From: Michael Tremer Date: Fri, 11 Sep 2015 14:06:09 +0000 (+0100) Subject: Merge remote-tracking branch 'ms/x86_64' into next X-Git-Tag: v2.17-core94~37 X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=27957a3f2b770c6a46d958cd72af41096275687c;hp=4ff267997840a1ba80c34ac973f60c38a182b0f3 Merge remote-tracking branch 'ms/x86_64' into next --- diff --git a/config/backup/includes/dma b/config/backup/includes/dma new file mode 100644 index 0000000000..7c75205518 --- /dev/null +++ b/config/backup/includes/dma @@ -0,0 +1,5 @@ +/var/ipfire/dma +/var/ipfire/dma/dma.conf +/var/ipfire/dma/auth.conf +/var/ipfire/dma/mail.conf +/var/spool/dma diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index 1cd2814ec1..9dd752d5e6 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -163,6 +163,21 @@ sub check_ip_address_and_netmask($$) { return &check_netmask($netmask); } +# Returns True for all valid subnets like a.b.c.d/e or a.b.c.d/a.b.c.d +sub check_subnet($) { + my $subnet = shift; + + my ($address, $network) = split(/\//, $subnet, 2); + + # Check if the IP address is fine. + my $result = &check_ip_address($address); + unless ($result) { + return $result; + } + + return &check_prefix($network) || &check_netmask($network); +} + # For internal use only. Will take an IP address and # return it in a normalised style. Like 8.8.8.010 -> 8.8.8.8. sub _normalise_ip_address($) { diff --git a/config/cron/crontab b/config/cron/crontab index d5e5d7e9f0..02abadc348 100644 --- a/config/cron/crontab +++ b/config/cron/crontab @@ -25,9 +25,7 @@ HOME=/ 17 5 * * * /etc/init.d/tmpfs backup >/dev/null # Update dynamic DNS records every five minutes. -# Force an update once a month */5 * * * * [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all -3 2 1 * * [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all --force # Logwatch 01 0 * * * /usr/local/bin/logwatch > /var/log/logwatch/`date -I -d yesterday`; \ @@ -60,3 +58,9 @@ HOME=/ # Update GeoIP database once a month. %monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1 + +# Retry sending spooled mails regularly +%hourly * /usr/sbin/dma -q + +# Cleanup the mail spool directory +%weekly * * /usr/sbin/dma-cleanup-spool diff --git a/config/dma/dma-cleanup-spool b/config/dma/dma-cleanup-spool new file mode 100644 index 0000000000..92af30cc82 --- /dev/null +++ b/config/dma/dma-cleanup-spool @@ -0,0 +1,48 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2015 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +SPOOL_DIR="/var/spool/dma" + +find_messages() { + find "${SPOOL_DIR}" -type f -name "M*" -mtime +30 +} + +remove_message() { + local f_message="${1}" + local f_queue="${f_message/${SPOOL_DIR}\/M/${SPOOL_DIR}\/Q}" + + # If a message file and a queue file exist, delete both + [ -f "${f_message}" ] || return 1 + [ -f "${f_queue}" ] || return 1 + + rm -f "${f_message}" "${f_queue}" + return 0 +} + +main() { + for message in $(find_messages); do + remove_message "${message}" + done + + return 0 +} + +main || exit $? diff --git a/config/etc/ipsec.user.secrets b/config/etc/ipsec.user.secrets index 0e0858aa8a..7bc066fb34 100644 --- a/config/etc/ipsec.user.secrets +++ b/config/etc/ipsec.user.secrets @@ -1,2 +1,2 @@ -# user secrets that should not overwritten by the webif +# user secrets that should not be overwritten by the webif # diff --git a/config/menu/40-services.menu b/config/menu/40-services.menu index 2f4d96e736..aaf1ad715f 100644 --- a/config/menu/40-services.menu +++ b/config/menu/40-services.menu @@ -20,6 +20,11 @@ 'title' => "$Lang::tr{'time server'}", 'enabled' => 1, }; + $subservices->{'41.dma'} = {'caption' => $Lang::tr{'email settings'}, + 'uri' => '/cgi-bin/mail.cgi', + 'title' => "$Lang::tr{'email settings'}", + 'enabled' => 1, + }; $subservices->{'50.qos'} = {'caption' => 'Quality of Service', 'uri' => '/cgi-bin/qos.cgi', 'title' => "Quality of Service", diff --git a/config/rootfiles/common/Email-Date-Format b/config/rootfiles/common/Email-Date-Format new file mode 100644 index 0000000000..dbfab855b6 --- /dev/null +++ b/config/rootfiles/common/Email-Date-Format @@ -0,0 +1,8 @@ +#usr/lib/perl5/site_perl/5.12.3/Email +#usr/lib/perl5/site_perl/5.12.3/Email/Date +usr/lib/perl5/site_perl/5.12.3/Email/Date/Format.pm +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Email +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Email/Date +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Email/Date/Format +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Email/Date/Format/.packlist +#usr/share/man/man3/Email::Date::Format.3 diff --git a/config/rootfiles/common/MIME-Lite b/config/rootfiles/common/MIME-Lite new file mode 100644 index 0000000000..89248ae996 --- /dev/null +++ b/config/rootfiles/common/MIME-Lite @@ -0,0 +1,6 @@ +usr/lib/perl5/site_perl/5.12.3/MIME/Lite.pm +#usr/lib/perl5/site_perl/5.12.3/MIME/changes.pod +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/MIME/Lite +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/MIME/Lite/.packlist +#usr/share/man/man3/MIME::Lite.3 +#usr/share/man/man3/MIME::changes.3 diff --git a/config/rootfiles/common/chkconfig b/config/rootfiles/common/chkconfig new file mode 100644 index 0000000000..0468d2fa5a --- /dev/null +++ b/config/rootfiles/common/chkconfig @@ -0,0 +1,4 @@ +#etc/alternatives +usr/sbin/alternatives +usr/sbin/update-alternatives +#var/lib/alternatives diff --git a/config/rootfiles/common/dma b/config/rootfiles/common/dma new file mode 100644 index 0000000000..ac575279fa --- /dev/null +++ b/config/rootfiles/common/dma @@ -0,0 +1,13 @@ +etc/alternatives/sendmail +usr/lib/dma-mbox-create +usr/sbin/dma +usr/sbin/dma-cleanup-spool +usr/sbin/mailq +usr/sbin/sendmail +usr/sbin/sendmail.dma +#usr/share/man/man8/dma.8 +var/ipfire/dma +var/ipfire/dma/auth.conf +var/ipfire/dma/dma.conf +var/lib/alternatives/sendmail +var/spool/dma diff --git a/config/rootfiles/common/rrdtool b/config/rootfiles/common/rrdtool index 738fe37105..6a79679201 100644 --- a/config/rootfiles/common/rrdtool +++ b/config/rootfiles/common/rrdtool @@ -26,98 +26,98 @@ usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/RRDs.pm #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.bs usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.so #usr/lib/pkgconfig/librrd.pc -#usr/share/doc/rrdtool-1.5.3 -#usr/share/doc/rrdtool-1.5.3/html -#usr/share/doc/rrdtool-1.5.3/html/RRDp.html -#usr/share/doc/rrdtool-1.5.3/html/RRDs.html -#usr/share/doc/rrdtool-1.5.3/html/bin_dec_hex.html -#usr/share/doc/rrdtool-1.5.3/html/cdeftutorial.html -#usr/share/doc/rrdtool-1.5.3/html/index.html -#usr/share/doc/rrdtool-1.5.3/html/librrd.html -#usr/share/doc/rrdtool-1.5.3/html/rpntutorial.html -#usr/share/doc/rrdtool-1.5.3/html/rrd-beginners.html -#usr/share/doc/rrdtool-1.5.3/html/rrdbuild.html -#usr/share/doc/rrdtool-1.5.3/html/rrdcached.html -#usr/share/doc/rrdtool-1.5.3/html/rrdcgi.html -#usr/share/doc/rrdtool-1.5.3/html/rrdcreate.html -#usr/share/doc/rrdtool-1.5.3/html/rrddump.html -#usr/share/doc/rrdtool-1.5.3/html/rrdfetch.html -#usr/share/doc/rrdtool-1.5.3/html/rrdfirst.html -#usr/share/doc/rrdtool-1.5.3/html/rrdflushcached.html -#usr/share/doc/rrdtool-1.5.3/html/rrdgraph.html -#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_data.html -#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_examples.html -#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_graph.html -#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_rpn.html -#usr/share/doc/rrdtool-1.5.3/html/rrdinfo.html -#usr/share/doc/rrdtool-1.5.3/html/rrdlast.html -#usr/share/doc/rrdtool-1.5.3/html/rrdlastupdate.html -#usr/share/doc/rrdtool-1.5.3/html/rrdresize.html -#usr/share/doc/rrdtool-1.5.3/html/rrdrestore.html -#usr/share/doc/rrdtool-1.5.3/html/rrdthreads.html -#usr/share/doc/rrdtool-1.5.3/html/rrdtool.html -#usr/share/doc/rrdtool-1.5.3/html/rrdtune.html -#usr/share/doc/rrdtool-1.5.3/html/rrdtutorial.html -#usr/share/doc/rrdtool-1.5.3/html/rrdupdate.html -#usr/share/doc/rrdtool-1.5.3/html/rrdxport.html -#usr/share/doc/rrdtool-1.5.3/txt -#usr/share/doc/rrdtool-1.5.3/txt/bin_dec_hex.pod -#usr/share/doc/rrdtool-1.5.3/txt/bin_dec_hex.txt -#usr/share/doc/rrdtool-1.5.3/txt/cdeftutorial.pod -#usr/share/doc/rrdtool-1.5.3/txt/cdeftutorial.txt -#usr/share/doc/rrdtool-1.5.3/txt/librrd.txt -#usr/share/doc/rrdtool-1.5.3/txt/rpntutorial.pod -#usr/share/doc/rrdtool-1.5.3/txt/rpntutorial.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrd-beginners.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrd-beginners.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdbuild.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdbuild.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdcached.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdcached.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdcgi.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdcgi.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdcreate.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdcreate.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrddump.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrddump.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdfetch.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdfetch.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdfirst.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdfirst.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdflushcached.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdflushcached.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_data.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_data.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_examples.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_examples.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_graph.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_graph.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_rpn.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_rpn.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdinfo.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdinfo.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdlast.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdlast.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdlastupdate.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdlastupdate.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdresize.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdresize.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdrestore.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdrestore.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdthreads.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdthreads.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdtool.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdtool.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdtune.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdtune.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdtutorial.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdtutorial.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdupdate.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdupdate.txt -#usr/share/doc/rrdtool-1.5.3/txt/rrdxport.pod -#usr/share/doc/rrdtool-1.5.3/txt/rrdxport.txt +#usr/share/doc/rrdtool-1.5.4 +#usr/share/doc/rrdtool-1.5.4/html +#usr/share/doc/rrdtool-1.5.4/html/RRDp.html +#usr/share/doc/rrdtool-1.5.4/html/RRDs.html +#usr/share/doc/rrdtool-1.5.4/html/bin_dec_hex.html +#usr/share/doc/rrdtool-1.5.4/html/cdeftutorial.html +#usr/share/doc/rrdtool-1.5.4/html/index.html +#usr/share/doc/rrdtool-1.5.4/html/librrd.html +#usr/share/doc/rrdtool-1.5.4/html/rpntutorial.html +#usr/share/doc/rrdtool-1.5.4/html/rrd-beginners.html +#usr/share/doc/rrdtool-1.5.4/html/rrdbuild.html +#usr/share/doc/rrdtool-1.5.4/html/rrdcached.html +#usr/share/doc/rrdtool-1.5.4/html/rrdcgi.html +#usr/share/doc/rrdtool-1.5.4/html/rrdcreate.html +#usr/share/doc/rrdtool-1.5.4/html/rrddump.html +#usr/share/doc/rrdtool-1.5.4/html/rrdfetch.html +#usr/share/doc/rrdtool-1.5.4/html/rrdfirst.html +#usr/share/doc/rrdtool-1.5.4/html/rrdflushcached.html +#usr/share/doc/rrdtool-1.5.4/html/rrdgraph.html +#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_data.html +#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_examples.html +#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_graph.html +#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_rpn.html +#usr/share/doc/rrdtool-1.5.4/html/rrdinfo.html +#usr/share/doc/rrdtool-1.5.4/html/rrdlast.html +#usr/share/doc/rrdtool-1.5.4/html/rrdlastupdate.html +#usr/share/doc/rrdtool-1.5.4/html/rrdresize.html +#usr/share/doc/rrdtool-1.5.4/html/rrdrestore.html +#usr/share/doc/rrdtool-1.5.4/html/rrdthreads.html +#usr/share/doc/rrdtool-1.5.4/html/rrdtool.html +#usr/share/doc/rrdtool-1.5.4/html/rrdtune.html +#usr/share/doc/rrdtool-1.5.4/html/rrdtutorial.html +#usr/share/doc/rrdtool-1.5.4/html/rrdupdate.html +#usr/share/doc/rrdtool-1.5.4/html/rrdxport.html +#usr/share/doc/rrdtool-1.5.4/txt +#usr/share/doc/rrdtool-1.5.4/txt/bin_dec_hex.pod +#usr/share/doc/rrdtool-1.5.4/txt/bin_dec_hex.txt +#usr/share/doc/rrdtool-1.5.4/txt/cdeftutorial.pod +#usr/share/doc/rrdtool-1.5.4/txt/cdeftutorial.txt +#usr/share/doc/rrdtool-1.5.4/txt/librrd.txt +#usr/share/doc/rrdtool-1.5.4/txt/rpntutorial.pod +#usr/share/doc/rrdtool-1.5.4/txt/rpntutorial.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrd-beginners.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrd-beginners.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdbuild.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdbuild.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdcached.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdcached.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdcgi.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdcgi.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdcreate.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdcreate.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrddump.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrddump.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdfetch.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdfetch.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdfirst.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdfirst.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdflushcached.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdflushcached.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_data.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_data.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_examples.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_examples.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_graph.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_graph.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_rpn.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_rpn.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdinfo.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdinfo.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdlast.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdlast.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdlastupdate.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdlastupdate.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdresize.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdresize.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdrestore.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdrestore.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdthreads.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdthreads.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdtool.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdtool.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdtune.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdtune.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdtutorial.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdtutorial.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdupdate.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdupdate.txt +#usr/share/doc/rrdtool-1.5.4/txt/rrdxport.pod +#usr/share/doc/rrdtool-1.5.4/txt/rrdxport.txt #usr/share/man/man1/bin_dec_hex.1 #usr/share/man/man1/cdeftutorial.1 #usr/share/man/man1/rpntutorial.1 @@ -162,4 +162,5 @@ usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.so #usr/share/rrdtool/examples/rrdcached/rrdcached-size.pl #usr/share/rrdtool/examples/shared-demo.pl #usr/share/rrdtool/examples/stripes.pl +#usr/share/rrdtool/examples/stripes.py var/log/rrd diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index dc22367ec7..d22c1a34c7 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -48,6 +48,7 @@ srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromport.dat srv/web/ipfire/cgi-bin/logs.cgi/summary.dat srv/web/ipfire/cgi-bin/logs.cgi/urlfilter.dat srv/web/ipfire/cgi-bin/mac.cgi +srv/web/ipfire/cgi-bin/mail.cgi srv/web/ipfire/cgi-bin/mdstat.cgi srv/web/ipfire/cgi-bin/media.cgi srv/web/ipfire/cgi-bin/memory.cgi diff --git a/config/rootfiles/core/94/exclude b/config/rootfiles/core/94/exclude new file mode 100644 index 0000000000..4c7aa5a5ad --- /dev/null +++ b/config/rootfiles/core/94/exclude @@ -0,0 +1,22 @@ +boot/config.txt +etc/alternatives +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/94/filelists/Email-Date-Format b/config/rootfiles/core/94/filelists/Email-Date-Format new file mode 120000 index 0000000000..b98751e7e5 --- /dev/null +++ b/config/rootfiles/core/94/filelists/Email-Date-Format @@ -0,0 +1 @@ +../../../common/Email-Date-Format \ No newline at end of file diff --git a/config/rootfiles/core/94/filelists/MIME-Lite b/config/rootfiles/core/94/filelists/MIME-Lite new file mode 120000 index 0000000000..c388805c57 --- /dev/null +++ b/config/rootfiles/core/94/filelists/MIME-Lite @@ -0,0 +1 @@ +../../../common/MIME-Lite \ No newline at end of file diff --git a/config/rootfiles/core/94/filelists/armv5tel/glibc b/config/rootfiles/core/94/filelists/armv5tel/glibc new file mode 120000 index 0000000000..4c70d724b4 --- /dev/null +++ b/config/rootfiles/core/94/filelists/armv5tel/glibc @@ -0,0 +1 @@ +../../../../common/armv5tel/glibc \ No newline at end of file diff --git a/config/rootfiles/core/94/filelists/chkconfig b/config/rootfiles/core/94/filelists/chkconfig new file mode 120000 index 0000000000..00ef4cf09b --- /dev/null +++ b/config/rootfiles/core/94/filelists/chkconfig @@ -0,0 +1 @@ +../../../common/chkconfig \ No newline at end of file diff --git a/config/rootfiles/core/94/filelists/coreutils b/config/rootfiles/core/94/filelists/coreutils new file mode 120000 index 0000000000..7351ed2cf5 --- /dev/null +++ b/config/rootfiles/core/94/filelists/coreutils @@ -0,0 +1 @@ +../../../common/coreutils \ No newline at end of file diff --git a/config/rootfiles/core/94/filelists/dma b/config/rootfiles/core/94/filelists/dma new file mode 120000 index 0000000000..60f4682da8 --- /dev/null +++ b/config/rootfiles/core/94/filelists/dma @@ -0,0 +1 @@ +../../../common/dma \ No newline at end of file diff --git a/config/rootfiles/core/93/filelists/dnsmasq b/config/rootfiles/core/94/filelists/dnsmasq similarity index 100% rename from config/rootfiles/core/93/filelists/dnsmasq rename to config/rootfiles/core/94/filelists/dnsmasq diff --git a/config/rootfiles/core/94/filelists/file b/config/rootfiles/core/94/filelists/file new file mode 120000 index 0000000000..0c60e43aa5 --- /dev/null +++ b/config/rootfiles/core/94/filelists/file @@ -0,0 +1 @@ +../../../common/file \ No newline at end of file diff --git a/config/rootfiles/core/94/filelists/files b/config/rootfiles/core/94/filelists/files new file mode 100644 index 0000000000..9b08114065 --- /dev/null +++ b/config/rootfiles/core/94/filelists/files @@ -0,0 +1,9 @@ +etc/system-release +etc/issue +etc/rc.d/init.d/sshd +srv/web/ipfire/cgi-bin/logs.cgi/log.dat +srv/web/ipfire/cgi-bin/mail.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +var/ipfire/langs +var/ipfire/menu.d/40-services.menu +var/ipfire/network-functions.pl diff --git a/config/rootfiles/core/94/filelists/fireinfo b/config/rootfiles/core/94/filelists/fireinfo new file mode 120000 index 0000000000..c46115521f --- /dev/null +++ b/config/rootfiles/core/94/filelists/fireinfo @@ -0,0 +1 @@ +../../../common/fireinfo \ No newline at end of file diff --git a/config/rootfiles/core/94/filelists/hdparm b/config/rootfiles/core/94/filelists/hdparm new file mode 120000 index 0000000000..b6447518ad --- /dev/null +++ b/config/rootfiles/core/94/filelists/hdparm @@ -0,0 +1 @@ +../../../common/hdparm \ No newline at end of file diff --git a/config/rootfiles/core/94/filelists/i586/glibc b/config/rootfiles/core/94/filelists/i586/glibc new file mode 120000 index 0000000000..943021f19a --- /dev/null +++ b/config/rootfiles/core/94/filelists/i586/glibc @@ -0,0 +1 @@ +../../../../common/i586/glibc \ No newline at end of file diff --git a/config/rootfiles/core/94/filelists/openssh b/config/rootfiles/core/94/filelists/openssh new file mode 120000 index 0000000000..d8c77fd8e7 --- /dev/null +++ b/config/rootfiles/core/94/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/93/filelists/pcre b/config/rootfiles/core/94/filelists/pcre similarity index 100% rename from config/rootfiles/core/93/filelists/pcre rename to config/rootfiles/core/94/filelists/pcre diff --git a/config/rootfiles/core/94/filelists/rrdtool b/config/rootfiles/core/94/filelists/rrdtool new file mode 120000 index 0000000000..7a82e414b6 --- /dev/null +++ b/config/rootfiles/core/94/filelists/rrdtool @@ -0,0 +1 @@ +../../../common/rrdtool \ No newline at end of file diff --git a/config/rootfiles/core/93/filelists/squid b/config/rootfiles/core/94/filelists/squid similarity index 100% rename from config/rootfiles/core/93/filelists/squid rename to config/rootfiles/core/94/filelists/squid diff --git a/config/rootfiles/core/93/meta b/config/rootfiles/core/94/meta similarity index 100% rename from config/rootfiles/core/93/meta rename to config/rootfiles/core/94/meta diff --git a/config/rootfiles/core/94/update.sh b/config/rootfiles/core/94/update.sh new file mode 100644 index 0000000000..6df09582a4 --- /dev/null +++ b/config/rootfiles/core/94/update.sh @@ -0,0 +1,88 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2015 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=94 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services +/etc/init.d/squid stop +/etc/init.d/sshd stop +/etc/init.d/dnsmasq stop + +# Extract files +extract_files + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Update SSH configuration +sed -i /etc/ssh/sshd_config \ + -e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' + +# Move away old and unsupported keys +mv -f /etc/ssh/ssh_host_dsa_key{,.old} +# Regenerating weak RSA keys +mv -f /etc/ssh/ssh_host_key{,.old} +mv -f /etc/ssh/ssh_host_rsa_key{,.old} + +# Update crontab +sed -i /var/spool/cron/root.orig -e "/Force an update once a month/d" +sed -i /var/spool/cron/root.orig -e "/ddns update-all --force/d" + +grep -qv "dma -q" || cat <> /var/spool/cron/root.orig + +# Retry sending spooled mails regularly +%hourly * /usr/sbin/dma -q + +# Cleanup the mail spool directory +%weekly * * /usr/sbin/dma-cleanup-spool +EOF + +fcrontab -z &>/dev/null + +# Start services +/etc/init.d/dnsmasq start +/etc/init.d/sshd start +/etc/init.d/squid start + +# This update need a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/core/93/exclude b/config/rootfiles/oldcore/93/exclude similarity index 100% rename from config/rootfiles/core/93/exclude rename to config/rootfiles/oldcore/93/exclude diff --git a/config/rootfiles/core/93/filelists/bind b/config/rootfiles/oldcore/93/filelists/bind similarity index 100% rename from config/rootfiles/core/93/filelists/bind rename to config/rootfiles/oldcore/93/filelists/bind diff --git a/config/rootfiles/core/93/filelists/daq b/config/rootfiles/oldcore/93/filelists/daq similarity index 100% rename from config/rootfiles/core/93/filelists/daq rename to config/rootfiles/oldcore/93/filelists/daq diff --git a/config/rootfiles/core/93/filelists/ddns b/config/rootfiles/oldcore/93/filelists/ddns similarity index 100% rename from config/rootfiles/core/93/filelists/ddns rename to config/rootfiles/oldcore/93/filelists/ddns diff --git a/config/rootfiles/oldcore/93/filelists/dnsmasq b/config/rootfiles/oldcore/93/filelists/dnsmasq new file mode 120000 index 0000000000..d469c74631 --- /dev/null +++ b/config/rootfiles/oldcore/93/filelists/dnsmasq @@ -0,0 +1 @@ +../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/core/93/filelists/files b/config/rootfiles/oldcore/93/filelists/files similarity index 100% rename from config/rootfiles/core/93/filelists/files rename to config/rootfiles/oldcore/93/filelists/files diff --git a/config/rootfiles/core/93/filelists/libevent2 b/config/rootfiles/oldcore/93/filelists/libevent2 similarity index 100% rename from config/rootfiles/core/93/filelists/libevent2 rename to config/rootfiles/oldcore/93/filelists/libevent2 diff --git a/config/rootfiles/core/93/filelists/libpcap b/config/rootfiles/oldcore/93/filelists/libpcap similarity index 100% rename from config/rootfiles/core/93/filelists/libpcap rename to config/rootfiles/oldcore/93/filelists/libpcap diff --git a/config/rootfiles/core/93/filelists/nettle b/config/rootfiles/oldcore/93/filelists/nettle similarity index 100% rename from config/rootfiles/core/93/filelists/nettle rename to config/rootfiles/oldcore/93/filelists/nettle diff --git a/config/rootfiles/oldcore/93/filelists/pcre b/config/rootfiles/oldcore/93/filelists/pcre new file mode 120000 index 0000000000..b390d9a367 --- /dev/null +++ b/config/rootfiles/oldcore/93/filelists/pcre @@ -0,0 +1 @@ +../../../common/pcre \ No newline at end of file diff --git a/config/rootfiles/oldcore/93/filelists/squid b/config/rootfiles/oldcore/93/filelists/squid new file mode 120000 index 0000000000..2dc8372a0e --- /dev/null +++ b/config/rootfiles/oldcore/93/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/oldcore/93/meta b/config/rootfiles/oldcore/93/meta new file mode 100644 index 0000000000..d547fa86fa --- /dev/null +++ b/config/rootfiles/oldcore/93/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/93/update.sh b/config/rootfiles/oldcore/93/update.sh similarity index 100% rename from config/rootfiles/core/93/update.sh rename to config/rootfiles/oldcore/93/update.sh diff --git a/config/rootfiles/packages/postfix b/config/rootfiles/packages/postfix index c347bb8a3b..bc4739d0b7 100644 --- a/config/rootfiles/packages/postfix +++ b/config/rootfiles/packages/postfix @@ -68,7 +68,7 @@ usr/sbin/postmap usr/sbin/postmulti usr/sbin/postqueue usr/sbin/postsuper -usr/sbin/sendmail +usr/sbin/sendmail.postfix #usr/share/man/man1/mailq.1 #usr/share/man/man1/newaliases.1 #usr/share/man/man1/postalias.1 diff --git a/doc/language_issues.de b/doc/language_issues.de index 0d86987569..54d9de9928 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -164,7 +164,11 @@ WARNING: translation string unused: edit network WARNING: translation string unused: edit service WARNING: translation string unused: editor WARNING: translation string unused: eg +WARNING: translation string unused: email error WARNING: translation string unused: email server can not be empty +WARNING: translation string unused: email subject +WARNING: translation string unused: email success +WARNING: translation string unused: email text WARNING: translation string unused: enable javascript WARNING: translation string unused: enable wildcards WARNING: translation string unused: enabled on @@ -643,6 +647,7 @@ WARNING: untranslated string: emerging rules WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip WARNING: untranslated string: ike lifetime should be between 1 and 8 hours +WARNING: untranslated string: info messages WARNING: untranslated string: no data WARNING: untranslated string: none WARNING: untranslated string: qos add subclass @@ -651,4 +656,5 @@ WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: show tls-auth key +WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.en b/doc/language_issues.en index 1f1c78d611..95477de8b8 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -187,7 +187,11 @@ WARNING: translation string unused: edit network WARNING: translation string unused: edit service WARNING: translation string unused: editor WARNING: translation string unused: eg +WARNING: translation string unused: email error WARNING: translation string unused: email server can not be empty +WARNING: translation string unused: email subject +WARNING: translation string unused: email success +WARNING: translation string unused: email text WARNING: translation string unused: enable javascript WARNING: translation