_curl_perform (cx_t *db, CURL *curl) /* {{{ */
+ char *ptr;
+ char *url;
+
+- db->buffer_fill = 0;
++ db->buffer_fill = 0;
+ status = curl_easy_perform (curl);
+ if (status != CURLE_OK)
+ {
+- ERROR ("curl_xml plugin: curl_easy_perform failed with status %i: %s (%s)",
+- status, db->curl_errbuf, url);
++ ERROR ("curl_xml plugin: curl_easy_perform failed with status %i: %s",
++ status, db->curl_errbuf);
+ return (-1);
+ }
+
+--
+1.9.3
+
--- /dev/null
+From 645dadb3fcc466e8880fda4eb23b21ad433631fc Mon Sep 17 00:00:00 2001
+From: Marc Fournier <marc.fournier@camptocamp.com>
+Date: Tue, 7 Jan 2014 16:06:10 +0100
+Subject: [PATCH 04/22] interface.c: FreeBSD-10 support
+
+Quoting @trtrmitya in github issue #506 : "[...] it is broken on
+FreeBSD-10, in which getifaddrs() returns not only link level stats for
+a particular interface, but also entries for each IP configured on that
+interface. As a result if_submit() is called several times for each
+interface, which results in incorrect data being logged.
+
+I am attaching a patch which fixes a problem on FreeBSD (9/10), but it
+should work for every *BSD because [...] the getifaddrs implementation
+first appeared in BSDi BSD/OS."
+
+Many thanks to @trtrmitya for providing the patch !
+---
+ src/interface.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/interface.c b/src/interface.c
+index db998a3..9b566ea 100644
+--- a/src/interface.c
++++ b/src/interface.c
+@@ -213,18 +213,19 @@ static int interface_read (void)
+
+ for (if_ptr = if_list; if_ptr != NULL; if_ptr = if_ptr->ifa_next)
+ {
+- if ((if_data = (struct IFA_DATA *) if_ptr->ifa_data) == NULL)
+- continue;
++ if (if_ptr->ifa_addr != NULL && if_ptr->ifa_addr->sa_family == AF_LINK) {
++ if_data = (struct IFA_DATA *) if_ptr->ifa_data;
+
+- if_submit (if_ptr->ifa_name, "if_octets",
++ if_submit (if_ptr->ifa_name, "if_octets",
+ if_data->IFA_RX_BYTES,
+ if_data->IFA_TX_BYTES);
+- if_submit (if_ptr->ifa_name, "if_packets",
++ if_submit (if_ptr->ifa_name, "if_packets",
+ if_data->IFA_RX_PACKT,
+ if_data->IFA_TX_PACKT);
+- if_submit (if_ptr->ifa_name, "if_errors",
++ if_submit (if_ptr->ifa_name, "if_errors",
+ if_data->IFA_RX_ERROR,
+ if_data->IFA_TX_ERROR);
++ }
+ }
+
+ freeifaddrs (if_list);
+--
+1.9.3
+
--- /dev/null
+From cde09b547abbeb7595d91259fcc628504d0f55a9 Mon Sep 17 00:00:00 2001
+From: Marc Fournier <marc.fournier@camptocamp.com>
+Date: Wed, 8 Jan 2014 18:05:40 +0100
+Subject: [PATCH 05/22] Revert "curl_xml.c: avoid using uninitalized variable
+ in error message"
+
+This reverts commit bbbf37d55a3959951604c4be482e9a705a0f86d9.
+
+A different fix for this problem was commited to the collectd-5.4 branch
+(8327ee64) and conflicts with this patch. Also, initializing url the
+same way as 8327ee64 does it, to avoid a merge conflict.
+---
+ src/curl_xml.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/curl_xml.c b/src/curl_xml.c
+index 77aee60..b941f02 100644
+--- a/src/curl_xml.c
++++ b/src/curl_xml.c
+@@ -550,13 +550,14 @@ static int cx_curl_perform (cx_t *db, CURL *curl) /* {{{ */
+ long rc;
+ char *ptr;
+ char *url;
++ url = db->url;
+
+- db->buffer_fill = 0;
++ db->buffer_fill = 0;
+ status = curl_easy_perform (curl);
+ if (status != CURLE_OK)
+ {
+- ERROR ("curl_xml plugin: curl_easy_perform failed with status %i: %s",
+- status, db->curl_errbuf);
++ ERROR ("curl_xml plugin: curl_easy_perform failed with status %i: %s (%s)",
++ status, db->curl_errbuf, url);
+ return (-1);
+ }
+
+--
+1.9.3
+
--- /dev/null
+From ddffda7a150cd3abdb6ec392b514a250e91e0c19 Mon Sep 17 00:00:00 2001
+From: Chris Lundquist <chris.lundquist@github.com>
+Date: Tue, 14 Jan 2014 18:33:13 -0800
+Subject: [PATCH 06/22] [network] set_thread_cbs so we initialize the right
+ threading mode in gcry_check_version
+
+Signed-off-by: Florian Forster <octo@collectd.org>
+---
+ src/network.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network.c b/src/network.c
+index d0ff6bc..be82c6f 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -500,8 +500,8 @@ static void network_init_gcrypt (void) /* {{{ */
+ if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
+ return;
+
+- gcry_check_version (NULL); /* before calling any other functions */
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
++ gcry_check_version (NULL); /* before calling *almost* any other functions */
+ gcry_control (GCRYCTL_INIT_SECMEM, 32768);
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
+ } /* }}} void network_init_gcrypt */
+--
+1.9.3
+
--- /dev/null
+From 5f2f969335757f31f42cd8bb7e38eb8c5fe5e56e Mon Sep 17 00:00:00 2001
+From: Florian Forster <octo@collectd.org>
+Date: Wed, 15 Jan 2014 23:47:33 +0100
+Subject: [PATCH 07/22] apache plugin: Call curl_global_init() from the init
+ function.
+
+This is a shot in the dark in trying to address #513. By calling this
+from an init() callback, I hope to be initializing the curl and gcrypt
+libraries before collectd becomes multi-threaded, avoiding the problems
+described in the issue.
+---
+ src/apache.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/apache.c b/src/apache.c
+index 899c21e..23bba3e 100644
+--- a/src/apache.c
++++ b/src/apache.c
+@@ -702,9 +702,18 @@ static int apache_read_host (user_data_t *user_data) /* {{{ */
+ return (0);
+ } /* }}} int apache_read_host */
+
++static int apache_init (void) /* {{{ */
++{
++ /* Call this while collectd is still single-threaded to avoid
++ * initialization issues in libgcrypt. */
++ curl_global_init (CURL_GLOBAL_SSL);
++ return (0);
++} /* }}} int apache_init */
++
+ void module_register (void)
+ {
+ plugin_register_complex_config ("apache", config);
++ plugin_register_init ("apache", apache_init);
+ } /* void module_register */
+
+ /* vim: set sw=8 noet fdm=marker : */
+--
+1.9.3
+
--- /dev/null
+From 793c2046de1ac04689d541a5e83513fe8e62578c Mon Sep 17 00:00:00 2001
+From: Marc Fournier <marc.fournier@camptocamp.com>
+Date: Thu, 16 Jan 2014 00:30:42 +0100
+Subject: [PATCH 08/22] network: comment libgcrypt initalization process
+
+---
+ src/network.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/network.c b/src/network.c
+index be82c6f..f379a5c 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -500,8 +500,15 @@ static void network_init_gcrypt (void) /* {{{ */
+ if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
+ return;
+
++ /* http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html
++ * To ensure thread-safety, it's important to set GCRYCTL_SET_THREAD_CBS
++ * *before* initalizing Libgcrypt with gcry_check_version(), which itself must
++ * be called before any other gcry_* function. GCRYCTL_ANY_INITIALIZATION_P
++ * above doesn't count, as it doesn't implicitly initalize Libgcrypt.
++ *
++ * tl;dr: keep all these gry_* statements in this exact order please. */
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+- gcry_check_version (NULL); /* before calling *almost* any other functions */
++ gcry_check_version (NULL);
+ gcry_control (GCRYCTL_INIT_SECMEM, 32768);
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
+ } /* }}} void network_init_gcrypt */
+--
+1.9.3
+
--- /dev/null
+From 66b400ab01b8133e450bb002e175117a1ab6f9ae Mon Sep 17 00:00:00 2001
+From: Jeremy Katz <jeremy@katzbox.net>
+Date: Sun, 26 Jan 2014 20:43:19 -0500
+Subject: [PATCH 09/22] Call curl_global_init() in _init of plugins using curl
+
+Need to call curl_global_init() or curl_easy_init() during init
+for plugins when we're still running single threaded. This
+updates the remaining ones
+---
+ src/curl.c | 1 +
+ src/curl_json.c | 9 +++++++++
+ src/curl_xml.c | 9 +++++++++
+ src/write_http.c | 9 +++++++++
+ 4 files changed, 28 insertions(+)
+
+diff --git a/src/curl.c b/src/curl.c
+index 3899aaa..8d2893f 100644
+--- a/src/curl.c
++++ b/src/curl.c
+@@ -566,6 +566,7 @@ static int cc_init (void) /* {{{ */
+ INFO ("curl plugin: No pages have been defined.");
+ return (-1);
+ }
++ curl_global_init (CURL_GLOBAL_SSL);
+ return (0);
+ } /* }}} int cc_init */
+
+diff --git a/src/curl_json.c b/src/curl_json.c
+index 24e1df1..0948962 100644
+--- a/src/curl_json.c
++++ b/src/curl_json.c
+@@ -882,9 +882,18 @@ static int cj_read (user_data_t *ud) /* {{{ */
+ return cj_curl_perform (db, db->curl);
+ } /* }}} int cj_read */
+
++static int cj_init (void) /* {{{ */
++{
++ /* Call this while collectd is still single-threaded to avoid
++ * initialization issues in libgcrypt. */
++ curl_global_init (CURL_GLOBAL_SSL);
++ return (0);
++} /* }}} int cj_init */
++
+ void module_register (void)
+ {
+ plugin_register_complex_config ("curl_json", cj_config);
++ plugin_register_init ("curl_json", cj_init);
+ } /* void module_register */
+
+ /* vim: set sw=2 sts=2 et fdm=marker : */
+diff --git a/src/curl_xml.c b/src/curl_xml.c
+index b941f02..e31e73d 100644
+--- a/src/curl_xml.c
++++ b/src/curl_xml.c
+@@ -926,9 +926,18 @@ static int cx_config (oconfig_item_t *ci) /* {{{ */
+ return (0);
+ } /* }}} int cx_config */
+
++static int cx_init (void) /* {{{ */
++{
++ /* Call this while collectd is still single-threaded to avoid
++ * initialization issues in libgcrypt. */
++ curl_global_init (CURL_GLOBAL_SSL);
++ return (0);
++} /* }}} int cx_init */
++
+ void module_register (void)
+ {
+ plugin_register_complex_config ("curl_xml", cx_config);
++ plugin_register_init ("curl_xml", cx_init);
+ } /* void module_register */
+
+ /* vim: set sw=2 sts=2 et fdm=marker : */
+diff --git a/src/write_http.c b/src/write_http.c
+index 62c73b0..04c637b 100644
+--- a/src/write_http.c
++++ b/src/write_http.c
+@@ -656,9 +656,18 @@ static int wh_config (oconfig_item_t *ci) /* {{{ */
+ return (0);
+ } /* }}} int wh_config */
+
++static int wh_init (void) /* {{{ */
++{
++ /* Call this while collectd is still single-threaded to avoid
++ * initialization issues in libgcrypt. */
++ curl_global_init (CURL_GLOBAL_SSL);
++ return (0);
++} /* }}} int wh_init */
++
+ void module_register (void) /* {{{ */
+ {
+ plugin_register_complex_config ("write_http", wh_config);
++ plugin_register_init ("write_http", wh_init);
+ } /* }}} void module_register */
+
+ /* vim: set fdm=marker sw=8 ts=8 tw=78 et : */
+--
+1.9.3
+
--- /dev/null
+From 6bd48f2346c5072dc22da58c7b7cd8e8ceb83fc5 Mon Sep 17 00:00:00 2001
+From: Marc Fournier <marc.fournier@camptocamp.com>
+Date: Sat, 29 Mar 2014 13:37:36 +0100
+Subject: [PATCH 10/22] indent wh_init() to be consistent with the rest of the
+ file
+
+---
+ src/write_http.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/write_http.c b/src/write_http.c
+index 04c637b..0a13444 100644
+--- a/src/write_http.c
++++ b/src/write_http.c
+@@ -658,10 +658,10 @@ static int wh_config (oconfig_item_t *ci) /* {{{ */
+
+ static int wh_init (void) /* {{{ */
+ {
+- /* Call this while collectd is still single-threaded to avoid
+- * initialization issues in libgcrypt. */
+- curl_global_init (CURL_GLOBAL_SSL);
+- return (0);
++ /* Call this while collectd is still single-threaded to avoid
++ * initialization issues in libgcrypt. */
++ curl_global_init (CURL_GLOBAL_SSL);
++ return (0);
+ } /* }}} int wh_init */
+
+ void module_register (void) /* {{{ */
+--
+1.9.3
+
--- /dev/null
+From 6207fce91a0933e852ec76fc31ca81ec00ffa04b Mon Sep 17 00:00:00 2001
+From: Wilfried Goesgens <dothebart@citadel.org>
+Date: Thu, 5 Jun 2014 20:04:13 +0200
+Subject: [PATCH 11/22] Configparser: when we alocate an empty list, we also
+ need to reset the counter; else we will trip over this later. This fixes
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750440
+
+---
+ src/configfile.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/configfile.c b/src/configfile.c
+index 0b7786f..983d995 100644
+--- a/src/configfile.c
++++ b/src/configfile.c
+@@ -414,6 +414,12 @@ static int cf_ci_replace_child (oconfig_item_t *dst, oconfig_item_t *src,
+
+ /* Resize the memory containing the children to be big enough to hold
+ * all children. */
++ if (dst->children_num + src->children_num - 1 == 0)
++ {
++ dst->children_num = 0;
++ return (0);
++ }
++
+ temp = (oconfig_item_t *) realloc (dst->children,
+ sizeof (oconfig_item_t)
+ * (dst->children_num + src->children_num - 1));
+@@ -514,7 +520,8 @@ static int cf_include_all (oconfig_item_t *root, int depth)
+ continue;
+
+ /* Now replace the i'th child in `root' with `new'. */
+- cf_ci_replace_child (root, new, i);
++ if (cf_ci_replace_child (root, new, i) < 0)
++ return (-1);
+
+ /* ... and go back to the new i'th child. */
+ --i;
+--
+1.9.3
+
--- /dev/null
+From c2ca2a46e617878dcff69de0b8940ea91d3401cc Mon Sep 17 00:00:00 2001
+From: Lauri Tirkkonen <lotheac@iki.fi>
+Date: Thu, 22 May 2014 14:05:40 +0300
+Subject: [PATCH 12/22] don't assume pkg-config is in PATH
+
+---
+ configure.in | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index 0b12630..7086800 100644
+--- a/configure.in
++++ b/configure.in
+@@ -1136,8 +1136,8 @@ AC_CHECK_LIB(hal,libhal_device_property_exists,
+ [with_libhal="no"])
+ if test "x$with_libhal" = "xyes"; then
+ if test "x$PKG_CONFIG" != "x"; then
+- BUILD_WITH_LIBHAL_CFLAGS="`pkg-config --cflags hal`"
+- BUILD_WITH_LIBHAL_LIBS="`pkg-config --libs hal`"
++ BUILD_WITH_LIBHAL_CFLAGS="`$PKG_CONFIG --cflags hal`"
++ BUILD_WITH_LIBHAL_LIBS="`$PKG_CONFIG --libs hal`"
+ AC_SUBST(BUILD_WITH_LIBHAL_CFLAGS)
+ AC_SUBST(BUILD_WITH_LIBHAL_LIBS)
+ fi
+@@ -3434,8 +3434,8 @@ then
+ if $PKG_CONFIG --exists tokyotyrant
+ then
+ with_libtokyotyrant_cppflags="$with_libtokyotyrant_cppflags `$PKG_CONFIG --cflags tokyotyrant`"
+- with_libtokyotyrant_ldflags="$with_libtokyotyrant_ldflags `pkg-config --libs-only-L tokyotyrant`"
+- with_libtokyotyrant_libs="$with_libtokyotyrant_libs `pkg-config --libs-only-l tokyotyrant`"
++ with_libtokyotyrant_ldflags="$with_libtokyotyrant_ldflags `$PKG_CONFIG --libs-only-L tokyotyrant`"
++ with_libtokyotyrant_libs="$with_libtokyotyrant_libs `$PKG_CONFIG --libs-only-l tokyotyrant`"
+ fi
+ fi
+
+@@ -3743,7 +3743,7 @@ with_libvirt_cflags=""
+ with_libvirt_ldflags=""
+ if test "x$PKG_CONFIG" != "x"
+ then
+- pkg-config --exists 'libxml-2.0' 2>/dev/null
++ $PKG_CONFIG --exists 'libxml-2.0' 2>/dev/null
+ if test "$?" = "0"
+ then
+ with_libxml2="yes"
+@@ -3751,7 +3751,7 @@ then
+ with_libxml2="no (pkg-config doesn't know library)"
+ fi
+
+- pkg-config --exists libvirt 2>/dev/null
++ $PKG_CONFIG --exists libvirt 2>/dev/null
+ if test "$?" = "0"
+ then
+ with_libvirt="yes"
+@@ -3761,12 +3761,12 @@ then
+ fi
+ if test "x$with_libxml2" = "xyes"
+ then
+- with_libxml2_cflags="`pkg-config --cflags libxml-2.0`"
++ with_libxml2_cflags="`$PKG_CONFIG --cflags libxml-2.0`"
+ if test $? -ne 0
+ then
+ with_libxml2="no"
+ fi
+- with_libxml2_ldflags="`pkg-config --libs libxml-2.0`"
++ with_libxml2_ldflags="$PKG_CONFIG --libs libxml-2.0`"
+ if test $? -ne 0
+ then
+ with_libxml2="no"
+@@ -3806,12 +3806,12 @@ if test "x$with_libxml2" = "xyes"; then
+ fi
+ if test "x$with_libvirt" = "xyes"
+ then
+- with_libvirt_cflags="`pkg-config --cflags libvirt`"
++ with_libvirt_cflags="$PKG_CONFIG --cflags libvirt`"
+ if test $? -ne 0
+ then
+ with_libvirt="no"
+ fi
+- with_libvirt_ldflags="`pkg-config --libs libvirt`"
++ with_libvirt_ldflags="$PKG_CONFIG --libs libvirt`"
+ if test $? -ne 0
+ then
+ with_libvirt="no"
+--
+1.9.3
+
--- /dev/null
+From 497f5785e8b385f03b5fb5b15bdff8ba39e4699e Mon Sep 17 00:00:00 2001
+From: Marc Fournier <marc.fournier@camptocamp.com>
+Date: Mon, 23 Jun 2014 18:00:01 +0200
+Subject: [PATCH 13/22] add missing backticks which broke the build
+
+---
+ configure.in | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index 7086800..5dac543 100644
+--- a/configure.in
++++ b/configure.in
+@@ -3766,7 +3766,7 @@ then
+ then
+ with_libxml2="no"
+ fi
+- with_libxml2_ldflags="$PKG_CONFIG --libs libxml-2.0`"
++ with_libxml2_ldflags="`$PKG_CONFIG --libs libxml-2.0`"
+ if test $? -ne 0
+ then
+ with_libxml2="no"
+@@ -3806,12 +3806,12 @@ if test "x$with_libxml2" = "xyes"; then
+ fi
+ if test "x$with_libvirt" = "xyes"
+ then
+- with_libvirt_cflags="$PKG_CONFIG --cflags libvirt`"
++ with_libvirt_cflags="`$PKG_CONFIG --cflags libvirt`"
+ if test $? -ne 0
+ then
+ with_libvirt="no"
+ fi
+- with_libvirt_ldflags="$PKG_CONFIG --libs libvirt`"
++ with_libvirt_ldflags="`$PKG_CONFIG --libs libvirt`"
+ if test $? -ne 0
+ then
+ with_libvirt="no"
+--
+1.9.3
+
--- /dev/null
+From 0da910fb1bf2bd4982ca6541458c795ec296f398 Mon Sep 17 00:00:00 2001
+From: Marc Fournier <marc.fournier@camptocamp.com>
+Date: Fri, 8 Aug 2014 15:55:10 +0200
+Subject: [PATCH 14/22] snmp: free snmp_pdu struct allocated by
+ snmp_pdu_create()
+
+This should fix the leak reported in issue #610.
+---
+ src/snmp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/snmp.c b/src/snmp.c
+index d440f7f..dacdede 100644
+--- a/src/snmp.c
++++ b/src/snmp.c
+@@ -1503,6 +1503,10 @@ static int csnmp_read_table (host_definition_t *host, data_definition_t *data)
+ snmp_free_pdu (res);
+ res = NULL;
+
++ if (req != NULL)
++ snmp_free_pdu (req);
++ req = NULL;
++
+ if (status == 0)
+ csnmp_dispatch_table (host, data, instance_list_head, value_list_head);
+
+--
+1.9.3
+
--- /dev/null
+From 0afea60611f115a28b8ec331aba610e3038c1ef2 Mon Sep 17 00:00:00 2001
+From: Arthur Marble <arthur@info9.net>
+Date: Sun, 17 Aug 2014 17:34:04 -0500
+Subject: [PATCH 15/22] curl_xml plugin: Fixed tautological pointer comparison
+ error.
+
+Fixes: http://bugs.debian.org/758481
+Signed-off-by: Florian Forster <octo@collectd.org>
+---
+ src/curl_xml.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/curl_xml.c b/src/curl_xml.c
+index e31e73d..28b2ded 100644
+--- a/src/curl_xml.c
++++ b/src/curl_xml.c
+@@ -344,7 +344,7 @@ static int cx_handle_instance_xpath (xmlXPathContextPtr xpath_ctx, /* {{{ */
+ /* If the base xpath returns more than one block, the result is assumed to be
+ * a table. The `Instnce' option is not optional in this case. Check for the
+ * condition and inform the user. */
+- if (is_table && (vl->type_instance == NULL))
++ if (is_table)
+ {
+ WARNING ("curl_xml plugin: "
+ "Base-XPath %s is a table (more than one result was returned), "
+--
+1.9.3
+
--- /dev/null
+From 9d065b401c2c393bef5a6e58b5deeda7d59d4f39 Mon Sep 17 00:00:00 2001
+From: Ed Okerson <ed@okerson.com>
+Date: Mon, 11 Feb 2013 15:46:10 -0600
+Subject: [PATCH 16/22] Add support for OpenVPN 2.3.0 status files.
+
+Fix a bug that breaks this module if a server is running multiple instances of OpenVPN and one instance does not have any clients connected.
+---
+ src/openvpn.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 84 insertions(+), 6 deletions(-)
+
+diff --git a/src/openvpn.c b/src/openvpn.c
+index 2aca414..d2b6f17 100644
+--- a/src/openvpn.c
++++ b/src/openvpn.c
+@@ -32,6 +32,7 @@
+ #define V1STRING "Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since\n"
+ #define V2STRING "HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t)\n"
+ #define V3STRING "HEADER CLIENT_LIST Common Name Real Address Virtual Address Bytes Received Bytes Sent Connected Since Connected Since (time_t)\n"
++#define V4STRING "HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username\n"
+ #define VSSTRING "OpenVPN STATISTICS\n"
+
+
+@@ -43,6 +44,7 @@ struct vpn_status_s
+ MULTI1 = 1, /* status-version 1 */
+ MULTI2, /* status-version 2 */
+ MULTI3, /* status-version 3 */
++ MULTI4, /* status-version 4 */
+ SINGLE = 10 /* currently no versions for single mode, maybe in the future */
+ } version;
+ char *name;
+@@ -452,13 +454,77 @@ static int multi3_read (char *name, FILE *fh)
+ return (read);
+ } /* int multi3_read */
+
++/* for reading status version 4 */
++static int multi4_read (char *name, FILE *fh)
++{
++ char buffer[1024];
++ char *fields[11];
++ const int max_fields = STATIC_ARRAY_SIZE (fields);
++ int fields_num, read = 0;
++ long long sum_users = 0;
++
++ while (fgets (buffer, sizeof (buffer), fh) != NULL)
++ {
++ fields_num = openvpn_strsplit (buffer, fields, max_fields);
++
++ /* status file is generated by openvpn/multi.c:multi_print_status()
++ * http://svn.openvpn.net/projects/openvpn/trunk/openvpn/multi.c
++ *
++ * The line we're expecting has 9 fields. We ignore all lines
++ * with more or less fields.
++ */
++ if (fields_num != 9)
++ continue;
++
++
++ if (strcmp (fields[0], "CLIENT_LIST") != 0)
++ continue;
++
++
++ if (collect_user_count)
++ /* If so, sum all users, ignore the individuals*/
++ {
++ sum_users += 1;
++ }
++ if (collect_individual_users)
++ {
++ if (new_naming_schema)
++ {
++ /* plugin inst = file name, type inst = fields[1] */
++ iostats_submit (name, /* vpn instance */
++ fields[1], /* "Common Name" */
++ atoll (fields[4]), /* "Bytes Received" */
++ atoll (fields[5])); /* "Bytes Sent" */
++ }
++ else
++ {
++ /* plugin inst = fields[1], type inst = "" */
++ iostats_submit (fields[1], /* "Common Name" */
++ NULL, /* unused when in multimode */
++ atoll (fields[4]), /* "Bytes Received" */
++ atoll (fields[5])); /* "Bytes Sent" */
++ }
++ }
++
++ read = 1;
++ }
++
++ if (collect_user_count)
++ {
++ numusers_submit(name, name, sum_users);
++ read = 1;
++ }
++
++ return (read);
++} /* int multi4_read */
++
+ /* read callback */
+ static int openvpn_read (void)
+ {
+ FILE *fh;
+- int i, read;
++ int i, vpn_read, read;
+
+- read = 0;
++ vpn_read = read = 0;
+
+ /* call the right read function for every status entry in the list */
+ for (i = 0; i < vpn_num; i++)
+@@ -476,23 +542,28 @@ static int openvpn_read (void)
+ switch (vpn_list[i]->version)
+ {
+ case SINGLE:
+- read = single_read(vpn_list[i]->name, fh);
++ vpn_read = single_read(vpn_list[i]->name, fh);
+ break;
+
+ case MULTI1:
+- read = multi1_read(vpn_list[i]->name, fh);
++ vpn_read = multi1_read(vpn_list[i]->name, fh);
+ break;
+
+ case MULTI2:
+- read = multi2_read(vpn_list[i]->name, fh);
++ vpn_read = multi2_read(vpn_list[i]->name, fh);
+ break;
+
+ case MULTI3:
+- read = multi3_read(vpn_list[i]->name, fh);
++ vpn_read = multi3_read(vpn_list[i]->name, fh);
++ break;
++
++ case MULTI4:
++ vpn_read = multi4_read(vpn_list[i]->name, fh);
+ break;
+ }
+
+ fclose (fh);
++ read += vpn_read;
+ }
+
+ return (read ? 0 : -1);
+@@ -549,6 +620,13 @@ static int version_detect (const char *filename)
+ version = MULTI3;
+ break;
+ }
++ /* searching for multi version 4 */
++ else if (strcmp (buffer, V4STRING) == 0)
++ {
++ DEBUG ("openvpn plugin: found status file version MULTI4");
++ version = MULTI4;
++ break;
++ }
+ }
+
+ if (version == 0)
+--
+1.9.3
+
--- /dev/null
+From 8516f9abb625fa7b9321e62307305aa6499be4e8 Mon Sep 17 00:00:00 2001
+From: Florian Forster <octo@collectd.org>
+Date: Sun, 14 Sep 2014 19:28:05 +0200
+Subject: [PATCH 17/22] openvpn plugin: Don't signal an error when no clients
+ are connected.
+
+In the multi1_read() function, an error (zero) was returned when no
+clients were currently connected to the OpenVPN server, because the
+"read" variable was initialized to zero and the while loop exited before
+it was set to one. This is not the intended behavior.
+
+Thanks to @srix for reporting this issue!
+
+Fixes: #731
+---
+ src/openvpn.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/src/openvpn.c b/src/openvpn.c
+index d2b6f17..7d4e4a0 100644
+--- a/src/openvpn.c
++++ b/src/openvpn.c
+@@ -267,7 +267,7 @@ static int multi1_read (char *name, FILE *fh)
+ {
+ char buffer[1024];
+ char *fields[10];
+- int fields_num, read = 0, found_header = 0;
++ int fields_num, found_header = 0;
+ long long sum_users = 0;
+
+ /* read the file until the "ROUTING TABLE" line is found (no more info after) */
+@@ -314,17 +314,15 @@ static int multi1_read (char *name, FILE *fh)
+ atoll (fields[3])); /* "Bytes Sent" */
+ }
+ }
+-
+- read = 1;
+ }
+
++ if (ferror (fh))
++ return (0);
++
+ if (collect_user_count)
+- {
+ numusers_submit(name, name, sum_users);
+- read = 1;
+- }
+
+- return (read);
++ return (1);
+ } /* int multi1_read */
+
+ /* for reading status version 2 */
+--
+1.9.3
+
--- /dev/null
+From 5dbc1cfb4baff831f950b3c9de8c332bc9aa2b6e Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 17 Sep 2014 11:25:17 +0200
+Subject: [PATCH 18/22] openvpn: Remove boguous file handler check
+
+---
+ src/openvpn.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/openvpn.c b/src/openvpn.c
+index 7d4e4a0..9598abc 100644
+--- a/src/openvpn.c
++++ b/src/openvpn.c
+@@ -316,9 +316,6 @@ static int multi1_read (char *name, FILE *fh)
+ }
+ }
+
+- if (ferror (fh))
+- return (0);
+-
+ if (collect_user_count)
+ numusers_submit(name, name, sum_users);
+
+--
+1.9.3
+
--- /dev/null
+From a45710a5a887d25ab0e04ce1553bb268013ef780 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Tue, 16 Sep 2014 14:44:42 +0200
+Subject: [PATCH 19/22] openvpn: Ignore not fully established connections
+
+---
+ src/openvpn.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/openvpn.c b/src/openvpn.c
+index 9598abc..6a0ffbd 100644
+--- a/src/openvpn.c
++++ b/src/openvpn.c
+@@ -292,6 +292,10 @@ static int multi1_read (char *name, FILE *fh)
+ if (fields_num < 4)
+ continue;
+
++ // Ignore not yet fully established connections
++ if (strcmp(fields[1], "UNDEF") == 0)
++ continue;
++
+ if (collect_user_count)
+ /* If so, sum all users, ignore the individuals*/
+ {
+@@ -347,6 +351,10 @@ static int multi2_read (char *name, FILE *fh)
+ if (strcmp (fields[0], "CLIENT_LIST") != 0)
+ continue;
+
++ // Ignore not yet fully established connections
++ if (strcmp(fields[0], "UNDEF") == 0)
++ continue;
++
+ if (collect_user_count)
+ /* If so, sum all users, ignore the individuals*/
+ {
+@@ -412,6 +420,10 @@ static int multi3_read (char *name, FILE *fh)
+ if (strcmp (fields[0], "CLIENT_LIST") != 0)
+ continue;
+
++ // Ignore not yet fully established connections
++ if (strcmp(fields[0], "UNDEF") == 0)
++ continue;
++
+ if (collect_user_count)
+ /* If so, sum all users, ignore the individuals*/
+ {
+@@ -475,6 +487,9 @@ static int multi4_read (char *name, FILE *fh)
+ if (strcmp (fields[0], "CLIENT_LIST") != 0)
+ continue;
+
++ // Ignore not yet fully established connections
++ if (strcmp(fields[0], "UNDEF") == 0)
++ continue;
+
+ if (collect_user_count)
+ /* If so, sum all users, ignore the individuals*/
+--
+1.9.3
+
--- /dev/null
+From 46e716ee8d4208924d10f57f9ed97c99674a6ef4 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 17 Sep 2014 11:31:13 +0200
+Subject: [PATCH 20/22] openvpn: Make read functions robust like in
+ 8516f9abb625fa7b9321e62307305aa6499be4e8
+
+---
+ src/openvpn.c | 21 ++++++---------------
+ 1 file changed, 6 insertions(+), 15 deletions(-)
+
+diff --git a/src/openvpn.c b/src/openvpn.c
+index 6a0ffbd..f686721 100644
+--- a/src/openvpn.c
++++ b/src/openvpn.c
+@@ -332,7 +332,7 @@ static int multi2_read (char *name, FILE *fh)
+ char buffer[1024];
+ char *fields[10];
+ const int max_fields = STATIC_ARRAY_SIZE (fields);
+- int fields_num, read = 0;
++ int fields_num;
+ long long sum_users = 0;
+
+ while (fgets (buffer, sizeof (buffer), fh) != NULL)
+@@ -379,17 +379,14 @@ static int multi2_read (char *name, FILE *fh)
+ atoll (fields[5])); /* "Bytes Sent" */
+ }
+ }
+-
+- read = 1;
+ }
+
+ if (collect_user_count)
+ {
+ numusers_submit(name, name, sum_users);
+- read = 1;
+ }
+
+- return (read);
++ return (1);
+ } /* int multi2_read */
+
+ /* for reading status version 3 */
+@@ -398,7 +395,7 @@ static int multi3_read (char *name, FILE *fh)
+ char buffer[1024];
+ char *fields[15];
+ const int max_fields = STATIC_ARRAY_SIZE (fields);
+- int fields_num, read = 0;
++ int fields_num;
+ long long sum_users = 0;
+
+ while (fgets (buffer, sizeof (buffer), fh) != NULL)
+@@ -447,18 +444,15 @@ static int multi3_read (char *name, FILE *fh)
+ atoll (fields[5])); /* "Bytes Sent" */
+ }
+ }
+-
+- read = 1;
+ }
+ }
+
+ if (collect_user_count)
+ {
+ numusers_submit(name, name, sum_users);
+- read = 1;
+ }
+
+- return (read);
++ return (1);
+ } /* int multi3_read */
+
+ /* for reading status version 4 */
+@@ -467,7 +461,7 @@ static int multi4_read (char *name, FILE *fh)
+ char buffer[1024];
+ char *fields[11];
+ const int max_fields = STATIC_ARRAY_SIZE (fields);
+- int fields_num, read = 0;
++ int fields_num;
+ long long sum_users = 0;
+
+ while (fgets (buffer, sizeof (buffer), fh) != NULL)
+@@ -515,17 +509,14 @@ static int multi4_read (char *name, FILE *fh)
+ atoll (fields[5])); /* "Bytes Sent" */
+ }
+ }
+-
+- read = 1;
+ }
+
+ if (collect_user_count)
+ {
+ numusers_submit(name, name, sum_users);
+- read = 1;
+ }
+
+- return (read);
++ return (1);
+ } /* int multi4_read */
+
+ /* read callback */
+--
+1.9.3
+
--- /dev/null
+From 41253b68808deade2a1866f0c24f4bbc029a92c2 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 24 Sep 2014 14:38:04 +0200
+Subject: [PATCH 21/22] openvpn: Fix copy-and-paste error
+
+---
+ src/openvpn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/openvpn.c b/src/openvpn.c
+index f686721..2db3677 100644
+--- a/src/openvpn.c
++++ b/src/openvpn.c
+@@ -293,7 +293,7 @@ static int multi1_read (char *name, FILE *fh)
+ continue;
+
+ // Ignore not yet fully established connections
+- if (strcmp(fields[1], "UNDEF") == 0)
++ if (strcmp(fields[0], "UNDEF") == 0)
+ continue;
+
+ if (collect_user_count)
+--
+1.9.3
+
--- /dev/null
+From 3458d610e8b99eb88c2f06ad576b4f46e0169877 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 26 Sep 2014 12:02:27 +0200
+Subject: [PATCH 22/22] openvpn: Change data type from COUNTER to DERIVE
+
+COUNTER is not what we want here, so we will use DERIVE.
