#usr/bin/djpeg
#usr/bin/jpegtran
#usr/bin/rdjpgcom
+#usr/bin/tjbench
#usr/bin/wrjpgcom
#usr/include/jconfig.h
#usr/include/jerror.h
#usr/include/jmorecfg.h
#usr/include/jpeglib.h
+#usr/include/turbojpeg.h
#usr/lib/libjpeg.a
#usr/lib/libjpeg.la
-usr/lib/libjpeg.so
+#usr/lib/libjpeg.so
usr/lib/libjpeg.so.62
-usr/lib/libjpeg.so.62.0.0
+usr/lib/libjpeg.so.62.1.0
+#usr/lib/libturbojpeg.a
+#usr/lib/libturbojpeg.la
+#usr/lib/libturbojpeg.so
+usr/lib/libturbojpeg.so.0
+usr/lib/libturbojpeg.so.0.0.0
#usr/man/man1/cjpeg.1
#usr/man/man1/djpeg.1
#usr/man/man1/jpegtran.1
#usr/man/man1/rdjpgcom.1
#usr/man/man1/wrjpgcom.1
+#usr/share/doc/README
+#usr/share/doc/README-turbo.txt
+#usr/share/doc/example.c
+#usr/share/doc/libjpeg.txt
+#usr/share/doc/structure.txt
+#usr/share/doc/usage.txt
+#usr/share/doc/wizard.txt
--- /dev/null
+srv/web/ipfire/html/proxy.pac
+boot/config.txt
+etc/udev/rules.d/30-persistent-network.rules
+etc/collectd.custom
+etc/shadow
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+var/log/cache
+var/updatecache
+etc/localtime
+var/ipfire/ovpn
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+var/state/dhcp/dhcpd.leases
--- /dev/null
+usr/local/share/GeoIP/GeoIP.dat
--- /dev/null
+etc/system-release
+etc/issue
+usr/local/bin/openvpnctrl
+etc/init.d/firewall
--- /dev/null
+usr/share/hwdata/pci.ids
+usr/share/hwdata/usb.ids
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2013 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+#
+# Remove old core updates from pakfire cache to save space...
+core=70
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+#
+# Remove meta's of packages that are now common...
+#
+rm -rf /opt/pakfire/db/*/meta-freefont
+
+#
+#Stop services
+/etc/init.d/ipsec stop
+
+#
+#Extract files
+extract_files
+
+# Regenerate ipsec configuration files.
+/srv/web/ipfire/cgi-bin/vpnmain.cgi
+
+#
+#Start services
+if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
+ /etc/init.d/ipsec start
+fi
+
+#
+#Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+# Regenerate font cache
+fc-cache -f &>/dev/null
+
+sync
+
+# This update need a reboot...
+touch /var/run/need_reboot
+
+#
+#Finish
+/etc/init.d/fireinfo start
+sendprofile
+#Don't report the exitcode last command
+exit 0
+
include Config
-VER = 0.11.0-svn1158-dpf
+VER = 0.11.0-svn1200-dpf
THISAPP = lcd4linux-$(VER)
-DL_FILE = $(THISAPP).tar.xz
+DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
+DIR_APP = $(DIR_SRC)/lcd4linux
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = lcd4linux
-PAK_VER = 4
+PAK_VER = 5
DEPS = "dpfhack libmpdclient"
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0b7eba14a92ae5d51a3ab99948192b8d
+$(DL_FILE)_MD5 = 5b76a26879849dbd52a5bcfda4107ea4
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lcd4linux-scaletext-dpf.patch
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure --with-plugins=all,!qnaplog,!dbus --prefix=/usr
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
include Config
-VER = v6b
+VER = 1.3.0
-THISAPP = jpegsrc.$(VER)
+THISAPP = libjpeg-turbo-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/jpeg-6b
+DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libjpeg
PAK_VER = ipfire-beta1
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dbd5f3b47ed13132f04c685d608a7547
+$(DL_FILE)_MD5 = e1e65cc711a1ade1322c06ad4a647741
install : $(TARGET)
include Config
-VER = 3.2.11
+VER = 3.2.12
THISAPP = motion-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3a26c00f3250eacf6fa93c7a7e0249d9
+$(DL_FILE)_MD5 = 1ba0065ed50509aaffb171594c689f46
install : $(TARGET)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.13" # Version number
-CORE="69" # Core Level (Filename)
+CORE="70" # Core Level (Filename)
PAKFIRE_CORE="69" # Core Level (PAKFIRE)
GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
ipfiremake libnet
ipfiremake libnl
ipfiremake libidn
+ ipfiremake nasm
ipfiremake libjpeg
ipfiremake libexif
ipfiremake libpng
ipfiremake logwatch
ipfiremake misc-progs
ipfiremake nano
- ipfiremake nasm
ipfiremake URI
ipfiremake HTML-Tagset
ipfiremake HTML-Parser
/sbin/iptables -A FORWARD -j IPSECFORWARD
/sbin/iptables -A FORWARD -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL FORWARD"
/sbin/iptables -A OUTPUT -j IPSECOUTPUT
+ /sbin/iptables -t nat -N OVPNNAT