string unused: enable wildcards WARNING: translation string unused: enabled on @@ -675,6 +679,7 @@ WARNING: untranslated string: bytes WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip WARNING: untranslated string: ike lifetime should be between 1 and 8 hours +WARNING: untranslated string: info messages WARNING: untranslated string: no data WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added diff --git a/doc/language_issues.es b/doc/language_issues.es index 2a502006b9..91945ffb71 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -690,6 +690,22 @@ WARNING: untranslated string: drop action1 WARNING: untranslated string: drop action2 WARNING: untranslated string: drop forward WARNING: untranslated string: drop outgoing +WARNING: untranslated string: email config +WARNING: untranslated string: email empty field +WARNING: untranslated string: email invalid +WARNING: untranslated string: email invalid mailfqdn +WARNING: untranslated string: email invalid mailip +WARNING: untranslated string: email invalid mailport +WARNING: untranslated string: email mailaddr +WARNING: untranslated string: email mailpass +WARNING: untranslated string: email mailport +WARNING: untranslated string: email mailrcpt +WARNING: untranslated string: email mailsender +WARNING: untranslated string: email mailuser +WARNING: untranslated string: email settings +WARNING: untranslated string: email testmail +WARNING: untranslated string: email tls +WARNING: untranslated string: email usemail WARNING: untranslated string: emerging rules WARNING: untranslated string: encryption WARNING: untranslated string: entropy @@ -879,6 +895,7 @@ WARNING: untranslated string: imsi WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming firewall access WARNING: untranslated string: incoming overhead in bytes per second +WARNING: untranslated string: info messages WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -1047,6 +1064,7 @@ WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: vendor WARNING: untranslated string: visit us at +WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw diff --git a/doc/language_issues.fr b/doc/language_issues.fr index aa4951d80e..344ef07a32 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -698,6 +698,22 @@ WARNING: untranslated string: drop action1 WARNING: untranslated string: drop action2 WARNING: untranslated string: drop forward WARNING: untranslated string: drop outgoing +WARNING: untranslated string: email config +WARNING: untranslated string: email empty field +WARNING: untranslated string: email invalid +WARNING: untranslated string: email invalid mailfqdn +WARNING: untranslated string: email invalid mailip +WARNING: untranslated string: email invalid mailport +WARNING: untranslated string: email mailaddr +WARNING: untranslated string: email mailpass +WARNING: untranslated string: email mailport +WARNING: untranslated string: email mailrcpt +WARNING: untranslated string: email mailsender +WARNING: untranslated string: email mailuser +WARNING: untranslated string: email settings +WARNING: untranslated string: email testmail +WARNING: untranslated string: email tls +WARNING: untranslated string: email usemail WARNING: untranslated string: emerging rules WARNING: untranslated string: encryption WARNING: untranslated string: entropy @@ -894,6 +910,7 @@ WARNING: untranslated string: imsi WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming firewall access WARNING: untranslated string: incoming overhead in bytes per second +WARNING: untranslated string: info messages WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -1062,6 +1079,7 @@ WARNING: untranslated string: urlfilter mode block WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: vendor WARNING: untranslated string: visit us at +WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw diff --git a/doc/language_issues.it b/doc/language_issues.it index 1669e79f6d..38614d69f5 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -674,6 +674,22 @@ WARNING: untranslated string: advproxy group access control WARNING: untranslated string: advproxy group required WARNING: untranslated string: bytes WARNING: untranslated string: check all +WARNING: untranslated string: email config +WARNING: untranslated string: email empty field +WARNING: untranslated string: email invalid +WARNING: untranslated string: email invalid mailfqdn +WARNING: untranslated string: email invalid mailip +WARNING: untranslated string: email invalid mailport +WARNING: untranslated string: email mailaddr +WARNING: untranslated string: email mailpass +WARNING: untranslated string: email mailport +WARNING: untranslated string: email mailrcpt +WARNING: untranslated string: email mailsender +WARNING: untranslated string: email mailuser +WARNING: untranslated string: email settings +WARNING: untranslated string: email testmail +WARNING: untranslated string: email tls +WARNING: untranslated string: email usemail WARNING: untranslated string: fwdfw err concon WARNING: untranslated string: fwdfw err ratecon WARNING: untranslated string: fwdfw limitconcon @@ -696,6 +712,7 @@ WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming overhead in bytes per second +WARNING: untranslated string: info messages WARNING: untranslated string: invalid input for valid till days WARNING: untranslated string: masquerade blue WARNING: untranslated string: masquerade green @@ -720,6 +737,7 @@ WARNING: untranslated string: samba join a domain WARNING: untranslated string: samba join domain WARNING: untranslated string: search WARNING: untranslated string: uncheck all +WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 11d76577bb..2d3c78b985 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -686,6 +686,22 @@ WARNING: untranslated string: dnssec not supported WARNING: untranslated string: dnssec validating WARNING: untranslated string: download tls-auth key WARNING: untranslated string: drop outgoing +WARNING: untranslated string: email config +WARNING: untranslated string: email empty field +WARNING: untranslated string: email invalid +WARNING: untranslated string: email invalid mailfqdn +WARNING: untranslated string: email invalid mailip +WARNING: untranslated string: email invalid mailport +WARNING: untranslated string: email mailaddr +WARNING: untranslated string: email mailpass +WARNING: untranslated string: email mailport +WARNING: untranslated string: email mailrcpt +WARNING: untranslated string: email mailsender +WARNING: untranslated string: email mailuser +WARNING: untranslated string: email settings +WARNING: untranslated string: email testmail +WARNING: untranslated string: email tls +WARNING: untranslated string: email usemail WARNING: untranslated string: firewall logs country WARNING: untranslated string: fwdfw err concon WARNING: untranslated string: fwdfw err ratecon @@ -713,6 +729,7 @@ WARNING: untranslated string: imei WARNING: untranslated string: imsi WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming overhead in bytes per second +WARNING: untranslated string: info messages WARNING: untranslated string: invalid input for valid till days WARNING: untranslated string: masquerade blue WARNING: untranslated string: masquerade green @@ -769,6 +786,7 @@ WARNING: untranslated string: ta key WARNING: untranslated string: uncheck all WARNING: untranslated string: upload dh key WARNING: untranslated string: vendor +WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 2a502006b9..91945ffb71 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -690,6 +690,22 @@ WARNING: untranslated string: drop action1 WARNING: untranslated string: drop action2 WARNING: untranslated string: drop forward WARNING: untranslated string: drop outgoing +WARNING: untranslated string: email config +WARNING: untranslated string: email empty field +WARNING: untranslated string: email invalid +WARNING: untranslated string: email invalid mailfqdn +WARNING: untranslated string: email invalid mailip +WARNING: untranslated string: email invalid mailport +WARNING: untranslated string: email mailaddr +WARNING: untranslated string: email mailpass +WARNING: untranslated string: email mailport +WARNING: untranslated string: email mailrcpt +WARNING: untranslated string: email mailsender +WARNING: untranslated string: email mailuser +WARNING: untranslated string: email settings +WARNING: untranslated string: email testmail +WARNING: untranslated string: email tls +WARNING: untranslated string: email usemail WARNING: untranslated string: emerging rules WARNING: untranslated string: encryption WARNING: untranslated string: entropy @@ -879,6 +895,7 @@ WARNING: untranslated string: imsi WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming firewall access WARNING: untranslated string: incoming overhead in bytes per second +WARNING: untranslated string: info messages WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -1047,6 +1064,7 @@ WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: vendor WARNING: untranslated string: visit us at +WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw diff --git a/doc/language_issues.ru b/doc/language_issues.ru index d2215b6df4..45316709d7 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -692,6 +692,22 @@ WARNING: untranslated string: drop action1 WARNING: untranslated string: drop action2 WARNING: untranslated string: drop forward WARNING: untranslated string: drop outgoing +WARNING: untranslated string: email config +WARNING: untranslated string: email empty field +WARNING: untranslated string: email invalid +WARNING: untranslated string: email invalid mailfqdn +WARNING: untranslated string: email invalid mailip +WARNING: untranslated string: email invalid mailport +WARNING: untranslated string: email mailaddr +WARNING: untranslated string: email mailpass +WARNING: untranslated string: email mailport +WARNING: untranslated string: email mailrcpt +WARNING: untranslated string: email mailsender +WARNING: untranslated string: email mailuser +WARNING: untranslated string: email settings +WARNING: untranslated string: email testmail +WARNING: untranslated string: email tls +WARNING: untranslated string: email usemail WARNING: untranslated string: emerging rules WARNING: untranslated string: encryption WARNING: untranslated string: entropy @@ -879,6 +895,7 @@ WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming firewall access WARNING: untranslated string: incoming overhead in bytes per second WARNING: untranslated string: incoming traffic in bytes per second +WARNING: untranslated string: info messages WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -1040,6 +1057,7 @@ WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: vendor WARNING: untranslated string: visit us at +WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn keyexchange WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw diff --git a/doc/language_issues.tr b/doc/language_issues.tr index a9d633273b..672a49d743 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -666,6 +666,22 @@ WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes WARNING: untranslated string: check all +WARNING: untranslated string: email config +WARNING: untranslated string: email empty field +WARNING: untranslated string: email invalid +WARNING: untranslated string: email invalid mailfqdn +WARNING: untranslated string: email invalid mailip +WARNING: untranslated string: email invalid mailport +WARNING: untranslated string: email mailaddr +WARNING: untranslated string: email mailpass +WARNING: untranslated string: email mailport +WARNING: untranslated string: email mailrcpt +WARNING: untranslated string: email mailsender +WARNING: untranslated string: email mailuser +WARNING: untranslated string: email settings +WARNING: untranslated string: email testmail +WARNING: untranslated string: email tls +WARNING: untranslated string: email usemail WARNING: untranslated string: fwhost addgeoipgrp WARNING: untranslated string: fwhost cust geoipgroup WARNING: untranslated string: fwhost cust geoipgrp @@ -682,6 +698,7 @@ WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming overhead in bytes per second +WARNING: untranslated string: info messages WARNING: untranslated string: invalid input for valid till days WARNING: untranslated string: no data WARNING: untranslated string: none @@ -697,6 +714,7 @@ WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: search WARNING: untranslated string: uncheck all +WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_missings b/doc/language_missings index b88db57542..97e2d1832d 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -113,6 +113,26 @@ < drop action2 < drop forward < drop outgoing +< email config +< email empty field +< email error +< email invalid +< email invalid mailfqdn +< email invalid mailip +< email invalid mailport +< email mailaddr +< email mailpass +< email mailport +< email mailrcpt +< email mailsender +< email mailuser +< email settings +< email subject +< email success +< email testmail +< email text +< email tls +< email usemail < encryption < entropy < entropy graphs @@ -696,6 +716,26 @@ < drop action2 < drop forward < drop outgoing +< email config +< email empty field +< email error +< email invalid +< email invalid mailfqdn +< email invalid mailip +< email invalid mailport +< email mailaddr +< email mailpass +< email mailport +< email mailrcpt +< email mailsender +< email mailuser +< email settings +< email subject +< email success +< email testmail +< email text +< email tls +< email usemail < encryption < entropy < entropy graphs @@ -1261,6 +1301,26 @@ < drop action2 < drop forward < drop outgoing +< email config +< email empty field +< email error +< email invalid +< email invalid mailfqdn +< email invalid mailip +< email invalid mailport +< email mailaddr +< email mailpass +< email mailport +< email mailrcpt +< email mailsender +< email mailuser +< email settings +< email subject +< email success +< email testmail +< email text +< email tls +< email usemail < encryption < entropy < entropy graphs @@ -1816,6 +1876,26 @@ < drop forward < drop outgoing < Edit an existing route +< email config +< email empty field +< email error +< email invalid +< email invalid mailfqdn +< email invalid mailip +< email invalid mailport +< email mailaddr +< email mailpass +< email mailport +< email mailrcpt +< email mailsender +< email mailuser +< email settings +< email subject +< email success +< email testmail +< email text +< email tls +< email usemail < encryption < entropy < entropy graphs diff --git a/html/cgi-bin/logs.cgi/log.dat b/html/cgi-bin/logs.cgi/log.dat index 1813862fe0..e8635d7a3b 100644 --- a/html/cgi-bin/logs.cgi/log.dat +++ b/html/cgi-bin/logs.cgi/log.dat @@ -53,6 +53,7 @@ my %sections = ( 'red' => '(red:|pppd\[.