-#!/usr/bin/perl
+#!/bin/bash
###############################################################################
# #
# IPFire.org - A linux based firewall #
# #
###############################################################################
-require '/var/ipfire/general-functions.pl';
-require "${General::swroot}/lang.pl";
-require "${General::swroot}/header.pl";
-use File::Path;
-my $debug = 1;
-my @include = "";
-my ($Sekunden, $Minuten, $Stunden, $Monatstag, $Monat, $Jahr, $Wochentag, $Jahrestag, $Sommerzeit) = localtime(time);
-$Jahr = $Jahr + 1900;$Monat = $Monat + 1;
-$Monat = sprintf("%02d", $Monat);
-$Monatstag = sprintf("%02d", $Monatstag);
-$Stunden = sprintf("%02d", $Stunden);
-$Minuten = sprintf("%02d", $Minuten);
-
-if (($ARGV[0] eq 'include') || ($ARGV[0] eq 'iso')) {
- &createinclude;
- my @files = `find / -name *.log* 2>/dev/null`;
- foreach (@files){
- push(@include,$_);
- }
- my @files = `find /var/log/ -name *messages* 2>/dev/null`;
- foreach (@files){
- push(@include,$_);
- }
- open(DATEI, ">/tmp/include") || die "Could not save temp include file";
- print DATEI @include;
- print "/var/log/messages";
- close(DATEI);
- system("tar -cvzf /var/ipfire/backup/$Jahr$Monat$Monatstag-$Stunden$Minuten.ipf --exclude-from='/var/ipfire/backup/exclude' --exclude-from='/var/ipfire/backup/exclude.user' --files-from='/tmp/include' --files-from='/var/ipfire/backup/include.user'");
- system("rm /tmp/include");
- if ($ARGV[0] eq 'iso') {
- system("/usr/local/bin/backupiso $Jahr$Monat$Monatstag-$Stunden$Minuten &");
- }
-}
-elsif ($ARGV[0] eq 'exclude') {
- &createinclude;
- open(DATEI, ">/tmp/include") || die "Could not save temp include file";
- print DATEI @include;
- close(DATEI);
- system("tar -cvzf /var/ipfire/backup/$Jahr$Monat$Monatstag-$Stunden$Minuten.ipf --exclude-from='/var/ipfire/backup/exclude' --exclude-from='/var/ipfire/backup/exclude.user' --files-from='/tmp/include' --files-from='/var/ipfire/backup/include.user'");
- system("rm /tmp/include");
-}
-elsif ($ARGV[0] eq 'restore') {
- system("cd / && tar -xvz -p -f /tmp/restore.ipf");
- #Here some converter scripts to correct old Backups (before core 65)
- system("/usr/sbin/ovpn-ccd-convert");
- #OUTGOINGFW CONVERTER
- if( -d "${General::swroot}/outgoing"){
- if( -f "${General::swroot}/firewall/config" ){
- unlink("${General::swroot}/firewall/config");
- system("touch ${General::swroot}/firewall/config");
- chown 99,99,"${General::swroot}/firewall/config";
- }
- if( -f "${General::swroot}/firewall/outgoing" ){
- unlink("${General::swroot}/firewall/outgoing");
- system("touch ${General::swroot}/firewall/outgoing");
- chown 99,99,"${General::swroot}/firewall/outgoing";
- }
- unlink("${General::swroot}/fwhosts/customgroups");
- unlink("${General::swroot}/fwhosts/customhosts");
- unlink("${General::swroot}/fwhosts/customgroups");
- unlink("${General::swroot}/fwhosts/customnetworks");
- unlink("${General::swroot}/fwhosts/customservicegrp");
- unlink("${General::swroot}/fwhosts/customnetworks");
- system("touch ${General::swroot}/fwhosts/customgroups");
- system("touch ${General::swroot}/fwhosts/customhosts");
- system("touch ${General::swroot}/fwhosts/customnetworks");
- system("touch ${General::swroot}/fwhosts/customservicegrp");
- #START CONVERTER "OUTGOINGFW"
- system("/usr/sbin/convert-outgoingfw");
- chown 99,99,"${General::swroot}/fwhosts/customgroups";
- chown 99,99,"${General::swroot}/fwhosts/customhosts";
- chown 99,99,"${General::swroot}/fwhosts/customnetworks";
- chown 99,99,"${General::swroot}/fwhosts/customservicegrp";
- #START CONVERTER "OUTGOINGFW"
- rmtree("${General::swroot}/outgoing");
- }
- #XTACCESS CONVERTER
- if( -d "${General::swroot}/xtaccess"){
- if( -f "${General::swroot}/firewall/input" ){
- unlink("${General::swroot}/firewall/input");
- system("touch ${General::swroot}/firewall/input");
- }
- #START CONVERTER "XTACCESS"
- system("/usr/sbin/convert-xtaccess");
- chown 99,99,"${General::swroot}/firewall/input";
- rmtree("${General::swroot}/xtaccess");
- }
- #DMZ-HOLES CONVERTER
- if( -d "${General::swroot}/dmzholes" || -d "${General::swroot}/portfw"){
- if( -f "${General::swroot}/firewall/config" ){
- unlink("${General::swroot}/firewall/config");
- system("touch ${General::swroot}/firewall/config");
- }
- #START CONVERTER "DMZ-HOLES"
- system("/usr/sbin/convert-dmz");
- chown 99,99,"${General::swroot}/firewall/config";
- rmtree("${General::swroot}/dmzholes");
- }
- #PORTFORWARD CONVERTER
- if( -d "${General::swroot}/portfw"){
- #START CONVERTER "PORTFW"
- system("/usr/sbin/convert-portfw");
- rmtree("${General::swroot}/portfw");
- }
- system("/usr/local/bin/firewallctrl");
-
- # Convert old OpenVPN CCD files (CN change, core 75).