+---
+ src/openvpn.c | 26 +++++++++++++-------------
+ src/types.db | 2 ++
+ 2 files changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/src/openvpn.c b/src/openvpn.c
+index 2db3677..d446e99 100644
+--- a/src/openvpn.c
++++ b/src/openvpn.c
+@@ -116,13 +116,13 @@ static void numusers_submit (char *pinst, char *tinst, gauge_t value)
+ } /* void numusers_submit */
+
+ /* dispatches stats about traffic (TCP or UDP) generated by the tunnel per single endpoint */
+-static void iostats_submit (char *pinst, char *tinst, counter_t rx, counter_t tx)
++static void iostats_submit (char *pinst, char *tinst, derive_t rx, derive_t tx)
+ {
+ value_t values[2];
+ value_list_t vl = VALUE_LIST_INIT;
+
+- values[0].counter = rx;
+- values[1].counter = tx;
++ values[0].derive = rx;
++ values[1].derive = tx;
+
+ /* NOTE ON THE NEW NAMING SCHEMA:
+ * using plugin_instance to identify each vpn config (and
+@@ -137,7 +137,7 @@ static void iostats_submit (char *pinst, char *tinst, counter_t rx, counter_t tx
+ if (pinst != NULL)
+ sstrncpy (vl.plugin_instance, pinst,
+ sizeof (vl.plugin_instance));
+- sstrncpy (vl.type, "if_octets", sizeof (vl.type));
++ sstrncpy (vl.type, "if_octets_derive", sizeof (vl.type));
+ if (tinst != NULL)
+ sstrncpy (vl.type_instance, tinst, sizeof (vl.type_instance));
+
+@@ -146,13 +146,13 @@ static void iostats_submit (char *pinst, char *tinst, counter_t rx, counter_t tx
+
+ /* dispatches stats about data compression shown when in single mode */
+ static void compression_submit (char *pinst, char *tinst,
+- counter_t uncompressed, counter_t compressed)
++ derive_t uncompressed, derive_t compressed)
+ {
+ value_t values[2];
+ value_list_t vl = VALUE_LIST_INIT;
+
+- values[0].counter = uncompressed;
+- values[1].counter = compressed;
++ values[0].derive = uncompressed;
++ values[1].derive = compressed;
+
+ vl.values = values;
+ vl.values_len = STATIC_ARRAY_SIZE (values);
+@@ -161,7 +161,7 @@ static void compression_submit (char *pinst, char *tinst,
+ if (pinst != NULL)
+ sstrncpy (vl.plugin_instance, pinst,
+ sizeof (vl.plugin_instance));
+- sstrncpy (vl.type, "compression", sizeof (vl.type));
++ sstrncpy (vl.type, "compression_dervice", sizeof (vl.type));
+ if (tinst != NULL)
+ sstrncpy (vl.type_instance, tinst, sizeof (vl.type_instance));
+
+@@ -175,11 +175,11 @@ static int single_read (char *name, FILE *fh)
+ const int max_fields = STATIC_ARRAY_SIZE (fields);
+ int fields_num, read = 0;
+
+- counter_t link_rx, link_tx;
+- counter_t tun_rx, tun_tx;
+- counter_t pre_compress, post_compress;
+- counter_t pre_decompress, post_decompress;
+- counter_t overhead_rx, overhead_tx;
++ derive_t link_rx, link_tx;
++ derive_t tun_rx, tun_tx;
++ derive_t pre_compress, post_compress;
++ derive_t pre_decompress, post_decompress;
++ derive_t overhead_rx, overhead_tx;
+
+ link_rx = 0;
+ link_tx = 0;
+diff --git a/src/types.db b/src/types.db
+index ad54240..03ec75b 100644
+--- a/src/types.db
++++ b/src/types.db
+@@ -18,6 +18,7 @@ cache_result value:COUNTER:0:4294967295
+ cache_size value:GAUGE:0:4294967295
+ charge value:GAUGE:0:U
+ compression uncompressed:COUNTER:0:U, compressed:COUNTER:0:U
++compression_derive uncompressed:DERIVE:0:U, compressed:DERIVE:0:U
+ compression_ratio value:GAUGE:0:2
+ connections value:COUNTER:0:U
+ conntrack entropy:GAUGE:0:4294967295
+@@ -74,6 +75,7 @@ if_dropped rx:COUNTER:0:4294967295, tx:COUNTER:0:4294967295
+ if_errors rx:COUNTER:0:4294967295, tx:COUNTER:0:4294967295
+ if_multicast value:COUNTER:0:4294967295
+ if_octets rx:COUNTER:0:4294967295, tx:COUNTER:0:4294967295
++if_octets_derive rx:DERIVE:0:U, tx:DERIVE:0:U
+ if_packets rx:COUNTER:0:4294967295, tx:COUNTER:0:4294967295
+ if_rx_errors value:COUNTER:0:4294967295
+ if_tx_errors value:COUNTER:0:4294967295
+--
+1.9.3
+
--- /dev/null
+Submitted By: hauke from OpenWRT
+Date: 2009-04-17
+Initial Package Version: 1.0.2
+Origin: https://dev.openwrt.org/changeset/15405/trunk/package/crda/patches/101-make_crypto_use_optional.patch
+Description: The patch was modified for version crda-3.13 by Erik Kapfer <erik.kapfer@ipfire.org>..
+This patch provides the following improvements:
+ * Crypto usage is optional.
+
+diff -Nur crda-3.13.orig/Makefile crda-3.13/Makefile
+--- crda-3.13.orig/Makefile 2015-01-12 07:55:08.791183765 +0100
++++ crda-3.13/Makefile 2015-01-12 07:56:35.437381029 +0100
+@@ -43,7 +43,9 @@
+
+ $(LIBREG): keys-ssl.c
+
+-else
++endif
++
++ifeq ($(USE_GCRYPT),1)
+ CFLAGS += -DUSE_GCRYPT
+ LDLIBS += -lgcrypt
+
--- /dev/null
+commit 78046ffe2187d91c61d6c2f910249b8a5be71b08
+Author: Stefan Schantl <stefan.schantl@ipfire.org>
+Date: Wed Oct 22 21:39:09 2014 +0200
+
+ Add changeip.com as new provider.
+
+ Fixes #10639.
+
+diff --git a/README b/README
+index 5944102..6a06f4b 100644
+--- a/README
++++ b/README
+@@ -49,6 +49,7 @@ INSTALLATION:
+
+ SUPPORTED PROVIDERS:
+ all-inkl.com
++ changeip.com
+ dhs.org
+ dns.lightningwirelabs.com
+ dnspark.com
+diff --git a/ddns.conf.sample b/ddns.conf.sample
+index d3ac53f..0048a46 100644
+--- a/ddns.conf.sample
++++ b/ddns.conf.sample
+@@ -30,6 +30,11 @@
+ # secret = XYZ
+ # ttl = 60
+
++# [test.changeip.com]
++# provider = changeip.com
++# username = user
++# password = pass
++
+ # [test.dhs.org]
+ # provider = dhs.org
+ # username = user
+diff --git a/src/ddns/providers.py b/src/ddns/providers.py
+index 1e88995..587d5ff 100644
+--- a/src/ddns/providers.py
++++ b/src/ddns/providers.py
+@@ -539,6 +539,44 @@ class DDNSProviderBindNsupdate(DDNSProvider):
+ return "\n".join(scriptlet)
+
+
++class DDNSProviderChangeIP(DDNSProvider):
++ handle = "changeip.com"
++ name = "ChangeIP.com"
++ website = "https://changeip.com"
++ protocols = ("ipv4",)
++
++ # Detailed information about the update api can be found here.
++ # http://www.changeip.com/accounts/knowledgebase.php?action=displayarticle&id=34
++
++ url = "https://nic.changeip.com/nic/update"
++ can_remove_records = False
++
++ def update_protocol(self, proto):
++ data = {
++ "hostname" : self.hostname,
++ "myip" : self.get_address(proto),
++ }
++
++ # Send update to the server.
++ try:
++ response = self.send_request(self.url, username=self.username, password=self.password,
++ data=data)
++
++ # Handle error codes.
++ except urllib2.HTTPError, e:
++ if e.code == 422:
++ raise DDNSRequestError(_("Domain not found."))
++
++ raise
++
++ # Handle success message.
++ if response.code == 200:
++ return
++
++ # If we got here, some other update error happened.
++ raise DDNSUpdateError(_("Server response: %s") % output)
++
++
+ class DDNSProviderDHS(DDNSProvider):
+ handle = "dhs.org"
+ name = "DHS International"
--- /dev/null
+commit 25f39b4e437627bd1a49393280271d59ad28b86e
+Author: Stefan Schantl <stefan.schantl@ipfire.org>
+Date: Mon Jan 5 21:37:55 2015 +0100
+
+ spdns.de: Fix authentication.
+
+ There was a simple copy and paste issue which prevents a
+ correct authentication with username and password against the
+ providers API.
+
+diff --git a/src/ddns/providers.py b/src/ddns/providers.py
+index 587d5ff..bcfb088 100644
+--- a/src/ddns/providers.py
++++ b/src/ddns/providers.py
+@@ -1271,7 +1271,7 @@ class DDNSProviderSPDNS(DDNSProtocolDynDNS2, DDNSProvider):
+
+ @property
+ def password(self):
+- return self.get("username") or self.token
++ return self.get("password") or self.token
+
+
+ class DDNSProviderStrato(DDNSProtocolDynDNS2, DDNSProvider):
diff --git a/Makefile b/Makefile
-index 58a7975..616c6b7 100644
+index 2910320b6452..0a76ce3c5154 100644
--- a/Makefile
+++ b/Makefile
-@@ -69,7 +69,7 @@ objs = cache.o rfc1035.o util.o option.o forward.o network.o \
+@@ -73,7 +73,7 @@ objs = cache.o rfc1035.o util.o option.o forward.o network.o \
dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \
-- domain.o dnssec.o blockdata.o tables.o loop.o
-+ domain.o dnssec.o blockdata.o tables.o loop.o isc.o
+- domain.o dnssec.o blockdata.o tables.o loop.o inotify.o
++ domain.o dnssec.o blockdata.o tables.o loop.o inotify.o isc.o
hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
dns-protocol.h radv-protocol.h ip6addr.h
diff --git a/src/cache.c b/src/cache.c
-index 2c3a498..77a7046 100644
+index 117ae279fd4e..6ee7ee362e6c 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -17,7 +17,7 @@
#ifdef HAVE_DNSSEC
cache_blockdata_free(crecp);
#endif
-@@ -1110,7 +1113,7 @@ void cache_reload(void)
- total_size = read_hostsfile(ah->fname, ah->index, total_size, (struct crec **)daemon->packet, revhashsz);
+@@ -1151,7 +1154,7 @@ void cache_reload(void)
+
}
-#ifdef HAVE_DHCP
struct in_addr a_record_from_hosts(char *name, time_t now)
{
struct crec *crecp = NULL;
-@@ -1188,7 +1191,7 @@ void cache_add_dhcp_entry(char *host_name, int prot,
+@@ -1229,7 +1232,7 @@ void cache_add_dhcp_entry(char *host_name, int prot,
addrlen = sizeof(struct in6_addr);
}
#endif
inet_ntop(prot, host_address, daemon->addrbuff, ADDRSTRLEN);
while ((crec = cache_find_by_name(crec, host_name, 0, flags | F_CNAME)))
-@@ -1253,7 +1256,11 @@ void cache_add_dhcp_entry(char *host_name, int prot,
+@@ -1294,7 +1297,11 @@ void cache_add_dhcp_entry(char *host_name, int prot,
else
crec->ttd = ttd;
crec->addr.addr = *host_address;
cache_hash(crec);
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
-index f4a89fc..a448ec4 100644
+index e903a24c8105..eefc7f939933 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
-@@ -940,6 +940,11 @@ int main (int argc, char **argv)
+@@ -970,6 +970,11 @@ int main (int argc, char **argv)
poll_resolv(0, daemon->last_resolv != 0, now);
daemon->last_resolv = now;
+ load_dhcp(now);
+#endif
}
-
- if (FD_ISSET(piperead, &rset))
+ #endif
+
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index e74b15a..4a35168 100644
+index 89e758b56a0a..c5edd6fdf7f5 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
-@@ -1463,9 +1463,13 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases);
- void slaac_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface, struct dhcp_lease *leases);
+@@ -1502,3 +1502,8 @@ void inotify_dnsmasq_init();
+ int inotify_check(time_t now);
+ void set_dynamic_inotify(int flag, int total_size, struct crec **rhash, int revhashsz);
#endif
-
++
+/* isc.c */
+#ifdef HAVE_ISC_READER
+void load_dhcp(time_t now);
+#endif
-+
- /* loop.c */
- #ifdef HAVE_LOOP
- void loop_send_probes();
- int detect_loop(char *query, int type);
- #endif
--
diff --git a/src/isc.c b/src/isc.c
new file mode 100644
-index 0000000..5106442
+index 000000000000..51064426f17f
--- /dev/null
+++ b/src/isc.c
@@ -0,0 +1,251 @@
+
+#endif
diff --git a/src/option.c b/src/option.c
-index 45d8875..29c9ee5 100644
+index cb4e76ba0aa2..f6420fcbb7ab 100644
--- a/src/option.c
+++ b/src/option.c
-@@ -1669,7 +1669,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+@@ -1693,7 +1693,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
ret_err(_("bad MX target"));
break;
--- /dev/null
+From f2658275b25ebfe691cdcb9fede85a3088cca168 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 25 Sep 2014 21:51:25 +0100
+Subject: [PATCH 01/55] Add newline at the end of example config file.
+
+---
+ dnsmasq.conf.example | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
+index 83924fc4a9b4..6b00bd34fbb5 100644
+--- a/dnsmasq.conf.example
++++ b/dnsmasq.conf.example
+@@ -645,4 +645,4 @@
+ #conf-dir=/etc/dnsmasq.d,.bak
+
+ # Include all files in a directory which end in .conf
+-#conf-dir=/etc/dnsmasq.d/*.conf
+\ No newline at end of file
++#conf-dir=/etc/dnsmasq.d/*.conf
+--
+2.1.0
+
--- /dev/null
+From 00cd9d551998307225312fd21f761cfa8868bd2c Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 2 Oct 2014 21:44:21 +0100
+Subject: [PATCH 02/55] crash at startup when an empty suffix is supplied to
+ --conf-dir
+
+---
+ CHANGELOG | 6 ++++++
+ src/option.c | 38 +++++++++++++++++++++++---------------
+ 2 files changed, 29 insertions(+), 15 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 768e2aaca42a..13ab41c05fc3 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,3 +1,9 @@
++version 2.73
++ Fix crash at startup when an empty suffix is supplied to
++ --conf-dir, also trivial memory leak. Thanks to
++ Tomas Hozza for spotting this.
++
++
+ version 2.72
+ Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+
+diff --git a/src/option.c b/src/option.c
+index 45d8875fb7f9..b08e98e16f84 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -1474,22 +1474,25 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ for (arg = comma; arg; arg = comma)
+ {
+ comma = split(arg);
+- li = opt_malloc(sizeof(struct list));
+- if (*arg == '*')
++ if (strlen(arg) != 0)
+ {
+- li->next = match_suffix;
+- match_suffix = li;
+- /* Have to copy: buffer is overwritten */
+- li->suffix = opt_string_alloc(arg+1);
+- }
+- else
+- {
+- li->next = ignore_suffix;
+- ignore_suffix = li;
+- /* Have to copy: buffer is overwritten */
+- li->suffix = opt_string_alloc(arg);
++ li = opt_malloc(sizeof(struct list));
++ if (*arg == '*')
++ {
++ li->next = match_suffix;
++ match_suffix = li;
++ /* Have to copy: buffer is overwritten */
++ li->suffix = opt_string_alloc(arg+1);
++ }
++ else
++ {
++ li->next = ignore_suffix;
++ ignore_suffix = li;
++ /* Have to copy: buffer is overwritten */
++ li->suffix = opt_string_alloc(arg);
++ }
+ }
+- };
++ }
+
+ if (!(dir_stream = opendir(directory)))
+ die(_("cannot access directory %s: %s"), directory, EC_FILE);
+@@ -1555,7 +1558,12 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ free(ignore_suffix->suffix);
+ free(ignore_suffix);
+ }
+-
++ for(; match_suffix; match_suffix = li)
++ {
++ li = match_suffix->next;
++ free(match_suffix->suffix);
++ free(match_suffix);
++ }
+ break;
+ }
+
+--
+2.1.0
+
--- /dev/null
+From 6ac3bc0452a74e16e3d620a0757b0f8caab182ec Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 3 Oct 2014 08:48:11 +0100
+Subject: [PATCH 03/55] Debian build fixes for kFreeBSD
+
+---
+ src/tables.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/tables.c b/src/tables.c
+index 834f11944cd0..dcdef794c4d2 100644
+--- a/src/tables.c
++++ b/src/tables.c
+@@ -20,6 +20,10 @@
+
+ #if defined(HAVE_IPSET) && defined(HAVE_BSD_NETWORK)
+
++#ifndef __FreeBSD__
++#include <bsd/string.h>
++#endif
++
+ #include <sys/types.h>
+ #include <sys/ioctl.h>
+
+@@ -136,7 +140,7 @@ int add_to_ipset(const char *setname, const struct all_addr *ipaddr,
+ return -1;
+ }
+
+- if (rc = pfr_add_tables(&table, 1, &n, 0))
++ if ((rc = pfr_add_tables(&table, 1, &n, 0)))
+ {
+ my_syslog(LOG_WARNING, _("warning: pfr_add_tables: %s(%d)"),
+ pfr_strerror(errno),rc);
+--
+2.1.0
+
--- /dev/null
+From e9828b6f66b22ce8873f8d30a773137d1aef1b92 Mon Sep 17 00:00:00 2001
+From: Karl Vogel <karl.vogel@gmail.com>
+Date: Fri, 3 Oct 2014 21:45:15 +0100
+Subject: [PATCH 04/55] Set conntrack mark before connect() call.
+
+SO_MARK has to be done before issuing the connect() call on the
+TCP socket.
+---
+ src/forward.c | 36 ++++++++++++++++++------------------
+ 1 file changed, 18 insertions(+), 18 deletions(-)
+
+diff --git a/src/forward.c b/src/forward.c
+index 4895efeba89a..2cf29eba6e26 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -1796,6 +1796,24 @@ unsigned char *tcp_request(int confd, time_t now,
+ if ((last_server->tcpfd = socket(last_server->addr.sa.sa_family, SOCK_STREAM, 0)) == -1)
+ continue;
+
++#ifdef HAVE_CONNTRACK
++ /* Copy connection mark of incoming query to outgoing connection. */
++ if (option_bool(OPT_CONNTRACK))
++ {
++ unsigned int mark;
++ struct all_addr local;
++#ifdef HAVE_IPV6
++ if (local_addr->sa.sa_family == AF_INET6)
++ local.addr.addr6 = local_addr->in6.sin6_addr;
++ else
++#endif
++ local.addr.addr4 = local_addr->in.sin_addr;
++
++ if (get_incoming_mark(&peer_addr, &local, 1, &mark))
++ setsockopt(last_server->tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
++ }
++#endif
++
+ if ((!local_bind(last_server->tcpfd, &last_server->source_addr, last_server->interface, 1) ||
+ connect(last_server->tcpfd, &last_server->addr.sa, sa_len(&last_server->addr)) == -1))
+ {
+@@ -1820,24 +1838,6 @@ unsigned char *tcp_request(int confd, time_t now,
+ size = new_size;
+ }
+ #endif
+-
+-#ifdef HAVE_CONNTRACK
+- /* Copy connection mark of incoming query to outgoing connection. */
+- if (option_bool(OPT_CONNTRACK))
+- {
+- unsigned int mark;
+- struct all_addr local;
+-#ifdef HAVE_IPV6
+- if (local_addr->sa.sa_family == AF_INET6)
+- local.addr.addr6 = local_addr->in6.sin6_addr;
+- else
+-#endif
+- local.addr.addr4 = local_addr->in.sin_addr;
+-
+- if (get_incoming_mark(&peer_addr, &local, 1, &mark))
+- setsockopt(last_server->tcpfd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
+- }
+-#endif
+ }
+
+ *length = htons(size);
+--
+2.1.0
+
--- /dev/null
+From 17b475912f6a4e72797a543dad59d4d5dde6bb1b Mon Sep 17 00:00:00 2001
+From: Daniel Collins <daniel.collins@smoothwall.net>
+Date: Fri, 3 Oct 2014 21:58:43 +0100
+Subject: [PATCH 05/55] Fix typo in new Dbus code.
+
+Simon's fault.
+---
+ src/dbus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dbus.c b/src/dbus.c
+index 15fed906bd90..a2a94dc85dac 100644
+--- a/src/dbus.c
++++ b/src/dbus.c
+@@ -426,7 +426,7 @@ static DBusMessage *dbus_set_bool(DBusMessage *message, int flag, char *name)
+ }
+ else
+ {
+- my_syslog(LOG_INFO, "Disabling --$s option from D-Bus", name);
++ my_syslog(LOG_INFO, "Disabling --%s option from D-Bus", name);
+ reset_option_bool(flag);
+ }
+
+--
+2.1.0
+
--- /dev/null
+From 3d9d2dd0018603a2ae4b9cd65ac6ff959f4fd8c7 Mon Sep 17 00:00:00 2001
+From: Tomas Hozza <thozza@redhat.com>
+Date: Mon, 6 Oct 2014 10:46:48 +0100
+Subject: [PATCH 06/55] Fit example conf file typo.
+
+---
+ dnsmasq.conf.example | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
+index 6b00bd34fbb5..1bd305dbdbad 100644
+--- a/dnsmasq.conf.example
++++ b/dnsmasq.conf.example
+@@ -645,4 +645,4 @@
+ #conf-dir=/etc/dnsmasq.d,.bak
+
+ # Include all files in a directory which end in .conf
+-#conf-dir=/etc/dnsmasq.d/*.conf
++#conf-dir=/etc/dnsmasq.d/,*.conf
+--
+2.1.0
+
--- /dev/null
+From b9ff5c8f435173cfa616e3c398bdc089ef690a07 Mon Sep 17 00:00:00 2001
+From: Vladislav Grishenko <themiron@mail.ru>
+Date: Mon, 6 Oct 2014 14:34:24 +0100
+Subject: [PATCH 07/55] Improve RFC-compliance when unable to supply addresses
+ in DHCPv6
+
+While testing https://github.com/sbyx/odhcp6c client I have noticed it
+permanently crashes after startup.
+
+The reason was it (odhcp6c) doesn't expect empty IA options in ADVERTISE
+message without any suboptions.
+
+Despite this validation bug of odhcp6c, dnsmasq should not generate
+ADVERTISE messages with IA if there's nothing to advert per RFC 3315
+17.2.2:
+
+ If the server will not assign any addresses to any IAs in a
+
+ subsequent Request from the client, the server MUST send an Advertise
+
+ message to the client that includes only a Status Code option with
+
+ code NoAddrsAvail and a status message for the user, a Server
+
+ Identifier option with the server's DUID, and a Client Identifier
+
+ option with the client's DUID.
+
+Meanwhile it's need to add status code for every IA in REPLY message per
+RFC3315 18.2.1:
+
+ If the server cannot assign any addresses to an IA in the message
+ from the client, the server MUST include the IA in the Reply message
+ with no addresses in the IA and a Status Code option in the IA
+ containing status code NoAddrsAvail.
+
+So, I've changed the logic to skip IA completely from ADVERTISE messages and
+to add NoAddrsAvail subcode into IA of REPLY messages.
+
+As for overhead, yes, I believe it's ok to return NoAddrsAvail twice in IA
+and in global section for compatibility with all old and new clients.
+---
+ src/rfc3315.c | 27 +++++++++++++++++++++++++--
+ 1 file changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 5ebf09d50ac1..ddb390bf1136 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -691,6 +691,8 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ #endif
+
+ o = build_ia(state, &t1cntr);
++ if (address_assigned)
++ address_assigned = 2;
+
+ for (ia_counter = 0; ia_option; ia_counter++, ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24))
+ {
+@@ -781,6 +783,27 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ address_assigned = 1;
+ }
+
++ if (address_assigned != 1)
++ {
++ /* If the server will not assign any addresses to any IAs in a
++ subsequent Request from the client, the server MUST send an Advertise
++ message to the client that doesn't include any IA options. */
++ if (!state->lease_allocate)
++ {
++ save_counter(o);
++ continue;
++ }
++
++ /* If the server cannot assign any addresses to an IA in the message
++ from the client, the server MUST include the IA in the Reply message
++ with no addresses in the IA and a Status Code option in the IA
++ containing status code NoAddrsAvail. */
++ o1 = new_opt6(OPTION6_STATUS_CODE);
++ put_opt6_short(DHCP6NOADDRS);
++ put_opt6_string(_("address unavailable"));
++ end_opt6(o1);
++ }
++
+ end_ia(t1cntr, min_time, 0);
+ end_opt6(o);
+ }
+@@ -806,7 +829,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ put_opt6_short(DHCP6NOADDRS);
+ put_opt6_string(_("no addresses available"));
+ end_opt6(o1);
+- log6_packet(state, "DHCPADVERTISE", NULL, _("no addresses available"));
++ log6_packet(state, state->lease_allocate ? "DHCPREPLY" : "DHCPADVERTISE", NULL, _("no addresses available"));
+ }
+
+ break;
+@@ -862,7 +885,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ {
+ /* Static range, not configured. */
+ o1 = new_opt6(OPTION6_STATUS_CODE);
+- put_opt6_short(DHCP6UNSPEC);
++ put_opt6_short(DHCP6NOADDRS);
+ put_opt6_string(_("address unavailable"));
+ end_opt6(o1);
+ }
+--
+2.1.0
+
--- /dev/null
+From 98906275a02ae260fe3f82133bd79054f8315f06 Mon Sep 17 00:00:00 2001
+From: Hans Dedecker <dedeckeh@gmail.com>
+Date: Tue, 9 Dec 2014 22:22:53 +0000
+Subject: [PATCH 08/55] Fix conntrack with --bind-interfaces
+
+Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is
+enabled so the assigned mark can be correctly retrieved and set in forward_query when
+conntrack is enabled.
+
+Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
+---
+ src/forward.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/forward.c b/src/forward.c
+index 2cf29eba6e26..408a179a20f4 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -1048,7 +1048,7 @@ void receive_query(struct listener *listen, time_t now)
+ /* packet buffer overwritten */
+ daemon->srv_save = NULL;
+
+- dst_addr_4.s_addr = 0;
++ dst_addr_4.s_addr = dst_addr.addr.addr4.s_addr = 0;
+ netmask.s_addr = 0;
+
+ if (option_bool(OPT_NOWILD) && listen->iface)
+@@ -1057,7 +1057,7 @@ void receive_query(struct listener *listen, time_t now)
+
+ if (listen->family == AF_INET)
+ {
+- dst_addr_4 = listen->iface->addr.in.sin_addr;
++ dst_addr_4 = dst_addr.addr.addr4 = listen->iface->addr.in.sin_addr;
+ netmask = listen->iface->netmask;
+ }
+ }
+--
+2.1.0
+
--- /dev/null
+From 193de4abf59e49c6b70d54cfe9720fcb95ca2f71 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 10 Dec 2014 17:32:16 +0000
+Subject: [PATCH 09/55] Use inotify instead of polling on Linux.
+
+This should solve problems people are seeing when a file changes
+twice within a second and thus is missed for polling.
+---
+ Makefile | 2 +-
+ bld/Android.mk | 2 +-
+ src/dnsmasq.c | 25 ++++++++++++--
+ src/dnsmasq.h | 11 ++++++-
+ src/inotify.c | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 137 insertions(+), 5 deletions(-)
+ create mode 100644 src/inotify.c
+
+diff --git a/Makefile b/Makefile
+index 58a7975f60b5..c340f1c7b59a 100644
+--- a/Makefile
++++ b/Makefile
+@@ -69,7 +69,7 @@ objs = cache.o rfc1035.o util.o option.o forward.o network.o \
+ dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+ helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
+ dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \
+- domain.o dnssec.o blockdata.o tables.o loop.o
++ domain.o dnssec.o blockdata.o tables.o loop.o inotify.o
+
+ hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
+ dns-protocol.h radv-protocol.h ip6addr.h
+diff --git a/bld/Android.mk b/bld/Android.mk
+index d855094eb264..d627796e8edc 100644
+--- a/bld/Android.mk
++++ b/bld/Android.mk
+@@ -10,7 +10,7 @@ LOCAL_SRC_FILES := bpf.c cache.c dbus.c dhcp.c dnsmasq.c \
+ dhcp6.c rfc3315.c dhcp-common.c outpacket.c \
+ radv.c slaac.c auth.c ipset.c domain.c \
+ dnssec.c dnssec-openssl.c blockdata.c tables.c \
+- loop.c
++ loop.c inotify.c
+
+ LOCAL_MODULE := dnsmasq
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index f4a89fc38183..bf2e25a55780 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -315,9 +315,15 @@ int main (int argc, char **argv)
+ if (daemon->port != 0)
+ {
+ cache_init();
++
+ #ifdef HAVE_DNSSEC
+ blockdata_init();
+ #endif
++
++#ifdef HAVE_LINUX_NETWORK
++ if (!option_bool(OPT_NO_POLL))
++ inotify_dnsmasq_init();
++#endif
+ }
+
+ if (option_bool(OPT_DBUS))
+@@ -793,6 +799,11 @@ int main (int argc, char **argv)
+
+ pid = getpid();
+
++#ifdef HAVE_LINUX_NETWORK
++ /* Using inotify, have to select a resolv file at startup */
++ poll_resolv(1, 0, now);
++#endif
++
+ while (1)
+ {
+ int maxfd = -1;
+@@ -862,11 +873,16 @@ int main (int argc, char **argv)
+ #if defined(HAVE_LINUX_NETWORK)
+ FD_SET(daemon->netlinkfd, &rset);
+ bump_maxfd(daemon->netlinkfd, &maxfd);
++ if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
++ {
++ FD_SET(daemon->inotifyfd, &rset);
++ bump_maxfd(daemon->inotifyfd, &maxfd);
++ }
+ #elif defined(HAVE_BSD_NETWORK)
+ FD_SET(daemon->routefd, &rset);
+ bump_maxfd(daemon->routefd, &maxfd);
+ #endif
+-
++
+ FD_SET(piperead, &rset);
+ bump_maxfd(piperead, &maxfd);
+
+@@ -929,6 +945,10 @@ int main (int argc, char **argv)
+ route_sock();
+ #endif
+
++#ifdef HAVE_LINUX_NETWORK
++ if (daemon->port != 0 && !option_bool(OPT_NO_POLL) && FD_ISSET(daemon->inotifyfd, &rset) && inotify_check())
++ poll_resolv(1, 1, now);
++#else
+ /* Check for changes to resolv files once per second max. */
+ /* Don't go silent for long periods if the clock goes backwards. */
+ if (daemon->last_resolv == 0 ||
+@@ -941,7 +961,8 @@ int main (int argc, char **argv)
+ poll_resolv(0, daemon->last_resolv != 0, now);
+ daemon->last_resolv = now;
+ }
+-
++#endif
++
+ if (FD_ISSET(piperead, &rset))
+ async_event(piperead, now);
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index e74b15a5459a..ebb6b957812f 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -541,6 +541,10 @@ struct resolvc {
+ int is_default, logged;
+ time_t mtime;
+ char *name;
++#ifdef HAVE_LINUX_NETWORK
++ int wd; /* inotify watch descriptor */
++ char *file; /* pointer to file part if path */
++#endif
+ };
+
+ /* adn-hosts parms from command-line (also dhcp-hostsfile and dhcp-optsfile */
+@@ -998,7 +1002,7 @@ extern struct daemon {
+ /* DHCP state */
+ int dhcpfd, helperfd, pxefd;
+ #if defined(HAVE_LINUX_NETWORK)
+- int netlinkfd;
++ int netlinkfd, inotifyfd;
+ #elif defined(HAVE_BSD_NETWORK)
+ int dhcp_raw_fd, dhcp_icmp_fd, routefd;
+ #endif
+@@ -1469,3 +1473,8 @@ void loop_send_probes();
+ int detect_loop(char *query, int type);
+ #endif
+
++/* inotify.c */
++#ifdef HAVE_LINUX_NETWORK
++void inotify_dnsmasq_init();
++int inotify_check(void);
++#endif
+diff --git a/src/inotify.c b/src/inotify.c
+new file mode 100644
+index 000000000000..a0223443d6b6
+--- /dev/null
++++ b/src/inotify.c
+@@ -0,0 +1,102 @@
++/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; version 2 dated June, 1991, or
++ (at your option) version 3 dated 29 June, 2007.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++*/
++
++#include "dnsmasq.h"
++#include <sys/inotify.h>
++
++#ifdef HAVE_LINUX_NETWORK
++
++/* the strategy is to set a inotify on the directories containing
++ resolv files, for any files in the directory which are close-write
++ or moved into the directory.
++
++ When either of those happen, we look to see if the file involved
++ is actually a resolv-file, and if so, call poll-resolv with
++ the "force" argument, to ensure it's read.
++
++ This adds one new error condition: the directories containing
++ all specified resolv-files must exist at start-up, even if the actual
++ files don't.
++*/
++
++static char *inotify_buffer;
++#define INOTIFY_SZ (sizeof(struct inotify_event) + NAME_MAX + 1)
++
++void inotify_dnsmasq_init()
++{
++ struct resolvc *res;
++
++ inotify_buffer = safe_malloc(INOTIFY_SZ);
++
++ daemon->inotifyfd = inotify_init1(IN_NONBLOCK | IN_CLOEXEC);
++
++ if (daemon->inotifyfd == -1)
++ die(_("failed to create inotify: %s"), NULL, EC_MISC);
++
++ for (res = daemon->resolv_files; res; res = res->next)
++ {
++ char *d = strrchr(res->name, '/');
++
++ if (!d)
++ die(_("resolv-file %s not an absolute path"), res->name, EC_MISC);
++
++ *d = 0; /* make ->name just directory */
++ res->wd = inotify_add_watch(daemon->inotifyfd, res->name, IN_CLOSE_WRITE | IN_MOVED_TO);
++ res->file = d+1; /* pointer to filename */
++
++ if (res->wd == -1 && errno == ENOENT)
++ die(_("directory %s for resolv-file is missing, cannot poll"), res->name, EC_MISC);
++
++ *d = '/'; /* restore name */
++
++ if (res->wd == -1)
++ die(_("failed to create inotify for %s: %s"), res->name, EC_MISC);
++ }
++}
++
++int inotify_check(void)
++{
++ int hit = 0;
++
++ while (1)
++ {
++ int rc;
++ char *p;
++ struct resolvc *res;
++ struct inotify_event *in;
++
++ while ((rc = read(daemon->inotifyfd, inotify_buffer, INOTIFY_SZ)) == -1 && errno == EINTR);
++
++ if (rc <= 0)
++ break;
++
++ for (p = inotify_buffer; rc - (p - inotify_buffer) >= (int)sizeof(struct inotify_event); p += sizeof(struct inotify_event) + in->len)
++ {
++ in = (struct inotify_event*)p;
++
++ for (res = daemon->resolv_files; res; res = res->next)
++ if (res->wd == in->wd && in->len != 0 && strcmp(res->file, in->name) == 0)
++ hit = 1;
++ }
++ }
++
++ return hit;
++}
++
++#endif
++
++
++
+--
+2.1.0
+
--- /dev/null
+From 857973e6f7e0a3d03535a9df7f9373fd7a0b65cc Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 15 Dec 2014 15:58:13 +0000
+Subject: [PATCH 10/55] Teach the new inotify code about symlinks.