*\]: |chat\[.*\]|pppoe\[.*\]|pptp\[.*\]|pppoa\[.*\]|pppoa3\[.*\]|pppoeci\[.*\]|ipppd|ipppd\[.*\]|kernel: ippp\d|kernel: isdn.*|ibod\[.*\]|dhcpcd\[.*\]|modem_run\[.*\])', 'ddns' => '(ddns\[\d+\]:)', 'dns' => '(dnsmasq\[.*\]: )', + 'dma' => '(dma\[.*\]: )', 'dhcp' => '(dhcpd: )', 'clamav' => '(clamd\[.*\]: |freshclam\[.*\]: )', 'collectd' => '(collectd\[.*\]: )', @@ -73,6 +74,7 @@ my %trsections = ( 'red' => 'RED', 'ddns' => $Lang::tr{'dynamic dns'}, 'dns' => 'DNS', + 'dma' => 'Mail', 'dhcp' => "$Lang::tr{'dhcp server'}", 'cron' => 'Cron', 'collectd' => 'Collectd', @@ -192,8 +194,10 @@ while ($gzindex >=0 && $loop) { # calculate file name if ($gzindex == 0) { $filestr = "/var/log/messages"; + $filestr = "/var/log/mail" if (${section} =~ 'dma'); } else { $filestr = "/var/log/messages.$gzindex"; + $filestr = "/var/log/mail.$gzindex" if (${section} =~ 'dma'); $filestr = "$filestr.gz" if -f "$filestr.gz"; } # now read file if existing diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi new file mode 100755 index 0000000000..be663a62e0 --- /dev/null +++ b/html/cgi-bin/mail.cgi @@ -0,0 +1,345 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2015 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +use MIME::Lite; + +#enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +#Initialize variables and hashes +my $dmafile="${General::swroot}/dma/dma.conf"; +my $authfile="${General::swroot}/dma/auth.conf"; +my $mailfile="${General::swroot}/dma/mail.conf"; +my %dma=(); +my %auth=(); +my %mail=(); +my %mainsettings=(); +my %cgiparams=(); +my $errormessage=''; + +#Read all parameters for site +&Header::getcgihash(\%cgiparams); +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); + +#Show Headers +&Header::showhttpheaders(); + +#Check configfiles +if ( -f $dmafile){ + open (FILE, "<", $dmafile) or die $!; + foreach my $line () { + $line =~ m/^([A-Z]+)\s+?(.*)?$/; + my $key = $1; + my $val = $2; + $dma{$key}=$val; + } +}else{ + open(FILE, ">$dmafile") or die $!; +} +close FILE; + +if (exists $dma{'AUTHPATH'}){ + open (FILE, "<", $dma{'AUTHPATH'}) or die "$dma{'AUTHPATH'} nicht gefunden $! "; + my $authline; + foreach my $line () { + $authline = $line; + } + my @part1 = split(/\|/,$authline); + my @part2 = split(/\:/,$part1[1]); + $auth{'AUTHNAME'} = $part1[0]; + $auth{'AUTHHOST'} = $part2[0]; + $auth{'AUTHPASS'} = $part2[1]; +} + +if ( -f $mailfile){ + &General::readhash($mailfile, \%mail); +} + +#ACTIONS +if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite + #Check fields + if ($cgiparams{'USEMAIL'} eq 'on'){ + $errormessage=&checkmailsettings; + }else{ + $cgiparams{'txt_mailserver'}=''; + $cgiparams{'txt_mailport'}=''; + $cgiparams{'txt_mailuser'}=''; + $cgiparams{'txt_mailpass'}=''; + $cgiparams{'mail_tls'}=''; + $cgiparams{'txt_mailsender'}=''; + $cgiparams{'txt_recipient'}=''; + } + if(!$errormessage){ + #clear hashes + %auth=(); + %dma=(); + %mail=(); + + #clear configfiles + open (TXT, ">$dmafile") or die("Could not open /var/ipfire/dma/dma.conf: $!\n"); + open (TXT1, ">$authfile") or die("Could not open /var/ipfire/dma/auth.conf: $!\n"); + open (TXT2, ">$mailfile") or die("Could not open /var/ipfire/dma/mail.conf: $!\n"); + close TXT2; + + #Fill hashes with actual values + $mail{'USEMAIL'} = $cgiparams{'USEMAIL'}; + $mail{'SENDER'} = $cgiparams{'txt_mailsender'}; + $mail{'RECIPIENT'} = $cgiparams{'txt_recipient'}; + + $auth{'AUTHNAME'} = $cgiparams{'txt_mailuser'}; + $auth{'AUTHPASS'} = $cgiparams{'txt_mailpass'}; + $auth{'AUTHHOST'} = $cgiparams{'txt_mailserver'}; + + $dma{'SMARTHOST'} = $cgiparams{'txt_mailserver'}; + $dma{'PORT'} = $cgiparams{'txt_mailport'}; + $dma{'STARTTLS'} = '' if ($cgiparams{'mail_tls'}); + $dma{'SECURETRANSFER'} = '' if exists $dma{'STARTTLS'}; + $dma{'SPOOLDIR'} = "/var/spool/dma"; + $dma{'FULLBOUNCE'} = ''; + $dma{'MAILNAME'} = "$mainsettings{'HOSTNAME'}.$mainsettings{DOMAINNAME}"; + $dma{'AUTHPATH'} = "$authfile" if exists $auth{'AUTHNAME'}; + + #Create new configfiles + &General::writehash("$mailfile", \%mail); + while ( ($k,$v) = each %dma ) { + print TXT "$k $v\n"; + } + close TXT; + print TXT1 "$auth{'AUTHNAME'}|$auth{'AUTHHOST'}:$auth{'AUTHPASS'}\n"; + close TXT2; + + }else{ + $cgiparams{'update'}='on'; + &configsite; + } +} +if ($cgiparams{'ACTION'} eq "$Lang::tr{'email testmail'}"){ #Testmail button on configsite + &testmail; +} + +#Show site +&configsite; + +#FUNCTIONS +sub configsite{ + + + #If update set fieldvalues new + if($cgiparams{'update'} eq 'on'){ + $dma{'USEMAIL'}= 'on'; + $dma{'SMARTHOST'} = $cgiparams{'txt_mailserver'}; + $dma{'PORT'} = $cgiparams{'txt_mailport'}; + $auth{'AUTHUSER'} = $cgiparams{'txt_mailuser'}; + $auth{'AUTHHOST'} = $cgiparams{'txt_mailserver'}; + $auth{'AUTHPASS'} = $cgiparams{'txt_mailpass'}; + } + #find preselections + $checked{'usemail'}{$mail{'USEMAIL'}} = 'CHECKED'; + $checked{'mail_tls'}{'on'} = 'CHECKED' if exists $dma{'STARTTLS'}; + + #Open site + &Header::openpage($Lang::tr{'email settings'}, 1, ''); + &Header::openbigbox('100%', 'center'); + &error; + &info; + &Header::openbox('100%', 'left', $Lang::tr{'email config'}); + + #### JAVA SCRIPT #### + print< + \$(document).ready(function() { + // Show/Hide elements when USEMAIL checkbox is checked. + if (\$("#MAIL").attr("checked")) { + \$(".MAILSRV").show(); + } else { + \$(".MAILSRV").hide(); + } + + // Toggle MAIL elements when "USEMAIL" checkbox is clicked + \$("#MAIL").change(function() { + \$(".MAILSRV").toggle(); + }); + }); + +END + ##### JAVA SCRIPT END #### + my $col="style='background-color:$color{'color22'}'"; + print< + + + + + + + + + +
$Lang::tr{'email usemail'}

+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +END + if (! -z $dmafile && $mail{'USEMAIL'} eq 'on'){ + print ""; + print ""; + print ""; + print ""; + } + print< + + +
$Lang::tr{'email mailsender'}*
$Lang::tr{'email mailrcpt'}*
$Lang::tr{'email mailaddr'}*
$Lang::tr{'email mailport'}*
$Lang::tr{'email mailuser'}
$Lang::tr{'email mailpass'}
$Lang::tr{'email tls'}
 
+
+ + + + + +
+
+ +END + &Header::closebox(); + &Header::closebigbox(); + &Header::closepage(); + exit 0; +} + +sub checkmailsettings { + #Check if mailserver is an ip address or a domain + if ($cgiparams{'txt_mailserver'} =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/){ + if (! &General::validip($cgiparams{'txt_mailserver'})){ + $errormessage.="$Lang::tr{'email invalid mailip'} $cgiparams{'txt_mailserver'}
"; + } + }elsif(! &General::validfqdn($cgiparams{'txt_mailserver'})){ + $errormessage.="$Lang::tr{'email invalid mailfqdn'} $cgiparams{'txt_mailserver'}
"; + } + #Check valid mailserverport + if($cgiparams{'txt_mailport'} < 1 || $cgiparams{'txt_mailport'} > 65535){ + $errormessage.="$Lang::tr{'email invalid mailport'} $cgiparams{'txt_mailport'}
"; + } + #Check valid sender + if(! $cgiparams{'txt_mailsender'}){ + $errormessage.="$Lang::tr{'email empty field'} $Lang::tr{'email mailsender'}
"; + }else{ + if (! &General::validemail($cgiparams{'txt_mailsender'})){ + $errormessage.="
$Lang::tr{'email invalid'} $Lang::tr{'email mailsender'}
"; + } + } + return $errormessage; +} + +sub testmail { + ### Create a new multipart message: + $msg = MIME::Lite->new( + From => $mail{'SENDER'}, + To => $mail{'RECIPIENT'}, + #Cc => 'some@other.com, some@more.com', + Subject => 'IPFire Testmail', + Type => 'multipart/mixed' + ); + + ### Add parts (each "attach" has same arguments as "new"): + $msg->attach( + Type => 'TEXT', + Data => "This is the IPFire test mail." + ); + + ### Add attachment for testing + #$msg->attach( + # Type => 'application/txt', + # Encoding => 'base64', + # Path => '/var/ipfire/dma/dma.conf', + # Filename => 'dma.conf', + # Disposition => 'attachment' + #); + + $msg->send_by_sendmail; +} + +sub info { + if ($infomessage) { + &Header::openbox('100%', 'left', $Lang::tr{'info messages'}); + print "$infomessage\n"; + print " \n"; + &Header::closebox(); + } +} + +sub error { + if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage\n"; + print " \n"; + &Header::closebox(); + } +} + + + + + + + + + + + + + + + diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 8c44b7e93a..9f3c645e1a 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -108,6 +108,7 @@ $cgiparams{'ROOTCERT_STATE'} = ''; $cgiparams{'RW_NET'} = ''; $cgiparams{'DPD_DELAY'} = '30'; $cgiparams{'DPD_TIMEOUT'} = '120'; +$cgiparams{'FORCE_MOBIKE'} = 'off'; &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); ### @@ -360,6 +361,11 @@ sub writeipsecfiles { # Compression print CONF "\tcompress=yes\n" if ($lconfighash{$key}[13] eq 'on'); + # Force MOBIKE? + if (($lconfighash{$key}[29] eq "ikev2") && ($lconfighash{$key}[32] eq 'on')) { + print CONF "\tmobike=yes\n"; + } + # Dead Peer Detection my $dpdaction = $lconfighash{$key}[27]; print CONF "\tdpdaction=$dpdaction\n"; @@ -1286,6 +1292,7 @@ END $cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14]; $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; + $cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32]; if (!$cgiparams{'DPD_DELAY'}) { $cgiparams{'DPD_DELAY'} = 30; @@ -1768,7 +1775,7 @@ END my $key = $cgiparams{'KEY'}; if (! $key) { $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 32) { $confighash{$key}[$i] = "";} } $confighash{$key}[0] = $cgiparams{'ENABLED'}; $confighash{$key}[1] = $cgiparams{'NAME'}; @@ -1810,6 +1817,7 @@ END $confighash{$key}[14] = $cgiparams{'VHOST'}; $confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'}; $confighash{$key}[31] = $cgiparams{'DPD_DELAY'}; + $confighash{$key}[32] = $cgiparams{'FORCE_MOBIKE'}; #free unused fields! $confighash{$key}[6] = 'off'; @@ -1858,6 +1866,10 @@ END $cgiparams{'DPD_TIMEOUT'} = 120; } + if (!$cgiparams{'FORCE_MOBIKE'}) { + $cgiparams{'FORCE_MOBIKE'} = 'no'; + } + # Default IKE Version to v2 if (!$cgiparams{'IKE_VERSION'}) { $cgiparams{'IKE_VERSION'} = 'ikev2'; @@ -1935,6 +1947,7 @@ END + END ; if ($cgiparams{'KEY'}) { @@ -2206,6 +2219,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || if ( ($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) || + ($cgiparams{'FORCE_MOBIKE'} !~ /^(|on|off)$/) || ($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) || ($cgiparams{'PFS'} !~ /^(|on|off)$/) || ($cgiparams{'VHOST'} !~ /^(|on|off)$/) @@ -2241,6 +2255,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'}; $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'}; $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'}; + $confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'FORCE_MOBIKE'}; &General::writehasharray("${General::swroot}/vpn/config", \%confighash); &writeipsecfiles(); if (&vpnenabled) { @@ -2268,6 +2283,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27]; $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; + $cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32]; if (!$cgiparams{'DPD_DELAY'}) { $cgiparams{'DPD_DELAY'} = 30; @@ -2362,6 +2378,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || foreach my $key (@temp) {$checked{'ESP_GROUPTYPE'}{$key} = "selected='selected'"; } $checked{'COMPRESSION'} = $cgiparams{'COMPRESSION'} eq 'on' ? "checked='checked'" : '' ; + $checked{'FORCE_MOBIKE'} = $cgiparams{'FORCE_MOBIKE'} eq 'on' ? "checked='checked'" : '' ; $checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on' ? "checked='checked'" : '' ; $checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ; $checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ; @@ -2605,6 +2622,14 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || + + + + + EOF ; if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 48ade280a8..c6d25fcde7 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -833,7 +833,27 @@ 'edit share' => 'Freigabe bearbeiten', 'editor' => 'Editor', 'eg' => 'z.B.:', +'email config' => 'Konfiguration', +'email empty field' => 'Leeres Feld', +'email error' => 'ERROR: Testmail konnte nicht versendet werden', +'email invalid' => 'Ungültiges Feld', +'email invalid mailfqdn' => 'Ungültiger FQDN für Mailserver', +'email invalid mailip' => 'Ungültige IP-Adresse für Mailserver', +'email invalid mailport' => 'Ungültiger Port für Mailserver', +'email mailaddr' => 'Mailserver-Adresse', +'email mailpass' => 'Passwort', +'email mailport' => 'Mailserver-Port', +'email mailrcpt' => 'E-Mail-Empfänger', +'email mailsender' => 'E-Mail Absender', +'email mailuser' => 'Benutzername', 'email server can not be empty' => 'Email-Server darf nicht leer sein', +'email settings' => 'Mailversand', +'email subject' => 'IPFire Testmail', +'email success' => 'Testmail erfolgreich versendet', +'email testmail' => 'Testnachricht senden', +'email text' => 'Testnachricht vom IPFire Mailversand.', +'email tls' => 'TLS aktivieren', +'email usemail' => 'Mailversand aktivieren', 'emailreportlevel' => 'Email-Reportlevel', 'empty' => 'Dieses Feld kann leer bleiben', 'empty profile' => 'Unbenannt', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index af7fda947e..1e1b459682 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -859,7 +859,27 @@ 'edit share' => 'Edit share', 'editor' => 'Editor', 'eg' => 'e.g.:', +'email config' => 'Configuration', +'email empty field' => 'Empty field', +'email error' => 'ERROR: Testmail could not be sent', +'email invalid' => 'Invalid field', +'email invalid mailfqdn' => 'Invalid mailserver fqdn', +'email invalid mailip' => 'Invalid mailserver IP address', +'email invalid mailport' => 'Invalid mailserver port', +'email mailaddr' => 'Mailserver address', +'email mailpass' => 'Password', +'email mailport' => 'Mailserver port', +'email mailrcpt' => 'Mail recipient', +'email mailsender' => 'Mail sender', +'email mailuser' => 'Username', 'email server can not be empty' => 'E-mail server can not be empty', +'email settings' => 'Mailservice', +'email subject' => 'IPFire Testmail', +'email success' => 'Testmail successfully sent', +'email testmail' => 'Send testmail', +'email text' => 'Testmail from IPFire Mailservice.', +'email tls' => 'Use TLS', +'email usemail' => 'Activate Mailservice', 'emailreportlevel' => 'E-mailreportlevel', 'emerging rules' => 'Emergingthreats.net Community Rules', 'empty' => 'This field may be left blank', @@ -2628,6 +2648,7 @@ 'vpn configuration main' => 'VPN Configuration', 'vpn delayed start' => 'Delay before launching VPN (seconds)', 'vpn delayed start help' => 'If required, this delay can be used to allow dynamic DNS updates to propagate properly. 