- system("/usr/local/bin/convert-ovpn");
+NOW="$(date "+%Y-%m-%d-%H:%M")"
+
+list_addons() {
+ local file
+ for file in /var/ipfire/backup/addons/includes/*; do
+ if [ -f "${file}" ]; then
+ basename "${file}"
+ fi
+ done
+
+ return 0
}
-elsif ($ARGV[0] eq 'restoreaddon') {
- if ( -e "/tmp/$ARGV[1]" ){system("mv /tmp/$ARGV[1] /var/ipfire/backup/addons/backup/$ARGV[1]");}
- system("cd / && tar -xvz -p -f /var/ipfire/backup/addons/backup/$ARGV[1]");
+
+process_includes() {
+ local include
+
+ for include in $@; do
+ local file
+ while read -r file; do
+ for file in ${file}; do
+ if [ -e "${file}" ]; then
+ echo "${file}"
+ fi
+ done
+ done < "${include}"
+ done | sort -u
}
-elsif ($ARGV[0] eq 'cli') {
- system("tar -cvzf /var/ipfire/backup/$Jahr$Monat$Monatstag-$Stunden$Minuten-$ARGV[1].ipf --files-from='$ARGV[2]' --exclude-from='$ARGV[3]'");
+
+make_backup() {
+ local filename="${1}"
+ shift
+
+ # Backup all addons first
+ local addon
+ for addon in $(list_addons); do
+ make_addon_backup "${addon}"
+ done
+
+ tar cvzf "${filename}" \
+ --exclude-from="/var/ipfire/backup/exclude" \
+ --exclude-from="/var/ipfire/backup/exclude.user" \
+ $(process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user") \
+ "$@"
+
+ return 0
}
-elsif ($ARGV[0] eq 'addonbackup') {
- system("tar -cvzf /var/ipfire/backup/addons/backup/$ARGV[1].ipf --files-from='/var/ipfire/backup/addons/includes/$ARGV[1]'");
+
+restore_backup() {
+ local filename="${1}"
+
+ tar xvzpf "${filename}" -C /
+
+ # Run converters
+
+ # Outgoing Firewall
+ if [ -d "/var/ipfire/outgoing" ]; then
+ # Reset files
+ local file
+ for file in /var/ipfire/firewall/{config,outgoing} \
+ /var/ipfire/fwhosts/custom{hosts,groups,networks}; do
+ : > "${file}"
+ chown nobody:nobody "${file}"
+ done
+
+ # Run converter
+ convert-outgoingfw
+
+ # Remove old configuration
+ rm -rf "/var/ipfire/outgoing"
+ fi
+
+ # External Access
+ if [ -d "/var/ipfire/xtaccess" ]; then
+ : > /var/ipfire/firewall/config
+ chown nobody:nobody "/var/ipfire/firewall/config"
+
+ # Run converter
+ convert-xtaccess
+
+ # Remove old configuration
+ rm -rf "/var/ipfire/xtaccess"
+ fi
+
+ # DMZ Holes
+ if [ -d "/var/ipfire/dmzholes" ] || [ -d "/var/ipfire/portfw" ]; then
+ : > /var/ipfire/firewall/config
+ chown nobody:nobody "/var/ipfire/firewall/config"
+
+ # Run converter
+ convert-dmz
+
+ # Remove old configuration
+ rm -rf "/var/ipfire/dmzholes"
+ fi
+
+ # Port Forwardings
+ if [ -d "/var/ipfire/portfw" ]; then
+ # Run converter