+
+---
+ src/inotify.c | 43 +++++++++++++++++++++++++++----------------
+ 1 file changed, 27 insertions(+), 16 deletions(-)
+
+diff --git a/src/inotify.c b/src/inotify.c
+index a0223443d6b6..960bf5efb41f 100644
+--- a/src/inotify.c
++++ b/src/inotify.c
+@@ -41,29 +41,40 @@ void inotify_dnsmasq_init()
+
+ inotify_buffer = safe_malloc(INOTIFY_SZ);
+
+- daemon->inotifyfd = inotify_init1(IN_NONBLOCK | IN_CLOEXEC);
+
++ daemon->inotifyfd = inotify_init1(IN_NONBLOCK | IN_CLOEXEC);
++
+ if (daemon->inotifyfd == -1)
+ die(_("failed to create inotify: %s"), NULL, EC_MISC);
+-
++
+ for (res = daemon->resolv_files; res; res = res->next)
+ {
+- char *d = strrchr(res->name, '/');
+-
+- if (!d)
+- die(_("resolv-file %s not an absolute path"), res->name, EC_MISC);
+-
+- *d = 0; /* make ->name just directory */
+- res->wd = inotify_add_watch(daemon->inotifyfd, res->name, IN_CLOSE_WRITE | IN_MOVED_TO);
+- res->file = d+1; /* pointer to filename */
+-
+- if (res->wd == -1 && errno == ENOENT)
+- die(_("directory %s for resolv-file is missing, cannot poll"), res->name, EC_MISC);
++ char *d = NULL, *path;
+
+- *d = '/'; /* restore name */
++ if (!(path = realpath(res->name, NULL)))
++ {
++ /* realpath will fail if the file doesn't exist, but
++ dnsmasq copes with missing files, so fall back
++ and assume that symlinks are not in use in that case. */
++ if (errno == ENOENT)
++ path = res->name;
++ else
++ die(_("cannot cannonicalise resolv-file %s: %s"), res->name, EC_MISC);
++ }
+
+- if (res->wd == -1)
+- die(_("failed to create inotify for %s: %s"), res->name, EC_MISC);
++ if ((d = strrchr(path, '/')))
++ {
++ *d = 0; /* make path just directory */
++ res->wd = inotify_add_watch(daemon->inotifyfd, path, IN_CLOSE_WRITE | IN_MOVED_TO);
++ res->file = d+1; /* pointer to filename */
++ *d = '/';
++
++ if (res->wd == -1 && errno == ENOENT)
++ die(_("directory %s for resolv-file is missing, cannot poll"), res->name, EC_MISC);
++
++ if (res->wd == -1)
++ die(_("failed to create inotify for %s: %s"), res->name, EC_MISC);
++ }
+ }
+ }
+
+--
+2.1.0
+
--- /dev/null
+From 800c5cc1e7438818fd80f08c2d472df249a6942d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 15 Dec 2014 17:50:15 +0000
+Subject: [PATCH 11/55] Remove floor on EDNS0 packet size with DNSSEC.
+
+---
+ CHANGELOG | 6 +++++-
+ src/dnsmasq.c | 5 -----
+ 2 files changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 13ab41c05fc3..68252924e743 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -2,7 +2,11 @@ version 2.73
+ Fix crash at startup when an empty suffix is supplied to
+ --conf-dir, also trivial memory leak. Thanks to
+ Tomas Hozza for spotting this.
+-
++
++ Remove floor of 4096 on advertised EDNS0 packet size when
++ DNSSEC in use, the original rationale for this has long gone.
++ Thanks to Anders Kaseorg for spotting this.
++
+
+ version 2.72
+ Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index bf2e25a55780..5c7750d365fa 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -87,11 +87,6 @@ int main (int argc, char **argv)
+
+ if (daemon->edns_pktsz < PACKETSZ)
+ daemon->edns_pktsz = PACKETSZ;
+-#ifdef HAVE_DNSSEC
+- /* Enforce min packet big enough for DNSSEC */
+- if (option_bool(OPT_DNSSEC_VALID) && daemon->edns_pktsz < EDNS_PKTSZ)
+- daemon->edns_pktsz = EDNS_PKTSZ;
+-#endif
+
+ daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
+ daemon->edns_pktsz : DNSMASQ_PACKETSZ;
+--
+2.1.0
+
--- /dev/null
+From ad946d555dce44eb690c7699933b6ff40ab85bb6 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 15 Dec 2014 17:52:22 +0000
+Subject: [PATCH 12/55] CHANGELOG re. inotify.
+
+---
+ CHANGELOG | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 68252924e743..9174b0bd75dc 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -7,6 +7,10 @@ version 2.73
+ DNSSEC in use, the original rationale for this has long gone.
+ Thanks to Anders Kaseorg for spotting this.
+
++ Use inotify for checking on updates to /etc/resolv.conf and
++ friends under Linux. This fixes race conditions when the files are
++ updated rapidly and saves CPU by noy polling.
++
+
+ version 2.72
+ Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+--
+2.1.0
+
--- /dev/null
+From 3ad3f3bbd4ee716a7d2fb1e115cf89bd1b1a5de9 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 16 Dec 2014 18:25:17 +0000
+Subject: [PATCH 13/55] Fix breakage of --domain=<domain>,<subnet>,local
+
+---
+ CHANGELOG | 4 ++++
+ src/option.c | 18 ++++++++++++++++--
+ 2 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 9174b0bd75dc..9e6c7aa4fd68 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -10,6 +10,10 @@ version 2.73
+ Use inotify for checking on updates to /etc/resolv.conf and
+ friends under Linux. This fixes race conditions when the files are
+ updated rapidly and saves CPU by noy polling.
++
++ Fix breakage of --domain=<domain>,<subnet>,local - only reverse
++ queries were intercepted. THis appears to have been broken
++ since 2.69. Thanks to Josh Stone for finding the bug.
+
+
+ version 2.72
+diff --git a/src/option.c b/src/option.c
+index b08e98e16f84..209fa6976609 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -1941,10 +1941,17 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ else
+ {
+ /* generate the equivalent of
+- local=/<domain>/
+ local=/xxx.yyy.zzz.in-addr.arpa/ */
+ struct server *serv = add_rev4(new->start, msize);
+ serv->flags |= SERV_NO_ADDR;
++
++ /* local=/<domain>/ */
++ serv = opt_malloc(sizeof(struct server));
++ memset(serv, 0, sizeof(struct server));
++ serv->domain = d;
++ serv->flags = SERV_HAS_DOMAIN | SERV_NO_ADDR;
++ serv->next = daemon->servers;
++ daemon->servers = serv;
+ }
+ }
+ }
+@@ -1978,10 +1985,17 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ else
+ {
+ /* generate the equivalent of
+- local=/<domain>/
+ local=/xxx.yyy.zzz.ip6.arpa/ */
+ struct server *serv = add_rev6(&new->start6, msize);
+ serv->flags |= SERV_NO_ADDR;
++
++ /* local=/<domain>/ */
++ serv = opt_malloc(sizeof(struct server));
++ memset(serv, 0, sizeof(struct server));
++ serv->domain = d;
++ serv->flags = SERV_HAS_DOMAIN | SERV_NO_ADDR;
++ serv->next = daemon->servers;
++ daemon->servers = serv;
+ }
+ }
+ }
+--
+2.1.0
+
--- /dev/null
+From bd9520b7ade7098ee423acc38965376aa57feb07 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 16 Dec 2014 20:41:29 +0000
+Subject: [PATCH 14/55] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
+
+---
+ src/network.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/src/network.c b/src/network.c
+index 5067007c5cbc..99419f57951e 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -16,10 +16,6 @@
+
+ #include "dnsmasq.h"
+
+-#ifndef IN6_IS_ADDR_ULA
+-#define IN6_IS_ADDR_ULA(a) ((((__const uint32_t *) (a))[0] & htonl (0xfe00000)) == htonl (0xfc000000))
+-#endif
+-
+ #ifdef HAVE_LINUX_NETWORK
+
+ int indextoname(int fd, int index, char *name)
+--
+2.1.0
+
--- /dev/null
+From 476693678e778886b64d0b56e27eb7695cbcca99 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 17 Dec 2014 12:41:56 +0000
+Subject: [PATCH 15/55] Eliminate IPv6 privacy addresses from --interface-name
+ answers.
+
+---
+ CHANGELOG | 5 +++++
+ src/auth.c | 4 ++++
+ src/dnsmasq.h | 1 +
+ src/network.c | 12 ++++++++----
+ src/rfc1035.c | 17 ++++++++++-------
+ 5 files changed, 28 insertions(+), 11 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 9e6c7aa4fd68..01f5208ec006 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -14,6 +14,11 @@ version 2.73
+ Fix breakage of --domain=<domain>,<subnet>,local - only reverse
+ queries were intercepted. THis appears to have been broken
+ since 2.69. Thanks to Josh Stone for finding the bug.
++
++ Eliminate IPv6 privacy addresses and deprecated addresses from
++ the answers given by --interface-name. Note that reverse queries
++ (ie looking for names, given addresses) are not affected.
++ Thanks to Michael Gorbach for the suggestion.
+
+
+ version 2.72
+diff --git a/src/auth.c b/src/auth.c
+index dd46566ec2cc..a327f16d8c0b 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -363,6 +363,10 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+ if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype &&
+ (local_query || filter_zone(zone, flag, &addrlist->addr)))
+ {
++#ifdef HAVE_IPV6
++ if (addrlist->flags & ADDRLIST_REVONLY)
++ continue;
++#endif
+ found = 1;
+ log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
+ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index ebb6b957812f..1dd61c5edba3 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -318,6 +318,7 @@ struct ds_config {
+
+ #define ADDRLIST_LITERAL 1
+ #define ADDRLIST_IPV6 2
++#define ADDRLIST_REVONLY 4
+
+ struct addrlist {
+ struct all_addr addr;
+diff --git a/src/network.c b/src/network.c
+index 99419f57951e..14d2af2ce313 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -236,7 +236,7 @@ struct iface_param {
+ };
+
+ static int iface_allowed(struct iface_param *param, int if_index, char *label,
+- union mysockaddr *addr, struct in_addr netmask, int prefixlen, int dad)
++ union mysockaddr *addr, struct in_addr netmask, int prefixlen, int iface_flags)
+ {
+ struct irec *iface;
+ int mtu = 0, loopback;
+@@ -388,6 +388,10 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
+ {
+ al->addr.addr.addr6 = addr->in6.sin6_addr;
+ al->flags = ADDRLIST_IPV6;
++ /* Privacy addresses and addresses still undergoing DAD and deprecated addresses
++ don't appear in forward queries, but will in reverse ones. */
++ if (!(iface_flags & IFACE_PERMANENT) || (iface_flags & (IFACE_DEPRECATED | IFACE_TENTATIVE)))
++ al->flags |= ADDRLIST_REVONLY;
+ }
+ #endif
+ }
+@@ -399,7 +403,7 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
+ for (iface = daemon->interfaces; iface; iface = iface->next)
+ if (sockaddr_isequal(&iface->addr, addr))
+ {
+- iface->dad = dad;
++ iface->dad = !!(iface_flags & IFACE_TENTATIVE);
+ iface->found = 1; /* for garbage collection */
+ return 1;
+ }
+@@ -474,7 +478,7 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
+ iface->dhcp_ok = dhcp_ok;
+ iface->dns_auth = auth_dns;
+ iface->mtu = mtu;
+- iface->dad = dad;
++ iface->dad = !!(iface_flags & IFACE_TENTATIVE);
+ iface->found = 1;
+ iface->done = iface->multicast_done = iface->warned = 0;
+ iface->index = if_index;
+@@ -519,7 +523,7 @@ static int iface_allowed_v6(struct in6_addr *local, int prefix,
+ else
+ addr.in6.sin6_scope_id = 0;
+
+- return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, !!(flags & IFACE_TENTATIVE));
++ return iface_allowed((struct iface_param *)vparam, if_index, NULL, &addr, netmask, prefix, flags);
+ }
+ #endif
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 8a7d2608dac5..bdeb3fb10e68 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1923,14 +1923,17 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ for (intr = daemon->int_names; intr; intr = intr->next)
+ if (hostname_isequal(name, intr->name))
+ {
+- ans = 1;
+- if (!dryrun)
+- {
+-
+- for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
++ for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
+ #ifdef HAVE_IPV6
+- if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type)
++ if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type)
+ #endif
++ {
++#ifdef HAVE_IPV6
++ if (addrlist->flags & ADDRLIST_REVONLY)
++ continue;
++#endif
++ ans = 1;
++ if (!dryrun)
+ {
+ gotit = 1;
+ log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
+@@ -1939,7 +1942,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ type == T_A ? "4" : "6", &addrlist->addr))
+ anscount++;
+ }
+- }
++ }
+ }
+
+ if (!dryrun && !gotit)
+--
+2.1.0
+
--- /dev/null
+From 3267804598047bd1781cab91508d1bc516e5ddbb Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 17 Dec 2014 20:38:20 +0000
+Subject: [PATCH 16/55] Tweak field width in cache dump to avoid truncating
+ IPv6 addresses.
+
+---
+ src/cache.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cache.c b/src/cache.c
+index 2c3a49887053..f9e1d31e8c99 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1411,7 +1411,7 @@ void dump_cache(time_t now)
+ *a = 0;
+ if (strlen(n) == 0 && !(cache->flags & F_REVERSE))
+ n = "<Root>";
+- p += sprintf(p, "%-40.40s ", n);
++ p += sprintf(p, "%-30.30s ", n);
+ if ((cache->flags & F_CNAME) && !is_outdated_cname_pointer(cache))
+ a = cache_get_cname_target(cache);
+ #ifdef HAVE_DNSSEC
+@@ -1454,7 +1454,7 @@ void dump_cache(time_t now)
+ else if (cache->flags & F_DNSKEY)
+ t = "K";
+ #endif
+- p += sprintf(p, "%-30.30s %s%s%s%s%s%s%s%s%s ", a, t,
++ p += sprintf(p, "%-40.40s %s%s%s%s%s%s%s%s%s ", a, t,
+ cache->flags & F_FORWARD ? "F" : " ",
+ cache->flags & F_REVERSE ? "R" : " ",
+ cache->flags & F_IMMORTAL ? "I" : " ",
+--
+2.1.0
+
--- /dev/null
+From 094b5c3d904bae9aeb3206d9f3b8348926b84975 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 21 Dec 2014 16:11:52 +0000
+Subject: [PATCH 17/55] Fix crash in DNSSEC code when attempting to verify
+ large RRs.
+
+---
+ CHANGELOG | 3 +++
+ src/dnssec.c | 27 +++++++++++++++++++--------
+ 2 files changed, 22 insertions(+), 8 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 01f5208ec006..956b71a151db 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -19,6 +19,9 @@ version 2.73
+ the answers given by --interface-name. Note that reverse queries
+ (ie looking for names, given addresses) are not affected.
+ Thanks to Michael Gorbach for the suggestion.
++
++ Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids
++ for the bug report.
+
+
+ version 2.72
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 69bfc29e355f..3208ac701149 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -456,16 +456,27 @@ static u16 *get_desc(int type)
+
+ /* Return bytes of canonicalised rdata, when the return value is zero, the remaining
+ data, pointed to by *p, should be used raw. */
+-static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff,
++static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
+ unsigned char **p, u16 **desc)
+ {
+ int d = **desc;
+
+- (*desc)++;
+-
+ /* No more data needs mangling */
+ if (d == (u16)-1)
+- return 0;
++ {
++ /* If there's more data than we have space for, just return what fits,
++ we'll get called again for more chunks */
++ if (end - *p > bufflen)
++ {
++ memcpy(buff, *p, bufflen);
++ *p += bufflen;
++ return bufflen;
++ }
++
++ return 0;
++ }
++
++ (*desc)++;
+
+ if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
+ /* domain-name, canonicalise */
+@@ -560,7 +571,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int
+ if (left1 != 0)
+ memmove(buff1, buff1 + len1 - left1, left1);
+
+- if ((len1 = get_rdata(header, plen, end1, buff1 + left1, &p1, &dp1)) == 0)
++ if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0)
+ {
+ quit = 1;
+ len1 = end1 - p1;
+@@ -571,7 +582,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int
+ if (left2 != 0)
+ memmove(buff2, buff2 + len2 - left2, left2);
+
+- if ((len2 = get_rdata(header, plen, end2, buff2 + left2, &p2, &dp2)) == 0)
++ if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0)
+ {
+ quit = 1;
+ len2 = end2 - p2;
+@@ -808,7 +819,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+ /* canonicalise rdata and calculate length of same, use name buffer as workspace */
+ cp = p;
+ dp = rr_desc;
+- for (len = 0; (seg = get_rdata(header, plen, end, name, &cp, &dp)) != 0; len += seg);
++ for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg);
+ len += end - cp;
+ len = htons(len);
+ hash->update(ctx, 2, (unsigned char *)&len);
+@@ -816,7 +827,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+ /* Now canonicalise again and digest. */
+ cp = p;
+ dp = rr_desc;
+- while ((seg = get_rdata(header, plen, end, name, &cp, &dp)))
++ while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)))
+ hash->update(ctx, seg, (unsigned char *)name);
+ if (cp != end)
+ hash->update(ctx, end - cp, cp);
+--
+2.1.0
+
--- /dev/null
+From cbc652423403e3cef00e00240f6beef713142246 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 21 Dec 2014 21:21:53 +0000
+Subject: [PATCH 18/55] Make caching work for CNAMEs pointing to A/AAAA records
+ shadowed in /etc/hosts
+
+If the answer to an upstream query is a CNAME which points to an
+A/AAAA record which also exists in /etc/hosts and friends, then
+caching is suppressed, to avoid inconsistent answers. This is
+now modified to allow caching when the upstream and local A/AAAA
+records have the same value.
+---
+ src/cache.c | 34 +++++++++++++++++++++++++---------
+ 1 file changed, 25 insertions(+), 9 deletions(-)
+
+diff --git a/src/cache.c b/src/cache.c
+index f9e1d31e8c99..ff1ca6f1c352 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -322,7 +322,7 @@ static int is_expired(time_t now, struct crec *crecp)
+ return 1;
+ }
+
+-static int cache_scan_free(char *name, struct all_addr *addr, time_t now, unsigned short flags)
++static struct crec *cache_scan_free(char *name, struct all_addr *addr, time_t now, unsigned short flags)
+ {
+ /* Scan and remove old entries.
+ If (flags & F_FORWARD) then remove any forward entries for name and any expired
+@@ -331,8 +331,8 @@ static int cache_scan_free(char *name, struct all_addr *addr, time_t now, unsign
+ entries in the whole cache.
+ If (flags == 0) remove any expired entries in the whole cache.
+
+- In the flags & F_FORWARD case, the return code is valid, and returns zero if the
+- name exists in the cache as a HOSTS or DHCP entry (these are never deleted)
++ In the flags & F_FORWARD case, the return code is valid, and returns a non-NULL pointer
++ to a cache entry if the name exists in the cache as a HOSTS or DHCP entry (these are never deleted)
+
+ We take advantage of the fact that hash chains have stuff in the order <reverse>,<other>,<immortal>
+ so that when we hit an entry which isn't reverse and is immortal, we're done. */
+@@ -361,7 +361,7 @@ static int cache_scan_free(char *name, struct all_addr *addr, time_t now, unsign
+ (((crecp->flags | flags) & F_CNAME) && !(crecp->flags & (F_DNSKEY | F_DS))))
+ {
+ if (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG))
+- return 0;
++ return crecp;
+ *up = crecp->hash_next;
+ cache_unlink(crecp);
+ cache_free(crecp);
+@@ -378,7 +378,7 @@ static int cache_scan_free(char *name, struct all_addr *addr, time_t now, unsign
+ crecp->addr.sig.type_covered == addr->addr.dnssec.type))
+ {
+ if (crecp->flags & F_CONFIG)
+- return 0;
++ return crecp;
+ *up = crecp->hash_next;
+ cache_unlink(crecp);
+ cache_free(crecp);
+@@ -423,7 +423,7 @@ static int cache_scan_free(char *name, struct all_addr *addr, time_t now, unsign
+ up = &crecp->hash_next;
+ }
+
+- return 1;
++ return NULL;
+ }
+
+ /* Note: The normal calling sequence is
+@@ -471,10 +471,26 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
+ return NULL;
+
+ /* First remove any expired entries and entries for the name/address we
+- are currently inserting. Fail if we attempt to delete a name from
+- /etc/hosts or DHCP. */
+- if (!cache_scan_free(name, addr, now, flags))
++ are currently inserting. */
++ if ((new = cache_scan_free(name, addr, now, flags)))
+ {
++ /* We're trying to insert a record over one from
++ /etc/hosts or DHCP, or other config. If the
++ existing record is for an A or AAAA and
++ the record we're trying to insert is the same,
++ just drop the insert, but don't error the whole process. */
++ if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD))
++ {
++ if ((flags & F_IPV4) && (new->flags & F_IPV4) &&
++ new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr)
++ return new;
++#ifdef HAVE_IPV6
++ else if ((flags & F_IPV6) && (new->flags & F_IPV6) &&
++ IN6_ARE_ADDR_EQUAL(&new->addr.addr.addr.addr6, &addr->addr.addr6))
++ return new;
++#endif
++ }
++
+ insert_error = 1;
+ return NULL;
+ }
+--
+2.1.0
+
--- /dev/null
+From fbc5205702c7f6f431d9f1043c553d7fb62ddfdb Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 23 Dec 2014 15:46:08 +0000
+Subject: [PATCH 19/55] Fix problems validating NSEC3 and wildcards.
+
+---
+ src/dnssec.c | 253 ++++++++++++++++++++++++++++++-----------------------------
+ 1 file changed, 128 insertions(+), 125 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 3208ac701149..9350d3e8c963 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -615,6 +615,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int
+ Return code:
+ STAT_SECURE if it validates.
+ STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
++ (In this case *wildcard_out points to the "body" of the wildcard within name.)
+ STAT_NO_SIG no RRsigs found.
+ STAT_INSECURE RRset empty.
+ STAT_BOGUS signature is wrong, bad packet.
+@@ -625,8 +626,8 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int
+
+ name is unchanged on exit. keyname is used as workspace and trashed.
+ */
+-static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class,
+- int type, char *name, char *keyname, struct blockdata *key, int keylen, int algo_in, int keytag_in)
++static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type,
++ char *name, char *keyname, char **wildcard_out, struct blockdata *key, int keylen, int algo_in, int keytag_in)
+ {
+ static unsigned char **rrset = NULL, **sigs = NULL;
+ static int rrset_sz = 0, sig_sz = 0;
+@@ -798,8 +799,16 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+ {
+ int k;
+ for (k = name_labels - labels; k != 0; k--)
+- while (*name_start != '.' && *name_start != 0)
+- name_start++;
++ {
++ while (*name_start != '.' && *name_start != 0)
++ name_start++;
++ if (k != 1)
++ name_start++;
++ }
++
++ if (wildcard_out)
++ *wildcard_out = name_start+1;
++
+ name_start--;
+ *name_start = '*';
+ }
+@@ -974,7 +983,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
+ if (recp1->addr.ds.keylen == (int)hash->digest_size &&
+ (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
+ memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
+- validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, key, rdlen - 4, algo, keytag) == STAT_SECURE)
++ validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, NULL, key, rdlen - 4, algo, keytag) == STAT_SECURE)
+ {
+ valid = 1;
+ break;
+@@ -1443,11 +1452,88 @@ static int base32_decode(char *in, unsigned char *out)
+ return p - out;
+ }
+
++static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
++ char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count)
++{
++ int i, hash_len, salt_len, base32_len, rdlen;
++ unsigned char *p, *psave;
++
++ for (i = 0; i < nsec_count; i++)
++ if ((p = nsecs[i]))
++ {
++ if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
++ !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
++ return 0;
++
++ p += 8; /* class, type, TTL */
++ GETSHORT(rdlen, p);
++ psave = p;
++ p += 4; /* algo, flags, iterations */
++ salt_len = *p++; /* salt_len */
++ p += salt_len; /* salt */
++ hash_len = *p++; /* p now points to next hashed name */
++
++ if (!CHECK_LEN(header, p, plen, hash_len))
++ return 0;
++
++ if (digest_len == base32_len && hash_len == base32_len)
++ {
++ int rc = memcmp(workspace2, digest, digest_len);
++
++ if (rc == 0)
++ {
++ /* We found an NSEC3 whose hashed name exactly matches the query, so
++ we just need to check the type map. p points to the RR data for the record. */
++
++ int offset = (type & 0xff) >> 3;
++ int mask = 0x80 >> (type & 0x07);
++
++ p += hash_len; /* skip next-domain hash */
++ rdlen -= p - psave;
++
++ if (!CHECK_LEN(header, p, plen, rdlen))
++ return 0;
++
++ while (rdlen >= 2)
++ {
++ if (p[0] == type >> 8)
++ {
++ /* Does the NSEC3 say our type exists? */
++ if (offset < p[1] && (p[offset+2] & mask) != 0)
++ return STAT_BOGUS;
++
++ break; /* finshed checking */
++ }
++
++ rdlen -= p[1];
++ p += p[1];
++ }
++
++ return 1;
++ }
++ else if (rc <= 0)
++ {
++ /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
++ wrap around case, name-hash falls between NSEC3 name-hash and end */
++ if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
++ return 1;
++ }
++ else
++ {
++ /* wrap around case, name falls between start and next domain name */
++ if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
++ return 1;
++ }
++ }
++ }
++ return 0;
++}
++
+ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
+- char *workspace1, char *workspace2, char *name, int type)
++ char *workspace1, char *workspace2, char *name, int type, char *wildname)
+ {
+ unsigned char *salt, *p, *digest;
+- int digest_len, i, iterations, salt_len, hash_len, base32_len, algo = 0;
++ int digest_len, i, iterations, salt_len, base32_len, algo = 0;
+ struct nettle_hash const *hash;
+ char *closest_encloser, *next_closest, *wildcard;
+
+@@ -1520,7 +1606,14 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
+ if (!(hash = hash_find("sha1")))
+ return STAT_BOGUS;
+
+- /* Now, we need the "closest encloser NSEC3" */
++ if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
++ return STAT_BOGUS;
++
++ if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count))
++ return STAT_SECURE;
++
++ /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
++ or an answer inferred from a wildcard record. */
+ closest_encloser = name;
+ next_closest = NULL;
+
+@@ -1529,6 +1622,9 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
+ if (*closest_encloser == '.')
+ closest_encloser++;
+
++ if (wildname && hostname_isequal(closest_encloser, wildname))
++ break;
++
+ if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
+ return STAT_BOGUS;
+
+@@ -1551,127 +1647,33 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
+ }
+ while ((closest_encloser = strchr(closest_encloser, '.')));
+
+- /* No usable NSEC3s */
+- if (i == nsec_count)
++ if (!closest_encloser)
+ return STAT_BOGUS;
+
+- if (!next_closest)
+- {
+- /* We found an NSEC3 whose hashed name exactly matches the query, so
+- Now we just need to check the type map. p points to the RR data for the record. */
+- int rdlen;
+- unsigned char *psave;
+- int offset = (type & 0xff) >> 3;
+- int mask = 0x80 >> (type & 0x07);
+-
+- p += 8; /* class, type, TTL */
+- GETSHORT(rdlen, p);
+- psave = p;
+- p += 5 + salt_len; /* algo, flags, iterations, salt_len, salt */
+- hash_len = *p++;
+- if (!CHECK_LEN(header, p, plen, hash_len))
+- return STAT_BOGUS; /* bad packet */
+- p += hash_len;
+- rdlen -= p - psave;
+-
+- while (rdlen >= 2)
+- {
+- if (!CHECK_LEN(header, p, plen, rdlen))
+- return STAT_BOGUS;
+-
+- if (p[0] == type >> 8)
+- {
+- /* Does the NSEC3 say our type exists? */
+- if (offset < p[1] && (p[offset+2] & mask) != 0)
+- return STAT_BOGUS;
+-
+- break; /* finshed checking */
+- }
+-
+- rdlen -= p[1];
+- p += p[1];
+- }
+-
+- return STAT_SECURE;
+- }
+-
+ /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
+ if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
+ return STAT_BOGUS;
+
+- for (i = 0; i < nsec_count; i++)
+- if ((p = nsecs[i]))
+- {
+- if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
+- !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
+- return STAT_BOGUS;
+-
+- p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
+- hash_len = *p++; /* p now points to next hashed name */
+-
+- if (!CHECK_LEN(header, p, plen, hash_len))
+- return STAT_BOGUS;
+-
+- if (digest_len == base32_len && hash_len == base32_len)
+- {
+- if (memcmp(workspace2, digest, digest_len) <= 0)
+- {
+- /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
+- wrap around case, name-hash falls between NSEC3 name-hash and end */
+- if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
+- return STAT_SECURE;
+- }
+- else
+- {
+- /* wrap around case, name falls between start and next domain name */
+- if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
+- return STAT_SECURE;
+- }
+- }
+- }
+-
+- /* Finally, check that there's no seat of wildcard synthesis */
+- if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
+- return STAT_BOGUS;
+-
+- wildcard--;
+- *wildcard = '*';
+-
+- if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
++ if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count))
+ return STAT_BOGUS;
+
+- for (i = 0; i < nsec_count; i++)
+- if ((p = nsecs[i]))
+- {
+- if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
+- !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
+- return STAT_BOGUS;
+-
+- p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
+- hash_len = *p++; /* p now points to next hashed name */
+-
+- if (!CHECK_LEN(header, p, plen, hash_len))
+- return STAT_BOGUS;
+-
+- if (digest_len == base32_len && hash_len == base32_len)
+- {
+- if (memcmp(workspace2, digest, digest_len) <= 0)
+- {
+- /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
+- wrap around case, name-hash falls between NSEC3 name-hash and end */
+- if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
+- return STAT_SECURE;
+- }
+- else
+- {
+- /* wrap around case, name falls between start and next domain name */
+- if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
+- return STAT_SECURE;
+- }
+- }
+- }
++ /* Finally, check that there's no seat of wildcard synthesis */
++ if (!wildname)
++ {
++ if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
++ return STAT_BOGUS;
++
++ wildcard--;
++ *wildcard = '*';
++
++ if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
++ return STAT_BOGUS;
++
++ if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count))
++ return STAT_BOGUS;
++ }
+
+- return STAT_BOGUS;
++ return STAT_SECURE;
+ }
+
+ /* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
+@@ -1792,8 +1794,9 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+ struct all_addr a;
+ struct blockdata *key;
+ struct crec *crecp;
+-
+- rc = validate_rrset(now, header, plen, class1, type1, name, keyname, NULL, 0, 0, 0);
++ char *wildname;
++
++ rc = validate_rrset(now, header, plen, class1, type1, name, keyname, &wildname, NULL, 0, 0, 0);
+
+ if (rc == STAT_SECURE_WILDCARD)
+ {
+@@ -1807,7 +1810,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+ if (nsec_type == T_NSEC)
+ rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
+ else
+- rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
++ rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, wildname);
+
+ if (rc != STAT_SECURE)
+ return rc;
+@@ -1933,7 +1936,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+ if (nsec_type == T_NSEC)
+ return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
+ else
+- return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
++ return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL);
+ }
+
+ /* Chase the CNAME chain in the packet until the first record which _doesn't validate.
+@@ -1980,7 +1983,7 @@ int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char
+ return STAT_INSECURE;
+
+ /* validate CNAME chain, return if insecure or need more data */
+- rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, 0, 0, 0);
++ rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, NULL, 0, 0, 0);
+ if (rc != STAT_SECURE)
+ {
+ if (rc == STAT_NO_SIG)
+--
+2.1.0
+
--- /dev/null
+From 83d2ed09fc0216b567d7fb2197e4ff3eae150b0d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 23 Dec 2014 18:42:38 +0000
+Subject: [PATCH 20/55] Initialise return value.
+
+---
+ src/dnssec.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 9350d3e8c963..ed8cf893bad2 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -637,10 +637,13 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+ struct crec *crecp = NULL;
+ int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
+ u16 *rr_desc = get_desc(type);
+-
++
++ if (wildcard_out)
++ *wildcard_out = NULL;
++
+ if (!(p = skip_questions(header, plen)))
+ return STAT_BOGUS;
+-
++
+ name_labels = count_labels(name); /* For 4035 5.3.2 check */
+
+ /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
+--
+2.1.0
+
--- /dev/null
+From 32fc6dbe03569d70dd394420ceb73532cf303c33 Mon Sep 17 00:00:00 2001
+From: Glen Huang <curvedmark@gmail.com>
+Date: Sat, 27 Dec 2014 15:28:12 +0000
+Subject: [PATCH 21/55] Add --ignore-address option.
+
+---
+ CHANGELOG | 8 ++++++++
+ man/dnsmasq.8 | 6 ++++++
+ src/dnsmasq.h | 3 ++-
+ src/forward.c | 4 ++++
+ src/option.c | 18 +++++++++++++++---
+ src/rfc1035.c | 37 +++++++++++++++++++++++++++++++++++++
+ 6 files changed, 72 insertions(+), 4 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 956b71a151db..2b6356bcfb02 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -22,6 +22,14 @@ version 2.73
+
+ Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids
+ for the bug report.
++
++ Add --ignore-address option. Ignore replies to A-record
++ queries which include the specified address. No error is
++ generated, dnsmasq simply continues to listen for another
++ reply. This is useful to defeat blocking strategies which
++ rely on quickly supplying a forged answer to a DNS
++ request for certain domains, before the correct answer can
++ arrive. Thanks to Glen Huang for the patch.
+
+
+ version 2.72
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 0b8e04f0a897..4236ba307df3 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -293,6 +293,12 @@ an advertising web page in response to queries for unregistered names,
+ instead of the correct NXDOMAIN response. This option tells dnsmasq to
+ fake the correct response when it sees this behaviour. As at Sept 2003
+ the IP address being returned by Verisign is 64.94.110.11
++.TP
++.B \-B, --ignore-address=<ipaddr>
++Ignore replies to A-record queries which include the specified address.
++No error is generated, dnsmasq simply continues to listen for another reply.
++This is useful to defeat blocking strategies which rely on quickly supplying a
++forged answer to a DNS request for certain domain, before the correct answer can arrive.