60 is a common value when RED is a dynamic IP.', +'vpn force mobike' => 'Force using MOBIKE (only IKEv2)', 'vpn incompatible use of defaultroute' => 'hostname=%defaultroute not allowed', 'vpn keyexchange' => 'Keyexchange', 'vpn local id' => 'Local ID', diff --git a/lfs/chkconfig b/lfs/chkconfig new file mode 100644 index 0000000000..afec4542c1 --- /dev/null +++ b/lfs/chkconfig @@ -0,0 +1,78 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.5 + +THISAPP = chkconfig-$(VER) +DL_FILE = $(THISAPP).tar.bz2 +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 0e59a43ef588a7bba5528b10bb59bef2 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && make alternatives + cd $(DIR_APP) && install -v -m 755 alternatives /usr/sbin + ln -svf alternatives /usr/sbin/update-alternatives + -mkdir -pv /etc/alternatives /var/lib/alternatives + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/coreutils b/lfs/coreutils index cd2440d9d6..ede0493916 100644 --- a/lfs/coreutils +++ b/lfs/coreutils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2011 IPFire Team # +# Copyright (C) 2007-2015 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 8.23 +VER = 8.24 THISAPP = coreutils-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -60,7 +60,7 @@ objects =$(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = abed135279f87ad6762ce57ff6d89c41 +$(DL_FILE)_MD5 = 40efdbce865d2458d8da0a9dcee7c16c install : $(TARGET) diff --git a/lfs/dma b/lfs/dma new file mode 100644 index 0000000000..9fe49ab094 --- /dev/null +++ b/lfs/dma @@ -0,0 +1,87 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2011 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.9.1 + +THISAPP = dma-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = dma +PAK_VER = 1 + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 56afaf438ba34d4ff9c8879dc29a16b1 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + mkdir -pv /var/ipfire/dma + cd $(DIR_APP) && sed -i '/PREFIX/s/usr\/local/usr/g' Makefile + cd $(DIR_APP) && sed -i '/CONFDIR/s/etc\/dma/var\/ipfire\/dma/g' Makefile + cd $(DIR_APP) && make + cd $(DIR_APP) && make install mailq-link install-spool-dirs install-etc + install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin + chown -R nobody.nobody /var/ipfire/dma + chown nobody.root /var/ipfire/dma/auth.conf + ln -svf dma /usr/sbin/sendmail.dma + /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20 + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/dnsmasq b/lfs/dnsmasq index f327967c26..f16c7618a9 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -73,7 +73,11 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/001-include_0_0_0_0_8_in_DNS_rebind_checks.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/002-enhance_add_subnet_to_allow_arbitary_subnet_addresses.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/003-dont_answer_non_auth_queries_for_auth_zones_locally_when_localise_queries_set.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch + cd $(DIR_APP) && sed -i src/config.h \ -e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \ -e 's|/\* #define HAVE_DNSSEC \*/|#define HAVE_DNSSEC|g' \ diff --git a/lfs/file b/lfs/file index bfd7552867..49829d0c5e 100644 --- a/lfs/file +++ b/lfs/file @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2014 Michael Tremer & Christian Schmidt # +# Copyright (C) 2015 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 5.20 +VER = 5.24 THISAPP = file-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 5d5e13eb3e0e13839da869a31790faf2 +$(DL_FILE)_MD5 = ec161b5a0d2aef147fb046e5630b1408 install : $(TARGET) diff --git a/lfs/fireinfo b/lfs/fireinfo index 9d657653ec..55a78455c0 100644 --- a/lfs/fireinfo +++ b/lfs/fireinfo @@ -70,8 +70,11 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/0001-Add-an-other-forbidden-string-Serial.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/0002-Escape-any-non-printable-ascii-characters.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/0003-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/0004-Filter-all-IDs-that-only-consist-of-0xff.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/0005-Fix-crash-if-there-is-id-has-already-been-reset-to-N.patch cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh cd $(DIR_APP) && ./configure --prefix=/usr diff --git a/lfs/glibc b/lfs/glibc index 2341d10a95..d7d51cf8cb 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -285,6 +285,7 @@ endif cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1183533.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1207995.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1209375.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1217186.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch diff --git a/lfs/hdparm b/lfs/hdparm index e4e2e535bd..e4e9ac1a0a 100644 --- a/lfs/hdparm +++ b/lfs/hdparm @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2014 IPFire Team # +# Copyright (C) 2007-2015 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 9.45 +VER = 9.48 THISAPP = hdparm-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 1c75d0751a44928b6c4bc81fb16d7fe8 +$(DL_FILE)_MD5 = 213efdbe7471fad3408198918e164354 install : $(TARGET) diff --git a/lfs/openssh b/lfs/openssh index 7e6e376415..22d1de5bfd 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@ include Config -VER = 6.8p1 +VER = 7.1p1 THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 08f72de6751acfbd0892b5f003922701 +$(DL_FILE)_MD5 = 8709736bc8a8c253bc4eeb4829888ca5 install : $(TARGET) @@ -90,6 +90,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -e 's/^#\?SyslogFacility AUTH .*$$/SyslogFacility AUTH/' \ -e 's/^#\?LogLevel INFO .*$$/LogLevel INFO/' \ -e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \ + -e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \ /etc/ssh/sshd_config @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/pcre b/lfs/pcre index 8f207da7ba..fd66350043 100644 --- a/lfs/pcre +++ b/lfs/pcre @@ -72,6 +72,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-static \ diff --git a/lfs/perl-Email-Date-Format b/lfs/perl-Email-Date-Format new file mode 100644 index 0000000000..ce55d14143 --- /dev/null +++ b/lfs/perl-Email-Date-Format @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.005 + +THISAPP = Email-Date-Format-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 030dcee3bc1a44674900b0132925bd03 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-MIME-Lite b/lfs/perl-MIME-Lite new file mode 100644 index 0000000000..c6f53e627d --- /dev/null +++ b/lfs/perl-MIME-Lite @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 3.030 + +THISAPP = MIME-Lite-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 5a6d90329e049eee77248d667343acc7 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && yes |perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/postfix b/lfs/postfix index 696c68e400..b8029f7634 100644 --- a/lfs/postfix +++ b/lfs/postfix @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = postfix -PAK_VER = 8 +PAK_VER = 9 DEPS = "amavisd mysql" @@ -115,5 +115,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 644 $(DIR_SRC)/config/backup/includes/postfix \ /var/ipfire/backup/addons/includes/postfix + mv /usr/sbin/sendmail /usr/sbin/sendmail.postfix @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/rrdtool b/lfs/rrdtool index d0a1181756..f156400283 100644 --- a/lfs/rrdtool +++ b/lfs/rrdtool @@ -24,7 +24,7 @@ include Config -VER = 1.5.3 +VER = 1.5.4 THISAPP = rrdtool-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 868a828cc6b10654c440a85054240ae2 +$(DL_FILE)_MD5 = 4daea1e628e1c70d91800d6a06427dc1 install : $(TARGET) diff --git a/lfs/squid b/lfs/squid index d8c8a05a70..de6c87d46e 100644 --- a/lfs/squid +++ b/lfs/squid @@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.4-13228.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --sysconfdir=/etc/squid \ @@ -113,7 +114,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-cache-digests \ --enable-forw-via-db \ --enable-htcp \ - --enable-linux-netfilter \ --enable-kill-parent-hack \ --disable-wccpv2 \ --enable-icap-client \ diff --git a/lfs/squid-accounting b/lfs/squid-accounting index a2ffd90445..aa2ca509e4 100644 --- a/lfs/squid-accounting +++ b/lfs/squid-accounting @@ -9,15 +9,15 @@ include Config -VER = 1.0.3 +VER = 1.0.4 THISAPP = squid-accounting-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = squid-accounting -PAK_VER = 6 +PAK_VER = 7 -DEPS = "perl-DBI perl-DBD-SQLite perl-File-ReadBackwards perl-PDF-API2 sendEmail" +DEPS = "perl-DBI perl-DBD-SQLite perl-File-ReadBackwards perl-PDF-API2" ############################################################################### # Top-level Rules @@ -50,8 +50,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) chmod 777 /var/log/accounting.log #Set permissions for logo and graphs chmod -R 777 /srv/web/ipfire/html/accounting - - + install -v -m 755 $(DIR_APP)/squid-accounting/accounting.cgi /srv/web/ipfire/cgi-bin/ install -v -m 755 $(DIR_APP)/squid-accounting/acct.pl /usr/local/bin/ install -v -m 644 $(DIR_APP)/squid-accounting/acct-lib.pl /var/ipfire/accounting/ @@ -61,10 +60,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 755 $(DIR_APP)/squid-accounting/dbinstall.pl /var/ipfire/accounting/ install -v -m 644 $(DIR_APP)/squid-accounting/config/backup/includes/squid-accounting \ /var/ipfire/backup/addons/includes/squid-accounting - + #activate hourly logging of proxy logfile ln -sf /usr/local/bin/acct.pl /etc/fcron.hourly/squid-accounting - chown -R nobody.nobody /var/ipfire/accounting @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/make.sh b/make.sh index 7d9cad0dc6..235964b4b9 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.17" # Version number -CORE="93" # Core Level (Filename) +CORE="94" # Core Level (Filename) PAKFIRE_CORE="93" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan @@ -648,6 +648,7 @@ buildipfire() { ipfiremake screen ipfiremake smartmontools ipfiremake htop + ipfiremake chkconfig ipfiremake postfix ipfiremake fetchmail ipfiremake cyrus-imapd @@ -655,6 +656,7 @@ buildipfire() { ipfiremake clamav ipfiremake spamassassin ipfiremake amavisd + ipfiremake dma ipfiremake alsa ipfiremake mpfire ipfiremake guardian @@ -727,6 +729,8 @@ buildipfire() { ipfiremake perl-Net-SMTP-SSL ipfiremake perl-MIME-Base64 ipfiremake perl-Authen-SASL + ipfiremake perl-MIME-Lite + ipfiremake perl-Email-Date-Format ipfiremake git ipfiremake squidclamav ipfiremake vnstat diff --git a/src/initscripts/init.d/sshd b/src/initscripts/init.d/sshd index 0ed8661653..7b4092d38d 100644 --- a/src/initscripts/init.d/sshd +++ b/src/initscripts/init.d/sshd @@ -12,24 +12,12 @@ case "$1" in start) - if [ ! -e "/etc/ssh/ssh_host_key" ]; then - boot_mesg "Generating SSH host key..." - ssh-keygen -qf /etc/ssh/ssh_host_key -N '' -t rsa1 - evaluate_retval - fi - - for algo in rsa dsa ecdsa ed25519; do + for algo in rsa ecdsa ed25519; do keyfile="/etc/ssh/ssh_host_${algo}_key" # If the key already exists, there is nothing to do. [ -e "${keyfile}" ] && continue - case "${algo}" in - rsa) - algo="rsa1" - ;; - esac - boot_mesg "Generating SSH key (${algo})..." ssh-keygen -qf "${keyfile}" -N '' -t ${algo} evaluate_retval diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh index 0932d2e54e..1629d21c18 100644 --- a/src/paks/postfix/install.sh +++ b/src/paks/postfix/install.sh @@ -34,3 +34,6 @@ start_service ${NAME} ln -sf ../init.d/postfix /etc/rc.d/rc0.d/K25postfix ln -sf ../init.d/postfix /etc/rc.d/rc3.d/S35postfix ln -sf ../init.d/postfix /etc/rc.d/rc6.d/K25postfix + +# Update alternatives +/usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.postfix 15 diff --git a/src/paks/postfix/uninstall.sh b/src/paks/postfix/uninstall.sh index bc70451a17..bff411a91d 100644 --- a/src/paks/postfix/uninstall.sh +++ b/src/paks/postfix/uninstall.sh @@ -25,5 +25,6 @@ extract_backup_includes stop_service ${NAME} make_backup ${NAME} +/usr/sbin/alternatives --remove sendmail /usr/sbin/sendmail.postfix remove_files rm -rfv /etc/rc.d/rc*.d/*postfix diff --git a/src/patches/dnsmasq/001-include_0_0_0_0_8_in_DNS_rebind_checks.patch b/src/patches/dnsmasq/001-include_0_0_0_0_8_in_DNS_rebind_checks.patch new file mode 100644 index 0000000000..8a2557acaf --- /dev/null +++ b/src/patches/dnsmasq/001-include_0_0_0_0_8_in_DNS_rebind_checks.patch @@ -0,0 +1,41 @@ +From d2aa7dfbb6d1088dcbea9fecc61b9293b320eb95 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Mon, 3 Aug 2015 21:52:12 +0100 +Subject: [PATCH] Include 0.0.0.0/8 in DNS rebind checks. + +--- + CHANGELOG | 7 +++++++ + src/rfc1035.c | 3 ++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 901da47..3f4026d 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -1,3 +1,10 @@ ++version 2.76 ++ Include 0.0.0.0/8 in DNS rebind checks. This range ++ translates to hosts on the local network, or, at ++ least, 0.0.0.0 accesses the local host, so could ++ be targets for DNS rebinding. See RFC 5735 section 3 ++ for details. Thanks to Stephen Röttger for the bug report. ++ + version 2.75 + Fix reversion on 2.74 which caused 100% CPU use when a + dhcp-script is configured. Thanks to Adrian Davey for +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 56647b0..29e9e65 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -728,7 +728,8 @@ int private_net(struct in_addr addr, int ban_localhost) + in_addr_t ip_addr = ntohl(addr.s_addr); + + return +- (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ || ++ (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ || ++ ((ip_addr & 0xFF000000) == 0x00000000) /* RFC 5735 section 3. "here" network */ || + ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ || + ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ || + ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ || +-- +1.7.10.4 diff --git a/src/patches/dnsmasq/002-enhance_add_subnet_to_allow_arbitary_subnet_addresses.patch b/src/patches/dnsmasq/002-enhance_add_subnet_to_allow_arbitary_subnet_addresses.patch new file mode 100644 index 0000000000..2d3d6e46d2 --- /dev/null +++ b/src/patches/dnsmasq/002-enhance_add_subnet_to_allow_arbitary_subnet_addresses.patch @@ -0,0 +1,271 @@ +From a7369bef8abd241c3d85633fa9c870943f091e76 Mon Sep 17 00:00:00 2001 +From: Ed Bardsley +Date: Wed, 5 Aug 2015 21:17:18 +0100 +Subject: [PATCH] Enhance --add-subnet to allow arbitary subnet addresses. + +--- + CHANGELOG | 4 ++++ + man/dnsmasq.8 | 32 ++++++++++++++++++++----------- + src/dnsmasq.h | 13 ++++++++++--- + src/option.