+ convert-portfw
+
+ # Remove old configuration
+ rm -rf "/var/ipfire/portfw"
+ fi
+
+ # Reload firewall
+ firewallctrl
+
+ # Convert old OpenVPN CCD files (CN change, Core Update 75)
+ convert-ovpn
+
+ return 0
}
-elsif ($ARGV[0] =~ /\.(iso|ipf)$/ ) {
- unlink("$ARGV[0]");
+
+find_logfiles() {
+ local filelist=( /var/log/messages* /var/log/*.log /var/log/**/*.log )
+
+ echo "${filelist[@]}"
}
-elsif ($ARGV[0] eq '') {
- printf "No argument given, please use <include><exclude><cli>\n"
+
+make_addon_backup() {
+ local name="${1}"
+ shift
+
+ if [ ! -f "/var/ipfire/backup/addons/includes/${name}" ]; then
+ echo "${name} does not have any backup includes" >&2
+ return 1
+ fi
+
+ local filename="/var/ipfire/backup/addons/backup/${name}.ipf"
+
+ tar cvzf "${filename}" \
+ $(process_includes "/var/ipfire/backup/addons/includes/${name}")
}
-elsif ($ARGV[0] eq 'makedirs') {
- system("mkdir -p /var/ipfire/backup/addons");
- system("mkdir -p /var/ipfire/backup/addons/backup");
- system("mkdir -p /var/ipfire/backup/addons/includes");
+
+restore_addon_backup() {
+ local name="${1}"
+
+ if [ -d "/tmp/${name}.ipf" ]; then
+ mv "/tmp/${name}.ipf" "/var/ipfire/backup/addons/backup/${name}.ipf"
+ fi
+
+ tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C /
}
-sub createinclude(){
+main() {
+ local command="${1}"
+ shift
- open(DATEI, "<${General::swroot}/backup/include") || die "Can not open include file";
- my @Zeilen = <DATEI>;
- close(DATEI);
+ # Desired backup filename
+ local filename="/var/ipfire/backup/${NOW}.ipf"
- foreach (@Zeilen){
- chomp($_);
- my @files = `find $_ -maxdepth 0 2>/dev/null`;
- foreach (@files){
- push(@include,$_);
- }
- }
+ case "${command}" in
+ include)
+ make_backup "${filename}" $(find_logfiles)
+ ;;
+
+ exclude)
+ make_backup "${filename}"
+ ;;
+
+ restore)
+ restore_backup "/tmp/restore.ipf"
+ ;;
+
+ addonbackup)
+ make_addon_backup "$@"
+ ;;
+
+ restoreaddon)
+ restore_addon_backup "${1/.ipf/}"
+ ;;
+
+ iso)
+ if make_backup "${filename}"; then
+ /usr/local/bin/backupiso "${NOW}" &
+ fi
+ ;;
+
+ makedirs)
+ mkdir -p /var/ipfire/backup/addons/{backup,includes}
+ ;;
+
+ list)
+ process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user"
+ ;;
+
+ /var/ipfire/backup/*.ipf|/var/ipfire/backup/addons/backup/*.ipf|/var/tmp/backupiso/*.iso)
+ unlink "${command}"
+ ;;
+
+ *)
+ echo "${0}: [include|exclude|restore|addonbackup <addon>|restoreaddon <addon>|iso]" >&2
+ return 2
+ ;;
+ esac
+
+ return $?
}
+
+main "$@" || exit $?