+ .TP
+ .B \-f, --filterwin2k
+ Later versions of windows make periodic DNS requests which don't get sensible answers from
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 1dd61c5edba3..7bc982ddf73c 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -930,7 +930,7 @@ extern struct daemon {
+ char *runfile;
+ char *lease_change_command;
+ struct iname *if_names, *if_addrs, *if_except, *dhcp_except, *auth_peers, *tftp_interfaces;
+- struct bogus_addr *bogus_addr;
++ struct bogus_addr *bogus_addr, *ignore_addr;
+ struct server *servers;
+ struct ipsets *ipsets;
+ int log_fac; /* log facility */
+@@ -1093,6 +1093,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ time_t now, int *ad_reqd, int *do_bit);
+ int check_for_bogus_wildcard(struct dns_header *header, size_t qlen, char *name,
+ struct bogus_addr *addr, time_t now);
++int check_for_ignored_address(struct dns_header *header, size_t qlen, struct bogus_addr *baddr);
+ unsigned char *find_pseudoheader(struct dns_header *header, size_t plen,
+ size_t *len, unsigned char **p, int *is_sign);
+ int check_for_local_domain(char *name, time_t now);
+diff --git a/src/forward.c b/src/forward.c
+index 408a179a20f4..f28c7d51f708 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -724,6 +724,10 @@ void reply_query(int fd, int family, time_t now)
+ if (!(forward = lookup_frec(ntohs(header->id), hash)))
+ return;
+
++ if (daemon->ignore_addr && RCODE(header) == NOERROR &&
++ check_for_ignored_address(header, n, daemon->ignore_addr))
++ return;
++
+ if ((RCODE(header) == SERVFAIL || RCODE(header) == REFUSED) &&
+ !option_bool(OPT_ORDER) &&
+ forward->forwardall == 0)
+diff --git a/src/option.c b/src/option.c
+index 209fa6976609..907d0cf88de9 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -147,6 +147,7 @@ struct myoption {
+ #define LOPT_LOCAL_SERVICE 335
+ #define LOPT_DNSSEC_TIME 336
+ #define LOPT_LOOP_DETECT 337
++#define LOPT_IGNORE_ADDR 338
+
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =
+@@ -181,6 +182,7 @@ static const struct myoption opts[] =
+ { "local-service", 0, 0, LOPT_LOCAL_SERVICE },
+ { "bogus-priv", 0, 0, 'b' },
+ { "bogus-nxdomain", 1, 0, 'B' },
++ { "ignore-address", 1, 0, LOPT_IGNORE_ADDR },
+ { "selfmx", 0, 0, 'e' },
+ { "filterwin2k", 0, 0, 'f' },
+ { "pid-file", 2, 0, 'x' },
+@@ -457,6 +459,7 @@ static struct {
+ { LOPT_QUIET_RA, OPT_QUIET_RA, NULL, gettext_noop("Do not log RA."), NULL },
+ { LOPT_LOCAL_SERVICE, OPT_LOCAL_SERVICE, NULL, gettext_noop("Accept queries only from directly-connected networks"), NULL },
+ { LOPT_LOOP_DETECT, OPT_LOOP_DETECT, NULL, gettext_noop("Detect and remove DNS forwarding loops"), NULL },
++ { LOPT_IGNORE_ADDR, ARG_DUP, "<ipaddr>", gettext_noop("Ignore DNS responses containing ipaddr."), NULL },
+ { 0, 0, NULL, NULL, NULL }
+ };
+
+@@ -2119,14 +2122,23 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ break;
+
+ case 'B': /* --bogus-nxdomain */
+- {
++ case LOPT_IGNORE_ADDR: /* --ignore-address */
++ {
+ struct in_addr addr;
+ unhide_metas(arg);
+ if (arg && (inet_pton(AF_INET, arg, &addr) > 0))
+ {
+ struct bogus_addr *baddr = opt_malloc(sizeof(struct bogus_addr));
+- baddr->next = daemon->bogus_addr;
+- daemon->bogus_addr = baddr;
++ if (option == 'B')
++ {
++ baddr->next = daemon->bogus_addr;
++ daemon->bogus_addr = baddr;
++ }
++ else
++ {
++ baddr->next = daemon->ignore_addr;
++ daemon->ignore_addr = baddr;
++ }
+ baddr->addr = addr;
+ }
+ else
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index bdeb3fb10e68..75c4266b47dd 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1328,6 +1328,43 @@ int check_for_bogus_wildcard(struct dns_header *header, size_t qlen, char *name,
+ return 0;
+ }
+
++int check_for_ignored_address(struct dns_header *header, size_t qlen, struct bogus_addr *baddr)
++{
++ unsigned char *p;
++ int i, qtype, qclass, rdlen;
++ struct bogus_addr *baddrp;
++
++ /* skip over questions */
++ if (!(p = skip_questions(header, qlen)))
++ return 0; /* bad packet */
++
++ for (i = ntohs(header->ancount); i != 0; i--)
++ {
++ if (!(p = skip_name(p, header, qlen, 10)))
++ return 0; /* bad packet */
++
++ GETSHORT(qtype, p);
++ GETSHORT(qclass, p);
++ p += 4; /* TTL */
++ GETSHORT(rdlen, p);
++
++ if (qclass == C_IN && qtype == T_A)
++ {
++ if (!CHECK_LEN(header, p, qlen, INADDRSZ))
++ return 0;
++
++ for (baddrp = baddr; baddrp; baddrp = baddrp->next)
++ if (memcmp(&baddrp->addr, p, INADDRSZ) == 0)
++ return 1;
++ }
++
++ if (!ADD_RDLEN(header, p, qlen, rdlen))
++ return 0;
++ }
++
++ return 0;
++}
++
+ int add_resource_record(struct dns_header *header, char *limit, int *truncp, int nameoffset, unsigned char **pp,
+ unsigned long ttl, int *offset, unsigned short type, unsigned short class, char *format, ...)
+ {
+--
+2.1.0
+
--- /dev/null
+From 0b1008d367d44e77352134a4c5178f896f0db3e7 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 27 Dec 2014 15:33:32 +0000
+Subject: [PATCH 22/55] Bad packet protection.
+
+---
+ src/dnssec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index ed8cf893bad2..026794b077e5 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -805,7 +805,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+ {
+ while (*name_start != '.' && *name_start != 0)
+ name_start++;
+- if (k != 1)
++ if (k != 1 && *name_start == '.')
+ name_start++;
+ }
+
+--
+2.1.0
+
--- /dev/null
+From d310ab7ecbffce79d3d90debba621e0222f9bced Mon Sep 17 00:00:00 2001
+From: Matthias Andree <matthias.andree@gmx.de>
+Date: Sat, 27 Dec 2014 15:36:38 +0000
+Subject: [PATCH 23/55] Fix build failure in new inotify code on BSD.
+
+---
+ src/inotify.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/inotify.c b/src/inotify.c
+index 960bf5efb41f..83730008c11b 100644
+--- a/src/inotify.c
++++ b/src/inotify.c
+@@ -15,10 +15,10 @@
+ */
+
+ #include "dnsmasq.h"
+-#include <sys/inotify.h>
+-
+ #ifdef HAVE_LINUX_NETWORK
+
++#include <sys/inotify.h>
++
+ /* the strategy is to set a inotify on the directories containing
+ resolv files, for any files in the directory which are close-write
+ or moved into the directory.
+--
+2.1.0
+
--- /dev/null
+From 81c538efcebfce2ce4a1d3a420b6c885b8f08df9 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Sat, 3 Jan 2015 16:36:14 +0000
+Subject: [PATCH 24/55] Implement makefile dependencies on COPTS variable.
+
+---
+ .gitignore | 2 +-
+ Makefile | 10 ++++++----
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/.gitignore b/.gitignore
+index fcdbcbd135ae..23f11488ab4c 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -3,7 +3,7 @@ src/*.mo
+ src/dnsmasq.pot
+ src/dnsmasq
+ src/dnsmasq_baseline
+-src/.configured
++src/.copts_*
+ contrib/wrt/dhcp_lease_time
+ contrib/wrt/dhcp_release
+ debian/base/
+diff --git a/Makefile b/Makefile
+index c340f1c7b59a..5675f60c2036 100644
+--- a/Makefile
++++ b/Makefile
+@@ -64,6 +64,8 @@ nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG
+ gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
+ sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
+ version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
++copts_conf = .copts_$(shell $(CC) -DDNSMASQ_COMPILE_OPTS $(COPTS) -E $(top)/$(SRC)/dnsmasq.h | \
++ ( md5sum 2>/dev/null || md5 ) | cut -f 1 -d ' ')
+
+ objs = cache.o rfc1035.o util.o option.o forward.o network.o \
+ dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+@@ -83,7 +85,7 @@ all : $(BUILDDIR)
+
+ mostly_clean :
+ rm -f $(BUILDDIR)/*.mo $(BUILDDIR)/*.pot
+- rm -f $(BUILDDIR)/.configured $(BUILDDIR)/*.o $(BUILDDIR)/dnsmasq.a $(BUILDDIR)/dnsmasq
++ rm -f $(BUILDDIR)/.copts_* $(BUILDDIR)/*.o $(BUILDDIR)/dnsmasq.a $(BUILDDIR)/dnsmasq
+
+ clean : mostly_clean
+ rm -f $(BUILDDIR)/dnsmasq_baseline
+@@ -139,8 +141,8 @@ bloatcheck : $(BUILDDIR)/dnsmasq_baseline mostly_clean all
+
+ # rules below are targets in recusive makes with cwd=$(BUILDDIR)
+
+-.configured: $(hdrs)
+- @rm -f *.o
++$(copts_conf): $(hdrs)
++ @rm -f *.o .copts_*
+ @touch $@
+
+ $(objs:.o=.c) $(hdrs):
+@@ -149,7 +151,7 @@ $(objs:.o=.c) $(hdrs):
+ .c.o:
+ $(CC) $(CFLAGS) $(COPTS) $(i18n) $(build_cflags) $(RPM_OPT_FLAGS) -c $<
+
+-dnsmasq : .configured $(hdrs) $(objs)
++dnsmasq : $(copts_conf) $(hdrs) $(objs)
+ $(CC) $(LDFLAGS) -o $@ $(objs) $(build_libs) $(LIBS)
+
+ dnsmasq.pot : $(objs:.o=.c) $(hdrs)
+--
+2.1.0
+
--- /dev/null
+From d8dbd903d024f84a149dac2f8a674a68dfed47a3 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Mon, 5 Jan 2015 17:03:35 +0000
+Subject: [PATCH 25/55] Fix race condition issue in makefile.
+
+---
+ Makefile | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 5675f60c2036..bcbd5571671d 100644
+--- a/Makefile
++++ b/Makefile
+@@ -148,10 +148,12 @@ $(copts_conf): $(hdrs)
+ $(objs:.o=.c) $(hdrs):
+ ln -s $(top)/$(SRC)/$@ .
+
++$(objs): $(copts_conf) $(hdrs)
++
+ .c.o:
+ $(CC) $(CFLAGS) $(COPTS) $(i18n) $(build_cflags) $(RPM_OPT_FLAGS) -c $<
+
+-dnsmasq : $(copts_conf) $(hdrs) $(objs)
++dnsmasq : $(objs)
+ $(CC) $(LDFLAGS) -o $@ $(objs) $(build_libs) $(LIBS)
+
+ dnsmasq.pot : $(objs:.o=.c) $(hdrs)
+--
+2.1.0
+
--- /dev/null
+From 97e618a0e3f29465acc689d87288596b006f197e Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 7 Jan 2015 21:55:43 +0000
+Subject: [PATCH 26/55] DNSSEC: do top-down search for limit of secure
+ delegation.
+
+---
+ CHANGELOG | 9 ++
+ src/dnsmasq.h | 11 +-
+ src/dnssec.c | 91 +++++++++-------
+ src/forward.c | 327 +++++++++++++++++++++++++++++++++-------------------------
+ 4 files changed, 260 insertions(+), 178 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 2b6356bcfb02..e8bf80f81baa 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -31,7 +31,16 @@ version 2.73
+ request for certain domains, before the correct answer can
+ arrive. Thanks to Glen Huang for the patch.
+
++ Revisit the part of DNSSEC validation which determines if an
++ unsigned answer is legit, or is in some part of the DNS
++ tree which should be signed. Dnsmasq now works from the
++ DNS root downward looking for the limit of signed
++ delegations, rather than working bottom up. This is
++ both more correct, and less likely to trip over broken
++ nameservers in the unsigned parts of the DNS tree
++ which don't respond well to DNSSEC queries.
+
++
+ version 2.72
+ Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 7bc982ddf73c..2f4597294a56 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -569,8 +569,9 @@ struct hostsfile {
+ #define STAT_SECURE_WILDCARD 7
+ #define STAT_NO_SIG 8
+ #define STAT_NO_DS 9
+-#define STAT_NEED_DS_NEG 10
+-#define STAT_CHASE_CNAME 11
++#define STAT_NO_NS 10
++#define STAT_NEED_DS_NEG 11
++#define STAT_CHASE_CNAME 12
+
+ #define FREC_NOREBIND 1
+ #define FREC_CHECKING_DISABLED 2
+@@ -604,7 +605,9 @@ struct frec {
+ #ifdef HAVE_DNSSEC
+ int class, work_counter;
+ struct blockdata *stash; /* Saved reply, whilst we validate */
+- size_t stash_len;
++ struct blockdata *orig_domain; /* domain of original query, whilst
++ we're seeing is if in unsigned domain */
++ size_t stash_len, name_start, name_len;
+ struct frec *dependent; /* Query awaiting internally-generated DNSKEY or DS query */
+ struct frec *blocking_query; /* Query which is blocking us. */
+ #endif
+@@ -1126,7 +1129,7 @@ int in_zone(struct auth_zone *zone, char *name, char **cut);
+ size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr);
+ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t n, char *name, char *keyname, int class);
+ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class);
+-int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer);
++int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer, int *nons);
+ int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname);
+ int dnskey_keytag(int alg, int flags, unsigned char *rdata, int rdlen);
+ size_t filter_rrsigs(struct dns_header *header, size_t plen);
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 026794b077e5..8f27677628b2 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -875,8 +875,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
+ /* The DNS packet is expected to contain the answer to a DNSKEY query.
+ Put all DNSKEYs in the answer which are valid into the cache.
+ return codes:
+- STAT_INSECURE No DNSKEYs in reply.
+- STAT_SECURE At least one valid DNSKEY found and in cache.
++ STAT_SECURE At least one valid DNSKEY found and in cache.
+ STAT_BOGUS No DNSKEYs found, which can be validated with DS,
+ or self-sign for DNSKEY RRset is not valid, bad packet.
+ STAT_NEED_DS DS records to validate a key not found, name in keyname
+@@ -896,11 +895,8 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
+ GETSHORT(qtype, p);
+ GETSHORT(qclass, p);
+
+- if (qtype != T_DNSKEY || qclass != class)
++ if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
+ return STAT_BOGUS;
+-
+- if (ntohs(header->ancount) == 0)
+- return STAT_INSECURE;
+
+ /* See if we have cached a DS record which validates this key */
+ if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
+@@ -1103,17 +1099,17 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
+ /* The DNS packet is expected to contain the answer to a DS query
+ Put all DSs in the answer which are valid into the cache.
+ return codes:
+- STAT_INSECURE no DS in reply or not signed.
+ STAT_SECURE At least one valid DS found and in cache.
+ STAT_NO_DS It's proved there's no DS here.
+- STAT_BOGUS At least one DS found, which fails validation, bad packet.
++ STAT_NO_NS It's proved there's no DS _or_ NS here.
++ STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
+ STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
+ */
+
+ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
+ {
+ unsigned char *p = (unsigned char *)(header+1);
+- int qtype, qclass, val, i, neganswer;
++ int qtype, qclass, val, i, neganswer, nons;
+
+ if (ntohs(header->qdcount) != 1 ||
+ !(p = skip_name(p, header, plen, 4)))
+@@ -1125,32 +1121,39 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
+ if (qtype != T_DS || qclass != class)
+ val = STAT_BOGUS;
+ else
+- val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer);
+-
+- if (val == STAT_NO_SIG)
+- val = STAT_INSECURE;
++ val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer, &nons);
++ /* Note dnssec_validate_reply() will have cached positive answers */
++
++ if (val == STAT_NO_SIG || val == STAT_INSECURE)
++ val = STAT_BOGUS;
+
+ p = (unsigned char *)(header+1);
+ extract_name(header, plen, &p, name, 1, 4);
+ p += 4; /* qtype, qclass */
+
+ if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
+- return STAT_BOGUS;
++ val = STAT_BOGUS;
+
+ if (val == STAT_BOGUS)
+- log_query(F_UPSTREAM, name, NULL, "BOGUS DS");
+-
+- if ((val == STAT_SECURE || val == STAT_INSECURE) && neganswer)
+ {
+- int rdlen, flags = F_FORWARD | F_DS | F_NEG;
++ log_query(F_UPSTREAM, name, NULL, "BOGUS DS");
++ return STAT_BOGUS;
++ }
++
++ /* By here, the answer is proved secure, and a positive answer has been cached. */
++ if (val == STAT_SECURE && neganswer)
++ {
++ int rdlen, flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
+ unsigned long ttl, minttl = ULONG_MAX;
+ struct all_addr a;
+
+ if (RCODE(header) == NXDOMAIN)
+ flags |= F_NXDOMAIN;
+
+- if (val == STAT_SECURE)
+- flags |= F_DNSSECOK;
++ /* We only cache validated DS records, DNSSECOK flag hijacked
++ to store presence/absence of NS. */
++ if (nons)
++ flags &= ~F_DNSSECOK;
+
+ for (i = ntohs(header->nscount); i != 0; i--)
+ {
+@@ -1196,10 +1199,12 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
+ a.addr.dnssec.class = class;
+ cache_insert(name, &a, now, ttl, flags);
+
+- cache_end_insert();
++ cache_end_insert();
++
++ log_query(F_UPSTREAM, name, NULL, nons ? "no delegation" : "no DS");
+ }
+
+- return (val == STAT_SECURE) ? STAT_NO_DS : STAT_INSECURE;
++ return nons ? STAT_NO_NS : STAT_NO_DS;
+ }
+
+ return val;
+@@ -1323,12 +1328,15 @@ static int find_nsec_records(struct dns_header *header, size_t plen, unsigned ch
+ }
+
+ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
+- char *workspace1, char *workspace2, char *name, int type)
++ char *workspace1, char *workspace2, char *name, int type, int *nons)
+ {
+ int i, rc, rdlen;
+ unsigned char *p, *psave;
+ int offset = (type & 0xff) >> 3;
+ int mask = 0x80 >> (type & 0x07);
++
++ if (nons)
++ *nons = 0;
+
+ /* Find NSEC record that proves name doesn't exist */
+ for (i = 0; i < nsec_count; i++)
+@@ -1355,6 +1363,10 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
+ rdlen -= p - psave;
+ /* rdlen is now length of type map, and p points to it */
+
++ /* If we can prove that there's no NS record, return that information. */
++ if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
++ *nons = 1;
++
+ while (rdlen >= 2)
+ {
+ if (!CHECK_LEN(header, p, plen, rdlen))
+@@ -1456,7 +1468,7 @@ static int base32_decode(char *in, unsigned char *out)
+ }
+
+ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
+- char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count)
++ char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count, int *nons)
+ {
+ int i, hash_len, salt_len, base32_len, rdlen;
+ unsigned char *p, *psave;
+@@ -1497,6 +1509,10 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige
+ if (!CHECK_LEN(header, p, plen, rdlen))
+ return 0;
+
++ /* If we can prove that there's no NS record, return that information. */
++ if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
++ *nons = 1;
++
+ while (rdlen >= 2)
+ {
+ if (p[0] == type >> 8)
+@@ -1533,13 +1549,16 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige
+ }
+
+ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
+- char *workspace1, char *workspace2, char *name, int type, char *wildname)
++ char *workspace1, char *workspace2, char *name, int type, char *wildname, int *nons)
+ {
+ unsigned char *salt, *p, *digest;
+ int digest_len, i, iterations, salt_len, base32_len, algo = 0;
+ struct nettle_hash const *hash;
+ char *closest_encloser, *next_closest, *wildcard;
+-
++
++ if (nons)
++ *nons = 0;
++
+ /* Look though the NSEC3 records to find the first one with
+ an algorithm we support (currently only algo == 1).
+
+@@ -1612,7 +1631,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
+ if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
+ return STAT_BOGUS;
+
+- if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count))
++ if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, nons))
+ return STAT_SECURE;
+
+ /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
+@@ -1657,7 +1676,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
+ if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
+ return STAT_BOGUS;
+
+- if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count))
++ if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
+ return STAT_BOGUS;
+
+ /* Finally, check that there's no seat of wildcard synthesis */
+@@ -1672,7 +1691,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
+ if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
+ return STAT_BOGUS;
+
+- if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count))
++ if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
+ return STAT_BOGUS;
+ }
+
+@@ -1681,7 +1700,8 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
+
+ /* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
+ /* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
+-int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer)
++int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname,
++ int *class, int *neganswer, int *nons)
+ {
+ unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
+ int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
+@@ -1811,10 +1831,11 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+ return STAT_BOGUS; /* No NSECs or bad packet */
+
+ if (nsec_type == T_NSEC)
+- rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
++ rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, NULL);
+ else
+- rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, wildname);
+-
++ rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename,
++ keyname, name, type1, wildname, NULL);
++
+ if (rc != STAT_SECURE)
+ return rc;
+ }
+@@ -1937,9 +1958,9 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+ return STAT_BOGUS;
+
+ if (nsec_type == T_NSEC)
+- return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
++ return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, nons);
+ else
+- return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL);
++ return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL, nons);
+ }
+
+ /* Chase the CNAME chain in the packet until the first record which _doesn't validate.
+diff --git a/src/forward.c b/src/forward.c
+index f28c7d51f708..ee8d7b52d5e5 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -26,8 +26,9 @@ static void free_frec(struct frec *f);
+ #ifdef HAVE_DNSSEC
+ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, size_t n,
+ int class, char *name, char *keyname, struct server *server, int *keycount);
+-static int do_check_sign(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class);
+-static int send_check_sign(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname);
++static int do_check_sign(struct frec *forward, int status, time_t now, char *name, char *keyname);
++static int send_check_sign(struct frec *forward, time_t now, struct dns_header *header, size_t plen,
++ char *name, char *keyname);
+ #endif
+
+
+@@ -815,18 +816,22 @@ void reply_query(int fd, int family, time_t now)
+ else if (forward->flags & FREC_DS_QUERY)
+ {
+ status = dnssec_validate_ds(now, header, n, daemon->namebuff, daemon->keyname, forward->class);
+- if (status == STAT_NO_DS)
+- status = STAT_INSECURE;
++ if (status == STAT_NO_DS || status == STAT_NO_NS)
++ status = STAT_BOGUS;
+ }
+ else if (forward->flags & FREC_CHECK_NOSIGN)
+- status = do_check_sign(now, header, n, daemon->namebuff, daemon->keyname, forward->class);
++ {
++ status = dnssec_validate_ds(now, header, n, daemon->namebuff, daemon->keyname, forward->class);
++ if (status != STAT_NEED_KEY)
++ status = do_check_sign(forward, status, now, daemon->namebuff, daemon->keyname);
++ }
+ else
+ {
+- status = dnssec_validate_reply(now, header, n, daemon->namebuff, daemon->keyname, &forward->class, NULL);
++ status = dnssec_validate_reply(now, header, n, daemon->namebuff, daemon->keyname, &forward->class, NULL, NULL);
+ if (status == STAT_NO_SIG)
+ {
+ if (option_bool(OPT_DNSSEC_NO_SIGN))
+- status = send_check_sign(now, header, n, daemon->namebuff, daemon->keyname);
++ status = send_check_sign(forward, now, header, n, daemon->namebuff, daemon->keyname);
+ else
+ status = STAT_INSECURE;
+ }
+@@ -861,6 +866,7 @@ void reply_query(int fd, int family, time_t now)
+ new->blocking_query = NULL;
+ new->sentto = server;
+ new->rfd4 = NULL;
++ new->orig_domain = NULL;
+ #ifdef HAVE_IPV6
+ new->rfd6 = NULL;
+ #endif
+@@ -889,7 +895,9 @@ void reply_query(int fd, int family, time_t now)
+ new->new_id = get_id();
+ header->id = htons(new->new_id);
+ /* Save query for retransmission */
+- new->stash = blockdata_alloc((char *)header, nn);
++ if (!(new->stash = blockdata_alloc((char *)header, nn)))
++ return;
++
+ new->stash_len = nn;
+
+ /* Don't resend this. */
+@@ -946,18 +954,22 @@ void reply_query(int fd, int family, time_t now)
+ else if (forward->flags & FREC_DS_QUERY)
+ {
+ status = dnssec_validate_ds(now, header, n, daemon->namebuff, daemon->keyname, forward->class);
+- if (status == STAT_NO_DS)
+- status = STAT_INSECURE;
++ if (status == STAT_NO_DS || status == STAT_NO_NS)
++ status = STAT_BOGUS;
+ }
+ else if (forward->flags & FREC_CHECK_NOSIGN)
+- status = do_check_sign(now, header, n, daemon->namebuff, daemon->keyname, forward->class);
++ {
++ status = dnssec_validate_ds(now, header, n, daemon->namebuff, daemon->keyname, forward->class);
++ if (status != STAT_NEED_KEY)
++ status = do_check_sign(forward, status, now, daemon->namebuff, daemon->keyname);
++ }
+ else
+ {
+- status = dnssec_validate_reply(now, header, n, daemon->namebuff, daemon->keyname, &forward->class, NULL);
++ status = dnssec_validate_reply(now, header, n, daemon->namebuff, daemon->keyname, &forward->class, NULL, NULL);
+ if (status == STAT_NO_SIG)
+ {
+ if (option_bool(OPT_DNSSEC_NO_SIGN))
+- status = send_check_sign(now, header, n, daemon->namebuff, daemon->keyname);
++ status = send_check_sign(forward, now, header, n, daemon->namebuff, daemon->keyname);
+ else
+ status = STAT_INSECURE;
+ }
+@@ -1319,70 +1331,80 @@ void receive_query(struct listener *listen, time_t now)
+ /* UDP: we've got an unsigned answer, return STAT_INSECURE if we can prove there's no DS
+ and therefore the answer shouldn't be signed, or STAT_BOGUS if it should be, or
+ STAT_NEED_DS_NEG and keyname if we need to do the query. */
+-static int send_check_sign(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
++static int send_check_sign(struct frec *forward, time_t now, struct dns_header *header, size_t plen,
++ char *name, char *keyname)
+ {
+- struct crec *crecp;
+- char *name_start = name;
+ int status = dnssec_chase_cname(now, header, plen, name, keyname);
+
+ if (status != STAT_INSECURE)
+ return status;
+
++ /* Store the domain we're trying to check. */
++ forward->name_start = strlen(name);
++ forward->name_len = forward->name_start + 1;
++ if (!(forward->orig_domain = blockdata_alloc(name, forward->name_len)))
++ return STAT_BOGUS;
++
++ return do_check_sign(forward, 0, now, name, keyname);
++}
++
++/* We either have a a reply (header non-NULL, or we need to start by looking in the cache */
++static int do_check_sign(struct frec *forward, int status, time_t now, char *name, char *keyname)
++{
++ /* get domain we're checking back from blockdata store, it's stored on the original query. */
++ while (forward->dependent)
++ forward = forward->dependent;
++
++ blockdata_retrieve(forward->orig_domain, forward->name_len, name);
++
+ while (1)
+ {
+- crecp = cache_find_by_name(NULL, name_start, now, F_DS);
+-
+- if (crecp && (crecp->flags & F_DNSSECOK))
+- return (crecp->flags & F_NEG) ? STAT_INSECURE : STAT_BOGUS;
+-
+- if (crecp && (crecp->flags & F_NEG) && (name_start = strchr(name_start, '.')))
++ char *p;
++
++ if (status == 0)
+ {
+- name_start++; /* chop a label off and try again */
+- continue;
++ struct crec *crecp;
++
++ /* Haven't received answer, see if in cache */
++ if (!(crecp = cache_find_by_name(NULL, &name[forward->name_start], now, F_DS)))
++ {
++ /* put name of DS record we're missing into keyname */
++ strcpy(keyname, &name[forward->name_start]);
++ /* and wait for reply to arrive */
++ return STAT_NEED_DS_NEG;
++ }
++
++ /* F_DNSSECOK misused in DS cache records to non-existance of NS record */
++ if (!(crecp->flags & F_NEG))
++ status = STAT_SECURE;
++ else if (crecp->flags & F_DNSSECOK)
++ status = STAT_NO_DS;
++ else
++ status = STAT_NO_NS;
+ }
++
++ /* Have entered non-signed part of DNS tree. */
++ if (status == STAT_NO_DS)
++ return STAT_INSECURE;
+
+- /* Reached the root */
+- if (!name_start)
++ if (status == STAT_BOGUS)
+ return STAT_BOGUS;
+
+- strcpy(keyname, name_start);
+- return STAT_NEED_DS_NEG;
+- }
+-}
+-
+-/* Got answer to DS query from send_check_sign, check for proven non-existence, or make the next DS query to try. */
+-static int do_check_sign(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
+-
+-{
+- char *name_start;
+- unsigned char *p;
+- int status;
++ /* There's a proven DS record, or we're within a zone, where there doesn't need
++ to be a DS record. Add a name and try again.
++ If we've already tried the whole name, then fail */
+
+- /* In this case only, a SERVFAIL reply allows us to continue up the tree, looking for a
+- suitable NSEC reply to DS queries. */
+- if (RCODE(header) != SERVFAIL)
+- {
+- status = dnssec_validate_ds(now, header, plen, name, keyname, class);
++ if (forward->name_start == 0)
++ return STAT_BOGUS;
+
+- if (status != STAT_INSECURE)
+- {
+- if (status == STAT_NO_DS)
+- status = STAT_INSECURE;
+- return status;
+- }
+- }
+-
+- p = (unsigned char *)(header+1);
+-
+- if (extract_name(header, plen, &p, name, 1, 4) &&
+- (name_start = strchr(name, '.')))
+- {
+- name_start++; /* chop a label off and try again */
+- strcpy(keyname, name_start);
+- return STAT_NEED_DS_NEG;
++ for (p = &name[forward->name_start-2]; (*p != '.') && (p != name); p--);
++
++ if (p != name)
++ p++;
++
++ forward->name_start = p - name;
++ status = 0; /* force to cache when we iterate. */
+ }
+-
+- return STAT_BOGUS;
+ }
+
+ /* Move toward the root, until we find a signed non-existance of a DS, in which case
+@@ -1395,8 +1417,10 @@ static int tcp_check_for_unsigned_zone(time_t now, struct dns_header *header, s
+ unsigned char *packet, *payload;
+ u16 *length;
+ unsigned char *p = (unsigned char *)(header+1);
+- int status;
+- char *name_start = name;
++ int status, name_len;
++ struct blockdata *block;
++
++ char *name_start;
+
+ /* Get first insecure entry in CNAME chain */
+ status = tcp_key_recurse(now, STAT_CHASE_CNAME, header, plen, class, name, keyname, server, keycount);
+@@ -1409,95 +1433,113 @@ static int tcp_check_for_unsigned_zone(time_t now, struct dns_header *header, s
+ payload = &packet[2];
+ header = (struct dns_header *)payload;
+ length = (u16 *)packet;
++
++ /* Stash the name away, since the buffer will be trashed when we recurse */
++ name_len = strlen(name) + 1;
++ name_start = name + name_len - 1;
+
++ if (!(block = blockdata_alloc(name, name_len)))
++ {
++ free(packet);
++ return STAT_BOGUS;
++ }
++
+ while (1)
+ {
+- unsigned char *newhash, hash[HASH_SIZE];
+ unsigned char c1, c2;
+- struct crec *crecp = cache_find_by_name(NULL, name_start, now, F_DS);
+-
++ struct crec *crecp;
++
+ if (--(*keycount) == 0)
+ {
+ free(packet);
++ blockdata_free(block);
+ return STAT_BOGUS;
+ }
+-
+- if (crecp && (crecp->flags & F_DNSSECOK))
+- {
+- free(packet);
+- return (crecp->flags & F_NEG) ? STAT_INSECURE : STAT_BOGUS;
+- }
+
+- /* If we have cached insecurely that a DS doesn't exist,
+- ise that is a hit for where to start looking for the secure one */
+- if (crecp && (crecp->flags & F_NEG) && (name_start = strchr(name_start, '.')))
+- {
+- name_start++; /* chop a label off and try again */
+- continue;
+- }
+-
+- /* reached the root */
+- if (!name_start)
+- {
+- free(packet);
+- return STAT_BOGUS;
++ while (crecp = cache_find_by_name(NULL, name_start, now, F_DS))
++ {
++ if ((crecp->flags & F_NEG) && (crecp->flags & F_DNSSECOK))
++ {
++ /* Found a secure denial of DS - delegation is indeed insecure */
++ free(packet);
++ blockdata_free(block);
++ return STAT_INSECURE;
++ }
++
++ /* Here, either there's a secure DS, or no NS and no DS, and therefore no delegation.
++ Add another label and continue. */
++
++ if (name_start == name)
++ {
++ free(packet);
++ blockdata_free(block);
++ return STAT_BOGUS; /* run out of labels */
++ }
++
++ name_start -= 2;
++ while (*name_start != '.' && name_start != name)
++ name_start--;
++ if (name_start != name)
++ name_start++;
+ }
++
++ /* Can't find it in the cache, have to send a query */
+
+ m = dnssec_generate_query(header, ((char *) header) + 65536, name_start, class, T_DS, &server->addr);
+
+- /* We rely on the question section coming back unchanged, ensure it is with the hash. */
+- if ((newhash = hash_questions(header, (unsigned int)m, name)))
+- {
+- memcpy(hash, newhash, HASH_SIZE);
++ *length = htons(m);
+
+- *length = htons(m);
++ if (read_write(server->tcpfd, packet, m + sizeof(u16), 0) &&
++ read_write(server->tcpfd, &c1, 1, 1) &&
++ read_write(server->tcpfd, &c2, 1, 1) &&
++ read_write(server->tcpfd, payload, (c1 << 8) | c2, 1))
++ {
++ m = (c1 << 8) | c2;
++
++ /* Note this trashes all three name workspaces */
++ status = tcp_key_recurse(now, STAT_NEED_DS_NEG, header, m, class, name, keyname, server, keycount);
+
+- if (read_write(server->tcpfd, packet, m + sizeof(u16), 0) &&
+- read_write(server->tcpfd, &c1, 1, 1) &&
+- read_write(server->tcpfd, &c2, 1, 1) &&
+- read_write(server->tcpfd, payload, (c1 << 8) | c2, 1))
++ if (status == STAT_NO_DS)
+ {
+- m = (c1 << 8) | c2;
+-
+- newhash = hash_questions(header, (unsigned int)m, name);
+- if (newhash && memcmp(hash, newhash, HASH_SIZE) == 0)
+- {
+- /* In this case only, a SERVFAIL reply allows us to continue up the tree, looking for a
+- suitable NSEC reply to DS queries. */
+- if (RCODE(header) == SERVFAIL)
+- status = STAT_INSECURE;
+- else
+- /* Note this trashes all three name workspaces */
+- status = tcp_key_recurse(now, STAT_NEED_DS_NEG, header, m, class, name, keyname, server, keycount);
+-
+- /* We've found a DS which proves the bit of the DNS where the
+- original query is, is unsigned, so the answer is OK,
+- if unvalidated. */
+- if (status == STAT_NO_DS)
+- {
+- free(packet);
+- return STAT_INSECURE;
+- }
+-
+- /* No DS, not got to DNSSEC-land yet, go up. */
+- if (status == STAT_INSECURE)
+- {
+- p = (unsigned char *)(header+1);
+-
+- if (extract_name(header, plen, &p, name, 1, 4) &&
+- (name_start = strchr(name, '.')))
+- {
+- name_start++; /* chop a label off and try again */
+- continue;
+- }
+- }
+- }
++ /* Found a secure denial of DS - delegation is indeed insecure */
++ free(packet);
++ blockdata_free(block);
++ return STAT_INSECURE;
++ }
++
++ if (status == STAT_BOGUS)
++ {
++ free(packet);
++ blockdata_free(block);
++ return STAT_BOGUS;
++ }
++
++ /* Here, either there's a secure DS, or no NS and no DS, and therefore no delegation.
++ Add another label and continue. */
++
++ /* Get name we're checking back. */
++ blockdata_retrieve(block, name_len, name);
++
++ if (name_start == name)
++ {
++ free(packet);
++ blockdata_free(block);
++ return STAT_BOGUS; /* run out of labels */
+ }
++
++ name_start -= 2;
++ while (*name_start != '.' && name_start != name)
++ name_start--;
++ if (name_start != name)
++ name_start++;
++ }
++ else
++ {
++ /* IO failure */
++ free(packet);
++ blockdata_free(block);
++ return STAT_BOGUS; /* run out of labels */
+ }
+-
+- free(packet);
+-
+- return STAT_BOGUS;
+ }
+ }
+
+@@ -1516,14 +1558,14 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
+ else if (status == STAT_NEED_DS || status == STAT_NEED_DS_NEG)
+ {
+ new_status = dnssec_validate_ds(now, header, n, name, keyname, class);
+- if (status == STAT_NEED_DS && new_status == STAT_NO_DS)
+- new_status = STAT_INSECURE;
++ if (status == STAT_NEED_DS && (new_status == STAT_NO_DS || new_status == STAT_NO_NS))
++ new_status = STAT_BOGUS;
+ }
+ else if (status == STAT_CHASE_CNAME)
+ new_status = dnssec_chase_cname(now, header, n, name, keyname);
+ else
+ {
+- new_status = dnssec_validate_reply(now, header, n, name, keyname, &class, NULL);
++ new_status = dnssec_validate_reply(now, header, n, name, keyname, &class, NULL, NULL);
+
+ if (new_status == STAT_NO_SIG)
+ {
+@@ -1576,14 +1618,14 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
+ else if (status == STAT_NEED_DS || status == STAT_NEED_DS_NEG)
+ {
+ new_status = dnssec_validate_ds(now, header, n, name, keyname, class);
+- if (status == STAT_NEED_DS && new_status == STAT_NO_DS)
+- new_status = STAT_INSECURE; /* Validated no DS */
++ if (status == STAT_NEED_DS && (new_status == STAT_NO_DS || new_status == STAT_NO_NS))
++ new_status = STAT_BOGUS; /* Validated no DS */
+ }
+ else if (status == STAT_CHASE_CNAME)
+ new_status = dnssec_chase_cname(now, header, n, name, keyname);
+ else
+ {
+- new_status = dnssec_validate_reply(now, header, n, name, keyname, &class, NULL);
++ new_status = dnssec_validate_reply(now, header, n, name, keyname, &class, NULL, NULL);
+
+ if (new_status == STAT_NO_SIG)
+ {
+@@ -1961,6 +2003,7 @@ static struct frec *allocate_frec(time_t now)
+ f->dependent = NULL;
+ f->blocking_query = NULL;
+ f->stash = NULL;
++ f->orig_domain = NULL;
+ #endif
+ daemon->frec_list = f;
+ }
+@@ -2029,6 +2072,12 @@ static void free_frec(struct frec *f)
+ f->stash = NULL;
+ }
+
++ if (f->orig_domain)
++ {
++ blockdata_free(f->orig_domain);
++ f->orig_domain = NULL;
++ }
++
+ /* Anything we're waiting on is pointless now, too */
+ if (f->blocking_query)
+ free_frec(f->blocking_query);
+--
+2.1.0
+
--- /dev/null
+From 25cf5e373eb41c088d4ee5e625209c4cf6a5659e Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 9 Jan 2015 15:53:03 +0000
+Subject: [PATCH 27/55] Add --log-queries=extra option for more complete
+ logging.