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- + src/rfc1035.c | 39 +++++++++++++++++++++++++++++++------- + 5 files changed, 121 insertions(+), 26 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 3f4026d..bbc2834 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -4,6 +4,10 @@ version 2.76 + least, 0.0.0.0 accesses the local host, so could + be targets for DNS rebinding. See RFC 5735 section 3 + for details. Thanks to Stephen Röttger for the bug report. ++ ++ Enhance --add-subnet to allow arbitrary subnet addresses. ++ Thanks to Ed Barsley for the patch. ++ + + version 2.75 + Fix reversion on 2.74 which caused 100% CPU use when a +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index c8913b5..a23c898 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -604,17 +604,27 @@ experimental. Also note that exposing MAC addresses in this way may + have security and privacy implications. The warning about caching + given for --add-subnet applies to --add-mac too. + .TP +-.B --add-subnet[[=],] +-Add the subnet address of the requestor to the DNS queries which are +-forwarded upstream. The amount of the address forwarded depends on the +-prefix length parameter: 32 (128 for IPv6) forwards the whole address, +-zero forwards none of it but still marks the request so that no +-upstream nameserver will add client address information either. The +-default is zero for both IPv4 and IPv6. Note that upstream nameservers +-may be configured to return different results based on this +-information, but the dnsmasq cache does not take account. If a dnsmasq +-instance is configured such that different results may be encountered, +-caching should be disabled. ++.B --add-subnet[[=[/]][,[/]]] ++Add a subnet address to the DNS queries which are forwarded ++upstream. If an address is specified in the flag, it will be used, ++otherwise, the address of the requestor will be used. The amount of ++the address forwarded depends on the prefix length parameter: 32 (128 ++for IPv6) forwards the whole address, zero forwards none of it but ++still marks the request so that no upstream nameserver will add client ++address information either. The default is zero for both IPv4 and ++IPv6. Note that upstream nameservers may be configured to return ++different results based on this information, but the dnsmasq cache ++does not take account. If a dnsmasq instance is configured such that ++different results may be encountered, caching should be disabled. ++ ++For example, ++.B --add-subnet=24,96 ++will add the /24 and /96 subnets of the requestor for IPv4 and IPv6 requestors, respectively. ++.B --add-subnet=1.2.3.4/24 ++will add 1.2.3.0/24 for IPv4 requestors and ::/0 for IPv6 requestors. ++.B --add-subnet=1.2.3.4/24,1.2.3.4/24 ++will add 1.2.3.0/24 for both IPv4 and IPv6 requestors. ++ + .TP + .B \-c, --cache-size= + Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching. +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index cf1a782..f42acdb 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -541,6 +541,13 @@ struct iname { + struct iname *next; + }; + ++/* subnet parameters from command line */ ++struct mysubnet { ++ union mysockaddr addr; ++ int addr_used; ++ int mask; ++}; ++ + /* resolv-file parms from command-line */ + struct resolvc { + struct resolvc *next; +@@ -935,9 +942,9 @@ extern struct daemon { + struct auth_zone *auth_zones; + struct interface_name *int_names; + char *mxtarget; +- int addr4_netmask; +- int addr6_netmask; +- char *lease_file; ++ struct mysubnet *add_subnet4; ++ struct mysubnet *add_subnet6; ++ char *lease_file; + char *username, *groupname, *scriptuser; + char *luascript; + char *authserver, *hostmaster; +diff --git a/src/option.c b/src/option.c +index ecc2619..746cd11 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -445,7 +445,7 @@ static struct { + { LOPT_PXE_SERV, ARG_DUP, "", gettext_noop("Boot service for PXE menu."), NULL }, + { LOPT_TEST, 0, NULL, gettext_noop("Check configuration syntax."), NULL }, + { LOPT_ADD_MAC, OPT_ADD_MAC, NULL, gettext_noop("Add requestor's MAC address to forwarded DNS queries."), NULL }, +- { LOPT_ADD_SBNET, ARG_ONE, "[,]", gettext_noop("Add requestor's IP subnet to forwarded DNS queries."), NULL }, ++ { LOPT_ADD_SBNET, ARG_ONE, "[,]", gettext_noop("Add specified IP subnet to forwarded DNS queries."), NULL }, + { LOPT_DNSSEC, OPT_DNSSEC_PROXY, NULL, gettext_noop("Proxy DNSSEC validation results from upstream nameservers."), NULL }, + { LOPT_INCR_ADDR, OPT_CONSEC_ADDR, NULL, gettext_noop("Attempt to allocate sequential IP addresses to DHCP clients."), NULL }, + { LOPT_CONNTRACK, OPT_CONNTRACK, NULL, gettext_noop("Copy connection-track mark from queries to upstream connections."), NULL }, +@@ -722,6 +722,20 @@ static void do_usage(void) + + #define ret_err(x) do { strcpy(errstr, (x)); return 0; } while (0) + ++static char *parse_mysockaddr(char *arg, union mysockaddr *addr) ++{ ++ if (inet_pton(AF_INET, arg, &addr->in.sin_addr) > 0) ++ addr->sa.sa_family = AF_INET; ++#ifdef HAVE_IPV6 ++ else if (inet_pton(AF_INET6, arg, &addr->in6.sin6_addr) > 0) ++ addr->sa.sa_family = AF_INET6; ++#endif ++ else ++ return _("bad address"); ++ ++ return NULL; ++} ++ + char *parse_server(char *arg, union mysockaddr *addr, union mysockaddr *source_addr, char *interface, int *flags) + { + int source_port = 0, serv_port = NAMESERVER_PORT; +@@ -1585,7 +1599,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + li = match_suffix->next; + free(match_suffix->suffix); + free(match_suffix); +- } ++ } + break; + } + +@@ -1593,10 +1607,45 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + set_option_bool(OPT_CLIENT_SUBNET); + if (arg) + { ++ char *err, *end; + comma = split(arg); +- if (!atoi_check(arg, &daemon->addr4_netmask) || +- (comma && !atoi_check(comma, &daemon->addr6_netmask))) +- ret_err(gen_err); ++ ++ struct mysubnet* new = opt_malloc(sizeof(struct mysubnet)); ++ if ((end = split_chr(arg, '/'))) ++ { ++ /* has subnet+len */ ++ err = parse_mysockaddr(arg, &new->addr); ++ if (err) ++ ret_err(err); ++ if (!atoi_check(end, &new->mask)) ++ ret_err(gen_err); ++ new->addr_used = 1; ++ } ++ else if (!atoi_check(arg, &new->mask)) ++ ret_err(gen_err); ++ ++ daemon->add_subnet4 = new; ++ ++ new = opt_malloc(sizeof(struct mysubnet)); ++ if (comma) ++ { ++ if ((end = split_chr(comma, '/'))) ++ { ++ /* has subnet+len */ ++ err = parse_mysockaddr(comma, &new->addr); ++ if (err) ++ ret_err(err); ++ if (!atoi_check(end, &new->mask)) ++ ret_err(gen_err); ++ new->addr_used = 1; ++ } ++ else ++ { ++ if (!atoi_check(comma, &new->mask)) ++ ret_err(gen_err); ++ } ++ } ++ daemon->add_subnet6 = new; + } + break; + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 29e9e65..6a51b30 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -629,26 +629,47 @@ struct subnet_opt { + #endif + }; + ++static void *get_addrp(union mysockaddr *addr, const short family) ++{ ++#ifdef HAVE_IPV6 ++ if (family == AF_INET6) ++ return &addr->in6.sin6_addr; ++#endif ++ ++ return &addr->in.sin_addr; ++} ++ + static size_t calc_subnet_opt(struct subnet_opt *opt, union mysockaddr *source) + { + /* http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-02 */ + + int len; + void *addrp; ++ int sa_family = source->sa.sa_family; + + #ifdef HAVE_IPV6 + if (source->sa.sa_family == AF_INET6) + { +- opt->family = htons(2); +- opt->source_netmask = daemon->addr6_netmask; +- addrp = &source->in6.sin6_addr; ++ opt->source_netmask = daemon->add_subnet6->mask; ++ if (daemon->add_subnet6->addr_used) ++ { ++ sa_family = daemon->add_subnet6->addr.sa.sa_family; ++ addrp = get_addrp(&daemon->add_subnet6->addr, sa_family); ++ } ++ else ++ addrp = &source->in6.sin6_addr; + } + else + #endif + { +- opt->family = htons(1); +- opt->source_netmask = daemon->addr4_netmask; +- addrp = &source->in.sin_addr; ++ opt->source_netmask = daemon->add_subnet4->mask; ++ if (daemon->add_subnet4->addr_used) ++ { ++ sa_family = daemon->add_subnet4->addr.sa.sa_family; ++ addrp = get_addrp(&daemon->add_subnet4->addr, sa_family); ++ } ++ else ++ addrp = &source->in.sin_addr; + } + + opt->scope_netmask = 0; +@@ -656,6 +677,11 @@ static size_t calc_subnet_opt(struct subnet_opt *opt, union mysockaddr *source) + + if (opt->source_netmask != 0) + { ++#ifdef HAVE_IPV6 ++ opt->family = htons(sa_family == AF_INET6 ? 2 : 1); ++#else ++ opt->family = htons(1); ++#endif + len = ((opt->source_netmask - 1) >> 3) + 1; + memcpy(opt->addr, addrp, len); + if (opt->source_netmask & 7) +@@ -2335,4 +2361,3 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, + + return len; + } +- +-- +1.7.10.4 diff --git a/src/patches/dnsmasq/003-dont_answer_non_auth_queries_for_auth_zones_locally_when_localise_queries_set.patch b/src/patches/dnsmasq/003-dont_answer_non_auth_queries_for_auth_zones_locally_when_localise_queries_set.patch new file mode 100644 index 0000000000..cfbcdfbc9f --- /dev/null +++ b/src/patches/dnsmasq/003-dont_answer_non_auth_queries_for_auth_zones_locally_when_localise_queries_set.patch @@ -0,0 +1,34 @@ +From 3a3965ac21b1b759eab8799b6edb09195b671306 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Sun, 9 Aug 2015 17:45:06 +0100 +Subject: [PATCH] Don't answer non-auth queries for auth zones locally when + --localise-queries set. + +--- + src/forward.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/forward.c b/src/forward.c +index 2731b90..b76a974 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -1365,7 +1365,7 @@ void receive_query(struct listener *listen, time_t now) + + #ifdef HAVE_AUTH + /* find queries for zones we're authoritative for, and answer them directly */ +- if (!auth_dns) ++ if (!auth_dns && !option_bool(OPT_LOCALISE)) + for (zone = daemon->auth_zones; zone; zone = zone->next) + if (in_zone(zone, daemon->namebuff, NULL)) + { +@@ -1904,7 +1904,7 @@ unsigned char *tcp_request(int confd, time_t now, + + #ifdef HAVE_AUTH + /* find queries for zones we're authoritative for, and answer them directly */ +- if (!auth_dns) ++ if (!auth_dns && !option_bool(OPT_LOCALISE)) + for (zone = daemon->auth_zones; zone; zone = zone->next) + if (in_zone(zone, daemon->namebuff, NULL)) + { +-- +1.7.10.4 diff --git a/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch b/src/patches/fireinfo/0001-Add-an-other-forbidden-string-Serial.patch similarity index 90% rename from src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch rename to src/patches/fireinfo/0001-Add-an-other-forbidden-string-Serial.patch index d7108520d4..00c983809f 100644 --- a/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch +++ b/src/patches/fireinfo/0001-Add-an-other-forbidden-string-Serial.patch @@ -1,7 +1,7 @@ From edacae4b2cdc41f1c0bfc93e041532ff6c49f60c Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 17 Mar 2015 22:19:17 +0100 -Subject: [PATCH] Add an other forbidden string: "Serial" +Subject: [PATCH 1/5] Add an other forbidden string: "Serial" --- src/fireinfo/system.py | 2 +- @@ -21,5 +21,5 @@ index daf77b399d20..9d7872822b85 100644 "01010101-0101-0101-0101-010101010101", "00020003-0004-0005-0006-000700080009", -- -2.1.0 +2.4.3 diff --git a/src/patches/fireinfo/0002-Escape-any-non-printable-ascii-characters.patch b/src/patches/fireinfo/0002-Escape-any-non-printable-ascii-characters.patch new file mode 100644 index 0000000000..576154b7d2 --- /dev/null +++ b/src/patches/fireinfo/0002-Escape-any-non-printable-ascii-characters.patch @@ -0,0 +1,69 @@ +From 4468fb2eb49e21d2350f6619584e6816f5159d29 Mon Sep 17 00:00:00 2001 +From: Michael Tremer +Date: Sat, 28 Mar 2015 13:17:57 +0100 +Subject: [PATCH 2/5] Escape any non-printable ascii characters + +http://forum.ipfire.org/viewtopic.php?f=5&t=12970 +--- + src/fireinfo/system.py | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py +index 9d7872822b85..4148c66eded7 100644 +--- a/src/fireinfo/system.py ++++ b/src/fireinfo/system.py +@@ -325,6 +325,16 @@ class System(object): + + return v, m + ++ @staticmethod ++ def escape_string(s): ++ """ ++ Will remove all non-printable characters from the given string ++ """ ++ if s is None: ++ return ++ ++ return filter(lambda x: x in string.printable, s) ++ + @property + def vendor(self): + """ +@@ -334,14 +344,14 @@ class System(object): + for file in ("sys_vendor", "board_vendor", "chassis_vendor",): + ret = read_from_file(os.path.join(SYS_CLASS_DMI, file)) + if ret: +- return ret ++ return self.escape_string(ret) + + if os.path.exists("/proc/device-tree"): + ret = self.