/root/.gitconfig
/root/.ssh
/var/ipfire/auth/users
+/var/ipfire/backup/addons/backup
+/var/ipfire/backup/exclude.user
+/var/ipfire/backup/include.user
/var/ipfire/captive/*
/var/ipfire/*/*.conf
/var/ipfire/*/config
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-#
-# Certificate "Visa eCommerce Root"
-#
-# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
-# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62
-# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
-# Not Valid Before: Wed Jun 26 02:18:36 2002
-# Not Valid After : Fri Jun 24 00:16:12 2022
-# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02
-# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Visa eCommerce Root"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057
-\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156
-\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166
-\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061
-\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145
-\103\157\155\155\145\162\143\145\040\122\157\157\164
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057
-\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156
-\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166
-\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061
-\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145
-\103\157\155\155\145\162\143\145\040\122\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220
-\034\142
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\242\060\202\002\212\240\003\002\001\002\002\020\023
-\206\065\115\035\077\006\362\301\371\145\005\325\220\034\142\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\153
-\061\013\060\011\006\003\125\004\006\023\002\125\123\061\015\060
-\013\006\003\125\004\012\023\004\126\111\123\101\061\057\060\055
-\006\003\125\004\013\023\046\126\151\163\141\040\111\156\164\145
-\162\156\141\164\151\157\156\141\154\040\123\145\162\166\151\143
-\145\040\101\163\163\157\143\151\141\164\151\157\156\061\034\060
-\032\006\003\125\004\003\023\023\126\151\163\141\040\145\103\157
-\155\155\145\162\143\145\040\122\157\157\164\060\036\027\015\060
-\062\060\066\062\066\060\062\061\070\063\066\132\027\015\062\062
-\060\066\062\064\060\060\061\066\061\062\132\060\153\061\013\060
-\011\006\003\125\004\006\023\002\125\123\061\015\060\013\006\003
-\125\004\012\023\004\126\111\123\101\061\057\060\055\006\003\125
-\004\013\023\046\126\151\163\141\040\111\156\164\145\162\156\141
-\164\151\157\156\141\154\040\123\145\162\166\151\143\145\040\101
-\163\163\157\143\151\141\164\151\157\156\061\034\060\032\006\003
-\125\004\003\023\023\126\151\163\141\040\145\103\157\155\155\145
-\162\143\145\040\122\157\157\164\060\202\001\042\060\015\006\011
-\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
-\060\202\001\012\002\202\001\001\000\257\127\336\126\036\156\241
-\332\140\261\224\047\313\027\333\007\077\200\205\117\310\234\266
-\320\364\157\117\317\231\330\341\333\302\110\134\072\254\071\063
-\307\037\152\213\046\075\053\065\365\110\261\221\301\002\116\004
-\226\221\173\260\063\360\261\024\116\021\157\265\100\257\033\105
-\245\112\357\176\266\254\362\240\037\130\077\022\106\140\074\215
-\241\340\175\317\127\076\063\036\373\107\361\252\025\227\007\125
-\146\245\265\055\056\330\200\131\262\247\015\267\106\354\041\143
-\377\065\253\245\002\317\052\364\114\376\173\365\224\135\204\115
-\250\362\140\217\333\016\045\074\237\163\161\317\224\337\112\352
-\333\337\162\070\214\363\226\275\361\027\274\322\272\073\105\132
-\306\247\366\306\027\213\001\235\374\031\250\052\203\026\270\072
-\110\376\116\076\240\253\006\031\351\123\363\200\023\007\355\055
-\277\077\012\074\125\040\071\054\054\000\151\164\225\112\274\040
-\262\251\171\345\030\211\221\250\334\034\115\357\273\176\067\013
-\135\376\071\245\210\122\214\000\154\354\030\174\101\275\366\213
-\165\167\272\140\235\204\347\376\055\002\003\001\000\001\243\102
-\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003
-\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003
-\002\001\006\060\035\006\003\125\035\016\004\026\004\024\025\070