+
+---
+ CHANGELOG | 3 +++
+ man/dnsmasq.8 | 5 ++++-
+ src/cache.c | 11 ++++++++++-
+ src/config.h | 1 +
+ src/dnsmasq.c | 5 +++++
+ src/dnsmasq.h | 9 +++++++--
+ src/dnssec.c | 14 +++++++-------
+ src/forward.c | 30 ++++++++++++++++++++++++++----
+ src/option.c | 11 +++++++++--
+ 9 files changed, 72 insertions(+), 17 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index e8bf80f81baa..0bbb7835df4f 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -40,6 +40,9 @@ version 2.73
+ nameservers in the unsigned parts of the DNS tree
+ which don't respond well to DNSSEC queries.
+
++ Add --log-queries=extra option, which makes logs easier
++ to search automatically.
++
+
+ version 2.72
+ Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 4236ba307df3..227d74bd80e7 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -98,7 +98,10 @@ only, to stop dnsmasq daemonising in production, use
+ .B -k.
+ .TP
+ .B \-q, --log-queries
+-Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on receipt of SIGUSR1.
++Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on receipt of SIGUSR1. If the argument "extra" is supplied, ie
++.B --log-queries=extra
++then the log has extra information at the start of each line.
++This consists of a serial number which ties together the log lines associated with an individual query, and the IP address of the requestor.
+ .TP
+ .B \-8, --log-facility=<facility>
+ Set the facility to which dnsmasq will send syslog entries, this
+diff --git a/src/cache.c b/src/cache.c
+index ff1ca6f1c352..960bb7938778 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1638,7 +1638,16 @@ void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg)
+ if (strlen(name) == 0)
+ name = ".";
+
+- my_syslog(LOG_INFO, "%s %s %s %s", source, name, verb, dest);
++ if (option_bool(OPT_EXTRALOG))
++ {
++ prettyprint_addr(daemon->log_source_addr, daemon->addrbuff2);
++ if (flags & F_NOEXTRA)
++ my_syslog(LOG_INFO, "* %s %s %s %s %s", daemon->addrbuff2, source, name, verb, dest);
++ else
++ my_syslog(LOG_INFO, "%u %s %s %s %s %s", daemon->log_display_id, daemon->addrbuff2, source, name, verb, dest);
++ }
++ else
++ my_syslog(LOG_INFO, "%s %s %s %s", source, name, verb, dest);
+ }
+
+
+diff --git a/src/config.h b/src/config.h
+index 145820ad2510..3b88d8193dca 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -17,6 +17,7 @@
+ #define FTABSIZ 150 /* max number of outstanding requests (default) */
+ #define MAX_PROCS 20 /* max no children for TCP requests */
+ #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
++#define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
+ #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
+ #define KEYBLOCK_LEN 40 /* choose to mininise fragmentation when storing DNSSEC keys */
+ #define DNSSEC_WORK 50 /* Max number of queries to validate one question */
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 5c7750d365fa..c0c0589d4ce1 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -93,6 +93,8 @@ int main (int argc, char **argv)
+ daemon->packet = safe_malloc(daemon->packet_buff_sz);
+
+ daemon->addrbuff = safe_malloc(ADDRSTRLEN);
++ if (option_bool(OPT_EXTRALOG))
++ daemon->addrbuff2 = safe_malloc(ADDRSTRLEN);
+
+ #ifdef HAVE_DNSSEC
+ if (option_bool(OPT_DNSSEC_VALID))
+@@ -1587,6 +1589,9 @@ static void check_dns_listeners(fd_set *set, time_t now)
+ }
+ }
+ close(confd);
++
++ /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
++ daemon->log_id += TCP_MAX_QUERIES;
+ }
+ #endif
+ else
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 2f4597294a56..4e9aea401b75 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -238,7 +238,8 @@ struct event_desc {
+ #define OPT_DNSSEC_NO_SIGN 48
+ #define OPT_LOCAL_SERVICE 49
+ #define OPT_LOOP_DETECT 50
+-#define OPT_LAST 51
++#define OPT_EXTRALOG 51
++#define OPT_LAST 52
+
+ /* extra flags for my_syslog, we use a couple of facilities since they are known
+ not to occupy the same bits as priorities, no matter how syslog.h is set up. */
+@@ -442,6 +443,7 @@ struct crec {
+ #define F_NO_RR (1u<<25)
+ #define F_IPSET (1u<<26)
+ #define F_NSIGMATCH (1u<<27)
++#define F_NOEXTRA (1u<<28)
+
+ /* Values of uid in crecs with F_CONFIG bit set. */
+ #define SRC_INTERFACE 0
+@@ -599,7 +601,7 @@ struct frec {
+ #endif
+ unsigned int iface;
+ unsigned short orig_id, new_id;
+- int fd, forwardall, flags;
++ int log_id, fd, forwardall, flags;
+ time_t time;
+ unsigned char *hash[HASH_SIZE];
+ #ifdef HAVE_DNSSEC
+@@ -1002,6 +1004,8 @@ extern struct daemon {
+ struct randfd randomsocks[RANDOM_SOCKS];
+ int v6pktinfo;
+ struct addrlist *interface_addrs; /* list of all addresses/prefix lengths associated with all local interfaces */
++ int log_id, log_display_id; /* ids of transactions for logging */
++ union mysockaddr *log_source_addr;
+
+ /* DHCP state */
+ int dhcpfd, helperfd, pxefd;
+@@ -1033,6 +1037,7 @@ extern struct daemon {
+
+ /* utility string buffer, hold max sized IP address as string */
+ char *addrbuff;
++ char *addrbuff2; /* only allocated when OPT_EXTRALOG */
+
+ } *daemon;
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 8f27677628b2..afb3dca38cb1 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -1038,7 +1038,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
+ else
+ {
+ a.addr.keytag = keytag;
+- log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
++ log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
+
+ recp1->addr.key.keylen = rdlen - 4;
+ recp1->addr.key.keydata = key;
+@@ -1092,7 +1092,7 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
+ return STAT_SECURE;
+ }
+
+- log_query(F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
++ log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
+ return STAT_BOGUS;
+ }
+
+@@ -1136,7 +1136,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
+
+ if (val == STAT_BOGUS)
+ {
+- log_query(F_UPSTREAM, name, NULL, "BOGUS DS");
++ log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
+ return STAT_BOGUS;
+ }
+
+@@ -1201,7 +1201,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
+
+ cache_end_insert();
+
+- log_query(F_UPSTREAM, name, NULL, nons ? "no delegation" : "no DS");
++ log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no delegation" : "no DS");
+ }
+
+ return nons ? STAT_NO_NS : STAT_NO_DS;
+@@ -1885,7 +1885,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+ else
+ {
+ a.addr.keytag = keytag;
+- log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
++ log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
+ crecp->addr.ds.digest = digest;
+ crecp->addr.ds.keydata = key;
+ crecp->addr.ds.algo = algo;
+@@ -2058,10 +2058,10 @@ size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, i
+ char *types = querystr("dnssec-query", type);
+
+ if (addr->sa.sa_family == AF_INET)
+- log_query(F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
+ #ifdef HAVE_IPV6
+ else
+- log_query(F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
+ #endif
+
+ header->qdcount = htons(1);
+diff --git a/src/forward.c b/src/forward.c
+index 55f583383bc6..713a64c0fa58 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -279,10 +279,10 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
+ plen = forward->stash_len;
+
+ if (forward->sentto->addr.sa.sa_family == AF_INET)
+- log_query(F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec");
++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec");
+ #ifdef HAVE_IPV6
+ else
+- log_query(F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec");
++ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec");
+ #endif
+
+ if (forward->sentto->sfd)
+@@ -389,6 +389,9 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
+ struct server *firstsentto = start;
+ int forwarded = 0;
+
++ /* If a query is retried, use the log_id for the retry when logging the answer. */
++ forward->log_id = daemon->log_id;
++
+ if (option_bool(OPT_ADD_MAC))
+ plen = add_mac(header, plen, ((char *) header) + daemon->packet_buff_sz, &forward->source);
+
+@@ -725,6 +728,11 @@ void reply_query(int fd, int family, time_t now)
+ if (!(forward = lookup_frec(ntohs(header->id), hash)))
+ return;
+
++ /* log_query gets called indirectly all over the place, so
++ pass these in global variables - sorry. */
++ daemon->log_display_id = forward->log_id;
++ daemon->log_source_addr = &forward->source;
++
+ if (daemon->ignore_addr && RCODE(header) == NOERROR &&
+ check_for_ignored_address(header, n, daemon->ignore_addr))
+ return;
+@@ -1258,6 +1266,11 @@ void receive_query(struct listener *listen, time_t now)
+ dst_addr_4.s_addr = 0;
+ }
+ }
++
++ /* log_query gets called indirectly all over the place, so
++ pass these in global variables - sorry. */
++ daemon->log_display_id = ++daemon->log_id;
++ daemon->log_source_addr = &source_addr;
+
+ if (extract_request(header, (size_t)n, daemon->namebuff, &type))
+ {
+@@ -1675,7 +1688,8 @@ unsigned char *tcp_request(int confd, time_t now,
+ struct in_addr dst_addr_4;
+ union mysockaddr peer_addr;
+ socklen_t peer_len = sizeof(union mysockaddr);
+-
++ int query_count = 0;
++
+ if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) == -1)
+ return packet;
+
+@@ -1712,7 +1726,8 @@ unsigned char *tcp_request(int confd, time_t now,
+
+ while (1)
+ {
+- if (!packet ||
++ if (query_count == TCP_MAX_QUERIES ||
++ !packet ||
+ !read_write(confd, &c1, 1, 1) || !read_write(confd, &c2, 1, 1) ||
+ !(size = c1 << 8 | c2) ||
+ !read_write(confd, payload, size, 1))
+@@ -1721,6 +1736,13 @@ unsigned char *tcp_request(int confd, time_t now,
+ if (size < (int)sizeof(struct dns_header))
+ continue;
+
++ query_count++;
++
++ /* log_query gets called indirectly all over the place, so
++ pass these in global variables - sorry. */
++ daemon->log_display_id = ++daemon->log_id;
++ daemon->log_source_addr = &peer_addr;
++
+ check_subnet = 0;
+
+ /* save state of "cd" flag in query */
+diff --git a/src/option.c b/src/option.c
+index 907d0cf88de9..b7372be0a090 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -149,6 +149,7 @@ struct myoption {
+ #define LOPT_LOOP_DETECT 337
+ #define LOPT_IGNORE_ADDR 338
+
++
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =
+ #else
+@@ -160,7 +161,7 @@ static const struct myoption opts[] =
+ { "no-poll", 0, 0, 'n' },
+ { "help", 0, 0, 'w' },
+ { "no-daemon", 0, 0, 'd' },
+- { "log-queries", 0, 0, 'q' },
++ { "log-queries", 2, 0, 'q' },
+ { "user", 2, 0, 'u' },
+ { "group", 2, 0, 'g' },
+ { "resolv-file", 2, 0, 'r' },
+@@ -357,7 +358,7 @@ static struct {
+ { LOPT_FORCE, ARG_DUP, "<optspec>", gettext_noop("DHCP option sent even if the client does not request it."), NULL},
+ { 'p', ARG_ONE, "<integer>", gettext_noop("Specify port to listen for DNS requests on (defaults to 53)."), NULL },
+ { 'P', ARG_ONE, "<integer>", gettext_noop("Maximum supported UDP packet size for EDNS.0 (defaults to %s)."), "*" },
+- { 'q', OPT_LOG, NULL, gettext_noop("Log DNS queries."), NULL },
++ { 'q', ARG_DUP, NULL, gettext_noop("Log DNS queries."), NULL },
+ { 'Q', ARG_ONE, "<integer>", gettext_noop("Force the originating port for upstream DNS queries."), NULL },
+ { 'R', OPT_NO_RESOLV, NULL, gettext_noop("Do NOT read resolv.conf."), NULL },
+ { 'r', ARG_DUP, "<path>", gettext_noop("Specify path to resolv.conf (defaults to %s)."), RESOLVFILE },
+@@ -2421,6 +2422,12 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ ret_err(gen_err);
+ break;
+
++ case 'q': /* --log-queries */
++ set_option_bool(OPT_LOG);
++ if (arg && strcmp(arg, "extra") == 0)
++ set_option_bool(OPT_EXTRALOG);
++ break;
++
+ case LOPT_MAX_LOGS: /* --log-async */
+ daemon->max_logs = LOG_MAX; /* default */
+ if (arg && !atoi_check(arg, &daemon->max_logs))
+--
+2.1.0
+
--- /dev/null
+From 28de38768e2c7d763b9aa5b7a4d251d5e56bab0b Mon Sep 17 00:00:00 2001
+From: RinSatsuki <aa65535@live.com>
+Date: Sat, 10 Jan 2015 15:22:21 +0000
+Subject: [PATCH 28/55] Add --min-cache-ttl option.
+
+---
+ CHANGELOG | 7 +++++++
+ man/dnsmasq.8 | 6 ++++++
+ src/cache.c | 4 +++-
+ src/config.h | 1 +
+ src/dnsmasq.h | 2 +-
+ src/option.c | 11 +++++++++++
+ 6 files changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 0bbb7835df4f..23fc6d0530cf 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -43,6 +43,13 @@ version 2.73
+ Add --log-queries=extra option, which makes logs easier
+ to search automatically.
+
++ Add --min-cache-ttl option. I've resisted this for a long
++ time, on the grounds that disbelieving TTLs is never a
++ good idea, but I've been persuaded that there are
++ sometimes reasons to do it. (Step forward, GFW).
++ To avoid misuse, there's a hard limit on the TTL
++ floor of one hour. Thansk to RinSatsuki for the patch.
++
+
+ version 2.72
+ Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 227d74bd80e7..5cfa355dea4a 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -81,6 +81,12 @@ the upstream DNS servers.
+ .B --max-cache-ttl=<time>
+ Set a maximum TTL value for entries in the cache.
+ .TP
++.B --min-cache-ttl=<time>
++Extend short TTL values to the time given when caching them. Note that
++artificially extending TTL values is in general a bad idea, do not do it
++unless you have a good reason, and understand what you are doing.
++Dnsmasq limits the value of this option to one hour, unless recompiled.
++.TP
+ .B --auth-ttl=<time>
+ Set the TTL value returned in answers from the authoritative server.
+ .TP
+diff --git a/src/cache.c b/src/cache.c
+index 960bb7938778..945be071a0b6 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -461,9 +461,11 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
+ if (flags & (F_IPV4 | F_IPV6 | F_CNAME))
+ {
+ log_query(flags | F_UPSTREAM, name, addr, NULL);
+- /* Don;t mess with TTL for DNSSEC records. */
++ /* Don't mess with TTL for DNSSEC records. */
+ if (daemon->max_cache_ttl != 0 && daemon->max_cache_ttl < ttl)
+ ttl = daemon->max_cache_ttl;
++ if (daemon->min_cache_ttl != 0 && daemon->min_cache_ttl > ttl)
++ ttl = daemon->min_cache_ttl;
+ }
+
+ /* if previous insertion failed give up now. */
+diff --git a/src/config.h b/src/config.h
+index 3b88d8193dca..cdca231b4079 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -27,6 +27,7 @@
+ #define RANDOM_SOCKS 64 /* max simultaneous random ports */
+ #define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */
+ #define CACHESIZ 150 /* default cache size */
++#define TTL_FLOOR_LIMIT 3600 /* don't allow --min-cache-ttl to raise TTL above this under any circumstances */
+ #define MAXLEASES 1000 /* maximum number of DHCP leases */
+ #define PING_WAIT 3 /* wait for ping address-in-use test */
+ #define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 4e9aea401b75..f8275e3ac479 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -943,7 +943,7 @@ extern struct daemon {
+ int max_logs; /* queue limit */
+ int cachesize, ftabsize;
+ int port, query_port, min_port;
+- unsigned long local_ttl, neg_ttl, max_ttl, max_cache_ttl, auth_ttl;
++ unsigned long local_ttl, neg_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl;
+ struct hostsfile *addn_hosts;
+ struct dhcp_context *dhcp, *dhcp6;
+ struct ra_interface *ra_interfaces;
+diff --git a/src/option.c b/src/option.c
+index b7372be0a090..8b994098cc9f 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -148,6 +148,7 @@ struct myoption {
+ #define LOPT_DNSSEC_TIME 336
+ #define LOPT_LOOP_DETECT 337
+ #define LOPT_IGNORE_ADDR 338
++#define LOPT_MINCTTL 339
+
+
+ #ifdef HAVE_GETOPT_LONG
+@@ -256,6 +257,7 @@ static const struct myoption opts[] =
+ { "dhcp-broadcast", 2, 0, LOPT_BROADCAST },
+ { "neg-ttl", 1, 0, LOPT_NEGTTL },
+ { "max-ttl", 1, 0, LOPT_MAXTTL },
++ { "min-cache-ttl", 1, 0, LOPT_MINCTTL },
+ { "max-cache-ttl", 1, 0, LOPT_MAXCTTL },
+ { "dhcp-alternate-port", 2, 0, LOPT_ALTPORT },
+ { "dhcp-scriptuser", 1, 0, LOPT_SCRIPTUSR },
+@@ -371,6 +373,8 @@ static struct {
+ { 'T', ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for replies from /etc/hosts."), NULL },
+ { LOPT_NEGTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for negative caching."), NULL },
+ { LOPT_MAXTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL },
++ { LOPT_MAXCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live ceiling for cache."), NULL },
++ { LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live floor for cache."), NULL },
+ { 'u', ARG_ONE, "<username>", gettext_noop("Change to this user after startup. (defaults to %s)."), CHUSER },
+ { 'U', ARG_DUP, "set:<tag>,<class>", gettext_noop("Map DHCP vendor class to tag."), NULL },
+ { 'v', 0, NULL, gettext_noop("Display dnsmasq version and copyright information."), NULL },
+@@ -2457,6 +2461,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ case 'T': /* --local-ttl */
+ case LOPT_NEGTTL: /* --neg-ttl */
+ case LOPT_MAXTTL: /* --max-ttl */
++ case LOPT_MINCTTL: /* --min-cache-ttl */
+ case LOPT_MAXCTTL: /* --max-cache-ttl */
+ case LOPT_AUTHTTL: /* --auth-ttl */
+ {
+@@ -2467,6 +2472,12 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ daemon->neg_ttl = (unsigned long)ttl;
+ else if (option == LOPT_MAXTTL)
+ daemon->max_ttl = (unsigned long)ttl;
++ else if (option == LOPT_MINCTTL)
++ {
++ if (ttl > TTL_FLOOR_LIMIT)
++ ttl = TTL_FLOOR_LIMIT;
++ daemon->min_cache_ttl = (unsigned long)ttl;
++ }
+ else if (option == LOPT_MAXCTTL)
+ daemon->max_cache_ttl = (unsigned long)ttl;
+ else if (option == LOPT_AUTHTTL)
+--
+2.1.0
+
--- /dev/null
+From 9f79ee4ae34886c0319f06d8f162b81ef79d62fb Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 12 Jan 2015 20:18:18 +0000
+Subject: [PATCH 29/55] Log port of requestor when doing extra logging.
+
+---
+ src/cache.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/cache.c b/src/cache.c
+index 945be071a0b6..09b6dbf8087a 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1642,11 +1642,11 @@ void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg)
+
+ if (option_bool(OPT_EXTRALOG))
+ {
+- prettyprint_addr(daemon->log_source_addr, daemon->addrbuff2);
++ int port = prettyprint_addr(daemon->log_source_addr, daemon->addrbuff2);
+ if (flags & F_NOEXTRA)
+- my_syslog(LOG_INFO, "* %s %s %s %s %s", daemon->addrbuff2, source, name, verb, dest);
++ my_syslog(LOG_INFO, "* %s/%u %s %s %s %s", daemon->addrbuff2, port, source, name, verb, dest);
+ else
+- my_syslog(LOG_INFO, "%u %s %s %s %s %s", daemon->log_display_id, daemon->addrbuff2, source, name, verb, dest);
++ my_syslog(LOG_INFO, "%u %s/%u %s %s %s %s", daemon->log_display_id, daemon->addrbuff2, port, source, name, verb, dest);
+ }
+ else
+ my_syslog(LOG_INFO, "%s %s %s %s", source, name, verb, dest);
+--
+2.1.0
+
--- /dev/null
+From 5e321739db381a1d7b5964d76e9c81471d2564c9 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 12 Jan 2015 23:16:56 +0000
+Subject: [PATCH 30/55] Don't answer from cache RRsets from wildcards, as we
+ don't have NSECs.
+
+---
+ src/dnssec.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index afb3dca38cb1..d39ab85ed966 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -1818,11 +1818,14 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+ struct blockdata *key;
+ struct crec *crecp;
+ char *wildname;
++ int have_wildcard = 0;
+
+ rc = validate_rrset(now, header, plen, class1, type1, name, keyname, &wildname, NULL, 0, 0, 0);
+
+ if (rc == STAT_SECURE_WILDCARD)
+ {
++ have_wildcard = 1;
++
+ /* An attacker replay a wildcard answer with a different
+ answer and overlay a genuine RR. To prove this
+ hasn't happened, the answer must prove that
+@@ -1913,7 +1916,11 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
+ p2 += 13; /* labels, orig_ttl, expiration, inception */
+ GETSHORT(keytag, p2);
+
+- if ((key = blockdata_alloc((char*)psave, rdlen2)))
++ /* We don't cache sigs for wildcard answers, because to reproduce the
++ answer from the cache will require one or more NSEC/NSEC3 records
++ which we don't cache. The lack of the RRSIG ensures that a query for
++ this RRset asking for a secure answer will always be forwarded. */
++ if (!have_wildcard && (key = blockdata_alloc((char*)psave, rdlen2)))
+ {
+ if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
+ blockdata_free(key);
+--
+2.1.0
+
--- /dev/null
+From ae4624bf46b5e37ff1a9a2ba3c927e0dede95adb Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 12 Jan 2015 23:22:08 +0000
+Subject: [PATCH 31/55] Logs for DS records consistent.
+
+---
+ src/rfc1035.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 75c4266b47dd..262274fc5b80 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1643,7 +1643,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
+ {
+ if (crecp->flags & F_NXDOMAIN)
+ nxdomain = 1;
+- log_query(F_UPSTREAM, name, NULL, "secure no DS");
++ log_query(F_UPSTREAM, name, NULL, "no DS");
+ }
+ else if ((keydata = blockdata_retrieve(crecp->addr.ds.keydata, crecp->addr.ds.keylen, NULL)))
+ {
+--
+2.1.0
+
--- /dev/null
+From 393415597c8b5b09558b789ab9ac238dbe3db65d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 18 Jan 2015 22:11:10 +0000
+Subject: [PATCH 32/55] Cope with multiple interfaces with the same LL address.
+
+---
+ CHANGELOG | 4 ++++
+ src/auth.c | 5 ++++-
+ src/util.c | 1 +
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 23fc6d0530cf..bbd7e6619689 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -49,6 +49,10 @@ version 2.73
+ sometimes reasons to do it. (Step forward, GFW).
+ To avoid misuse, there's a hard limit on the TTL
+ floor of one hour. Thansk to RinSatsuki for the patch.
++
++ Cope with multiple interfaces with the same link-local
++ address. (IPv6 addresses are scoped, so this is allowed.)
++ Thanks to Cory Benfield for help with this.
+
+
+ version 2.72
+diff --git a/src/auth.c b/src/auth.c
+index a327f16d8c0b..59e05d3da38e 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -413,7 +413,10 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
+ peer_addr->in.sin_port = 0;
+ #ifdef HAVE_IPV6
+ else
+- peer_addr->in6.sin6_port = 0;
++ {
++ peer_addr->in6.sin6_port = 0;
++ peer_addr->in6.sin6_scope_id = 0;
++ }
+ #endif
+
+ for (peers = daemon->auth_peers; peers; peers = peers->next)
+diff --git a/src/util.c b/src/util.c
+index a729f339e219..d532444da207 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -274,6 +274,7 @@ int sockaddr_isequal(union mysockaddr *s1, union mysockaddr *s2)
+ #ifdef HAVE_IPV6
+ if (s1->sa.sa_family == AF_INET6 &&
+ s1->in6.sin6_port == s2->in6.sin6_port &&
++ s1->in6.sin6_scope_id == s2->in6.sin6_scope_id &&
+ IN6_ARE_ADDR_EQUAL(&s1->in6.sin6_addr, &s2->in6.sin6_addr))
+ return 1;
+ #endif
+--
+2.1.0
+
--- /dev/null
+From 2ae195f5a71f7c5a75717845de1bd72fc7dd67f3 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 18 Jan 2015 22:20:48 +0000
+Subject: [PATCH 33/55] Don't treat SERVFAIL as a recoverable error.....
+
+---
+ src/forward.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/forward.c b/src/forward.c
+index 713a64c0fa58..b17bc34f865f 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -737,7 +737,7 @@ void reply_query(int fd, int family, time_t now)
+ check_for_ignored_address(header, n, daemon->ignore_addr))
+ return;
+
+- if ((RCODE(header) == SERVFAIL || RCODE(header) == REFUSED) &&
++ if (RCODE(header) == REFUSED &&
+ !option_bool(OPT_ORDER) &&
+ forward->forwardall == 0)
+ /* for broken servers, attempt to send to another one. */
+--
+2.1.0
+
--- /dev/null
+From 5f4dc5c6ca50655ab14f572c7e30815ed74cd51a Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 20 Jan 2015 20:51:02 +0000
+Subject: [PATCH 34/55] Add --dhcp-hostsdir config option.
+
+---
+ CHANGELOG | 5 +++
+ man/dnsmasq.8 | 9 +++++
+ src/dnsmasq.c | 28 ++++++++++----
+ src/dnsmasq.h | 15 ++++++--
+ src/inotify.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---
+ src/option.c | 22 +++++++++--
+ 6 files changed, 177 insertions(+), 21 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index bbd7e6619689..0076b557e95e 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -53,6 +53,11 @@ version 2.73
+ Cope with multiple interfaces with the same link-local
+ address. (IPv6 addresses are scoped, so this is allowed.)
+ Thanks to Cory Benfield for help with this.
++
++ Add --dhcp-hostsdir. This allows addition of new host
++ configurations to a running dnsmasq instance much more
++ cheaply than having dnsmasq re-read all its existing
++ configuration each time.
+
+
+ version 2.72
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 5cfa355dea4a..005b5cca8d1f 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -977,6 +977,15 @@ is given, then read all the files contained in that directory. The advantage of
+ using this option is the same as for --dhcp-hostsfile: the
+ dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. Note that
+ it is possible to encode the information in a
++.TP
++.B --dhcp-hostsdir=<path>
++This is exactly equivalent to dhcp-hostfile, except for the following. The path MUST be a
++directory, and not an individual file. Changed or new files within
++the directory are read automatically, without the need to send SIGHUP.
++If a file is deleted for changed after it has been read by dnsmasq, then the
++host record it contained will remain until dnsmasq recieves a SIGHUP, or
++is restarted; ie host records are only added dynamically.
++.TP
+ .B --dhcp-boot
+ flag as DHCP options, using the options names bootfile-name,
+ server-ip-address and tftp-server. This allows these to be included
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index c0c0589d4ce1..04cc98278f62 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -142,6 +142,9 @@ int main (int argc, char **argv)
+ set_option_bool(OPT_NOWILD);
+ reset_option_bool(OPT_CLEVERBIND);
+ }
++
++ if (daemon->inotify_hosts)
++ die(_("dhcp-hostsdir not supported on this platform"), NULL, EC_BADCONF);
+ #endif
+
+ if (option_bool(OPT_DNSSEC_VALID))
+@@ -316,13 +319,16 @@ int main (int argc, char **argv)
+ #ifdef HAVE_DNSSEC
+ blockdata_init();
+ #endif
++ }
+
+ #ifdef HAVE_LINUX_NETWORK
+- if (!option_bool(OPT_NO_POLL))
+- inotify_dnsmasq_init();
++ if ((!option_bool(OPT_NO_POLL) && daemon->port != 0) ||
++ daemon->dhcp || daemon->doing_dhcp6)
++ inotify_dnsmasq_init();
++ else
++ daemon->inotifyfd = -1;
+ #endif
+- }
+-
++
+ if (option_bool(OPT_DBUS))
+ #ifdef HAVE_DBUS
+ {
+@@ -745,7 +751,7 @@ int main (int argc, char **argv)
+ #endif
+
+ #ifdef HAVE_TFTP
+- if (option_bool(OPT_TFTP))
++ if (option_bool(OPT_TFTP))
+ {
+ #ifdef FD_SETSIZE
+ if (FD_SETSIZE < (unsigned)max_fd)
+@@ -870,7 +876,7 @@ int main (int argc, char **argv)
+ #if defined(HAVE_LINUX_NETWORK)
+ FD_SET(daemon->netlinkfd, &rset);
+ bump_maxfd(daemon->netlinkfd, &maxfd);
+- if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
++ if (daemon->inotifyfd != -1)
+ {
+ FD_SET(daemon->inotifyfd, &rset);
+ bump_maxfd(daemon->inotifyfd, &maxfd);
+@@ -943,8 +949,11 @@ int main (int argc, char **argv)
+ #endif
+
+ #ifdef HAVE_LINUX_NETWORK
+- if (daemon->port != 0 && !option_bool(OPT_NO_POLL) && FD_ISSET(daemon->inotifyfd, &rset) && inotify_check())
+- poll_resolv(1, 1, now);
++ if (daemon->inotifyfd != -1 && FD_ISSET(daemon->inotifyfd, &rset) && inotify_check(now))
++ {
++ if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
++ poll_resolv(1, 1, now);
++ }
+ #else
+ /* Check for changes to resolv files once per second max. */
+ /* Don't go silent for long periods if the clock goes backwards. */
+@@ -1385,6 +1394,9 @@ void clear_cache_and_reload(time_t now)
+ if (option_bool(OPT_ETHERS))
+ dhcp_read_ethers();
+ reread_dhcp();
++#ifdef HAVE_LINUX_NETWORK
++ set_dhcp_inotify();
++#endif
+ dhcp_update_configs(daemon->dhcp_conf);
+ lease_update_from_configs();
+ lease_update_file(now);
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index f8275e3ac479..d841fdc064ad 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -550,13 +550,17 @@ struct resolvc {
+ #endif
+ };
+
+-/* adn-hosts parms from command-line (also dhcp-hostsfile and dhcp-optsfile */
++/* adn-hosts parms from command-line (also dhcp-hostsfile and dhcp-optsfile and dhcp-hostsdir*/
+ #define AH_DIR 1
+ #define AH_INACTIVE 2
++#define AH_WD_DONE 4
+ struct hostsfile {
+ struct hostsfile *next;
+ int flags;
+ char *fname;
++#ifdef HAVE_LINUX_NETWORK
++ int wd; /* inotify watch descriptor */
++#endif
+ unsigned int index; /* matches to cache entries for logging */
+ };
+
+@@ -961,7 +965,7 @@ extern struct daemon {
+ int doing_ra, doing_dhcp6;
+ struct dhcp_netid_list *dhcp_ignore, *dhcp_ignore_names, *dhcp_gen_names;
+ struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
+- struct hostsfile *dhcp_hosts_file, *dhcp_opts_file;
++ struct hostsfile *dhcp_hosts_file, *dhcp_opts_file, *inotify_hosts;
+ int dhcp_max, tftp_max;
+ int dhcp_server_port, dhcp_client_port;
+ int start_tftp_port, end_tftp_port;
+@@ -1197,7 +1201,7 @@ void reset_option_bool(unsigned int opt);
+ struct hostsfile *expand_filelist(struct hostsfile *list);
+ char *parse_server(char *arg, union mysockaddr *addr,
+ union mysockaddr *source_addr, char *interface, int *flags);
+-
++int option_read_hostsfile(char *file);
+ /* forward.c */
+ void reply_query(int fd, int family, time_t now);
+ void receive_query(struct listener *listen, time_t now);
+@@ -1486,5 +1490,8 @@ int detect_loop(char *query, int type);
+ /* inotify.c */
+ #ifdef HAVE_LINUX_NETWORK
+ void inotify_dnsmasq_init();
+-int inotify_check(void);
++int inotify_check(time_t now);
++# ifdef HAVE_DHCP
++void set_dhcp_inotify(void);
++# endif
+ #endif
+diff --git a/src/inotify.c b/src/inotify.c
+index 83730008c11b..52a30d7f44db 100644
+--- a/src/inotify.c
++++ b/src/inotify.c
+@@ -19,6 +19,11 @@
+
+ #include <sys/inotify.h>
+
++#ifdef HAVE_DHCP
++static void check_for_dhcp_inotify(struct inotify_event *in, time_t now);
++#endif
++
++
+ /* the strategy is to set a inotify on the directories containing
+ resolv files, for any files in the directory which are close-write
+ or moved into the directory.
+@@ -40,8 +45,6 @@ void inotify_dnsmasq_init()
+ struct resolvc *res;
+
+ inotify_buffer = safe_malloc(INOTIFY_SZ);
+-
+-
+ daemon->inotifyfd = inotify_init1(IN_NONBLOCK | IN_CLOEXEC);
+
+ if (daemon->inotifyfd == -1)
+@@ -66,6 +69,7 @@ void inotify_dnsmasq_init()
+ {
+ *d = 0; /* make path just directory */
+ res->wd = inotify_add_watch(daemon->inotifyfd, path, IN_CLOSE_WRITE | IN_MOVED_TO);
++
+ res->file = d+1; /* pointer to filename */
+ *d = '/';
+
+@@ -78,7 +82,7 @@ void inotify_dnsmasq_init()
+ }
+ }
+
+-int inotify_check(void)
++int inotify_check(time_t now)
+ {
+ int hit = 0;
+
+@@ -101,13 +105,116 @@ int inotify_check(void)
+ for (res = daemon->resolv_files; res; res = res->next)
+ if (res->wd == in->wd && in->len != 0 && strcmp(res->file, in->name) == 0)
+ hit = 1;
++
++#ifdef HAVE_DHCP
++ if (daemon->dhcp || daemon->doing_dhcp6)
++ check_for_dhcp_inotify(in, now);
++#endif
+ }
+ }
+-
+ return hit;
+ }
+
+-#endif
++#ifdef HAVE_DHCP
++/* initialisation for dhcp-hostdir. Set inotify watch for each directory, and read pre-existing files */
++void set_dhcp_inotify(void)
++{
++ struct hostsfile *ah;
+
+-
++ for (ah = daemon->inotify_hosts; ah; ah = ah->next)
++ {
++ DIR *dir_stream = NULL;
++ struct dirent *ent;
++ struct stat buf;
++
++ if (stat(ah->fname, &buf) == -1 || !(S_ISDIR(buf.st_mode)))
++ {
++ my_syslog(LOG_ERR, _("bad directory in dhcp-hostsdir %s"), ah->fname);
++ continue;
++ }
++
++ if (!(ah->flags & AH_WD_DONE))
++ {
++ ah->wd = inotify_add_watch(daemon->inotifyfd, ah->fname, IN_CLOSE_WRITE | IN_MOVED_TO);
++ ah->flags |= AH_WD_DONE;
++ }
++ /* Read contents of dir _after_ calling add_watch, in the ho[e of avoiding
++ a race which misses files being added as we start */
++ if (ah->wd == -1 || !(dir_stream = opendir(ah->fname)))
++ {
++ my_syslog(LOG_ERR, _("failed to create inotify for %s"), ah->fname);
++ continue;
++ }
++
++ while ((ent = readdir(dir_stream)))
++ {
++ size_t lendir = strlen(ah->fname);
++ size_t lenfile = strlen(ent->d_name);
++ char *path;
++
++ /* ignore emacs backups and dotfiles */
++ if (lenfile == 0 ||
++ ent->d_name[lenfile - 1] == '~' ||
++ (ent->d_name[0] == '#' && ent->d_name[lenfile - 1] == '#') ||
++ ent->d_name[0] == '.')