__cpuinfo.get("Hardware", None) + else: + ret, m = self.vendor_model_tuple() + +- return ret ++ return self.escape_string(ret) + + @property + def model(self): +@@ -352,7 +362,7 @@ class System(object): + for file in ("product_name", "board_model", "chassis_model",): + ret = read_from_file(os.path.join(SYS_CLASS_DMI, file)) + if ret: +- return ret ++ return self.escape_string(ret) + + # Read device-tree model if available + ret = read_from_file("/proc/device-tree/model") +@@ -364,7 +374,7 @@ class System(object): + if not ret: + v, ret = self.vendor_model_tuple() + +- return ret ++ return self.escape_string(ret) + + @property + def memory(self): +-- +2.4.3 + diff --git a/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch b/src/patches/fireinfo/0003-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch similarity index 90% rename from src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch rename to src/patches/fireinfo/0003-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch index 24a8ca10ff..f64325117a 100644 --- a/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch +++ b/src/patches/fireinfo/0003-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch @@ -1,7 +1,8 @@ From c667589410912ca980a78f417e86dd6585d58f9a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 4 May 2015 16:00:31 +0200 -Subject: [PATCH] Skip search for hypervisor name when the CPU string is empty +Subject: [PATCH 3/5] Skip search for hypervisor name when the CPU string is + empty --- src/_fireinfo/fireinfo.c | 11 ++++++----- @@ -30,5 +31,5 @@ index fc639d9d4cd9..6601c21a733f 100644 } -- -2.1.0 +2.4.3 diff --git a/src/patches/fireinfo/0004-Filter-all-IDs-that-only-consist-of-0xff.patch b/src/patches/fireinfo/0004-Filter-all-IDs-that-only-consist-of-0xff.patch new file mode 100644 index 0000000000..737a319c59 --- /dev/null +++ b/src/patches/fireinfo/0004-Filter-all-IDs-that-only-consist-of-0xff.patch @@ -0,0 +1,28 @@ +From d58f8ef75a29dd6f8968084b5383ce0f39c75666 Mon Sep 17 00:00:00 2001 +From: Michael Tremer +Date: Wed, 12 Aug 2015 10:50:42 +0100 +Subject: [PATCH 4/5] Filter all IDs that only consist of 0xff + +Signed-off-by: Michael Tremer +--- + src/fireinfo/system.py | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py +index 4148c66eded7..edf7359a17e6 100644 +--- a/src/fireinfo/system.py ++++ b/src/fireinfo/system.py +@@ -255,6 +255,10 @@ class System(object): + id = None + break + ++ # Check if the string only contains 0xff ++ if all((e == "\xff" for e in id)): ++ id = None ++ + if id: + _ids.append(id) + +-- +2.4.3 + diff --git a/src/patches/fireinfo/0005-Fix-crash-if-there-is-id-has-already-been-reset-to-N.patch b/src/patches/fireinfo/0005-Fix-crash-if-there-is-id-has-already-been-reset-to-N.patch new file mode 100644 index 0000000000..dcc552da17 --- /dev/null +++ b/src/patches/fireinfo/0005-Fix-crash-if-there-is-id-has-already-been-reset-to-N.patch @@ -0,0 +1,26 @@ +From deafec982e4c8f2e6ffa3bf70b0a94fa30158e9a Mon Sep 17 00:00:00 2001 +From: Michael Tremer +Date: Wed, 9 Sep 2015 15:04:43 +0100 +Subject: [PATCH 5/5] Fix crash if there is id has already been reset to None + +Signed-off-by: Michael Tremer +--- + src/fireinfo/system.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py +index edf7359a17e6..c2ba12e818f0 100644 +--- a/src/fireinfo/system.py ++++ b/src/fireinfo/system.py +@@ -256,7 +256,7 @@ class System(object): + break + + # Check if the string only contains 0xff +- if all((e == "\xff" for e in id)): ++ if id and all((e == "\xff" for e in id)): + id = None + + if id: +-- +2.4.3 + diff --git a/src/patches/glibc/glibc-rh1217186.patch b/src/patches/glibc/glibc-rh1217186.patch new file mode 100644 index 0000000000..6c6c3934ef --- /dev/null +++ b/src/patches/glibc/glibc-rh1217186.patch @@ -0,0 +1,65 @@ +# +# Author: Carlos O'Donell +# Upstream status: Needs to go upstream (2015-05-07) +# +diff --git a/inet/rcmd.c b/inet/rcmd.c +index acacaa0..9f2443b 100644 +--- a/inet/rcmd.c ++++ b/inet/rcmd.c +@@ -803,29 +803,38 @@ __validuser2_sa(hostf, ra, ralen, luser, ruser, rhost) + *p = '\0'; /* terminate username (+host?) */ + + /* buf -> host(?) ; user -> username(?) */ ++ if (*buf == '\0') ++ break; ++ if (*user == '\0') ++ user = luser; ++ ++ /* First check the user part. This is an optimization, since ++ one should always check the host first in order to detect ++ negative host checks (which we check for later). */ ++ ucheck = __icheckuser (user, ruser); ++ ++ /* Either we found the user, or we didn't and this is a ++ negative host check. We must do the negative host lookup ++ in order to preserve the semantics of stopping on this line ++ before processing others. */ ++ if (ucheck != 0 || *buf == '-') { ++ ++ /* Next check host part */ ++ hcheck = __checkhost_sa (ra, ralen, buf, rhost); ++ ++ /* Negative '-host user(?)' match? */ ++ if (hcheck < 0) ++ break; + +- /* First check host part */ +- hcheck = __checkhost_sa (ra, ralen, buf, rhost); +- +- if (hcheck < 0) +- break; +- +- if (hcheck) { +- /* Then check user part */ +- if (! (*user)) +- user = luser; +- +- ucheck = __icheckuser (user, ruser); +- +- /* Positive 'host user' match? */ +- if (ucheck > 0) { ++ /* Positive 'host user' match? */ ++ if (hcheck > 0 && ucheck > 0) { + retval = 0; + break; + } + +- /* Negative 'host -user' match? */ +- if (ucheck < 0) +- break; ++ /* Negative 'host -user' match? */ ++ if (hcheck > 0 && ucheck < 0) ++ break; + + /* Neither, go on looking for match */ + } diff --git a/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch b/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch new file mode 100644 index 0000000000..20ead09231 --- /dev/null +++ b/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch @@ -0,0 +1,110 @@ +From f6efcf125123199d446c5561266c3c3846ed9f30 Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Wed, 3 Jun 2015 16:51:59 +0000 +Subject: [PATCH] Fix another buffer overflow. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported to 8.37: + +commit 225f0d5eb16c7a26591a1e3f286c7476907b5a6a +Author: ph10 +Date: Wed Jun 3 16:51:59 2015 +0000 + + Fix another buffer overflow. + + git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1562 2f5784b3-3f2a-0410-8824-cb99058d5e15 + +Signed-off-by: Petr Písař +--- + pcre_compile.c | 7 ++++++- + testdata/testinput2 | 2 ++ + testdata/testoutput11-16 | 2 +- + testdata/testoutput11-32 | 2 +- + testdata/testoutput11-8 | 2 +- + testdata/testoutput2 | 2 ++ + 6 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/pcre_compile.c b/pcre_compile.c +index 8b4aaef..f5d2384 100644 +--- a/pcre_compile.c ++++ b/pcre_compile.c +@@ -7210,7 +7210,12 @@ for (;; ptr++) + real compile this will be picked up and the reference wrapped with + OP_ONCE to make it atomic, so we must space in case this occurs. */ + +- if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE; ++ /* In fact, this can happen for a non-forward reference because ++ another group with the same number might be created later. This ++ issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance ++ only mode, we finesse the bug by allowing more memory always. */ ++ ++ /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE; + } + + /* In the real compile, search the name table. We check the name +diff --git a/testdata/testinput2 b/testdata/testinput2 +index 5cc9ce6..e12de3a 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -4156,4 +4156,6 @@ backtracking verbs. --/ + + /(?=di(?<=(?1))|(?=(.))))/ + ++"(?J:(?|(?'R')(\k'R')|((?'R'))))" ++ + /-- End of testinput2 --/ +diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16 +index 422f2ad..e222e7c 100644 +--- a/testdata/testoutput11-16 ++++ b/testdata/testoutput11-16 +@@ -231,7 +231,7 @@ Memory allocation (code space): 73 + ------------------------------------------------------------------ + + /(?Pa)...(?P=a)bbb(?P>a)d/BM +-Memory allocation (code space): 61 ++Memory allocation (code space): 77 + ------------------------------------------------------------------ + 0 24 Bra + 2 5 CBra 1 +diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32 +index d953ec8..9a80ec9 100644 +--- a/testdata/testoutput11-32 ++++ b/testdata/testoutput11-32 +@@ -231,7 +231,7 @@ Memory allocation (code space): 155 + ------------------------------------------------------------------ + + /(?Pa)...(?P=a)bbb(?P>a)d/BM +-Memory allocation (code space): 125 ++Memory allocation (code space): 157 + ------------------------------------------------------------------ + 0 24 Bra + 2 5 CBra 1 +diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8 +index 6ec18ec..3adaca2 100644 +--- a/testdata/testoutput11-8 ++++ b/testdata/testoutput11-8 +@@ -231,7 +231,7 @@ Memory allocation (code space): 45 + ------------------------------------------------------------------ + + /(?Pa)...(?P=a)bbb(?P>a)d/BM +-Memory allocation (code space): 38 ++Memory allocation (code space): 50 + ------------------------------------------------------------------ + 0 30 Bra + 3 7 CBra 1 +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index 4decb8d..5bad26c 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -14428,4 +14428,6 @@ Failed: lookbehind assertion is not fixed length at offset 17 + /(?=di(?<=(?1))|(?=(.))))/ + Failed: unmatched parentheses at offset 23 + ++"(?J:(?|(?'R')(\k'R')|((?'R'))))" ++ + /-- End of testinput2 --/ +-- +2.4.3 + diff --git a/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch b/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch new file mode 100644 index 0000000000..ab1b96213a --- /dev/null +++ b/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch @@ -0,0 +1,190 @@ +From b3f0b0dd971314df8f865e221aa1a88e75d6d1a6 Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Wed, 5 Aug 2015 15:38:32 +0000 +Subject: [PATCH] Fix buffer overflow for named references in (?| situations. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported for 8.37: + +commit 7af8e8717def179fd7b69e173abd347c1a3547cb +Author: ph10 +Date: Wed Aug 5 15:38:32 2015 +0000 + + Fix buffer overflow for named references in (?| situations. + + git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1585 2f5784b3-3f2a-0410-8824-cb99058d5e15 + +Signed-off-by: Petr Písař +--- + pcre_compile.c | 74 ++++++++++++++++++++++++++++++---------------------- + pcre_internal.h | 1 + + testdata/testinput2 | 2 ++ + testdata/testoutput2 | 2 ++ + 4 files changed, 48 insertions(+), 31 deletions(-) + +diff --git a/pcre_compile.c b/pcre_compile.c +index f5d2384..5fe5c1d 100644 +--- a/pcre_compile.c ++++ b/pcre_compile.c +@@ -6641,6 +6641,7 @@ for (;; ptr++) + /* ------------------------------------------------------------ */ + case CHAR_VERTICAL_LINE: /* Reset capture count for each branch */ + reset_bracount = TRUE; ++ cd->dupgroups = TRUE; /* Record (?| encountered */ + /* Fall through */ + + /* ------------------------------------------------------------ */ +@@ -7151,7 +7152,8 @@ for (;; ptr++) + if (lengthptr != NULL) + { + named_group *ng; +- ++ recno = 0; ++ + if (namelen == 0) + { + *errorcodeptr = ERR62; +@@ -7168,32 +7170,6 @@ for (;; ptr++) + goto FAILED; + } + +- /* The name table does not exist in the first pass; instead we must +- scan the list of names encountered so far in order to get the +- number. If the name is not found, set the value to 0 for a forward +- reference. */ +- +- recno = 0; +- ng = cd->named_groups; +- for (i = 0; i < cd->names_found; i++, ng++) +- { +- if (namelen == ng->length && +- STRNCMP_UC_UC(name, ng->name, namelen) == 0) +- { +- open_capitem *oc; +- recno = ng->number; +- if (is_recurse) break; +- for (oc = cd->open_caps; oc != NULL; oc = oc->next) +- { +- if (oc->number == recno) +- { +- oc->flag = TRUE; +- break; +- } +- } +- } +- } +- + /* Count named back references. */ + + if (!is_recurse) cd->namedrefcount++; +@@ -7215,7 +7191,44 @@ for (;; ptr++) + issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance + only mode, we finesse the bug by allowing more memory always. */ + +- /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE; ++ *lengthptr += 2 + 2*LINK_SIZE; ++ ++ /* It is even worse than that. The current reference may be to an ++ existing named group with a different number (so apparently not ++ recursive) but which later on is also attached to a group with the ++ current number. This can only happen if $(| has been previous ++ encountered. In that case, we allow yet more memory, just in case. ++ (Again, this is fixed "properly" in PCRE2. */ ++ ++ if (cd->dupgroups) *lengthptr += 2 + 2*LINK_SIZE; ++ ++ /* Otherwise, check for recursion here. The name table does not exist ++ in the first pass; instead we must scan the list of names encountered ++ so far in order to get the number. If the name is not found, leave ++ the value of recno as 0 for a forward reference. */ ++ ++ else ++ { ++ ng = cd->named_groups; ++ for (i = 0; i < cd->names_found; i++, ng++) ++ { ++ if (namelen == ng->length && ++ STRNCMP_UC_UC(name, ng->name, namelen) == 0) ++ { ++ open_capitem *oc; ++ recno = ng->number; ++ if (is_recurse) break; ++ for (oc = cd->open_caps; oc != NULL; oc = oc->next) ++ { ++ if (oc->number == recno) ++ { ++ oc->flag = TRUE; ++ break; ++ } ++ } ++ } ++ } ++ } + } + + /* In the real compile, search the name table. We check the name +@@ -7262,8 +7275,6 @@ for (;; ptr++) + for (i++; i < cd->names_found; i++) + { + if (STRCMP_UC_UC(slot + IMM2_SIZE, cslot + IMM2_SIZE) != 0) break; +- +- + count++; + cslot += cd->name_entry_size; + } +@@ -9189,6 +9200,7 @@ cd->names_found = 0; + cd->name_entry_size = 0; + cd->name_table = NULL; + cd->dupnames = FALSE; ++cd->dupgroups = FALSE; + cd->namedrefcount = 0; + cd->start_code = cworkspace; + cd->hwm = cworkspace; +@@ -9223,7 +9235,7 @@ if (errorcode != 0) goto PCRE_EARLY_ERROR_RETURN; + + DPRINTF(("end pre-compile: length=%d workspace=%d\n", length, + (int)(cd->hwm - cworkspace))); +- ++ + if (length > MAX_PATTERN_SIZE) + { + errorcode = ERR20; +diff --git a/pcre_internal.h b/pcre_internal.h +index dd0ac7f..7ca6020 100644 +--- a/pcre_internal.h ++++ b/pcre_internal.h +@@ -2446,6 +2446,7 @@ typedef struct compile_data { + BOOL had_pruneorskip; /* (*PRUNE) or (*SKIP) encountered */ + BOOL check_lookbehind; /* Lookbehinds need later checking */ + BOOL dupnames; /* Duplicate names exist */ ++ BOOL dupgroups; /* Duplicate groups exist: (?| found */ + BOOL iscondassert; /* Next assert is a condition */ + int nltype; /* Newline type */ + int nllen; /* Newline string length */ +diff --git a/testdata/testinput2 b/testdata/testinput2 +index e12de3a..8e044f8 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -4158,4 +4158,6 @@ backtracking verbs. --/ + + "(?J:(?|(?'R')(\k'R')|((?'R'))))" + ++/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/ ++ + /-- End of testinput2 --/ +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index 5bad26c..6019425 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -14430,4 +14430,6 @@ Failed: unmatched parentheses at offset 23 + + "(?J:(?|(?'R')(\k'R')|((?'R'))))" + ++/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/ ++ + /-- End of testinput2 --/ +-- +2.4.3 + diff --git a/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch b/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch new file mode 100644 index 0000000000..837e86f348 --- /dev/null +++ b/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch @@ -0,0 +1,98 @@ +From 83ed574998fe7b844b98ab7cd56291068feb9e31 Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Sat, 16 May 2015 11:05:40 +0000 +Subject: [PATCH] Fix named forward reference to duplicate group number + overflow bug. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Port to 8.37: + +commit 2fa78aa4e42bcebf2d616c4ee89c012f29dc3447 +Author: ph10 +Date: Sat May 16 11:05:40 2015 +0000 + + Fix named forward reference to duplicate group number overflow bug. + + git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1559 2f5784b3-3f2a-0410-8824-cb99058d5e15 + +Signed-off-by: Petr Písař +--- + pcre_compile.c | 24 ++++++++++++++++-------- + testdata/testinput1 | 3 +++ + testdata/testoutput1 | 5 +++++ + 3 files changed, 24 insertions(+), 8 deletions(-) + +diff --git a/pcre_compile.c b/pcre_compile.c +index b66b1f6..8b4aaef 100644 +--- a/pcre_compile.c ++++ b/pcre_compile.c +@@ -7183,15 +7183,15 @@ for (;; ptr++) + open_capitem *oc; + recno = ng->number; + if (is_recurse) break; +- for (oc = cd->open_caps; oc != NULL; oc = oc->next) +- { +- if (oc->number == recno) +- { +- oc->flag = TRUE; ++ for (oc = cd->open_caps; oc != NULL; oc = oc->next) ++ { ++ if (oc->number == recno) ++ { ++ oc->flag = TRUE; + break; +- } +- } +- } ++ } ++ } ++ } + } + + /* Count named back references. */ +@@ -7203,6 +7203,14 @@ for (;; ptr++) + 16-bit data item. */ + + *lengthptr += IMM2_SIZE; ++ ++ /* If this is a forward reference and we are within a (?|...) group, ++ the reference may end up as the number of a group which we are ++ currently inside, that is, it could be a recursive reference. In the ++ real compile this will be picked up and the reference wrapped with ++ OP_ONCE to make it atomic, so we must space in case this occurs. */ ++ ++ if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE; + } + + /* In the real compile, search the name table. We check the name +diff --git a/testdata/testinput1 b/testdata/testinput1 +index 73c2f4d..8379ce0 100644 +--- a/testdata/testinput1 ++++ b/testdata/testinput1 +@@ -5730,4 +5730,7 @@ AbcdCBefgBhiBqz + "(?1)(?#?'){8}(a)" + baaaaaaaaac + ++"(?|(\k'Pm')|(?'Pm'))" ++ abcd ++ + /-- End of testinput1 --/ +diff --git a/testdata/testoutput1 b/testdata/testoutput1 +index 0a53fd0..e852ab9 100644 +--- a/testdata/testoutput1 ++++ b/testdata/testoutput1 +@@ -9429,4 +9429,9 @@ No match + 0: aaaaaaaaa + 1: a + ++"(?|(\k'Pm')|(?'Pm'))" ++ abcd ++ 0: ++ 1: ++ + /-- End of testinput1 --/ +-- +2.4.3 + diff --git a/src/patches/squid-3.4-13228.patch b/src/patches/squid-3.4-13228.patch new file mode 100644 index 0000000000..7f7d16f5bd --- /dev/null +++ b/src/patches/squid-3.4-13228.patch @@ -0,0 +1,35 @@ +------------------------------------------------------------ +revno: 13228 +revision-id: squid3@treenet.co.nz-20150828132334-3r7v4kh1lrqprrqg +parent: squid3@treenet.co.nz-20150801072237-5tzh2dczozz1e8sq +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3696 +committer: Amos Jeffries +branch nick: 3.4 +timestamp: Fri 2015-08-28 06:23:34 -0700 +message: + Bug 3696: crash when client delay pools are activated +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20150828132334-3r7v4kh1lrqprrqg +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# testament_sha1: d193928c4656282187f2a31bf66d43fd4c247177 +# timestamp: 2015-08-28 13:33:44 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# base_revision_id: squid3@treenet.co.nz-20150801072237-\ +# 5tzh2dczozz1e8sq +# +# Begin patch +=== modified file 'src/client_side.cc' +--- src/client_side.cc 2014-06-21 04:24:37 +0000 ++++ src/client_side.cc 2015-08-28 13:23:34 +0000 +@@ -3447,7 +3447,8 @@ + + /* pools require explicit 'allow' to assign a client into them */ + if (pools[pool].access) { +- ch.accessList = pools[pool].access; ++ cbdataReferenceDone(ch.accessList); ++ ch.accessList = cbdataReference(pools[pool].access); + allow_t answer = ch.fastCheck(); + if (answer == ACCESS_ALLOWED) { + + diff --git a/src/squid-accounting/accounting.cgi b/src/squid-accounting/accounting.cgi index 1ec9849eb7..1064763c28 100755 --- a/src/squid-accounting/accounting.cgi +++ b/src/squid-accounting/accounting.cgi @@ -56,12 +56,17 @@ my $count=0; my $col; my $proxlog=$Lang::tr{'stopped'}; my $proxsrv=$Lang::tr{'stopped'}; +my $mailfile="${General::swroot}/dma/mail.conf"; &Header::getcgihash(\%cgiparams); &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); &General::readhash("$settingsfile", \%settings) if(-f $settingsfile); +if ( -f $mailfile){ + &General::readhash($mailfile, \%mail); +} + #Find out which lang is set (used later to set decimal separator correctly) my $uplang=uc($mainsettings{'LANGUAGE'}); setlocale LC_NUMERIC,"$mainsettings{'LANGUAGE'}_$uplang"; @@ -136,11 +141,6 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite if ($cgiparams{'USEMAIL'} eq 'on'){ $errormessage=&checkmailsettings; }elsif($cgiparams{'USEMAIL'} ne 'on'){ - $cgiparams{'txt_mailserver'}=''; - $cgiparams{'txt_mailport'}=''; - $cgiparams{'txt_mailuser'}=''; - $cgiparams{'txt_mailpass'}=''; - $cgiparams{'mail_tls'}=''; $cgiparams{'txt_mailsender'}=''; $cgiparams{'txt_mailsubject'}=''; $mailtxt=''; @@ -155,11 +155,6 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite $settings{'CURRENCY'} = $cgiparams{'txt_currency'}; $settings{'SKIPURLS'} = $skipurls; $settings{'USEMAIL'} = $cgiparams{'USEMAIL'}; - $settings{'MAILSRV'} = $cgiparams{'txt_mailserver'}; - $settings{'MAILPORT'} = $cgiparams{'txt_mailport'}; - $settings{'MAILUSER'} = $cgiparams{'txt_mailuser'}; - $settings{'MAILPASS'} = $cgiparams{'txt_mailpass'}; - $settings{'TLS'} = $cgiparams{'mail_tls'}; $settings{'MAILSENDER'} = $cgiparams{'txt_mailsender'}; $settings{'MAILSUB'} = $cgiparams{'txt_mailsubject'}; $settings{'MAILTXT'} = $mailtxt; @@ -568,10 +563,6 @@ sub configsite{ #If update set fieldvalues new if($cgiparams{'update'} eq 'on'){ $settings{'USEMAIL'} = 'on'; - $settings{'MAILSRV'} = $cgiparams{'txt_mailserver'}; - $settings{'MAILPORT'} = $cgiparams{'txt_mailport'}; - $settings{'MAILUSER'} = $cgiparams{'txt_mailuser'}; - $settings{'MAILPASS'} = $cgiparams{'txt_mailpass'}; $settings{'MAILSUB'} = $cgiparams{'txt_mailsubject'}; $settings{'MAILTXT'} = $cgiparams{'txt_mailtxt'}; } @@ -580,14 +571,13 @@ sub configsite{ $checked{'logging'}{$settings{'LOG'}} = 'CHECKED'; $checked{'multiuser'}{$settings{'MULTIUSER'}} = 'CHECKED'; $checked{'usemail'}{$settings{'USEMAIL'}} = 'CHECKED'; - $checked{'mail_tls'}{$settings{'TLS'}} = 'CHECKED'; - + #Open site &Header::openpage($Lang::tr{'acct settings'}, 1, ''); &Header::openbigbox('100%', 'center'); &error; &Header::openbox('100%', 'left', $Lang::tr{'acct config'}); - + #### JAVA SCRIPT #### print< @@ -631,57 +621,45 @@ END $Lang::tr{'acct multiuser'} - + $Lang::tr{'acct mwst'} + $Lang::tr{'acct currency'} - + $Lang::tr{'acct skipurl'} +END + +if ($mail{'USEMAIL'} eq 'on'){ + if (!$settings{'MAILSENDER'}){ + $settings{'MAILSENDER'} = $mail{'SENDER'}; + } +print < $Lang::tr{'acct usemail'} -
+END +} +print <
- - - - - - - - - - - - - - - - - - - - - + - - - @@ -693,7 +671,6 @@ END
$Lang::tr{'acct mailaddr'}
$Lang::tr{'acct mailport'}
$Lang::tr{'acct mailuser'}*
$Lang::tr{'acct mailpass'}*
$Lang::tr{'acct tls'}
$Lang::tr{'acct mailsender'}$Lang::tr{'acct mailsender'}
 
$Lang::tr{'acct subject'}
- @@ -1119,28 +1096,28 @@ print< $Lang::tr{'acct customer'}   $Lang::tr{'acct hoster'} - + - + - + - + - + - + @@ -1148,7 +1125,7 @@ print< - + + - + - + - + @@ -1180,25 +1157,25 @@ print< - + - + - + - + END @@ -2175,18 +2152,6 @@ END } sub checkmailsettings{ - #Check if mailserver is an ip address or a domain - if ($cgiparams{'txt_mailserver'} =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/){ - if (! &General::validip($cgiparams{'txt_mailserver'})){ - $errormessage.="$Lang::tr{'acct invalid mailip'} $cgiparams{'txt_mailserver'}
"; - } - }elsif(! &General::validfqdn($cgiparams{'txt_mailserver'})){ - $errormessage.="$Lang::tr{'acct invalid mailfqdn'} $cgiparams{'txt_mailserver'}
"; - } - #Check valid mailserverport - if($cgiparams{'txt_mailport'} < 1 || $cgiparams{'txt_mailport'} > 65535){ - $errormessage.="$Lang::tr{'acct invalid mailport'} $cgiparams{'txt_mailport'}
"; - } #Check valid sender if(! $cgiparams{'txt_mailsender'}){ $errormessage.="$Lang::tr{'acct empty field'} $Lang::tr{'acct mailsender'}
"; diff --git a/src/squid-accounting/acct.de.pl b/src/squid-accounting/acct.de.pl index 2110cf7014..0291a9d250 100644 --- a/src/squid-accounting/acct.de.pl +++ b/src/squid-accounting/acct.de.pl @@ -88,9 +88,9 @@ 'acct mwst' => 'Mehrwertsteuer in %', 'acct name1' => 'Name 1', 'acct name2' => 'Name 2', +'acct not optional' => 'Diese Felder sind Pflichtfelder', 'acct nr' => 'RG-Nr.', 'acct oldestdb' => 'Erster DB-Eintrag', -'acct optional' => 'Diese Felder sind optional', 'acct parameter' => 'Parameter', 'acct path' => 'Pfad', 'acct pdf billtxt' => 'Rechnung', diff --git a/src/squid-accounting/acct.en.pl b/src/squid-accounting/acct.en.pl index 3e3ed19017..913f2a79fa 100644 --- a/src/squid-accounting/acct.en.pl +++ b/src/squid-accounting/acct.en.pl @@ -90,7 +90,7 @@ 'acct name2' => 'Name 2', 'acct nr' => 'RG-No.', 'acct oldestdb' => 'Fist DB Entry', -'acct optional' => 'These fields are optional', +'acct not optional' => 'These fields are required', 'acct parameter' => 'Parameter', 'acct path' => 'Path', 'acct pdf billtxt' => 'Bill', diff --git a/src/squid-accounting/acct.pl b/src/squid-accounting/acct.pl index 7222689458..68eb63c75e 100755 --- a/src/squid-accounting/acct.pl +++ b/src/squid-accounting/acct.pl @@ -27,6 +27,8 @@ use Time::Local; use File::ReadBackwards; use strict; +use MIME::Lite; + #use warnings; require '/var/ipfire/general-functions.pl'; @@ -62,6 +64,11 @@ my ($mini,$max)=&ACCT::getminmax; my $now = localtime; my $proxylog; my $proxysrv; +my $dmafile="${General::swroot}/dma/dma.conf"; +my $authfile="${General::swroot}/dma/auth.conf"; +my $mailfile="${General::swroot}/dma/mail.conf"; +my %mail=(); +my %dma=(); ######## # Main # @@ -69,6 +76,7 @@ my $proxysrv; &checkproxy; + #If we have a disabled file and the proxy is off, we don't need to check anything, exit! if((! -f $proxyenabled || $proxylog eq $Lang::tr{'stopped'}) && -f "${General::swroot}/accounting/disabled"){ &ACCT::logger($settings{'LOG'}," Proxy or proxylogging disabled - exiting with no data collection\n"); @@ -92,7 +100,7 @@ if (-f $proxyenabled && $proxylog eq $Lang::tr{'running'}){ $dbh=&ACCT::connectdb; my $m=sprintf("%d",(localtime((time-3600)))[4]+1); &ACCT::logger($settings{'LOG'},"month before one hour $m, now is ".($mon+1)."\n"); - if ($m < ($mon+1) || $m == '12' && ($mon+1) == '1'){ + if ($m = ($mon+1) || $m == '12' && ($mon+1) == '1'){ #Logrotate my $year1=$year+1900; system ("tar", "cfz", "/var/log/accounting-$m-$year1.tar.gz", "/var/log/accounting.log"); @@ -103,11 +111,22 @@ if (-f $proxyenabled && $proxylog eq $Lang::tr{'running'}){ #move all db entries older than this month to second table and cumulate them daily &ACCT::movedbdata; &ACCT::logger($settings{'LOG'},"New Month. Old trafficvalues moved to ACCT_HIST Table\n"); - if ($settings{'USEMAIL'} eq 'on'){ + #check if mail is enabled + if ( -f $mailfile){ + &General::readhash($mailfile, \%mail); + } + if ($mail{'USEMAIL'} eq 'on'){ &ACCT::logger($settings{'LOG'},"Mailserver is activated - Now sending bills via mail...\n"); my $res=&ACCT::getbillgroups; foreach my $line (@$res){ my ($grp) = @$line; + open (FILE, "<", $dmafile) or die $!; + foreach my $line () { + $line =~ m/^([A-Z]+)\s+?(.*)?$/; + my $key = $1; + my $val = $2; + $dma{$key}=$val; + } &sendbill($grp,$settings{'MWST'},$settings{'CURRENCY'}); } }else{ @@ -214,7 +233,7 @@ sub sendbill { $month = '0'.$actmonth if $actmonth < 10; $month = '12' if $actmonth == 0; my $actyear = $now[5]; - my ($from,$till)=&ACCT::getmonth($actmonth,$actyear); #FIXME month and year as variables! + my ($from,$till)=&ACCT::getmonth($actmonth,$actyear); my @billar = &ACCT::GetTaValues($from,$till,$rggrp); my $address_cust = &ACCT::getTaAddress($rggrp,'CUST'); my $address_host = &ACCT::getTaAddress($rggrp,'HOST'); @@ -229,23 +248,34 @@ sub sendbill { if ($back eq '0'){ &ACCT::logger($settings{'LOG'},"Bill for $company_cust successfully created.\n"); - my $file="'/var/ipfire/accounting/bill/$rggrp/$month-$actyear-$no.pdf'"; + my $file="/var/ipfire/accounting/bill/$rggrp/$month-$actyear-$no.pdf"; $settings{'MAILTXT'} =~ tr/\|/\r\n/ ; - my $cmd = "/usr/local/bin/sendEmail "; - $cmd .= " -f $settings{'MAILSENDER'}"; #Sender - $cmd .= " -t $email"; #Recipient - if ($ccmail){ - $cmd .= " -cc $ccmail"; - } - #Send Mail via TLS? - if ($settings{'TLS'} eq 'on'){ - $cmd .= " -o tls=yes"; #TLS - } - $cmd .= " -u '$settings{'MAILSUB'}'"; #Subject - $cmd .= " -m '$settings{'MAILTXT'}'"; #Mailtext - $cmd .= " -s $settings{'MAILSRV'}:$settings{'MAILPORT'}"; #Mailserver:port - $cmd .= " -a $file"; - my $res=system ($cmd); + + #extract filename from path + my ($filename) = $file =~ m{([^/]+)$}; + + my $msg = MIME::Lite->new( + From => $mail{'SENDER'}, + To => $email, + Cc => $ccmail, + Subject => $settings{'MAILSUB'}, + Type => 'multipart/mixed' + ); + + $msg->attach( + Type => 'TEXT', + Data => $settings{'MAILTXT'} + ); + + $msg->attach( + Type => 'application/pdf', + Path => $file, + Filename => $filename, + Disposition => 'attachment' + ); + + my $res=$msg->send_by_sendmail; + if ($res == 0){ &ACCT::logger($settings{'LOG'},"Bill for $company_cust successfully sent.\n"); }elsif ($res > 0){ @@ -255,13 +285,19 @@ sub sendbill { }else{ &ACCT::logger($settings{'LOG'},"ERROR Bill for $company_cust could not be created.\n"); - my $cmd = "/usr/local/bin/sendEmail "; - $cmd .= " -f $settings{'MAILSENDER'}"; - $cmd .= " -t $settings{'MAILSENDER'}"; - $cmd .= " -u Fehler Squid Accounting"; - $cmd .= " -m 'Die Rechnung konnte nicht erzeugt und per Mail versendet werden' $company_cust"; - $cmd .= " -s $settings{'MAILSRV'}:$settings{'MAILPORT'}"; - my $res=system ($cmd); + my $msg = MIME::Lite->new( + From => $mail{'SENDER'}, + To => $mail{'RECIPIENT'}, + Subject => "ERROR Squid Accounting", + Type => 'multipart/mixed' + ); + + $msg->attach( + Type => 'TEXT', + Data => "The bill could not be created for customer $company_cust" + ); + + $msg->send_by_sendmail; return 0; } }
$Lang::tr{'acct bank'}$Lang::tr{'acct bank'}*
$Lang::tr{'acct company'}$Lang::tr{'acct company'}* $Lang::tr{'acct iban'}*$Lang::tr{'acct iban'}
$Lang::tr{'acct name1'}*$Lang::tr{'acct name1'} $Lang::tr{'acct bic'}*$Lang::tr{'acct bic'}
$Lang::tr{'acct str'}$Lang::tr{'acct str'}* $Lang::tr{'acct blz'}
$Lang::tr{'acct str_nr'}$Lang::tr{'acct str_nr'}* $Lang::tr{'acct kto'} @@ -1157,16 +1134,16 @@ print< - $Lang::tr{'acct plz'}$Lang::tr{'acct plz'}* $Lang::tr{'acct email'}$Lang::tr{'acct email'}*
$Lang::tr{'acct city'}$Lang::tr{'acct city'}* $Lang::tr{'acct inet'}*$Lang::tr{'acct inet'}
$Lang::tr{'acct ustid'}$Lang::tr{'acct ustid'}*
$Lang::tr{'acct tel'}*$Lang::tr{'acct tel'}
$Lang::tr{'acct fax'}*$Lang::tr{'acct fax'}
*$Lang::tr{'acct optional'}*$Lang::tr{'acct not optional'}