-\203\017\077\054\077\160\063\036\315\106\376\007\214\040\340\327
-\303\267\060\015\006\011\052\206\110\206\367\015\001\001\005\005
-\000\003\202\001\001\000\137\361\101\175\174\134\010\271\053\340
-\325\222\107\372\147\134\245\023\303\003\041\233\053\114\211\106
-\317\131\115\311\376\245\100\266\143\315\335\161\050\225\147\021
-\314\044\254\323\104\154\161\256\001\040\153\003\242\217\030\267
-\051\072\175\345\026\140\123\170\074\300\257\025\203\367\217\122
-\063\044\275\144\223\227\356\213\367\333\030\250\155\161\263\367
-\054\027\320\164\045\151\367\376\153\074\224\276\115\113\101\214
-\116\342\163\320\343\220\042\163\103\315\363\357\352\163\316\105
-\212\260\246\111\377\114\175\235\161\210\304\166\035\220\133\035
-\356\375\314\367\356\375\140\245\261\172\026\161\321\026\320\174
-\022\074\154\151\227\333\256\137\071\232\160\057\005\074\031\106
-\004\231\040\066\320\140\156\141\006\273\026\102\214\160\367\060
-\373\340\333\146\243\000\001\275\346\054\332\221\137\240\106\213
-\115\152\234\075\075\335\005\106\376\166\277\240\012\074\344\000
-\346\047\267\377\204\055\336\272\042\047\226\020\161\353\042\355
-\337\337\063\234\317\343\255\256\216\324\216\346\117\121\257\026
-\222\340\134\366\007\017
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "Visa eCommerce Root"
-# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
-# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62
-# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
-# Not Valid Before: Wed Jun 26 02:18:36 2002
-# Not Valid After : Fri Jun 24 00:16:12 2022
-# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02
-# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Visa eCommerce Root"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\160\027\233\206\214\000\244\372\140\221\122\042\077\237\076\062
-\275\340\005\142
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\374\021\270\330\010\223\060\000\155\043\371\176\353\122\036\002
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057
-\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156
-\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166
-\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061
-\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145
-\103\157\155\155\145\162\143\145\040\122\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220
-\034\142
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
#
# Certificate "Certum Root CA"
#
#usr/share/locale/ast
#usr/share/locale/ast/LC_MESSAGES
#usr/share/locale/ast/LC_MESSAGES/bison-runtime.mo
+#usr/share/locale/ca/LC_MESSAGES/bison-runtime.mo
+#usr/share/locale/ca/LC_MESSAGES/bison.mo
#usr/share/locale/da/LC_MESSAGES/bison-runtime.mo
#usr/share/locale/da/LC_MESSAGES/bison.mo
#usr/share/locale/de/LC_MESSAGES/bison-runtime.mo
--- /dev/null
+#usr/include/json-c
+#usr/include/json-c/arraylist.h
+#usr/include/json-c/bits.h
+#usr/include/json-c/debug.h
+#usr/include/json-c/json.h
+#usr/include/json-c/json_c_version.h
+#usr/include/json-c/json_config.h
+#usr/include/json-c/json_inttypes.h
+#usr/include/json-c/json_object.h
+#usr/include/json-c/json_object_iterator.h
+#usr/include/json-c/json_pointer.h
+#usr/include/json-c/json_tokener.h
+#usr/include/json-c/json_util.h
+#usr/include/json-c/json_visit.h
+#usr/include/json-c/linkhash.h
+#usr/include/json-c/printbuf.h
+#usr/lib/libjson-c.la
+#usr/lib/libjson-c.so
+usr/lib/libjson-c.so.4
+usr/lib/libjson-c.so.4.0.0
+#usr/lib/pkgconfig/json-c.pc
sbin/modinfo
sbin/modprobe
sbin/rmmod
+#usr/include/libkmod.h
+#usr/lib/libkmod.la
#usr/lib/libkmod.so
usr/lib/libkmod.so.2
usr/lib/libkmod.so.2.3.3
+#usr/lib/pkgconfig/libkmod.pc
#usr/share/bash-completion/completions/kmod
--- /dev/null
+../../../common/ca-certificates
\ No newline at end of file
etc/sysctl.conf
srv/web/ipfire/cgi-bin/credits.cgi
srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
srv/web/ipfire/cgi-bin/media.cgi
srv/web/ipfire/cgi-bin/pakfire.cgi
usr/local/bin/makegraphs
+var/ipfire/backup/bin/backup.pl
+var/ipfire/backup/include
var/ipfire/langs
--- /dev/null
+../../../common/json-c