++ continue;
++
++ if ((path = whine_malloc(lendir + lenfile + 2)))
++ {
++ strcpy(path, ah->fname);
++ strcat(path, "/");
++ strcat(path, ent->d_name);
++
++ /* ignore non-regular files */
++ if (stat(path, &buf) != -1 && S_ISREG(buf.st_mode))
++ option_read_hostsfile(path);
++
++ free(path);
++ }
++ }
++ }
++}
++
++static void check_for_dhcp_inotify(struct inotify_event *in, time_t now)
++{
++ struct hostsfile *ah;
++
++ /* ignore emacs backups and dotfiles */
++ if (in->len == 0 ||
++ in->name[in->len - 1] == '~' ||
++ (in->name[0] == '#' && in->name[in->len - 1] == '#') ||
++ in->name[0] == '.')
++ return;
++
++ for (ah = daemon->inotify_hosts; ah; ah = ah->next)
++ if (ah->wd == in->wd)
++ {
++ size_t lendir = strlen(ah->fname);
++ char *path;
++
++ if ((path = whine_malloc(lendir + in->len + 2)))
++ {
++ strcpy(path, ah->fname);
++ strcat(path, "/");
++ strcat(path, in->name);
++
++ if (option_read_hostsfile(path))
++ {
++ /* Propogate the consequences of loading a new dhcp-host */
++ dhcp_update_configs(daemon->dhcp_conf);
++ lease_update_from_configs();
++ lease_update_file(now);
++ lease_update_dns(1);
++ }
++
++ free(path);
++ }
++
++ return;
++ }
++}
++
++#endif /* DHCP */
++
++#endif /* LINUX_NETWORK */
+
+diff --git a/src/option.c b/src/option.c
+index 8b994098cc9f..22e11c37d374 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -149,7 +149,7 @@ struct myoption {
+ #define LOPT_LOOP_DETECT 337
+ #define LOPT_IGNORE_ADDR 338
+ #define LOPT_MINCTTL 339
+-
++#define LOPT_DHCP_INOTIFY 340
+
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =
+@@ -248,6 +248,7 @@ static const struct myoption opts[] =
+ { "interface-name", 1, 0, LOPT_INTNAME },
+ { "dhcp-hostsfile", 1, 0, LOPT_DHCP_HOST },
+ { "dhcp-optsfile", 1, 0, LOPT_DHCP_OPTS },
++ { "dhcp-hostsdir", 1, 0, LOPT_DHCP_INOTIFY },
+ { "dhcp-no-override", 0, 0, LOPT_OVERRIDE },
+ { "tftp-port-range", 1, 0, LOPT_TFTPPORTS },
+ { "stop-dns-rebind", 0, 0, LOPT_REBIND },
+@@ -336,6 +337,7 @@ static struct {
+ { 'G', ARG_DUP, "<hostspec>", gettext_noop("Set address or hostname for a specified machine."), NULL },
+ { LOPT_DHCP_HOST, ARG_DUP, "<path>", gettext_noop("Read DHCP host specs from file."), NULL },
+ { LOPT_DHCP_OPTS, ARG_DUP, "<path>", gettext_noop("Read DHCP option specs from file."), NULL },
++ { LOPT_DHCP_INOTIFY, ARG_DUP, "<path>", gettext_noop("Read DHCP host specs from a directory."), NULL },
+ { LOPT_TAG_IF, ARG_DUP, "tag-expression", gettext_noop("Evaluate conditional tag expression."), NULL },
+ { 'h', OPT_NO_HOSTS, NULL, gettext_noop("Do NOT load %s file."), HOSTSFILE },
+ { 'H', ARG_DUP, "<path>", gettext_noop("Specify a hosts file to be read in addition to %s."), HOSTSFILE },
+@@ -1710,8 +1712,9 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ break;
+ #endif /* HAVE_DHCP */
+
+- case LOPT_DHCP_HOST: /* --dhcp-hostfile */
++ case LOPT_DHCP_HOST: /* --dhcp-hostsfile */
+ case LOPT_DHCP_OPTS: /* --dhcp-optsfile */
++ case LOPT_DHCP_INOTIFY: /* dhcp-hostsdir */
+ case 'H': /* --addn-hosts */
+ {
+ struct hostsfile *new = opt_malloc(sizeof(struct hostsfile));
+@@ -1734,6 +1737,12 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ new->next = daemon->dhcp_opts_file;
+ daemon->dhcp_opts_file = new;
+ }
++ else if (option == LOPT_DHCP_INOTIFY)
++ {
++ new->next = daemon->inotify_hosts;
++ daemon->inotify_hosts = new;
++ }
++
+ break;
+ }
+
+@@ -4042,6 +4051,13 @@ static void read_file(char *file, FILE *f, int hard_opt)
+ fclose(f);
+ }
+
++#ifdef HAVE_DHCP
++int option_read_hostsfile(char *file)
++{
++ return one_file(file, LOPT_BANK);
++}
++#endif
++
+ static int one_file(char *file, int hard_opt)
+ {
+ FILE *f;
+@@ -4139,7 +4155,7 @@ struct hostsfile *expand_filelist(struct hostsfile *list)
+
+ /* don't read this as a file */
+ ah->flags |= AH_INACTIVE;
+-
++
+ if (!(dir_stream = opendir(ah->fname)))
+ my_syslog(LOG_ERR, _("cannot access directory %s: %s"),
+ ah->fname, strerror(errno));
+--
+2.1.0
+
--- /dev/null
+From fbf01f7046e75f9aa73fd4aab2a94e43386d9052 Mon Sep 17 00:00:00 2001
+From: Conrad Kostecki <ck@conrad-kostecki.de>
+Date: Tue, 20 Jan 2015 21:07:56 +0000
+Subject: [PATCH 35/55] Update German translation.
+
+---
+ po/de.po | 101 +++++++++++++++++++++++++++++----------------------------------
+ 1 file changed, 47 insertions(+), 54 deletions(-)
+
+diff --git a/po/de.po b/po/de.po
+index e2317376d8a9..4c93c5b28ef2 100644
+--- a/po/de.po
++++ b/po/de.po
+@@ -9,10 +9,10 @@
+ # Simon Kelley <simon@thekelleys.org.uk>, 2005.
+ msgid ""
+ msgstr ""
+-"Project-Id-Version: dnsmasq 2.70\n"
++"Project-Id-Version: dnsmasq 2.73\n"
+ "Report-Msgid-Bugs-To: \n"
+ "POT-Creation-Date: 2009-06-18 12:24+0100\n"
+-"PO-Revision-Date: 2014-05-01 22:51+0100\n"
++"PO-Revision-Date: 2015-01-19 15:43+0100\n"
+ "Last-Translator: Conrad Kostecki <ck@conrad-kostecki.de>\n"
+ "Language-Team: German <de@li.org>\n"
+ "Language: de\n"
+@@ -20,12 +20,12 @@ msgstr ""
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+-"X-Generator: Poedit 1.6.5\n"
++"X-Generator: Poedit 1.7.3\n"
+ "X-Poedit-SourceCharset: UTF-8\n"
+
+ #: cache.c:505
+ msgid "Internal error in cache."
+-msgstr ""
++msgstr "Interner Fehler im Cache."
+
+ #: cache.c:908
+ #, c-format
+@@ -126,7 +126,7 @@ msgstr "Lokale abzuhörende Adresse(n) angeben."
+
+ #: option.c:319
+ msgid "Return ipaddr for all hosts in specified domains."
+-msgstr "IP-Adresse für alle Hosts in angebenen Domänen festlegen."
++msgstr "IP-Adresse für alle Hosts in angegebenen Domänen festlegen."
+
+ # FIXME: the English test is not to the point. Just use a shortened description
+ # from the manpage instead. -- MA
+@@ -310,18 +310,16 @@ msgid "Specify path to resolv.conf (defaults to %s)."
+ msgstr "Pfad zu resolv.conf festlegen (%s voreingestellt)."
+
+ #: option.c:362
+-#, fuzzy
+ msgid "Specify path to file with server= options"
+-msgstr "Dateipfad für Prozesskennung (PID) festlegen (Voreinstellung: %s)."
++msgstr " Dateipfad mit der Option server= angeben"
+
+ #: option.c:363
+ msgid "Specify address(es) of upstream servers with optional domains."
+ msgstr "Adresse(n) vorgelagerter Server festlegen, optional mit Domänen."
+
+ #: option.c:364
+-#, fuzzy
+ msgid "Specify address of upstream servers for reverse address queries"
+-msgstr "Adresse(n) vorgelagerter Server festlegen, optional mit Domänen."
++msgstr "Adresse(n) vorgelagerter Server festlegen, für reverse Adressanfragen"
+
+ #: option.c:365
+ msgid "Never forward queries to specified domains."
+@@ -657,23 +655,23 @@ msgstr "Spezifiziere eine Domain und Adressbereich für synthetisierte Namen"
+
+ #: option.c:446
+ msgid "Activate DNSSEC validation"
+-msgstr ""
++msgstr "Aktiviere DNSSEC-Validierung"
+
+ #: option.c:447
+ msgid "Specify trust anchor key digest."
+-msgstr ""
++msgstr "Spezifiziere Vertrauensursprung (Trust Anchor) der Schlüssel-Prüfdaten (Key Digest)."
+
+ #: option.c:448
+ msgid "Disable upstream checking for DNSSEC debugging."
+-msgstr ""
++msgstr "Deaktiviere die Überprüfung vorgelagerter Server für DNSSEC-Debugging"
+
+ #: option.c:449
+ msgid "Ensure answers without DNSSEC are in unsigned zones."
+-msgstr ""
++msgstr "Stellt sicher, dass Antworten ohne DNSSEC sich in einer unsignierten Zone befinden."
+
+ #: option.c:450
+ msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+-msgstr ""
++msgstr "DNSSEC Signatur-Zeitstempel nicht prüfen, bis erstmalig der Cache neugeladen wird"
+
+ #: option.c:452
+ msgid "Specify DHCPv6 prefix class"
+@@ -697,11 +695,11 @@ msgstr "RA nicht protokollieren."
+
+ #: option.c:458
+ msgid "Accept queries only from directly-connected networks"
+-msgstr ""
++msgstr "Akzeptiere nur Anfragen von direkt verbundenen Netzwerken"
+
+ #: option.c:459
+ msgid "Detect and remove DNS forwarding loops"
+-msgstr ""
++msgstr "Erkennen und Entfernen von DNS-Weiterleitungsschleifen"
+
+ #: option.c:661
+ #, c-format
+@@ -958,18 +956,16 @@ msgid "Bad name in host-record"
+ msgstr "Unzulässiger Name in host-record"
+
+ #: option.c:3826
+-#, fuzzy
+ msgid "bad trust anchor"
+-msgstr "unzulässiger Portbereich"
++msgstr "unzulässiger Vertrauensursprung (Trust Anchor)"
+
+ #: option.c:3840
+ msgid "bad HEX in trust anchor"
+-msgstr ""
++msgstr "unzulässiger Hexwert in Vertrauensursprung (Trust Anchor)"
+
+ #: option.c:3850
+-#, fuzzy
+ msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+-msgstr "unzulässige Option (prüfen Sie, ob dnsmasq mit DHCP/TFTP/DBus-Unterstützt übersetzt wurde)"
++msgstr "Nicht unterstützte Option (prüfen Sie, ob DNSMasq mit DHCP/TFTP/DNSSEC/DBus-Unterstützung übersetzt wurde)"
+
+ #: option.c:3909
+ msgid "missing \""
+@@ -988,7 +984,6 @@ msgid "missing parameter"
+ msgstr "fehler Parameter"
+
+ #: option.c:3972
+-#, fuzzy
+ msgid "illegal option"
+ msgstr "unzulässige Option"
+
+@@ -1110,7 +1105,7 @@ msgstr "möglichen DNS-Rebind-Angriff entdeckt: %s"
+
+ #: forward.c:1132 forward.c:1663
+ msgid "Ignoring query from non-local network"
+-msgstr ""
++msgstr "Ignoriere Anfragen vom nicht lokalen Netzwerk"
+
+ #: forward.c:2101
+ #, c-format
+@@ -1189,9 +1184,9 @@ msgid "using nameserver %s#%d for %s %s"
+ msgstr "Benutze Namensserver %s#%d für %s %s"
+
+ #: network.c:1483
+-#, fuzzy, c-format
++#, c-format
+ msgid "NOT using nameserver %s#%d - query loop detected"
+-msgstr "Benutze Namensserver %s#%d für %s %s"
++msgstr "Benutze Namensserver %s#%d NICHT - Anfragenschleife festgetellt"
+
+ #: network.c:1486
+ #, c-format
+@@ -1205,16 +1200,15 @@ msgstr "Benutze Namensserver %s#%d"
+
+ #: dnsmasq.c:154
+ msgid "No trust anchors provided for DNSSEC"
+-msgstr ""
++msgstr "Keine Vertrauensursprünge (Trust Anchor) für DNSSEC verfügbar"
+
+ #: dnsmasq.c:157
+ msgid "Cannot reduce cache size from default when DNSSEC enabled"
+-msgstr ""
++msgstr "Kann die Standard Cachegröße nicht verkleinern, wenn DNSSEC aktiviert ist"
+
+ #: dnsmasq.c:159
+-#, fuzzy
+ msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+-msgstr "DBus nicht verfügbar: setzen Sie HAVE_DBUS in src/config.h"
++msgstr "DNSSEC nicht verfügbar: setzen Sie HAVE_DNSSEC in src/config.h"
+
+ #: dnsmasq.c:165
+ msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+@@ -1241,9 +1235,8 @@ msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+ msgstr "Authoritatives DNS nicht verfügbar: Es muss HAVE_AUTH in src/config.h gesetzt sein"
+
+ #: dnsmasq.c:193
+-#, fuzzy
+ msgid "Loop detection not available: set HAVE_LOOP in src/config.h"
+-msgstr "TFTP-Server nicht verfügbar, setzen Sie HAVE_TFTP in src/config.h"
++msgstr "Loop-Erkennung nicht verfügbar, setzen Sie HAVE_LOOP in src/config.h"
+
+ #: dnsmasq.c:201
+ msgid "zone serial must be configured in --auth-soa"
+@@ -1317,15 +1310,15 @@ msgstr "DBus-Unterstützung eingeschaltet: warte auf Systembus-Verbindung"
+
+ #: dnsmasq.c:672
+ msgid "DNS service limited to local subnets"
+-msgstr ""
++msgstr "DNS-Dienst auf lokale Subnetze eingeschränkt"
+
+ #: dnsmasq.c:677
+ msgid "DNSSEC validation enabled"
+-msgstr ""
++msgstr "DNSSEC-Validierung aktiviert"
+
+ #: dnsmasq.c:679
+ msgid "DNSSEC signature timestamps not checked until first cache reload"
+-msgstr ""
++msgstr "DNSSEC Signatur-Zeitstempel werden erst ab dem ersten Neuladen des Caches überprüft"
+
+ #: dnsmasq.c:684
+ #, c-format
+@@ -1366,7 +1359,7 @@ msgstr "DHCP, Sockets exklusiv an das Interface %s gebunden"
+ # FIXME: this and the next few must be full strings to be translatable - do not assemble in code"
+ #: dnsmasq.c:753
+ msgid "root is "
+-msgstr "Wurzel ist"
++msgstr "Wurzel ist "
+
+ #: dnsmasq.c:753
+ msgid "enabled"
+@@ -1432,7 +1425,7 @@ msgstr "Das TFTP-Verzeichnis %s ist nicht zugreifbar: %s"
+
+ #: dnsmasq.c:1151
+ msgid "now checking DNSSEC signature timestamps"
+-msgstr ""
++msgstr "Prüfe jetzt DNSSEC Signatur-Zeitstempel"
+
+ #: dnsmasq.c:1218
+ #, c-format
+@@ -1506,7 +1499,7 @@ msgstr "DHCP-Paket ohne Adresse an Schnittstelle %s empfangen"
+ #: dhcp.c:408
+ #, c-format
+ msgid "ARP-cache injection failed: %s"
+-msgstr ""
++msgstr "APR-Cache Injektion fehlgeschlagen: %s"
+
+ #: dhcp.c:506
+ #, c-format
+@@ -1763,13 +1756,13 @@ msgid "DHCP request for unsupported hardware type (%d) received on %s"
+ msgstr "DHCP-Anfrage für nicht unterstützen Hardwaretyp (%d) auf %s empfangen"
+
+ #: bpf.c:376
+-#, fuzzy, c-format
++#, c-format
+ msgid "cannot create PF_ROUTE socket: %s"
+-msgstr "kann DHCP-Socket nicht erzeugen: %s"
++msgstr "Kann PF_ROUTE socket nicht erzeugen: %s"
+
+ #: bpf.c:397
+ msgid "Unknown protocol version from route socket"
+-msgstr ""
++msgstr "Unbekannte Protokollversion vom Route Socket"
+
+ #: helper.c:153
+ msgid "lease() function missing in Lua script"
+@@ -2020,50 +2013,50 @@ msgstr "konnte IPset-Kontroll-Socket nicht erzeugen: %s"
+ #: blockdata.c:58
+ #, c-format
+ msgid "DNSSEC memory in use %u, max %u, allocated %u"
+-msgstr ""
++msgstr "DNSSEC Speicher in Benutzung %u, Max %u, zugewiesen %u"
+
+ #: tables.c:76
+ msgid "error: fill_addr missused"
+-msgstr ""
++msgstr "Fehler: fill_addr falsch verwendet"
+
+ #: tables.c:105
+-#, fuzzy, c-format
++#, c-format
+ msgid "failed to access pf devices: %s"
+-msgstr "konnte auf %s nicht zugreifen: %s"
++msgstr "konnte auf pf Geräte nicht zugreifen: %s"
+
+ #: tables.c:119
+-#, fuzzy, c-format
++#, c-format
+ msgid "warning: no opened pf devices %s"
+-msgstr "Warnung: Keine Adresse für die Schnittstelle %s gefunden"
++msgstr "Warnung: Keine geöffneten pf Geräte %s"
+
+ #: tables.c:127
+-#, fuzzy, c-format
++#, c-format
+ msgid "error: cannot use table name %s"
+-msgstr "kann Hostnamen nicht ermitteln: %s"
++msgstr "Fehler: Kann Tabellenname %s nicht benutzen"
+
+ #: tables.c:135
+ #, c-format
+ msgid "error: cannot strlcpy table name %s"
+-msgstr ""
++msgstr "Fehler: Kann den Tabellennamen %s nicht strlcpy"
+
+ #: tables.c:141
+ #, c-format
+ msgid "warning: pfr_add_tables: %s(%d)"
+-msgstr ""
++msgstr "Warnung: pfr_add_tables: %s(%d)"
+
+ #: tables.c:147
+ msgid "info: table created"
+-msgstr ""
++msgstr "Info: Tabelle erstellt"
+
+ #: tables.c:158
+ #, c-format
+ msgid "warning: DIOCR%sADDRS: %s"
+-msgstr ""
++msgstr "Warnung: DIOCR%sADDRS: %s"
+
+ #: tables.c:162
+-#, fuzzy, c-format
++#, c-format
+ msgid "%d addresses %s"
+-msgstr "Fehlerhafte Adresse"
++msgstr "%d Adressen %s"
+
+ #~ msgid "no interface with address %s"
+ #~ msgstr "keine Schnittstelle mit Adresse %s"
+--
+2.1.0
+
--- /dev/null
+From 61b838dd574c51d96fef100285a0d225824534f9 Mon Sep 17 00:00:00 2001
+From: Win King Wan <pinwing+dnsmasq@gmail.com>
+Date: Wed, 21 Jan 2015 20:41:48 +0000
+Subject: [PATCH 36/55] Don't reply to DHCPv6 SOLICIT messages when not
+ configured for statefull DHCPv6.
+
+---
+ CHANGELOG | 4 ++++
+ src/rfc3315.c | 13 +++++++++++++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 0076b557e95e..a4cb901e83ae 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -59,6 +59,10 @@ version 2.73
+ cheaply than having dnsmasq re-read all its existing
+ configuration each time.
+
++ Don't reply to DHCPv6 SOLICIT messages if we're not
++ configured to do stateful DHCPv6. Thanks to Win King Wan
++ for the patch.
++
+
+ version 2.72
+ Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index ddb390bf1136..e593ec9c362c 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -824,6 +824,19 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ }
+ else
+ {
++ /* Windows 8 always requests an address even if the Managed bit
++ in RA is 0 and it keeps retrying if it receives a reply
++ stating that no addresses are available. We solve this
++ by not replying at all if we're not configured to give any
++ addresses by DHCPv6. RFC 3315 17.2.1. appears to allow this. */
++
++ for (c = state->context; c; c = c->current)
++ if (!(c->flags & CONTEXT_RA_STATELESS))
++ break;
++
++ if (!c)
++ return 0;
++
+ /* no address, return error */
+ o1 = new_opt6(OPTION6_STATUS_CODE);
+ put_opt6_short(DHCP6NOADDRS);
+--
+2.1.0
+
--- /dev/null
+From 0491805d2ff6e7727f0272c94fd97d9897d1e22c Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 26 Jan 2015 11:23:43 +0000
+Subject: [PATCH 37/55] Allow inotify to be disabled at compile time on Linux.
+
+---
+ CHANGELOG | 4 +++-
+ src/config.h | 13 ++++++++++++-
+ src/dnsmasq.c | 21 +++++++++++++--------
+ src/dnsmasq.h | 11 +++++++----
+ src/inotify.c | 4 ++--
+ 5 files changed, 37 insertions(+), 16 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index a4cb901e83ae..c05dec63c587 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -9,7 +9,9 @@ version 2.73
+
+ Use inotify for checking on updates to /etc/resolv.conf and
+ friends under Linux. This fixes race conditions when the files are
+- updated rapidly and saves CPU by noy polling.
++ updated rapidly and saves CPU by noy polling. To build
++ a binary that runs on old Linux kernels without inotify,
++ use make COPTS=-DNO_INOTIFY
+
+ Fix breakage of --domain=<domain>,<subnet>,local - only reverse
+ queries were intercepted. THis appears to have been broken
+diff --git a/src/config.h b/src/config.h
+index cdca231b4079..5e5009271eba 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -115,6 +115,8 @@ HAVE_DNSSEC
+ HAVE_LOOP
+ include functionality to probe for and remove DNS forwarding loops.
+
++HAVE_INOTIFY
++ use the Linux inotify facility to efficiently re-read configuration files.
+
+ NO_IPV6
+ NO_TFTP
+@@ -123,6 +125,7 @@ NO_DHCP6
+ NO_SCRIPT
+ NO_LARGEFILE
+ NO_AUTH
++NO_INOTIFY
+ these are avilable to explictly disable compile time options which would
+ otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or
+ which are enabled by default in the distributed source tree. Building dnsmasq
+@@ -355,6 +358,10 @@ HAVE_SOCKADDR_SA_LEN
+ #undef HAVE_LOOP
+ #endif
+
++#if defined (HAVE_LINUX_NETWORK) && !defined(NO_INOTIFY)
++#define HAVE_INOTIFY
++#endif
++
+ /* Define a string indicating which options are in use.
+ DNSMASQP_COMPILE_OPTS is only defined in dnsmasq.c */
+
+@@ -428,7 +435,11 @@ static char *compile_opts =
+ #ifndef HAVE_LOOP
+ "no-"
+ #endif
+-"loop-detect";
++"loop-detect "
++#ifndef HAVE_INOTIFY
++"no-"
++#endif
++"inotify";
+
+
+ #endif
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 04cc98278f62..bc4f47170705 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -142,7 +142,9 @@ int main (int argc, char **argv)
+ set_option_bool(OPT_NOWILD);
+ reset_option_bool(OPT_CLEVERBIND);
+ }
++#endif
+
++#ifndef HAVE_INOTIFY
+ if (daemon->inotify_hosts)
+ die(_("dhcp-hostsdir not supported on this platform"), NULL, EC_BADCONF);
+ #endif
+@@ -321,7 +323,7 @@ int main (int argc, char **argv)
+ #endif
+ }
+
+-#ifdef HAVE_LINUX_NETWORK
++#ifdef HAVE_INOTIFY
+ if ((!option_bool(OPT_NO_POLL) && daemon->port != 0) ||
+ daemon->dhcp || daemon->doing_dhcp6)
+ inotify_dnsmasq_init();
+@@ -802,7 +804,7 @@ int main (int argc, char **argv)
+
+ pid = getpid();
+
+-#ifdef HAVE_LINUX_NETWORK
++#ifdef HAVE_INOTIFY
+ /* Using inotify, have to select a resolv file at startup */
+ poll_resolv(1, 0, now);
+ #endif
+@@ -872,15 +874,18 @@ int main (int argc, char **argv)
+ bump_maxfd(daemon->icmp6fd, &maxfd);
+ }
+ #endif
+-
+-#if defined(HAVE_LINUX_NETWORK)
+- FD_SET(daemon->netlinkfd, &rset);
+- bump_maxfd(daemon->netlinkfd, &maxfd);
++
++#ifdef HAVE_INOTIFY
+ if (daemon->inotifyfd != -1)
+ {
+ FD_SET(daemon->inotifyfd, &rset);
+ bump_maxfd(daemon->inotifyfd, &maxfd);
+ }
++#endif
++
++#if defined(HAVE_LINUX_NETWORK)
++ FD_SET(daemon->netlinkfd, &rset);
++ bump_maxfd(daemon->netlinkfd, &maxfd);
+ #elif defined(HAVE_BSD_NETWORK)
+ FD_SET(daemon->routefd, &rset);
+ bump_maxfd(daemon->routefd, &maxfd);
+@@ -948,7 +953,7 @@ int main (int argc, char **argv)
+ route_sock();
+ #endif
+
+-#ifdef HAVE_LINUX_NETWORK
++#ifdef HAVE_INOTIFY
+ if (daemon->inotifyfd != -1 && FD_ISSET(daemon->inotifyfd, &rset) && inotify_check(now))
+ {
+ if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
+@@ -1394,7 +1399,7 @@ void clear_cache_and_reload(time_t now)
+ if (option_bool(OPT_ETHERS))
+ dhcp_read_ethers();
+ reread_dhcp();
+-#ifdef HAVE_LINUX_NETWORK
++#ifdef HAVE_INOTIFY
+ set_dhcp_inotify();
+ #endif
+ dhcp_update_configs(daemon->dhcp_conf);
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index d841fdc064ad..8091634f69db 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -544,7 +544,7 @@ struct resolvc {
+ int is_default, logged;
+ time_t mtime;
+ char *name;
+-#ifdef HAVE_LINUX_NETWORK
++#ifdef HAVE_INOTIFY
+ int wd; /* inotify watch descriptor */
+ char *file; /* pointer to file part if path */
+ #endif
+@@ -558,7 +558,7 @@ struct hostsfile {
+ struct hostsfile *next;
+ int flags;
+ char *fname;
+-#ifdef HAVE_LINUX_NETWORK
++#ifdef HAVE_INOTIFY
+ int wd; /* inotify watch descriptor */
+ #endif
+ unsigned int index; /* matches to cache entries for logging */
+@@ -1013,8 +1013,11 @@ extern struct daemon {
+
+ /* DHCP state */
+ int dhcpfd, helperfd, pxefd;
++#ifdef HAVE_INOTIFY
++ int inotifyfd;
++#endif
+ #if defined(HAVE_LINUX_NETWORK)
+- int netlinkfd, inotifyfd;
++ int netlinkfd;
+ #elif defined(HAVE_BSD_NETWORK)
+ int dhcp_raw_fd, dhcp_icmp_fd, routefd;
+ #endif
+@@ -1488,7 +1491,7 @@ int detect_loop(char *query, int type);
+ #endif
+
+ /* inotify.c */
+-#ifdef HAVE_LINUX_NETWORK
++#ifdef HAVE_INOTIFY
+ void inotify_dnsmasq_init();
+ int inotify_check(time_t now);
+ # ifdef HAVE_DHCP
+diff --git a/src/inotify.c b/src/inotify.c
+index 52a30d7f44db..818fe8eddda4 100644
+--- a/src/inotify.c
++++ b/src/inotify.c
+@@ -15,7 +15,7 @@
+ */
+
+ #include "dnsmasq.h"
+-#ifdef HAVE_LINUX_NETWORK
++#ifdef HAVE_INOTIFY
+
+ #include <sys/inotify.h>
+
+@@ -216,5 +216,5 @@ static void check_for_dhcp_inotify(struct inotify_event *in, time_t now)
+
+ #endif /* DHCP */
+
+-#endif /* LINUX_NETWORK */
++#endif /* INOTIFY */
+
+--
+2.1.0
+
--- /dev/null
+From 70d1873dd9e70041ed4bb88c69d5b886b7cc634c Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 31 Jan 2015 19:59:29 +0000
+Subject: [PATCH 38/55] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and
+ hostsdir.
+
+---
+ src/cache.c | 81 +++++++++++++++++---------
+ src/dnsmasq.c | 9 ++-
+ src/dnsmasq.h | 14 +++--
+ src/inotify.c | 179 +++++++++++++++++++++++++++++-----------------------------
+ src/option.c | 37 +++++++++---
+ 5 files changed, 187 insertions(+), 133 deletions(-)
+
+diff --git a/src/cache.c b/src/cache.c
+index 09b6dbf8087a..abaf25ec0f18 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -835,27 +835,42 @@ static void add_hosts_entry(struct crec *cache, struct all_addr *addr, int addrl
+ Only insert each unique address once into this hashing structure.
+
+ This complexity avoids O(n^2) divergent CPU use whilst reading
+- large (10000 entry) hosts files. */
+-
+- /* hash address */
+- for (j = 0, i = 0; i < addrlen; i++)
+- j = (j*2 +((unsigned char *)addr)[i]) % hashsz;
+-
+- for (lookup = rhash[j]; lookup; lookup = lookup->next)
+- if ((lookup->flags & cache->flags & (F_IPV4 | F_IPV6)) &&
+- memcmp(&lookup->addr.addr, addr, addrlen) == 0)
+- {
+- cache->flags &= ~F_REVERSE;
+- break;
+- }
++ large (10000 entry) hosts files.
++
++ Note that we only do this process when bulk-reading hosts files,
++ for incremental reads, rhash is NULL, and we use cache lookups
++ instead.
++ */
+
+- /* maintain address hash chain, insert new unique address */
+- if (!lookup)
++ if (rhash)
+ {
+- cache->next = rhash[j];
+- rhash[j] = cache;
++ /* hash address */
++ for (j = 0, i = 0; i < addrlen; i++)
++ j = (j*2 +((unsigned char *)addr)[i]) % hashsz;
++
++ for (lookup = rhash[j]; lookup; lookup = lookup->next)
++ if ((lookup->flags & cache->flags & (F_IPV4 | F_IPV6)) &&
++ memcmp(&lookup->addr.addr, addr, addrlen) == 0)
++ {
++ cache->flags &= ~F_REVERSE;
++ break;
++ }
++
++ /* maintain address hash chain, insert new unique address */
++ if (!lookup)
++ {
++ cache->next = rhash[j];
++ rhash[j] = cache;
++ }
+ }
+-
++ else
++ {
++ /* incremental read, lookup in cache */
++ lookup = cache_find_by_addr(NULL, addr, 0, cache->flags & (F_IPV4 | F_IPV6));
++ if (lookup && lookup->flags & F_HOSTS)
++ cache->flags &= ~F_REVERSE;
++ }
++
+ cache->uid = index;
+ memcpy(&cache->addr.addr, addr, addrlen);
+ cache_hash(cache);
+@@ -912,7 +927,7 @@ static int gettok(FILE *f, char *token)
+ }
+ }
+
+-static int read_hostsfile(char *filename, unsigned int index, int cache_size, struct crec **rhash, int hashsz)
++int read_hostsfile(char *filename, unsigned int index, int cache_size, struct crec **rhash, int hashsz)
+ {
+ FILE *f = fopen(filename, "r");
+ char *token = daemon->namebuff, *domain_suffix = NULL;
+@@ -958,7 +973,7 @@ static int read_hostsfile(char *filename, unsigned int index, int cache_size, st
+ addr_count++;
+
+ /* rehash every 1000 names. */
+- if ((name_count - cache_size) > 1000)
++ if (rhash && ((name_count - cache_size) > 1000))
+ {
+ rehash(name_count);
+ cache_size = name_count;
+@@ -1005,10 +1020,13 @@ static int read_hostsfile(char *filename, unsigned int index, int cache_size, st
+ }
+
+ fclose(f);
+- rehash(name_count);
+-
+- my_syslog(LOG_INFO, _("read %s - %d addresses"), filename, addr_count);
+
++ if (rhash)
++ {
++ rehash(name_count);
++ my_syslog(LOG_INFO, _("read %s - %d addresses"), filename, addr_count);
++ }
++
+ return name_count;
+ }
+
+@@ -1118,14 +1136,19 @@ void cache_reload(void)
+ my_syslog(LOG_INFO, _("cleared cache"));
+ return;
+ }
+-
++
+ if (!option_bool(OPT_NO_HOSTS))
+ total_size = read_hostsfile(HOSTSFILE, SRC_HOSTS, total_size, (struct crec **)daemon->packet, revhashsz);
+-
++
+ daemon->addn_hosts = expand_filelist(daemon->addn_hosts);
+ for (ah = daemon->addn_hosts; ah; ah = ah->next)
+ if (!(ah->flags & AH_INACTIVE))
+ total_size = read_hostsfile(ah->fname, ah->index, total_size, (struct crec **)daemon->packet, revhashsz);
++
++#ifdef HAVE_INOTIFY
++ set_dynamic_inotify(AH_HOSTS, total_size, (struct crec **)daemon->packet, revhashsz);
++#endif
++
+ }
+
+ #ifdef HAVE_DHCP
+@@ -1505,7 +1528,13 @@ char *record_source(unsigned int index)
+ for (ah = daemon->addn_hosts; ah; ah = ah->next)
+ if (ah->index == index)
+ return ah->fname;
+-
++
++#ifdef HAVE_INOTIFY
++ for (ah = daemon->dynamic_dirs; ah; ah = ah->next)
++ if (ah->index == index)
++ return ah->fname;
++#endif
++
+ return "<unknown>";
+ }
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index bc4f47170705..2c629fe422aa 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -145,8 +145,8 @@ int main (int argc, char **argv)
+ #endif
+
+ #ifndef HAVE_INOTIFY
+- if (daemon->inotify_hosts)
+- die(_("dhcp-hostsdir not supported on this platform"), NULL, EC_BADCONF);
++ if (daemon->dynamic_dirs)
++ die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL, EC_BADCONF);
+ #endif
+
+ if (option_bool(OPT_DNSSEC_VALID))
+@@ -324,8 +324,7 @@ int main (int argc, char **argv)
+ }
+
+ #ifdef HAVE_INOTIFY
+- if ((!option_bool(OPT_NO_POLL) && daemon->port != 0) ||
+- daemon->dhcp || daemon->doing_dhcp6)
++ if (daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6)
+ inotify_dnsmasq_init();
+ else
+ daemon->inotifyfd = -1;
+@@ -1400,7 +1399,7 @@ void clear_cache_and_reload(time_t now)
+ dhcp_read_ethers();
+ reread_dhcp();
+ #ifdef HAVE_INOTIFY
+- set_dhcp_inotify();
++ set_dynamic_inotify(AH_DHCP_HST | AH_DHCP_OPT, 0, NULL, 0);
+ #endif
+ dhcp_update_configs(daemon->dhcp_conf);
+ lease_update_from_configs();
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 8091634f69db..0c322a93993e 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -554,6 +554,9 @@ struct resolvc {
+ #define AH_DIR 1
+ #define AH_INACTIVE 2
+ #define AH_WD_DONE 4
++#define AH_HOSTS 8
++#define AH_DHCP_HST 16
++#define AH_DHCP_OPT 32
+ struct hostsfile {
+ struct hostsfile *next;
+ int flags;
+@@ -965,7 +968,7 @@ extern struct daemon {
+ int doing_ra, doing_dhcp6;
+ struct dhcp_netid_list *dhcp_ignore, *dhcp_ignore_names, *dhcp_gen_names;
+ struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
+- struct hostsfile *dhcp_hosts_file, *dhcp_opts_file, *inotify_hosts;
++ struct hostsfile *dhcp_hosts_file, *dhcp_opts_file, *dynamic_dirs;
+ int dhcp_max, tftp_max;
+ int dhcp_server_port, dhcp_client_port;
+ int start_tftp_port, end_tftp_port;
+@@ -1071,6 +1074,8 @@ int cache_make_stat(struct txt_record *t);
+ char *cache_get_name(struct crec *crecp);
+ char *cache_get_cname_target(struct crec *crecp);
+ struct crec *cache_enumerate(int init);
++int read_hostsfile(char *filename, unsigned int index, int cache_size,
++ struct crec **rhash, int hashsz);
+
+ /* blockdata.c */
+ #ifdef HAVE_DNSSEC
+@@ -1204,7 +1209,8 @@ void reset_option_bool(unsigned int opt);
+ struct hostsfile *expand_filelist(struct hostsfile *list);
+ char *parse_server(char *arg, union mysockaddr *addr,
+ union mysockaddr *source_addr, char *interface, int *flags);
+-int option_read_hostsfile(char *file);
++int option_read_dynfile(char *file, int flags);
++
+ /* forward.c */
+ void reply_query(int fd, int family, time_t now);
+ void receive_query(struct listener *listen, time_t now);
+@@ -1494,7 +1500,5 @@ int detect_loop(char *query, int type);
+ #ifdef HAVE_INOTIFY
+ void inotify_dnsmasq_init();
+ int inotify_check(time_t now);
+-# ifdef HAVE_DHCP
+-void set_dhcp_inotify(void);
+-# endif
++void set_dynamic_inotify(int flag, int total_size, struct crec **rhash, int revhashsz);
+ #endif
+diff --git a/src/inotify.c b/src/inotify.c
+index 818fe8eddda4..c537f4c1562a 100644
+--- a/src/inotify.c
++++ b/src/inotify.c
+@@ -19,11 +19,6 @@
+
+ #include <sys/inotify.h>
+
+-#ifdef HAVE_DHCP
+-static void check_for_dhcp_inotify(struct inotify_event *in, time_t now);
+-#endif
+-
+-
+ /* the strategy is to set a inotify on the directories containing
+ resolv files, for any files in the directory which are close-write
+ or moved into the directory.