/sbin/iptables -t nat -N IPSECNAT
+ /sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
# Outgoing Firewall
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
#include <fcntl.h>
#include "setuid.h"
#include "libsmooth.h"
char OVPNRED[STRING_SIZE] = "OVPN";
char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
-char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.2";
+char OVPNNAT[STRING_SIZE] = "OVPNNAT";
+char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3";
struct connection_struct {
char name[STRING_SIZE];
char type[STRING_SIZE];
char proto[STRING_SIZE];
char status[STRING_SIZE];
+ char local_subnet[STRING_SIZE];
+ char transfer_subnet[STRING_SIZE];
+ char role[STRING_SIZE];
int port;
struct connection_struct *next;
};
strcpy(conn_curr->name, result);
} else if (count == 4) {
strcpy(conn_curr->type, result);
+ } else if (count == 7) {
+ strcpy(conn_curr->role, result);
+ } else if (count == 9) {
+ strcpy(conn_curr->local_subnet, result);
+ } else if (count == 28) {
+ strcpy(conn_curr->transfer_subnet, result);
} else if (count == 29) {
strcpy(conn_curr->proto, result);
} else if (count == 30) {
safe_system(str);
}
+void flushChainNAT(char *chain) {
+ char str[STRING_SIZE];
+
+ sprintf(str, "/sbin/iptables -t nat -F %s", chain);
+ executeCommand(str);
+}
+
void deleteChainReference(char *chain) {
char str[STRING_SIZE];
}
}
+char* calcTransferNetAddress(const connection* conn) {
+ char *subnetmask = strdup(conn->transfer_subnet);
+ char *address = strsep(&subnetmask, "/");
+
+ in_addr_t _address = inet_addr(address);
+ in_addr_t _subnetmask = inet_addr(subnetmask);
+ _address &= _subnetmask;
+
+ if (strcmp(conn->role, "server") == 0) {
+ _address += 1 << 24;
+ } else if (strcmp(conn->role, "client") == 0) {
+ _address += 2 << 24;
+ } else {
+ goto ERROR;
+ }
+
+ struct in_addr address_info;
+ address_info.s_addr = _address;
+
+ return inet_ntoa(address_info);
+
+ERROR:
+ fprintf(stderr, "Could not determine transfer net address: %s\n", conn->name);
+
+ free(address);
+ return NULL;
+}
+
+char* getLocalSubnetAddress(const connection* conn) {
+ kv = initkeyvalues();
+ if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) {
+ fprintf(stderr, "Cannot read ethernet settings\n");
+ exit(1);
+ }
+
+ const char *zones[] = {"GREEN", "BLUE", "ORANGE", NULL};
+ char *zone = NULL;
+
+ // Get net address of the local openvpn subnet.
+ char *subnetmask = strdup(conn->local_subnet);
+ char *address = strsep(&subnetmask, "/");
+
+ if ((address == NULL) || (subnetmask == NULL)) {
+ goto ERROR;
+ }
+
+ in_addr_t _address = inet_addr(address);
+ in_addr_t _subnetmask = inet_addr(subnetmask);
+
+ in_addr_t _netaddr = (_address & _subnetmask);
+ in_addr_t _broadcast = (_address | ~_subnetmask);
+
+ char zone_address_key[STRING_SIZE];
+ char zone_address[STRING_SIZE];
+ in_addr_t zone_addr;
+
+ int i = 0;
+ while (zones[i]) {
+ zone = zones[i++];
+ snprintf(zone_address_key, STRING_SIZE, "%s_ADDRESS", zone);
+
+ if (!findkey(kv, zone_address_key, zone_address))
+ continue;
+
+ zone_addr = inet_addr(zone_address);
+ if ((zone_addr > _netaddr) && (zone_addr < _broadcast)) {
+ freekeyvalues(kv);
+
+ return strdup(zone_address);
+ }
+ }
+
+ERROR:
+ fprintf(stderr, "Could not determine local subnet address: %s\n", conn->name);
+
+ freekeyvalues(kv);
+ return NULL;
+}
+
void setFirewallRules(void) {
char protocol[STRING_SIZE] = "";
char dport[STRING_SIZE] = "";
flushChain(OVPNRED);
flushChain(OVPNBLUE);
flushChain(OVPNORANGE);
+ flushChainNAT(OVPNNAT);
// set firewall rules
if (!strcmp(enablered, "on") && strlen(redif))
// set firewall rules for n2n connections
char command[STRING_SIZE];
+ char *local_subnet_address = NULL;
+ char *transfer_subnet_address = NULL;
while (conn != NULL) {
if (strcmp(conn->type, "net") == 0) {
sprintf(command, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT",
OVPNRED, redif, conn->proto, conn->port);
executeCommand(command);
+
+ local_subnet_address = getLocalSubnetAddress(conn);
+ transfer_subnet_address = calcTransferNetAddress(conn);
+
+ if ((!local_subnet_address) || (!transfer_subnet_address))
+ continue;
+
+ snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
+ OVPNNAT, transfer_subnet_address, local_subnet_address);
+ executeCommand(command);
}
conn = conn->next;