\ No newline at end of file
--- /dev/null
+../../../common/squid
\ No newline at end of file
done
# Stop services
+/etc/init.d/squid stop
# Extract files
extract_files
/etc/init.d/unbound restart
/etc/init.d/apache restart
/etc/init.d/sshd restart
+/etc/init.d/squid start
# Reload sysctl.conf
sysctl -p
--- /dev/null
+#etc/frr
+etc/frr/bgpd.conf.sample
+etc/frr/bgpd.conf.sample2
+etc/frr/bgpd.conf.vnc.sample
+etc/frr/ospfd.conf.sample
+etc/frr/ripngd.conf.sample
+etc/frr/staticd.conf.sample
+etc/frr/vtysh.conf.sample
+etc/frr/zebra.conf.sample
+etc/rc.d/init.d/frr
+usr/bin/bgp_btoa
+usr/bin/vtysh
+#usr/include/frr
+#usr/include/frr/bfd.h
+#usr/include/frr/bitfield.h
+#usr/include/frr/buffer.h
+#usr/include/frr/checksum.h
+#usr/include/frr/command.h
+#usr/include/frr/command_graph.h
+#usr/include/frr/command_match.h
+#usr/include/frr/compiler.h
+#usr/include/frr/csv.h
+#usr/include/frr/debug.h
+#usr/include/frr/distribute.h
+#usr/include/frr/eigrpd
+#usr/include/frr/eigrpd/eigrp_dump.h
+#usr/include/frr/eigrpd/eigrp_topology.h
+#usr/include/frr/eigrpd/eigrpd.h
+#usr/include/frr/event_counter.h
+#usr/include/frr/ferr.h
+#usr/include/frr/fifo.h
+#usr/include/frr/filter.h
+#usr/include/frr/freebsd-queue.h
+#usr/include/frr/frr_pthread.h
+#usr/include/frr/frratomic.h
+#usr/include/frr/frrstr.h
+#usr/include/frr/getopt.h
+#usr/include/frr/graph.h
+#usr/include/frr/hash.h
+#usr/include/frr/hook.h
+#usr/include/frr/if.h
+#usr/include/frr/if_rmap.h
+#usr/include/frr/imsg.h
+#usr/include/frr/ipaddr.h
+#usr/include/frr/jhash.h
+#usr/include/frr/json.h
+#usr/include/frr/keychain.h
+#usr/include/frr/lib_errors.h
+#usr/include/frr/libfrr.h
+#usr/include/frr/libospf.h
+#usr/include/frr/linklist.h
+#usr/include/frr/log.h
+#usr/include/frr/logicalrouter.h
+#usr/include/frr/md5.h
+#usr/include/frr/memory.h
+#usr/include/frr/memory_vty.h
+#usr/include/frr/module.h
+#usr/include/frr/monotime.h
+#usr/include/frr/mpls.h
+#usr/include/frr/network.h
+#usr/include/frr/nexthop.h
+#usr/include/frr/nexthop_group.h
+#usr/include/frr/ns.h
+#usr/include/frr/openbsd-queue.h
+#usr/include/frr/openbsd-tree.h
+#usr/include/frr/ospfd
+#usr/include/frr/ospfd/ospf_api.h
+#usr/include/frr/ospfd/ospf_asbr.h
+#usr/include/frr/ospfd/ospf_dump.h
+#usr/include/frr/ospfd/ospf_dump_api.h
+#usr/include/frr/ospfd/ospf_ism.h
+#usr/include/frr/ospfd/ospf_lsa.h
+#usr/include/frr/ospfd/ospf_lsdb.h
+#usr/include/frr/ospfd/ospf_nsm.h
+#usr/include/frr/ospfd/ospf_opaque.h
+#usr/include/frr/ospfd/ospfd.h
+#usr/include/frr/pbr.h
+#usr/include/frr/plist.h
+#usr/include/frr/pqueue.h
+#usr/include/frr/prefix.h
+#usr/include/frr/privs.h
+#usr/include/frr/ptm_lib.h
+#usr/include/frr/pw.h
+#usr/include/frr/qobj.h
+#usr/include/frr/queue.h
+#usr/include/frr/ringbuf.h
+#usr/include/frr/route_types.h
+#usr/include/frr/routemap.h
+#usr/include/frr/sbuf.h
+#usr/include/frr/sha256.h
+#usr/include/frr/sigevent.h
+#usr/include/frr/skiplist.h
+#usr/include/frr/sockopt.h
+#usr/include/frr/sockunion.h
+#usr/include/frr/spf_backoff.h
+#usr/include/frr/srcdest_table.h
+#usr/include/frr/stream.h
+#usr/include/frr/systemd.h
+#usr/include/frr/table.h
+#usr/include/frr/termtable.h
+#usr/include/frr/thread.h
+#usr/include/frr/vector.h
+#usr/include/frr/version.h
+#usr/include/frr/vlan.h
+#usr/include/frr/vrf.h
+#usr/include/frr/vrf_int.h
+#usr/include/frr/vty.h
+#usr/include/frr/vxlan.h
+#usr/include/frr/wheel.h
+#usr/include/frr/workqueue.h
+#usr/include/frr/zassert.h
+#usr/include/frr/zclient.h
+#usr/include/frr/zebra.h
+#usr/lib/libfrr.a
+#usr/lib/libfrr.la
+#usr/lib/libfrr.so
+usr/lib/libfrr.so.0
+usr/lib/libfrr.so.0.0.0
+usr/sbin/bgpd
+usr/sbin/frr
+usr/sbin/frr-reload
+usr/sbin/frr-reload.py
+usr/sbin/ospfd
+usr/sbin/rfptest
+usr/sbin/ssd
+usr/sbin/staticd
+usr/sbin/watchfrr
+usr/sbin/zebra
+var/ipfire/backup/addons/includes/frr
sbin/osd_login
sbin/umount.nfs
sbin/umount.nfs4
+#usr/include/nfsidmap.h
#usr/include/nfsidmap_plugin.h
+#usr/lib/libnfsidmap
+#usr/lib/libnfsidmap.a
+#usr/lib/libnfsidmap.la
+#usr/lib/libnfsidmap.so
+usr/lib/libnfsidmap.so.0
+usr/lib/libnfsidmap.so.0.3.0