+@@ -82,57 +77,28 @@ void inotify_dnsmasq_init()
+ }
+ }
+
+-int inotify_check(time_t now)
++
++/* initialisation for dynamic-dir. Set inotify watch for each directory, and read pre-existing files */
++void set_dynamic_inotify(int flag, int total_size, struct crec **rhash, int revhashsz)
+ {
+- int hit = 0;
++ struct hostsfile *ah;
+
+- while (1)
++ for (ah = daemon->dynamic_dirs; ah; ah = ah->next)
+ {
+- int rc;
+- char *p;
+- struct resolvc *res;
+- struct inotify_event *in;
+-
+- while ((rc = read(daemon->inotifyfd, inotify_buffer, INOTIFY_SZ)) == -1 && errno == EINTR);
+-
+- if (rc <= 0)
+- break;
+-
+- for (p = inotify_buffer; rc - (p - inotify_buffer) >= (int)sizeof(struct inotify_event); p += sizeof(struct inotify_event) + in->len)
++ DIR *dir_stream = NULL;
++ struct dirent *ent;
++ struct stat buf;
++
++ if (!(ah->flags & flag))
++ continue;
++
++ if (stat(ah->fname, &buf) == -1 || !(S_ISDIR(buf.st_mode)))
+ {
+- in = (struct inotify_event*)p;
+-
+- for (res = daemon->resolv_files; res; res = res->next)
+- if (res->wd == in->wd && in->len != 0 && strcmp(res->file, in->name) == 0)
+- hit = 1;
+-
+-#ifdef HAVE_DHCP
+- if (daemon->dhcp || daemon->doing_dhcp6)
+- check_for_dhcp_inotify(in, now);
+-#endif
++ my_syslog(LOG_ERR, _("bad dynamic directory %s: %s"),
++ ah->fname, strerror(errno));
++ continue;
+ }
+- }
+- return hit;
+-}
+-
+-#ifdef HAVE_DHCP
+-/* initialisation for dhcp-hostdir. Set inotify watch for each directory, and read pre-existing files */
+-void set_dhcp_inotify(void)
+-{
+- struct hostsfile *ah;
+-
+- for (ah = daemon->inotify_hosts; ah; ah = ah->next)
+- {
+- DIR *dir_stream = NULL;
+- struct dirent *ent;
+- struct stat buf;
+-
+- if (stat(ah->fname, &buf) == -1 || !(S_ISDIR(buf.st_mode)))
+- {
+- my_syslog(LOG_ERR, _("bad directory in dhcp-hostsdir %s"), ah->fname);
+- continue;
+- }
+-
++
+ if (!(ah->flags & AH_WD_DONE))
+ {
+ ah->wd = inotify_add_watch(daemon->inotifyfd, ah->fname, IN_CLOSE_WRITE | IN_MOVED_TO);
+@@ -142,7 +108,8 @@ void set_dhcp_inotify(void)
+ a race which misses files being added as we start */
+ if (ah->wd == -1 || !(dir_stream = opendir(ah->fname)))
+ {
+- my_syslog(LOG_ERR, _("failed to create inotify for %s"), ah->fname);
++ my_syslog(LOG_ERR, _("failed to create inotify for %s: %s"),
++ ah->fname, strerror(errno));
+ continue;
+ }
+
+@@ -167,54 +134,90 @@ void set_dhcp_inotify(void)
+
+ /* ignore non-regular files */
+ if (stat(path, &buf) != -1 && S_ISREG(buf.st_mode))
+- option_read_hostsfile(path);
+-
++ {
++ if (ah->flags & AH_HOSTS)
++ total_size = read_hostsfile(path, ah->index, total_size, rhash, revhashsz);
++#ifdef HAVE_DHCP
++ else if (ah->flags & (AH_DHCP_HST | AH_DHCP_OPT))
++ option_read_dynfile(path, ah->flags);
++#endif
++ }
++
+ free(path);
+ }
+ }
+ }
+ }
+
+-static void check_for_dhcp_inotify(struct inotify_event *in, time_t now)
++int inotify_check(time_t now)
+ {
++ int hit = 0;
+ struct hostsfile *ah;
+
+- /* ignore emacs backups and dotfiles */
+- if (in->len == 0 ||
+- in->name[in->len - 1] == '~' ||
+- (in->name[0] == '#' && in->name[in->len - 1] == '#') ||
+- in->name[0] == '.')
+- return;
+-
+- for (ah = daemon->inotify_hosts; ah; ah = ah->next)
+- if (ah->wd == in->wd)
+- {
+- size_t lendir = strlen(ah->fname);
+- char *path;
+-
+- if ((path = whine_malloc(lendir + in->len + 2)))
+- {
+- strcpy(path, ah->fname);
+- strcat(path, "/");
+- strcat(path, in->name);
+-
+- if (option_read_hostsfile(path))
++ while (1)
++ {
++ int rc;
++ char *p;
++ struct resolvc *res;
++ struct inotify_event *in;
++
++ while ((rc = read(daemon->inotifyfd, inotify_buffer, INOTIFY_SZ)) == -1 && errno == EINTR);
++
++ if (rc <= 0)
++ break;
++
++ for (p = inotify_buffer; rc - (p - inotify_buffer) >= (int)sizeof(struct inotify_event); p += sizeof(struct inotify_event) + in->len)
++ {
++ in = (struct inotify_event*)p;
++
++ for (res = daemon->resolv_files; res; res = res->next)
++ if (res->wd == in->wd && in->len != 0 && strcmp(res->file, in->name) == 0)
++ hit = 1;
++
++ /* ignore emacs backups and dotfiles */
++ if (in->len == 0 ||
++ in->name[in->len - 1] == '~' ||
++ (in->name[0] == '#' && in->name[in->len - 1] == '#') ||
++ in->name[0] == '.')
++ continue;
++
++ for (ah = daemon->dynamic_dirs; ah; ah = ah->next)
++ if (ah->wd == in->wd)
+ {
+- /* Propogate the consequences of loading a new dhcp-host */
+- dhcp_update_configs(daemon->dhcp_conf);
+- lease_update_from_configs();
+- lease_update_file(now);
+- lease_update_dns(1);
++ size_t lendir = strlen(ah->fname);
++ char *path;
++
++ if ((path = whine_malloc(lendir + in->len + 2)))
++ {
++ strcpy(path, ah->fname);
++ strcat(path, "/");
++ strcat(path, in->name);
++
++ if (ah->flags & AH_HOSTS)
++ read_hostsfile(path, ah->index, 0, NULL, 0);
++#ifdef HAVE_DHCP
++ else if (ah->flags & AH_DHCP_HST)
++ {
++ if (option_read_dynfile(path, AH_DHCP_HST))
++ {
++ /* Propogate the consequences of loading a new dhcp-host */
++ dhcp_update_configs(daemon->dhcp_conf);
++ lease_update_from_configs();
++ lease_update_file(now);
++ lease_update_dns(1);
++ }
++ }
++ else if (ah->flags & AH_DHCP_OPT)
++ option_read_dynfile(path, AH_DHCP_OPT);
++#endif
++
++ free(path);
++ }
+ }
+-
+- free(path);
+- }
+-
+- return;
+- }
++ }
++ }
++ return hit;
+ }
+
+-#endif /* DHCP */
+-
+ #endif /* INOTIFY */
+
+diff --git a/src/option.c b/src/option.c
+index 22e11c37d374..6ef80117cc8c 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -150,6 +150,8 @@ struct myoption {
+ #define LOPT_IGNORE_ADDR 338
+ #define LOPT_MINCTTL 339
+ #define LOPT_DHCP_INOTIFY 340
++#define LOPT_DHOPT_INOTIFY 341
++#define LOPT_HOST_INOTIFY 342
+
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =
+@@ -200,6 +202,7 @@ static const struct myoption opts[] =
+ { "local-ttl", 1, 0, 'T' },
+ { "no-negcache", 0, 0, 'N' },
+ { "addn-hosts", 1, 0, 'H' },
++ { "hostsdir", 1, 0, LOPT_HOST_INOTIFY },
+ { "query-port", 1, 0, 'Q' },
+ { "except-interface", 1, 0, 'I' },
+ { "no-dhcp-interface", 1, 0, '2' },
+@@ -249,6 +252,7 @@ static const struct myoption opts[] =
+ { "dhcp-hostsfile", 1, 0, LOPT_DHCP_HOST },
+ { "dhcp-optsfile", 1, 0, LOPT_DHCP_OPTS },
+ { "dhcp-hostsdir", 1, 0, LOPT_DHCP_INOTIFY },
++ { "dhcp-optsdir", 1, 0, LOPT_DHOPT_INOTIFY },
+ { "dhcp-no-override", 0, 0, LOPT_OVERRIDE },
+ { "tftp-port-range", 1, 0, LOPT_TFTPPORTS },
+ { "stop-dns-rebind", 0, 0, LOPT_REBIND },
+@@ -338,9 +342,11 @@ static struct {
+ { LOPT_DHCP_HOST, ARG_DUP, "<path>", gettext_noop("Read DHCP host specs from file."), NULL },
+ { LOPT_DHCP_OPTS, ARG_DUP, "<path>", gettext_noop("Read DHCP option specs from file."), NULL },
+ { LOPT_DHCP_INOTIFY, ARG_DUP, "<path>", gettext_noop("Read DHCP host specs from a directory."), NULL },
++ { LOPT_DHOPT_INOTIFY, ARG_DUP, "<path>", gettext_noop("Read DHCP options from a directory."), NULL },
+ { LOPT_TAG_IF, ARG_DUP, "tag-expression", gettext_noop("Evaluate conditional tag expression."), NULL },
+ { 'h', OPT_NO_HOSTS, NULL, gettext_noop("Do NOT load %s file."), HOSTSFILE },
+ { 'H', ARG_DUP, "<path>", gettext_noop("Specify a hosts file to be read in addition to %s."), HOSTSFILE },
++ { LOPT_HOST_INOTIFY, ARG_DUP, "<path>", gettext_noop("Read hosts files from a directory."), NULL },
+ { 'i', ARG_DUP, "<interface>", gettext_noop("Specify interface(s) to listen on."), NULL },
+ { 'I', ARG_DUP, "<interface>", gettext_noop("Specify interface(s) NOT to listen on.") , NULL },
+ { 'j', ARG_DUP, "set:<tag>,<class>", gettext_noop("Map DHCP user class to tag."), NULL },
+@@ -1712,10 +1718,12 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ break;
+ #endif /* HAVE_DHCP */
+
+- case LOPT_DHCP_HOST: /* --dhcp-hostsfile */
+- case LOPT_DHCP_OPTS: /* --dhcp-optsfile */
+- case LOPT_DHCP_INOTIFY: /* dhcp-hostsdir */
+- case 'H': /* --addn-hosts */
++ case LOPT_DHCP_HOST: /* --dhcp-hostsfile */
++ case LOPT_DHCP_OPTS: /* --dhcp-optsfile */
++ case LOPT_DHCP_INOTIFY: /* --dhcp-hostsdir */
++ case LOPT_DHOPT_INOTIFY: /* --dhcp-optsdir */
++ case LOPT_HOST_INOTIFY: /* --hostsdir */
++ case 'H': /* --addn-hosts */
+ {
+ struct hostsfile *new = opt_malloc(sizeof(struct hostsfile));
+ static unsigned int hosts_index = SRC_AH;
+@@ -1737,10 +1745,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ new->next = daemon->dhcp_opts_file;
+ daemon->dhcp_opts_file = new;
+ }
+- else if (option == LOPT_DHCP_INOTIFY)
++ else
+ {
+- new->next = daemon->inotify_hosts;
+- daemon->inotify_hosts = new;
++ new->next = daemon->dynamic_dirs;
++ daemon->dynamic_dirs = new;
++ if (option == LOPT_DHCP_INOTIFY)
++ new->flags |= AH_DHCP_HST;
++ else if (option == LOPT_DHOPT_INOTIFY)
++ new->flags |= AH_DHCP_OPT;
++ else if (option == LOPT_HOST_INOTIFY)
++ new->flags |= AH_HOSTS;
+ }
+
+ break;
+@@ -4052,9 +4066,14 @@ static void read_file(char *file, FILE *f, int hard_opt)
+ }
+
+ #ifdef HAVE_DHCP
+-int option_read_hostsfile(char *file)
++int option_read_dynfile(char *file, int flags)
+ {
+- return one_file(file, LOPT_BANK);
++ if (flags & AH_DHCP_HST)
++ return one_file(file, LOPT_BANK);
++ else if (flags & AH_DHCP_OPT)
++ return one_file(file, LOPT_OPTS);
++
++ return 0;
+ }
+ #endif
+
+--
+2.1.0
+
--- /dev/null
+From aff3396280e944833f0e23d834aa6acd5fe2605a Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 31 Jan 2015 20:13:40 +0000
+Subject: [PATCH 39/55] Update copyrights for dawn of 2015.
+
+---
+ Makefile | 2 +-
+ src/auth.c | 2 +-
+ src/blockdata.c | 2 +-
+ src/bpf.c | 2 +-
+ src/cache.c | 2 +-
+ src/config.h | 2 +-
+ src/conntrack.c | 2 +-
+ src/dbus.c | 2 +-
+ src/dhcp-common.c | 2 +-
+ src/dhcp-protocol.h | 2 +-
+ src/dhcp.c | 2 +-
+ src/dhcp6-protocol.h | 2 +-
+ src/dhcp6.c | 2 +-
+ src/dns-protocol.h | 2 +-
+ src/dnsmasq.c | 2 +-
+ src/dnsmasq.h | 4 ++--
+ src/dnssec.c | 2 +-
+ src/domain.c | 2 +-
+ src/forward.c | 2 +-
+ src/helper.c | 2 +-
+ src/inotify.c | 2 +-
+ src/ip6addr.h | 2 +-
+ src/lease.c | 2 +-
+ src/log.c | 2 +-
+ src/loop.c | 2 +-
+ src/netlink.c | 2 +-
+ src/network.c | 2 +-
+ src/option.c | 2 +-
+ src/outpacket.c | 2 +-
+ src/radv-protocol.h | 2 +-
+ src/radv.c | 2 +-
+ src/rfc1035.c | 2 +-
+ src/rfc2131.c | 2 +-
+ src/rfc3315.c | 2 +-
+ src/slaac.c | 2 +-
+ src/tftp.c | 2 +-
+ src/util.c | 2 +-
+ 37 files changed, 38 insertions(+), 38 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index bcbd5571671d..21e4a5c4101c 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,4 +1,4 @@
+-# dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++# dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+ #
+ # This program is free software; you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+diff --git a/src/auth.c b/src/auth.c
+index 59e05d3da38e..15721e52793f 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/blockdata.c b/src/blockdata.c
+index 5a70a7967fa3..c8f5eae811eb 100644
+--- a/src/blockdata.c
++++ b/src/blockdata.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/bpf.c b/src/bpf.c
+index 4416b1c07287..997d87421bed 100644
+--- a/src/bpf.c
++++ b/src/bpf.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/cache.c b/src/cache.c
+index abaf25ec0f18..117ae279fd4e 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/config.h b/src/config.h
+index 5e5009271eba..8def6f200461 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/conntrack.c b/src/conntrack.c
+index 6a5133ab93af..0fa2da903b03 100644
+--- a/src/conntrack.c
++++ b/src/conntrack.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/dbus.c b/src/dbus.c
+index a2a94dc85dac..5b69de518beb 100644
+--- a/src/dbus.c
++++ b/src/dbus.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/dhcp-common.c b/src/dhcp-common.c
+index 9d13ac8df6f1..ce115202a646 100644
+--- a/src/dhcp-common.c
++++ b/src/dhcp-common.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/dhcp-protocol.h b/src/dhcp-protocol.h
+index 4c0961472482..701b6cb3346e 100644
+--- a/src/dhcp-protocol.h
++++ b/src/dhcp-protocol.h
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/dhcp.c b/src/dhcp.c
+index 7acf2c4311a9..f29be9b489a7 100644
+--- a/src/dhcp.c
++++ b/src/dhcp.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/dhcp6-protocol.h b/src/dhcp6-protocol.h
+index 5927dc32f6af..928a2fa162ed 100644
+--- a/src/dhcp6-protocol.h
++++ b/src/dhcp6-protocol.h
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/dhcp6.c b/src/dhcp6.c
+index bc48fdddd3de..3c56e77c6085 100644
+--- a/src/dhcp6.c
++++ b/src/dhcp6.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/dns-protocol.h b/src/dns-protocol.h
+index 0aced3ce6952..16fade33d98c 100644
+--- a/src/dns-protocol.h
++++ b/src/dns-protocol.h
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 2c629fe422aa..e903a24c8105 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 0c322a93993e..89e758b56a0a 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+@@ -14,7 +14,7 @@
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+-#define COPYRIGHT "Copyright (c) 2000-2014 Simon Kelley"
++#define COPYRIGHT "Copyright (c) 2000-2015 Simon Kelley"
+
+ #ifndef NO_LARGEFILE
+ /* Ensure we can use files >2GB (log files may grow this big) */
+diff --git a/src/dnssec.c b/src/dnssec.c
+index d39ab85ed966..a8dfe3871c85 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -1,5 +1,5 @@
+ /* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
+- and Copyright (c) 2012-2014 Simon Kelley
++ and Copyright (c) 2012-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/domain.c b/src/domain.c
+index fdd5e4f0838f..278698ca04b3 100644
+--- a/src/domain.c
++++ b/src/domain.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/forward.c b/src/forward.c
+index b17bc34f865f..438e9fa490b8 100644
+--- a/src/forward.c
++++ b/src/forward.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/helper.c b/src/helper.c
+index 4be53c361ee1..1fee72dead8c 100644
+--- a/src/helper.c
++++ b/src/helper.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/inotify.c b/src/inotify.c
+index c537f4c1562a..470d6ed99213 100644
+--- a/src/inotify.c
++++ b/src/inotify.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/ip6addr.h b/src/ip6addr.h
+index c7dcb39c33fa..f0b7e820e227 100644
+--- a/src/ip6addr.h
++++ b/src/ip6addr.h
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/lease.c b/src/lease.c
+index 5d56b1b9147e..545bbb7fd09c 100644
+--- a/src/lease.c
++++ b/src/lease.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/log.c b/src/log.c
+index 8083a8697323..a5ac605c7c5d 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/loop.c b/src/loop.c
+index bb377ad12644..565f7d8e58e0 100644
+--- a/src/loop.c
++++ b/src/loop.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/netlink.c b/src/netlink.c
+index b39328376389..10f94db25a14 100644
+--- a/src/netlink.c
++++ b/src/netlink.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/network.c b/src/network.c
+index 14d2af2ce313..7045253d467b 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/option.c b/src/option.c
+index 6ef80117cc8c..cb4e76ba0aa2 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/outpacket.c b/src/outpacket.c
+index dce68f7cb09f..5b1ff9318bbd 100644
+--- a/src/outpacket.c
++++ b/src/outpacket.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/radv-protocol.h b/src/radv-protocol.h
+index 72ccda49d7fe..4cc1ea426e69 100644
+--- a/src/radv-protocol.h
++++ b/src/radv-protocol.h
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/radv.c b/src/radv.c
+index 3c8b162dbd8e..6da125b864ae 100644
+--- a/src/radv.c
++++ b/src/radv.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 262274fc5b80..5ef5ddb7485e 100644
+--- a/src/rfc1035.c
++++ b/src/rfc1035.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/rfc2131.c b/src/rfc2131.c
+index 5c9040892f1d..55526443dc84 100644
+--- a/src/rfc2131.c
++++ b/src/rfc2131.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index e593ec9c362c..c1ddc805988d 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/slaac.c b/src/slaac.c
+index 351d6802f85e..abaad537e25a 100644
+--- a/src/slaac.c
++++ b/src/slaac.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/tftp.c b/src/tftp.c
+index a527911fc0df..a57a31514f44 100644
+--- a/src/tftp.c
++++ b/src/tftp.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+diff --git a/src/util.c b/src/util.c
+index d532444da207..91d02410b13f 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -1,4 +1,4 @@
+-/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
++/* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+--
+2.1.0
+
--- /dev/null
+From 3d04f46334d0e345f589eda1372e638b946fe637 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 31 Jan 2015 21:59:13 +0000
+Subject: [PATCH 40/55] inotify documentation updates.
+
+---
+ man/dnsmasq.8 | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 005b5cca8d1f..c858323d78bd 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -50,6 +50,10 @@ Additional hosts file. Read the specified file as well as /etc/hosts. If -h is g
+ only the specified file. This option may be repeated for more than one
+ additional hosts file. If a directory is given, then read all the files contained in that directory.
+ .TP
++.B --hostsdir=<path>
++Read all the hosts files contained in the directory. New or changed files
++are read automatically. See --dhcp-hostsdir for details.
++.TP
+ .B \-E, --expand-hosts
+ Add the domain to simple names (without a period) in /etc/hosts
+ in the same way as for DHCP-derived names. Note that this does not
+@@ -979,12 +983,14 @@ dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. Note that
+ it is possible to encode the information in a
+ .TP
+ .B --dhcp-hostsdir=<path>
+-This is exactly equivalent to dhcp-hostfile, except for the following. The path MUST be a
++This is equivalent to dhcp-hostsfile, except for the following. The path MUST be a
+ directory, and not an individual file. Changed or new files within
+ the directory are read automatically, without the need to send SIGHUP.
+ If a file is deleted for changed after it has been read by dnsmasq, then the
+ host record it contained will remain until dnsmasq recieves a SIGHUP, or
+ is restarted; ie host records are only added dynamically.
++.B --dhcp-optsdir=<path>
++This is equivalent to dhcp-optsfile, with the differences noted for --dhcp-hostsdir.
+ .TP
+ .B --dhcp-boot
+ flag as DHCP options, using the options names bootfile-name,
+@@ -1791,7 +1797,8 @@ clears its cache and then re-loads
+ .I /etc/hosts
+ and
+ .I /etc/ethers
+-and any file given by --dhcp-hostsfile, --dhcp-optsfile or --addn-hosts.
++and any file given by --dhcp-hostsfile, --dhcp-hostsdir, --dhcp-optsfile,
++--dhcp-optsdir, --addn-hosts or --hostsdir.
+ The dhcp lease change script is called for all
+ existing DHCP leases. If
+ .B
+--
+2.1.0
+
--- /dev/null
+From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 31 Jan 2015 22:44:26 +0000
+Subject: [PATCH 41/55] Fix broken ECDSA DNSSEC signatures.
+
+---
+ CHANGELOG | 2 ++
+ src/dnssec.c | 2 +-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index c05dec63c587..c80dc0fdbe9e 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -65,6 +65,8 @@ version 2.73
+ configured to do stateful DHCPv6. Thanks to Win King Wan
+ for the patch.
+
++ Fix broken DNSSEC validation of ECDSA signatures.
++
+
+ version 2.72
+ Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
+diff --git a/src/dnssec.c b/src/dnssec.c
+index a8dfe3871c85..26932373cd3e 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -275,7 +275,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
+ }
+
+ if (sig_len != 2*t || key_len != 2*t ||
+- (p = blockdata_retrieve(key_data, key_len, NULL)))
++ !(p = blockdata_retrieve(key_data, key_len, NULL)))
+ return 0;
+
+ mpz_import(x, t , 1, 1, 0, 0, p);
+--
+2.1.0
+
--- /dev/null
+From 106266761828a0acb006346ae47bf031dee46a5d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 1 Feb 2015 00:15:16 +0000
+Subject: [PATCH 42/55] BSD make support
+
+---
+ Makefile | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 21e4a5c4101c..2910320b6452 100644
+--- a/Makefile
++++ b/Makefile
+@@ -64,8 +64,10 @@ nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG
+ gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
+ sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
+ version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
+-copts_conf = .copts_$(shell $(CC) -DDNSMASQ_COMPILE_OPTS $(COPTS) -E $(top)/$(SRC)/dnsmasq.h | \
+- ( md5sum 2>/dev/null || md5 ) | cut -f 1 -d ' ')
++
++sum?=$(shell $(CC) -DDNSMASQ_COMPILE_OPTS $(COPTS) -E $(top)/$(SRC)/dnsmasq.h | ( md5sum 2>/dev/null || md5 ) | cut -f 1 -d ' ')
++sum!=$(CC) -DDNSMASQ_COMPILE_OPTS $(COPTS) -E $(top)/$(SRC)/dnsmasq.h | ( md5sum 2>/dev/null || md5 ) | cut -f 1 -d ' '
++copts_conf = .copts_$(sum)
+
+ objs = cache.o rfc1035.o util.o option.o forward.o network.o \
+ dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+--
+2.1.0
+
--- /dev/null
+From 8d8a54ec79d9f96979fabbd97b1dd2ddebc7d78f Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 1 Feb 2015 21:48:46 +0000
+Subject: [PATCH 43/55] Fix build failure on openBSD.
+
+---
+ src/tables.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tables.c b/src/tables.c
+index dcdef794c4d2..aae1252708db 100644
+--- a/src/tables.c
++++ b/src/tables.c
+@@ -21,7 +21,7 @@
+ #if defined(HAVE_IPSET) && defined(HAVE_BSD_NETWORK)
+
+ #ifndef __FreeBSD__
+-#include <bsd/string.h>
++#include <string.h>
+ #endif
+
+ #include <sys/types.h>
+--
+2.1.0
+
--- /dev/null
+From d36b732c4cfa91ea09af64b5dc0f3a85a075e5bc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= <thiebaud@weksteen.fr>
+Date: Mon, 2 Feb 2015 21:37:27 +0000
+Subject: [PATCH 44/55] Manpage typo fix.
+
+---
+ man/dnsmasq.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index c858323d78bd..27f85d40fbbb 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -516,7 +516,7 @@ zone files: the port, weight and priority numbers are in a different
+ order. More than one SRV record for a given service/domain is allowed,
+ all that match are returned.
+ .TP
+-.B --host-record=<name>[,<name>....][<IPv4-address>],[<IPv6-address>]
++.B --host-record=<name>[,<name>....],[<IPv4-address>],[<IPv6-address>]
+ Add A, AAAA and PTR records to the DNS. This adds one or more names to
+ the DNS with associated IPv4 (A) and IPv6 (AAAA) records. A name may
+ appear in more than one
+--
+2.1.0
+
--- /dev/null
+From 2941d3ac898cf84b544e47c9735c5e4111711db1 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 2 Feb 2015 22:36:42 +0000
+Subject: [PATCH 45/55] Fixup dhcp-configs after reading extra hostfiles with
+ inotify.
+
+---
+ src/inotify.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/inotify.c b/src/inotify.c
+index 470d6ed99213..6f4cd79e0030 100644
+--- a/src/inotify.c
++++ b/src/inotify.c
+@@ -194,7 +194,19 @@ int inotify_check(time_t now)
+ strcat(path, in->name);
+
+ if (ah->flags & AH_HOSTS)
+- read_hostsfile(path, ah->index, 0, NULL, 0);
++ {
++ read_hostsfile(path, ah->index, 0, NULL, 0);
++#ifdef HAVE_DHCP
++ if (daemon->dhcp || daemon->doing_dhcp6)
++ {
++ /* Propogate the consequences of loading a new dhcp-host */
++ dhcp_update_configs(daemon->dhcp_conf);
++ lease_update_from_configs();
++ lease_update_file(now);
++ lease_update_dns(1);
++ }
++#endif
++ }
+ #ifdef HAVE_DHCP
+ else if (ah->flags & AH_DHCP_HST)
+ {
+--
+2.1.0
+
--- /dev/null
+From f9c863708c6b0aea31ff7a466647685dc739de50 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 3 Feb 2015 21:52:48 +0000
+Subject: [PATCH 46/55] Extra logging for inotify code.
+
+---
+ src/cache.c | 9 ++++-----
+ src/inotify.c | 4 +++-
+ src/option.c | 4 +++-
+ 3 files changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/src/cache.c b/src/cache.c
+index 117ae279fd4e..43245b771b53 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1022,11 +1022,10 @@ int read_hostsfile(char *filename, unsigned int index, int cache_size, struct cr
+ fclose(f);
+
+ if (rhash)
+- {
+- rehash(name_count);
+- my_syslog(LOG_INFO, _("read %s - %d addresses"), filename, addr_count);
+- }
+-
++ rehash(name_count);
++
++ my_syslog(LOG_INFO, _("read %s - %d addresses"), filename, addr_count);
++
+ return name_count;
+ }
+
+diff --git a/src/inotify.c b/src/inotify.c
+index 6f4cd79e0030..44ce0c9af051 100644
+--- a/src/inotify.c
++++ b/src/inotify.c
+@@ -192,7 +192,9 @@ int inotify_check(time_t now)
+ strcpy(path, ah->fname);
+ strcat(path, "/");
+ strcat(path, in->name);
+-
++
++ my_syslog(LOG_INFO, _("inotify, new or changed file %s"), path);
++
+ if (ah->flags & AH_HOSTS)
+ {
+ read_hostsfile(path, ah->index, 0, NULL, 0);
+diff --git a/src/option.c b/src/option.c
+index cb4e76ba0aa2..e4b4865d07a5 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -4068,11 +4068,13 @@ static void read_file(char *file, FILE *f, int hard_opt)
+ #ifdef HAVE_DHCP
+ int option_read_dynfile(char *file, int flags)
+ {
++ my_syslog(MS_DHCP | LOG_INFO, _("read %s"), file);
++
+ if (flags & AH_DHCP_HST)
+ return one_file(file, LOPT_BANK);
+ else if (flags & AH_DHCP_OPT)
+ return one_file(file, LOPT_OPTS);
+-
++
+ return 0;
+ }
+ #endif
+--
+2.1.0
+
--- /dev/null
+From efb8b5566aafc1f3ce18514a2df93af5a2e4998c Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 7 Feb 2015 22:36:34 +0000
+Subject: [PATCH 47/55] man page typo.
+
+---
+ man/dnsmasq.8 | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 27f85d40fbbb..5cdd186afaa0 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -989,6 +989,7 @@ the directory are read automatically, without the need to send SIGHUP.
+ If a file is deleted for changed after it has been read by dnsmasq, then the
+ host record it contained will remain until dnsmasq recieves a SIGHUP, or
+ is restarted; ie host records are only added dynamically.
++.TP
+ .B --dhcp-optsdir=<path>
+ This is equivalent to dhcp-optsfile, with the differences noted for --dhcp-hostsdir.
+ .TP
+--
+2.1.0
+
--- /dev/null
+From f4f400776b3c1aa303d1a0fcd500f0ab5bc970f2 Mon Sep 17 00:00:00 2001
+From: Shantanu Gadgil <shantanugadgil@yahoo.com>
+Date: Wed, 11 Feb 2015 20:16:59 +0000
+Subject: [PATCH 48/55] Fix get-version script which returned wrong tag in some
+ situations.
+
+---
+ bld/get-version | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bld/get-version b/bld/get-version
+index c246a3cc6a47..7ab75db729ac 100755
+--- a/bld/get-version
++++ b/bld/get-version
+@@ -20,7 +20,7 @@ else
+ vers=`cat $1/VERSION | sed 's/[(), ]/,/ g' | tr ',' '\n' | grep ^v[0-9]`
+
+ if [ $? -eq 0 ]; then
+- echo "${vers}" | sort | head -n 1 | sed 's/^v//'
++ echo "${vers}" | sort -r | head -n 1 | sed 's/^v//'
+ else
+ cat $1/VERSION
+ fi
+--
+2.1.0
+
--- /dev/null
+From 8ff70de618eb7de9147dbfbd4deca4a2dd62f0cb Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 14 Feb 2015 20:02:37 +0000
+Subject: [PATCH 49/55] Typos.
+
+---
+ src/inotify.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/inotify.c b/src/inotify.c
+index 44ce0c9af051..9422066257f5 100644
+--- a/src/inotify.c
++++ b/src/inotify.c
+@@ -104,7 +104,8 @@ void set_dynamic_inotify(int flag, int total_size, struct crec **rhash, int revh
+ ah->wd = inotify_add_watch(daemon->inotifyfd, ah->fname, IN_CLOSE_WRITE | IN_MOVED_TO);
+ ah->flags |= AH_WD_DONE;
+ }
+- /* Read contents of dir _after_ calling add_watch, in the ho[e of avoiding
++
++ /* Read contents of dir _after_ calling add_watch, in the hope of avoiding
+ a race which misses files being added as we start */
+ if (ah->wd == -1 || !(dir_stream = opendir(ah->fname)))
+ {
+--
+2.1.0
+
--- /dev/null
+From caeea190f12efd20139f694aac4942d1ac00019f Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 14 Feb 2015 20:08:56 +0000
+Subject: [PATCH 50/55] Make dynamic hosts files work when --no-hosts set.
+
+---
+ src/cache.c | 21 +++++++++++----------
+ 1 file changed, 11 insertions(+), 10 deletions(-)
+
+diff --git a/src/cache.c b/src/cache.c
+index 43245b771b53..c95624c42b1c 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1133,17 +1133,18 @@ void cache_reload(void)
+ {
+ if (daemon->cachesize > 0)
+ my_syslog(LOG_INFO, _("cleared cache"));
+- return;
+ }
+-
+- if (!option_bool(OPT_NO_HOSTS))
+- total_size = read_hostsfile(HOSTSFILE, SRC_HOSTS, total_size, (struct crec **)daemon->packet, revhashsz);
+-
+- daemon->addn_hosts = expand_filelist(daemon->addn_hosts);
+- for (ah = daemon->addn_hosts; ah; ah = ah->next)
+- if (!(ah->flags & AH_INACTIVE))
+- total_size = read_hostsfile(ah->fname, ah->index, total_size, (struct crec **)daemon->packet, revhashsz);
+-
++ else
++ {
++ if (!option_bool(OPT_NO_HOSTS))
++ total_size = read_hostsfile(HOSTSFILE, SRC_HOSTS, total_size, (struct crec **)daemon->packet, revhashsz);
++
++ daemon->addn_hosts = expand_filelist(daemon->addn_hosts);
++ for (ah = daemon->addn_hosts; ah; ah = ah->next)
++ if (!(ah->flags & AH_INACTIVE))
++ total_size = read_hostsfile(ah->fname, ah->index, total_size, (struct crec **)daemon->packet, revhashsz);
++ }
++
+ #ifdef HAVE_INOTIFY
+ set_dynamic_inotify(AH_HOSTS, total_size, (struct crec **)daemon->packet, revhashsz);
+ #endif
+--
+2.1.0
+
--- /dev/null
+From 28b879ac47b872af6e8c5e86d76806c69338434d Mon Sep 17 00:00:00 2001
+From: Chen Wei <weichen302@icloud.com>
+Date: Tue, 17 Feb 2015 22:07:35 +0000
+Subject: [PATCH 51/55] Fix trivial memory leaks to quieten valgrind.
+
+---
+ src/dnsmasq.c | 2 ++
+ src/option.c | 11 +++++++++--
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index e903a24c8105..e6dabbf556f7 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -627,6 +627,8 @@ int main (int argc, char **argv)
+ }
+
+ #ifdef HAVE_LINUX_NETWORK
++ free(hdr);
++ free(data);
+ if (option_bool(OPT_DEBUG))
+ prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
+ #endif
+diff --git a/src/option.c b/src/option.c
+index e4b4865d07a5..ae0ad002d8b8 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -4361,7 +4361,7 @@ void read_opts(int argc, char **argv, char *compile_opts)
+ {
+ char *buff = opt_malloc(MAXDNAME);
+ int option, conffile_opt = '7', testmode = 0;
+- char *arg, *conffile = CONFFILE;
++ char *arg, *conffile = NULL;
+
+ opterr = 0;
+
+@@ -4476,7 +4476,14 @@ void read_opts(int argc, char **argv, char *compile_opts)
+ }
+
+ if (conffile)
+- one_file(conffile, conffile_opt);
++ {
++ one_file(conffile, conffile_opt);
++ free(conffile);
++ }
++ else
++ {
++ one_file(CONFFILE, conffile_opt);
++ }
+
+ /* port might not be known when the address is parsed - fill in here */
+ if (daemon->servers)
+--
+2.1.0
+
--- /dev/null
+From 0705a7e2d57654b27c7e14f35ca77241c1821f4d Mon Sep 17 00:00:00 2001
+From: Tomas Hozza <thozza@redhat.com>
+Date: Mon, 23 Feb 2015 21:26:26 +0000
+Subject: [PATCH 52/55] Fix uninitialized value used in get_client_mac()
+
+---
+ src/dhcp6.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/dhcp6.c b/src/dhcp6.c
+index 3c56e77c6085..c7144f5fee7c 100644
+--- a/src/dhcp6.c
++++ b/src/dhcp6.c
+@@ -246,7 +246,9 @@ void get_client_mac(struct in6_addr *client, int iface, unsigned char *mac, unsi
+ neigh.code = 0;
+ neigh.reserved = 0;
+ neigh.target = *client;
+-
++ /* RFC4443 section-2.3: checksum has to be zero to be calculated */
++ neigh.checksum = 0;
++
+ memset(&addr, 0, sizeof(addr));
+ #ifdef HAVE_SOCKADDR_SA_LEN
+ addr.sin6_len = sizeof(struct sockaddr_in6);
+--
+2.1.0
+
--- /dev/null
+From 47b9ac59c715827252ae6e6732903c3dabb697fb Mon Sep 17 00:00:00 2001
+From: Joachim Zobel <jz-2014@heute-morgen.de>
+Date: Mon, 23 Feb 2015 21:38:11 +0000
+Subject: [PATCH 53/55] Log parsing utils in contrib/reverse-dns
+
+---
+ contrib/reverse-dns/README | 18 ++++++++++++++++++
+ contrib/reverse-dns/reverse_dns.sh | 29 +++++++++++++++++++++++++++++
+ contrib/reverse-dns/reverse_replace.sh | 28 ++++++++++++++++++++++++++++
+ 3 files changed, 75 insertions(+)
+ create mode 100644 contrib/reverse-dns/README
+ create mode 100644 contrib/reverse-dns/reverse_dns.sh
+ create mode 100644 contrib/reverse-dns/reverse_replace.sh
+
+diff --git a/contrib/reverse-dns/README b/contrib/reverse-dns/README
+new file mode 100644
+index 000000000000..f87eb77c4c22
+--- /dev/null
++++ b/contrib/reverse-dns/README
+@@ -0,0 +1,18 @@
++Hi.\r
++\r
++To translate my routers netstat-nat output into names that actually talk\r
++to me I have started writing to simple shell scripts. They require \r
++\r
++log-queries\r
++log-facility=/var/log/dnsmasq.log\r
++\r
++to be set. With\r
++\r
++netstat-nat -n -4 | reverse_replace.sh \r
++\r
++I get retranslated output.\r
++\r
++Sincerely,\r
++Joachim\r
++\r
++\r
+diff --git a/contrib/reverse-dns/reverse_dns.sh b/contrib/reverse-dns/reverse_dns.sh
+new file mode 100644
+index 000000000000..c0fff300a947
+--- /dev/null
++++ b/contrib/reverse-dns/reverse_dns.sh
+@@ -0,0 +1,29 @@
++#!/bin/bash
++# $Id: reverse_dns.sh 4 2015-02-17 20:14:59Z jo $
++#
++# Usage: reverse_dns.sh IP
++# Uses the dnsmasq query log to lookup the name
++# that was last queried to return the given IP.
++#
++
++IP=$1
++qmIP=`echo $IP | sed 's#\.#\\.#g'`
++LOG=/var/log/dnsmasq.log
++
++IP_regex='^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'
++
++if ! [[ $IP =~ $IP_regex ]]; then
++ echo -n $IP
++ exit
++fi
++
++NAME=`tac $LOG | \
++ grep " is $IP" | head -1 | \
++ sed "s#.* \([^ ]*\) is $qmIP.*#\1#" `
++
++if [ -z "$NAME" ]; then
++ echo -n $IP
++else
++ echo -n $NAME
++fi
++
+diff --git a/contrib/reverse-dns/reverse_replace.sh b/contrib/reverse-dns/reverse_replace.sh
+new file mode 100644
+index 000000000000..a11c164b7f19
+--- /dev/null
++++ b/contrib/reverse-dns/reverse_replace.sh
+@@ -0,0 +1,28 @@
++#!/bin/bash
++# $Id: reverse_replace.sh 4 2015-02-17 20:14:59Z jo $
++#
++# Usage e.g.: netstat -n -4 | reverse_replace.sh
++# Parses stdin for IP4 addresses and replaces them
++# with names retrieved by reverse_dns.sh
++#
++
++DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
++DNS=$DIR/reverse_dns.sh
++
++# sed regex
++IP_regex='[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
++
++while read LINE; do
++ if grep --quiet $IP_regex <<< "$LINE"; then
++ IPs=`sed "s#.*\b\($IP_regex\)\b.*#\1 #g" <<< "$LINE"`
++ IPs=($IPs)
++ for IP in "${IPs[@]}"
++ do
++ NAME=`$DNS $IP`
++ # echo "$NAME is $IP";
++ LINE="${LINE/$IP/$NAME}"
++ done
++ fi
++ echo $LINE
++done < /dev/stdin
++
+--
+2.1.0
+
--- /dev/null
+From f6e62e2af96f5fa0d1e3d93167a93a8f09bf6e61 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sun, 1 Mar 2015 18:17:54 +0000
+Subject: [PATCH 54/55] Add --dnssec-timestamp option and facility.
+
+---
+ CHANGELOG | 6 +++++
+ man/dnsmasq.8 | 6 +++++
+ src/dnsmasq.c | 11 +++++++-
+ src/dnsmasq.h | 2 ++
+ src/dnssec.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++++----
+ src/option.c | 7 +++++
+ 6 files changed, 108 insertions(+), 6 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index c80dc0fdbe9e..4f4fa305deaa 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -66,6 +66,12 @@ version 2.73
+ for the patch.
+
+ Fix broken DNSSEC validation of ECDSA signatures.
++
++ Add --dnssec-timestamp option, which provides an automatic
++ way to detect when the system time becomes valid after boot
++ on systems without an RTC, whilst allowing DNS queries before the
++ clock is valid so that NTP can run. Thanks to
++ Kevin Darbyshire-Bryant for developing this idea.
+
+
+ version 2.72
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 5cdd186afaa0..097e7d75145c 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -674,6 +674,12 @@ that dnsmasq should be started with this flag when the platform determines that
+ reliable time is established, a SIGHUP should be sent to dnsmasq, which enables time checking, and purges the cache of DNS records
+ which have not been throughly checked.
+ .TP
++.B --dnssec-timestamp=<path>
++Enables an alternative way of checking the validity of the system time for DNSSEC (see --dnssec-no-timecheck). In this case, the
++system time is considered to be valid once it becomes later than the timestamp on the specified file. The file is created and
++its timestamp set automatically by dnsmasq. The file must be stored on a persistent filesystem, so that it and its mtime are carried
++over system restarts.
++.TP
+ .B --proxy-dnssec
+ Copy the DNSSEC Authenticated Data bit from upstream servers to downstream clients and cache it. This is an
+ alternative to having dnsmasq validate DNSSEC, but it depends on the security of the network between
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index e6dabbf556f7..769a19afe6c5 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -58,6 +58,9 @@ int main (int argc, char **argv)
+ struct dhcp_context *context;
+ struct dhcp_relay *relay;
+ #endif
++#ifdef HAVE_DNSSEC
++ int badtime;
++#endif
+
+ #ifdef LOCALEDIR
+ setlocale(LC_ALL, "");
+@@ -369,7 +372,11 @@ int main (int argc, char **argv)
+
+ if (baduser)
+ die(_("unknown user or group: %s"), baduser, EC_BADCONF);
+-
++
++#ifdef HAVE_DNSSEC
++ badtime = setup_timestamp(ent_pw->pw_uid);
++#endif
++
+ /* implement group defaults, "dip" if available, or group associated with uid */
+ if (!daemon->group_set && !gp)
+ {
+@@ -689,6 +696,8 @@ int main (int argc, char **argv)
+ my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
+ if (option_bool(OPT_DNSSEC_TIME))
+ my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
++ if (badtime)
++ my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid"));
+ }
+ #endif
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 89e758b56a0a..b2f02dda63f0 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -986,6 +986,7 @@ extern struct daemon {
+ #endif
+ #ifdef HAVE_DNSSEC
+ struct ds_config *ds;
++ char *timestamp_file;
+ #endif
+
+ /* globally used stuff for DNS */
+@@ -1151,6 +1152,7 @@ int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char
+ int dnskey_keytag(int alg, int flags, unsigned char *rdata, int rdlen);
+ size_t filter_rrsigs(struct dns_header *header, size_t plen);
+ unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name);
++int setup_timestamp(uid_t uid);
+
+ /* util.c */
+ void rand_init(void);
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 26932373cd3e..bf4406469de0 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -34,6 +34,7 @@
+ #include <nettle/dsa-compat.h>
+ #endif
+
++#include <utime.h>
+
+ #define SERIAL_UNDEF -100
+ #define SERIAL_EQ 0
+@@ -394,17 +395,88 @@ static int serial_compare_32(unsigned long s1, unsigned long s2)
+ return SERIAL_UNDEF;
+ }
+
++/* Called at startup. If the timestamp file is configured and exists, put its mtime on
++ timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
++ Change the ownership to the user we'll be running as, so that we can update the mtime.
++*/
++static time_t timestamp_time;
++static int back_to_the_future;
++
++int setup_timestamp(uid_t uid)
++{
++ struct stat statbuf;
++
++ back_to_the_future = 0;
++
++ if (!option_bool(OPT_DNSSEC_VALID) || !daemon->timestamp_file)
++ return 0;
++
++ if (stat(daemon->timestamp_file, &statbuf) != -1)
++ {
++ timestamp_time = statbuf.st_mtime;
++ check_and_exit:
++ if (difftime(timestamp_time, time(0)) <= 0)
++ {
++ /* time already OK, update timestamp, and do key checking from the start. */
++ if (utime(daemon->timestamp_file, NULL) == -1)
++ my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
++ back_to_the_future = 1;
++ return 0;
++ }
++ return 1;
++ }
++
++ if (errno == ENOENT)
++ {
++ int fd = open(daemon->timestamp_file, O_WRONLY | O_CREAT | O_NONBLOCK, 0666);
++ if (fd != -1)
++ {
++ struct utimbuf timbuf;
++
++ close(fd);
++
++ timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */
++ if (utime(daemon->timestamp_file, &timbuf) == 0 &&
++ (getuid() != 0 || chown(daemon->timestamp_file, uid, -1) == 0))
++ goto check_and_exit;
++ }
++ }
++
++ die(_("Cannot create timestamp file %s: %s" ), daemon->timestamp_file, EC_BADCONF);
++ return 0;
++}
++
+ /* Check whether today/now is between date_start and date_end */
+ static int check_date_range(unsigned long date_start, unsigned long date_end)
+ {
+- unsigned long curtime;
+-
++ unsigned long curtime = time(0);
++
+ /* Checking timestamps may be temporarily disabled */
+- if (option_bool(OPT_DNSSEC_TIME))
++
++ /* If the current time if _before_ the timestamp
++ on our persistent timestamp file, then assume the
++ time if not yet correct, and don't check the
++ key timestamps. As soon as the current time is
++ later then the timestamp, update the timestamp
++ and start checking keys */
++ if (daemon->timestamp_file)
++ {
++ if (back_to_the_future == 0 && difftime(timestamp_time, curtime) <= 0)
++ {
++ if (utime(daemon->timestamp_file, NULL) != 0)
++ my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
++
++ back_to_the_future = 1;
++ set_option_bool(OPT_DNSSEC_TIME);
++ queue_event(EVENT_RELOAD); /* purge cache */
++ }
++
++ if (back_to_the_future == 0)
++ return 1;
++ }
++ else if (option_bool(OPT_DNSSEC_TIME))
+ return 1;
+
+- curtime = time(0);
+-
+ /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
+ return serial_compare_32(curtime, date_start) == SERIAL_GT
+ && serial_compare_32(curtime, date_end) == SERIAL_LT;
+diff --git a/src/option.c b/src/option.c
+index ae0ad002d8b8..eace40bb566c 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -152,6 +152,7 @@ struct myoption {
+ #define LOPT_DHCP_INOTIFY 340
+ #define LOPT_DHOPT_INOTIFY 341
+ #define LOPT_HOST_INOTIFY 342
++#define LOPT_DNSSEC_STAMP 343
+
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =
+@@ -300,6 +301,7 @@ static const struct myoption opts[] =
+ { "dnssec-debug", 0, 0, LOPT_DNSSEC_DEBUG },
+ { "dnssec-check-unsigned", 0, 0, LOPT_DNSSEC_CHECK },
+ { "dnssec-no-timecheck", 0, 0, LOPT_DNSSEC_TIME },
++ { "dnssec-timestamp", 1, 0, LOPT_DNSSEC_STAMP },
+ #ifdef OPTION6_PREFIX_CLASS
+ { "dhcp-prefix-class", 1, 0, LOPT_PREF_CLSS },
+ #endif
+@@ -463,6 +465,7 @@ static struct {
+ { LOPT_DNSSEC_DEBUG, OPT_DNSSEC_DEBUG, NULL, gettext_noop("Disable upstream checking for DNSSEC debugging."), NULL },
+ { LOPT_DNSSEC_CHECK, OPT_DNSSEC_NO_SIGN, NULL, gettext_noop("Ensure answers without DNSSEC are in unsigned zones."), NULL },
+ { LOPT_DNSSEC_TIME, OPT_DNSSEC_TIME, NULL, gettext_noop("Don't check DNSSEC signature timestamps until first cache-reload"), NULL },
++ { LOPT_DNSSEC_STAMP, ARG_ONE, "<path>", gettext_noop("Timestamp file to verify system clock for DNSSEC"), NULL },
+ #ifdef OPTION6_PREFIX_CLASS
+ { LOPT_PREF_CLSS, ARG_DUP, "set:tag,<class>", gettext_noop("Specify DHCPv6 prefix class"), NULL },
+ #endif
+@@ -3867,6 +3870,10 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ }
+
+ #ifdef HAVE_DNSSEC
++ case LOPT_DNSSEC_STAMP:
++ daemon->timestamp_file = opt_string_alloc(arg);
++ break;
++
+ case LOPT_TRUST_ANCHOR:
+ {
+ struct ds_config *new = opt_malloc(sizeof(struct ds_config));
+--
+2.1.0
+
--- /dev/null
+From 9003b50b13da624ca45f3e0cf99abb623b8d026b Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Mon, 2 Mar 2015 22:47:23 +0000
+Subject: [PATCH 55/55] Fix last commit to not crash if uid changing not
+ configured.
+
+---
+ src/dnsmasq.c | 2 +-
+ src/dnsmasq.h | 2 +-
+ src/dnssec.c | 4 ++--
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index 769a19afe6c5..9e05c0e31569 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -374,7 +374,7 @@ int main (int argc, char **argv)
+ die(_("unknown user or group: %s"), baduser, EC_BADCONF);
+
+ #ifdef HAVE_DNSSEC
+- badtime = setup_timestamp(ent_pw->pw_uid);
++ badtime = setup_timestamp(ent_pw);
+ #endif
+
+ /* implement group defaults, "dip" if available, or group associated with uid */
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index b2f02dda63f0..a451cb4dd03c 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -1152,7 +1152,7 @@ int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char
+ int dnskey_keytag(int alg, int flags, unsigned char *rdata, int rdlen);
+ size_t filter_rrsigs(struct dns_header *header, size_t plen);
+ unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name);
+-int setup_timestamp(uid_t uid);
++int setup_timestamp(struct passwd *ent_pw);
+
+ /* util.c */
+ void rand_init(void);
+diff --git a/src/dnssec.c b/src/dnssec.c
+index bf4406469de0..c60eacf73c6b 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -402,7 +402,7 @@ static int serial_compare_32(unsigned long s1, unsigned long s2)
+ static time_t timestamp_time;
+ static int back_to_the_future;
+
+-int setup_timestamp(uid_t uid)
++int setup_timestamp(struct passwd *ent_pw)
+ {
+ struct stat statbuf;
+
+@@ -437,7 +437,7 @@ int setup_timestamp(uid_t uid)
+
+ timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */
+ if (utime(daemon->timestamp_file, &timbuf) == 0 &&
+- (getuid() != 0 || chown(daemon->timestamp_file, uid, -1) == 0))
++ (!ent_pw || getuid() != 0 || chown(daemon->timestamp_file, ent_pw->pw_uid, -1) == 0))
+ goto check_and_exit;
+ }
+ }
+--
+2.1.0
+
+++ /dev/null
-diff -up screen-4.0.3/tty.sh.stropts screen-4.0.3/tty.sh
---- screen-4.0.3/tty.sh.stropts 2003-09-08 16:24:25.000000000 +0200
-+++ screen-4.0.3/tty.sh 2008-04-07 11:28:34.000000000 +0200
-@@ -76,7 +76,7 @@ exit 0
- #endif
-
- #include "config.h"
--#ifdef SVR4
-+#if 0
- #include <sys/stropts.h> /* for I_POP */
- #endif
-
-diff -up screen-4.0.3/screen.c.stropts screen-4.0.3/screen.c
---- screen-4.0.3/screen.c.stropts 2008-04-07 11:25:21.000000000 +0200
-+++ screen-4.0.3/screen.c 2008-04-07 11:29:14.000000000 +0200
-@@ -50,7 +50,7 @@
-
- #include "config.h"
-
--#ifdef SVR4
-+#if 0
- # include <sys/stropts.h>
- #endif
-
-diff -up screen-4.0.3/process.c.stropts screen-4.0.3/process.c
---- screen-4.0.3/process.c.stropts 2003-09-18 14:53:54.000000000 +0200
-+++ screen-4.0.3/process.c 2008-04-07 11:29:47.000000000 +0200
-@@ -37,7 +37,7 @@
- #include "config.h"
-
- /* for solaris 2.1, Unixware (SVR4.2) and possibly others: */
--#ifdef SVR4
-+#if 0
- # include <sys/stropts.h>
- #endif
-
-diff -up screen-4.0.3/pty.c.stropts screen-4.0.3/pty.c
---- screen-4.0.3/pty.c.stropts 2003-09-08 16:26:18.000000000 +0200
-+++ screen-4.0.3/pty.c 2008-04-07 11:30:07.000000000 +0200
-@@ -34,7 +34,7 @@
- #endif
-
- /* for solaris 2.1, Unixware (SVR4.2) and possibly others */
--#ifdef HAVE_SVR4_PTYS
-+#if 0
- # include <sys/stropts.h>
- #endif
-
--- /dev/null
+diff --git a/src/ansi.c b/src/ansi.c
+index e76eef4..bbdc119 100644
+--- a/ansi.c
++++ b/ansi.c
+@@ -1444,8 +1444,8 @@ int c, intermediate;
+ else
+ {
+ if (curr->w_alt.on) {
+- LeaveAltScreen(curr);
+- RestoreCursor(&curr->w_alt.cursor);
++ RestoreCursor(&curr->w_alt.cursor);
++ LeaveAltScreen(curr);
+ }
+ }
+ if (a1 == 47 && !i)
+
--- /dev/null
+diff --git a/src/screen.c b/src/screen.c
+index 473e4fa..8b36bea 100644
+--- a/screen.c
++++ b/screen.c
+@@ -2271,8 +2271,8 @@ int padlen;
+ while (i-- > 0)
+ *pn-- = ' ';
+ numpad--;
+- if (r && p - buf == winmsg_rendpos[r - 1])
+- winmsg_rendpos[--r] = pn - buf;
++ if (r && p - buf + 1== winmsg_rendpos[r - 1])
++ winmsg_rendpos[--r] = pn - buf + 1;
+ }
+ }
+ return pn2;
+
+++ /dev/null
-From a78ecdd47509626711a13481f53696e01d4b8c62 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Mon, 1 Dec 2014 17:21:59 +0100
-Subject: [PATCH] crypto: Define MODP_CUSTOM outside of IKE DH range
-
-Before this fix it was possible to crash charon with an IKE_SA_INIT
-message containing a KE payload with DH group MODP_CUSTOM(1025).
-Defining MODP_CUSTOM outside of the two byte IKE DH identifier range
-prevents it from getting negotiated.
-
-Fixes CVE-2014-9221 in version 5.1.2 and newer.
----
- src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 2 +-
- src/libstrongswan/crypto/diffie_hellman.c | 11 ++++++-----
- src/libstrongswan/crypto/diffie_hellman.h | 6 ++++--
- src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 2 +-
- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 2 +-
- src/libstrongswan/plugins/ntru/ntru_ke.c | 2 +-
- src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c | 2 +-
- src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c | 2 +-
- src/libstrongswan/plugins/pkcs11/pkcs11_dh.c | 2 +-
- 9 files changed, 17 insertions(+), 14 deletions(-)
-
-diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
-index 67db5e6d87d6..836e0b7f088d 100644
---- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
-+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
-@@ -41,7 +41,7 @@ struct private_tkm_diffie_hellman_t {
- /**
- * Diffie Hellman group number.
- */
-- u_int16_t group;
-+ diffie_hellman_group_t group;
-
- /**
- * Diffie Hellman public value.
-diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
-index bada1c529951..ac106e9c4d45 100644
---- a/src/libstrongswan/crypto/diffie_hellman.c
-+++ b/src/libstrongswan/crypto/diffie_hellman.c
-@@ -42,15 +42,16 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT,
- "ECP_256_BP",
- "ECP_384_BP",
- "ECP_512_BP");
--ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP,
-- "MODP_NULL",
-- "MODP_CUSTOM");
--ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_CUSTOM,
-+ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_512_BP,
-+ "MODP_NULL");
-+ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
- "NTRU_112",
- "NTRU_128",
- "NTRU_192",
- "NTRU_256");
--ENUM_END(diffie_hellman_group_names, NTRU_256_BIT);
-+ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT,
-+ "MODP_CUSTOM");
-+ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
-
-
- /**
-diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
-index 105db22f14d4..d5161d077bb2 100644
---- a/src/libstrongswan/crypto/diffie_hellman.h
-+++ b/src/libstrongswan/crypto/diffie_hellman.h
-@@ -63,12 +63,14 @@ enum diffie_hellman_group_t {
- /** insecure NULL diffie hellman group for testing, in PRIVATE USE */
- MODP_NULL = 1024,
- /** MODP group with custom generator/prime */
-- MODP_CUSTOM = 1025,
- /** Parameters defined by IEEE 1363.1, in PRIVATE USE */
- NTRU_112_BIT = 1030,
- NTRU_128_BIT = 1031,
- NTRU_192_BIT = 1032,
-- NTRU_256_BIT = 1033
-+ NTRU_256_BIT = 1033,
-+ /** internally used DH group with additional parameters g and p, outside
-+ * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
-+ MODP_CUSTOM = 65536,
- };
-
- /**
-diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
-index f418b941db86..299865da2e09 100644
---- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
-+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
-@@ -35,7 +35,7 @@ struct private_gcrypt_dh_t {
- /**
- * Diffie Hellman group number
- */
-- u_int16_t group;
-+ diffie_hellman_group_t group;
-
- /*
- * Generator value
-diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
-index b74d35169f44..9936f7e4518f 100644
---- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
-+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
-@@ -42,7 +42,7 @@ struct private_gmp_diffie_hellman_t {
- /**
- * Diffie Hellman group number.
- */
-- u_int16_t group;
-+ diffie_hellman_group_t group;
-
- /*
- * Generator value.
-diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
-index abaa22336221..e64f32b91d0e 100644
---- a/src/libstrongswan/plugins/ntru/ntru_ke.c
-+++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
-@@ -56,7 +56,7 @@ struct private_ntru_ke_t {
- /**
- * Diffie Hellman group number.
- */
-- u_int16_t group;
-+ diffie_hellman_group_t group;
-
- /**
- * NTRU Parameter Set
-diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
-index ff3382473666..1e68ac59b838 100644
---- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
-@@ -38,7 +38,7 @@ struct private_openssl_diffie_hellman_t {
- /**
- * Diffie Hellman group number.
- */
-- u_int16_t group;
-+ diffie_hellman_group_t group;
-
- /**
- * Diffie Hellman object
-diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
-index b487d59a59a3..50853d6f0bde 100644
---- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
-@@ -40,7 +40,7 @@ struct private_openssl_ec_diffie_hellman_t {
- /**
- * Diffie Hellman group number.
- */
-- u_int16_t group;
-+ diffie_hellman_group_t group;
-
- /**
- * EC private (public) key
-diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
-index 36cc284bf2b5..23b63d2386af 100644
---- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
-+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
-@@ -47,7 +47,7 @@ struct private_pkcs11_dh_t {
- /**
- * Diffie Hellman group number.
- */
-- u_int16_t group;
-+ diffie_hellman_group_t group;
-
- /**
- * Handle for own private value
---
-1.9.1
-
--- /dev/null
+commit 650a3ad5151958b99a95836fb8b84b8aa18da1be
+Author: Tobias Brunner <tobias@strongswan.org>
+Date: Wed Feb 25 08:09:11 2015 +0100
+
+ ike-sa-manager: Make sure the message ID of initial messages is 0
+
+ It is mandated by the RFCs and it is expected by the task managers.
+
+ Initial messages with invalid MID will be treated like regular messages,
+ so no IKE_SA will be created for them. Instead, if the responder SPI is 0
+ no SA will be found and the message is rejected with ALERT_INVALID_IKE_SPI.
+ If an SPI is set and we do find an SA, then we either ignore the message
+ because the MID is unexpected, or because we don't allow initial messages
+ on established connections.
+
+ There is one exception, though, if an attacker can slip in an IKE_SA_INIT
+ with both SPIs set before the client's IKE_AUTH is handled by the server,
+ it does get processed (see next commit).
+
+ References #816.
+
+diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
+index d0cbd47..5e2b925 100644
+--- a/src/libcharon/sa/ike_sa_manager.c
++++ b/src/libcharon/sa/ike_sa_manager.c
+@@ -1184,7 +1184,8 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
+
+ DBG2(DBG_MGR, "checkout IKE_SA by message");
+
+- if (id->get_responder_spi(id) == 0)
++ if (id->get_responder_spi(id) == 0 &&
++ message->get_message_id(message) == 0)
+ {
+ if (message->get_major_version(message) == IKEV2_MAJOR_VERSION)
+ {
--- /dev/null
+commit dd0ebb54837298c869389d36a0b42eefdb893dd6
+Author: Tobias Brunner <tobias@strongswan.org>
+Date: Wed Feb 25 08:30:33 2015 +0100
+
+ ikev2: Only accept initial messages in specific states
+
+ The previous code allowed an attacker to slip in an IKE_SA_INIT with
+ both SPIs and MID 1 set when an IKE_AUTH would be expected instead.
+
+ References #816.
+
+diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
+index be84e71..540d4dc 100644
+--- a/src/libcharon/sa/ikev2/task_manager_v2.c
++++ b/src/libcharon/sa/ikev2/task_manager_v2.c
+@@ -1304,17 +1304,16 @@ METHOD(task_manager_t, process_message, status_t,
+ {
+ if (mid == this->responding.mid)
+ {
+- /* reject initial messages once established */
+- if (msg->get_exchange_type(msg) == IKE_SA_INIT ||
+- msg->get_exchange_type(msg) == IKE_AUTH)
++ /* reject initial messages if not received in specific states */
++ if ((msg->get_exchange_type(msg) == IKE_SA_INIT &&
++ this->ike_sa->get_state(this->ike_sa) != IKE_CREATED) ||
++ (msg->get_exchange_type(msg) == IKE_AUTH &&
++ this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING))
+ {
+- if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
+- this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
+- {
+- DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
+- exchange_type_names, msg->get_exchange_type(msg));
+- return FAILED;
+- }
++ DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N",
++ exchange_type_names, msg->get_exchange_type(msg),
++ ike_sa_state_names, this->ike_sa->get_state(this->ike_sa));
++ return FAILED;
+ }
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
+ { /* with MOBIKE, we do no implicit updates */
--- /dev/null
+commit eb251906298b529fa53b8a99746a9a7a9f318dd5
+Author: Tobias Brunner <tobias@strongswan.org>
+Date: Wed Feb 25 08:18:58 2015 +0100
+
+ ikev2: Don't destroy the SA if an IKE_SA_INIT with unexpected MID is received
+
+ This reverts 8f727d800751 ("Clean up IKE_SA state if IKE_SA_INIT request
+ does not have message ID 0") because it allowed to close any IKE_SA by
+ sending an IKE_SA_INIT with an unexpected MID and both SPIs set to those
+ of that SA.
+
+ The next commit will prevent SAs from getting created for IKE_SA_INIT messages
+ with invalid MID.
+
+ Fixes #816.
+
+diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
+index 48266aa..be84e71 100644
+--- a/src/libcharon/sa/ikev2/task_manager_v2.c
++++ b/src/libcharon/sa/ikev2/task_manager_v2.c
+@@ -1355,10 +1355,6 @@ METHOD(task_manager_t, process_message, status_t,
+ {
+ DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
+ mid, this->responding.mid);
+- if (msg->get_exchange_type(msg) == IKE_SA_INIT)
+- { /* clean up IKE_SA state if IKE_SA_INIT has invalid msg ID */
+- return DESTROY_ME;
+- }
+ }
+ }
+ else
--- /dev/null
+From cd2c30a56ec9bdab8b3923851509f27a4fd6f537 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 10 Feb 2015 19:03:44 +0100
+Subject: [PATCH] ikev1: Set protocol ID and SPIs in INITIAL-CONTACT
+ notification payloads
+
+The payload we sent before is not compliant with RFC 2407 and thus some
+peers might abort negotiation (e.g. with an INVALID-PROTOCOL-ID error).
+
+ #819
+---
+ src/libcharon/sa/ikev1/tasks/main_mode.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
+index 5065e70..3ea4a2a 100644
+--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
++++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
+@@ -213,6 +213,10 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message,
+ {
+ identification_t *idr;
+ host_t *host;
++ notify_payload_t *notify;
++ ike_sa_id_t *ike_sa_id;
++ u_int64_t spi_i, spi_r;
++ chunk_t spi;
+
+ idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE);
+ if (idr && !idr->contains_wildcards(idr))
+@@ -224,8 +228,15 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message,
+ if (!charon->ike_sa_manager->has_contact(charon->ike_sa_manager,
+ idi, idr, host->get_family(host)))
+ {
+- message->add_notify(message, FALSE, INITIAL_CONTACT_IKEV1,
+- chunk_empty);
++ notify = notify_payload_create_from_protocol_and_type(
++ PLV1_NOTIFY, PROTO_IKE, INITIAL_CONTACT_IKEV1);
++ ike_sa_id = this->ike_sa->get_id(this->ike_sa);
++ spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
++ spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
++ spi = chunk_cata("cc", chunk_from_thing(spi_i),
++ chunk_from_thing(spi_r));
++ notify->set_spi_data(notify, spi);
++ message->add_payload(message, (payload_t*)notify);
+ }
+ }
+ }
+--
+1.7.9.5
+
+++ /dev/null
-Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
-Date: 2013-06-18
-Initial Package Version: 1.14
-Upstream Status: Submitted
-Origin: Arch
-Description: Build with perl-5.18.
-
-http://lists.gnu.org/archive/html/bug-wget/2013-06/msg00046.html
-
-From 2ed1707b5d8be66feb80cccfe8e11e719b52b99a Mon Sep 17 00:00:00 2001
-From: Dave Reisner <dreisner@archlinux.org>
-Date: Mon, 17 Jun 2013 23:31:46 +0530
-Subject: [PATCH] Fix error in texi2pod intriduced with Perl 5.18
-
----
-
-diff --git a/doc/texi2pod.pl b/doc/texi2pod.pl
-index 86c4b18..9db6de1 100755
---- a/doc/texi2pod.pl
-+++ b/doc/texi2pod.pl
-@@ -291,7 +291,7 @@ while(<$inf>) {
- if (defined $1) {
- my $thing = $1;
- if ($ic =~ /\@asis/) {
-- $_ = "\n=item $thing\n";
-+ $_ = "\n=item C<$thing>\n";
- } else {
- # Entity escapes prevent munging by the <> processing below.
- $_ = "\n=item $ic\<$thing\>\n";
---
-1.8.3.1
-
my $monat=$_[0]-1 if($_[0]);
my $tag=1;
my $time1=timelocal(0,0,0,$tag,$monat,$jahr);
- my $time2=timelocal(0,0,0,$tag,($monat+1),$jahr);
+ my $time2=0;
+ if (($monat+1) == 12){
+ $time2=timelocal(0,0,0,$tag,0,$jahr+1);
+ }else{
+ $time2=timelocal(0,0,0,$tag,$monat+1,$jahr);
+ }
--$time2;
return ($time1,$time2);
}
projects / ipfire-2.x.git / commitdiff