usr/lib/libnfsidmap.so.1
usr/lib/libnfsidmap.so.1.0.0
+#usr/lib/libnfsidmap/nsswitch.a
+#usr/lib/libnfsidmap/nsswitch.la
+usr/lib/libnfsidmap/nsswitch.so
+#usr/lib/libnfsidmap/static.a
+#usr/lib/libnfsidmap/static.la
+usr/lib/libnfsidmap/static.so
+#usr/lib/libnfsidmap/umich_ldap.a
+#usr/lib/libnfsidmap/umich_ldap.la
+usr/lib/libnfsidmap/umich_ldap.so
+#usr/lib/pkgconfig/libnfsidmap.pc
usr/sbin/exportfs
usr/sbin/mountstats
usr/sbin/nfsconf
usr/sbin/showmount
usr/sbin/sm-notify
usr/sbin/start-statd
+#usr/share/man/man3/nfs4_uid_to_name.3
#usr/share/man/man5/exports.5
+#usr/share/man/man5/idmapd.conf.5
#usr/share/man/man5/nfs.5
#usr/share/man/man5/nfs.conf.5
#usr/share/man/man5/nfsmount.conf.5
log-queries: no
# Unbound Statistics
- statistics-interval: 0
+ statistics-interval: 86400
statistics-cumulative: yes
extended-statistics: yes
}
if ($peer) {
- system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
+ system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -e https_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
} else {
system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
}
include Config
-VER = 20180910
+VER = 20181027
THISAPP = ca-certificates
DIR_APP = $(DIR_SRC)/$(THISAPP)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 6.0
+
+THISAPP = frr-$(VER)
+DL_FILE = $(THISAPP).tar.xz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = frr
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = d725c08e0093f58e5fcac0969c781813
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc/frr \
+ --localstatedir=/var/run/frr \
+ --enable-user="frr" \
+ --enable-group="frr" \
+ --enable-vty-group="frrvty" \
+ --enable-multipath=64 \
+ --disable-doc \
+ --disable-babeld \
+ --disable-bfdd \
+ --disable-eigrpd \
+ --disable-irdp \
+ --disable-isisd \
+ --disable-ldpd \
+ --disable-nhrpd \
+ --disable-ospf6d \
+ --disable-ospfapi \
+ --disable-pbrd \
+ --disable-pimd \
+ --disable-ripd \
+ --disable-ripngd
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+
+ # Install backup include
+ install -v -m 644 $(DIR_SRC)/config/backup/includes/frr \
+ /var/ipfire/backup/addons/includes/frr
+
+ # Install initscript
+ $(call INSTALL_INITSCRIPT,frr)
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
+
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.13.1
+
+THISAPP = json-c-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 04969ad59cc37bddd83741a08b98f350
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr --disable-static
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/01_Certificate_fields_injection_via_D_in_ERR_SECURE_CONNECT_FAIL_306.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/02_Fix_memory_leak_when_parsing_SNMP_packet_313.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5.28-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
GIT_TAG=$(git tag | tail -1) # Git Tag
GIT_LASTCOMMIT=$(git log | head -n1 | cut -d" " -f2 |head -c8) # Last commit
-TOOLCHAINVER=20181024
+TOOLCHAINVER=20181030
###############################################################################
#
lfsmake2 libgcrypt
lfsmake2 libassuan
lfsmake2 nettle
+ lfsmake2 json-c
lfsmake2 libevent
lfsmake2 libevent2
lfsmake2 expat
lfsmake2 lua
lfsmake2 dnsdist
lfsmake2 bird
+ lfsmake2 frr
lfsmake2 dmidecode
lfsmake2 mcelog
lfsmake2 rtpproxy
--- /dev/null
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/frr
+#
+# Description : FRRouting Suite
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+DAEMONS="zebra bgpd ospfd staticd"
+
+case "${1}" in
+ start)
+ # Fix permissions of configuration directory
+ if [ -d "/etc/frr" ]; then
+ chown root.frr /etc/frr
+ chmod 775 /etc/frr
+ fi
+
+ for daemon in ${DAEMONS}; do
+ if [ -f "/etc/frr/${daemon}.conf" ]; then
+ # Set permissions
+ chown frr.frr "/etc/frr/${daemon}.conf"
+
+ boot_mesg "Starting FRRouting ${daemon}..."
+ loadproc "/usr/sbin/${daemon}" --daemon
+ fi
+ done
+ ;;
+
+ stop)
+ for daemon in ${DAEMONS}; do
+ boot_mesg "Stopping FRRouting ${daemon}..."
+ killproc "/usr/sbin/${daemon}"
+ done
+ ;;
+
+ reload)
+ boot_mesg "Reloading FRRouting..."
+ reloadproc /usr/sbin/frr-reload
+ ;;
+
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
+
+ status)
+ for daemon in ${DAEMONS}; do
+ statusproc "/usr/sbin/${daemon}"
+ done
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|reload|restart|status}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/frr
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+
+if ! getent group frr &>/dev/null; then
+ groupadd -r frr
+fi
+
+if ! getent group frrvty &>/dev/null; then
+ groupadd -r frrvty
+fi
+
+if ! getent passwd frr &>/dev/null; then
+ useradd -r frr -g frr -s /bin/false -b /var/empty -G frrvty
+fi
+
+# Extract files
+extract_files
+
+# Restore any backups
+restore_backup "${NAME}"
+
+# Start services
+start_service "${NAME}"
+
+# Enable autostart
+ln -svf ../init.d/frr /etc/rc.d/rc0.d/K40frr
+ln -svf ../init.d/frr /etc/rc.d/rc3.d/S50frr
+ln -svf ../init.d/frr /etc/rc.d/rc6.d/K40frr
+
+exit 0
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+
+# Stop services
+stop_service "${NAME}"
+
+# Create backup
+extract_backup_includes
+make_backup "${NAME}"
+
+# Remove all files
+rm -rfv /etc/rc.d/rc*.d/*frr
+remove_files
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+./uninstall.sh
+./install.sh
--- /dev/null
+commit f1657a9decc820f748fa3aff68168d3145258031
+Author: Christos Tsantilas <christos@chtsanti.net>
+Date: 2018-10-17 15:14:07 +0000
+
+ Certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL (#306)
+
+ %ssl_subject, %ssl_ca_name, and %ssl_cn values were not properly escaped when %D code was expanded in HTML context of the ERR_SECURE_CONNECT_FAIL template. This bug affects all
+ ERR_SECURE_CONNECT_FAIL page templates containing %D, including the default template.
+
+ Other error pages are not vulnerable because Squid does not populate %D with certificate details in other contexts (yet).
+
+ Thanks to Nikolas Lohmann [eBlocker] for identifying the problem.
+
+ TODO: If those certificate details become needed for ACL checks or other non-HTML purposes, make their HTML-escaping conditional.
+
+ This is a Measurement Factory project.
+
+diff --git a/src/ssl/ErrorDetail.cc b/src/ssl/ErrorDetail.cc
+index b5030e3..314e998 100644
+--- a/src/ssl/ErrorDetail.cc
++++ b/src/ssl/ErrorDetail.cc
+@@ -8,6 +8,8 @@
+
+ #include "squid.h"
+ #include "errorpage.h"
++#include "fatal.h"
++#include "html_quote.h"
+ #include "ssl/ErrorDetail.h"
+
+ #include <climits>
+@@ -432,8 +434,11 @@ const char *Ssl::ErrorDetail::subject() const
+ {
+ if (broken_cert.get()) {
+ static char tmpBuffer[256]; // A temporary buffer
+- if (X509_NAME_oneline(X509_get_subject_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer)))
+- return tmpBuffer;
++ if (X509_NAME_oneline(X509_get_subject_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer))) {
++ // quote to avoid possible html code injection through
++ // certificate subject
++ return html_quote(tmpBuffer);
++ }
+ }
+ return "[Not available]";
+ }
+@@ -461,8 +466,11 @@ const char *Ssl::ErrorDetail::cn() const
+ static String tmpStr; ///< A temporary string buffer
+ tmpStr.clean();
+ Ssl::matchX509CommonNames(broken_cert.get(), &tmpStr, copy_cn);
+- if (tmpStr.size())
+- return tmpStr.termedBuf();
++ if (tmpStr.size()) {
++ // quote to avoid possible html code injection through
++ // certificate subject
++ return html_quote(tmpStr.termedBuf());
++ }
+ }
+ return "[Not available]";
+ }
+@@ -474,8 +482,11 @@ const char *Ssl::ErrorDetail::ca_name() const
+ {
+ if (broken_cert.get()) {
+ static char tmpBuffer[256]; // A temporary buffer
+- if (X509_NAME_oneline(X509_get_issuer_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer)))
+- return tmpBuffer;
++ if (X509_NAME_oneline(X509_get_issuer_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer))) {
++ // quote to avoid possible html code injection through
++ // certificate issuer subject
++ return html_quote(tmpBuffer);
++ }
+ }
+ return "[Not available]";
+ }
--- /dev/null
+commit bc9786119f058a76ddf0625424bc33d36460b9a2 (refs/remotes/origin/v3.5)
+Author: flozilla <fishyflow@gmail.com>
+Date: 2018-10-24 14:12:01 +0200
+
+ Fix memory leak when parsing SNMP packet (#313)
+
+ SNMP queries denied by snmp_access rules and queries with certain
+ unsupported SNMPv2 commands were leaking a few hundred bytes each. Such
+ queries trigger "SNMP agent query DENIED from..." WARNINGs in cache.log.
+
+diff --git a/src/snmp_core.cc b/src/snmp_core.cc
+index c4d21c1..16c2993 100644
+--- a/src/snmp_core.cc
++++ b/src/snmp_core.cc
+@@ -409,6 +409,7 @@ snmpDecodePacket(SnmpRequest * rq)
+ snmpConstructReponse(rq);
+ } else {
+ debugs(49, DBG_IMPORTANT, "WARNING: SNMP agent query DENIED from : " << rq->from);
++ snmp_free_pdu(PDU);
+ }
+ xfree(Community);
+