Merge remote-tracking branch 'ummeegge/useragent' into next
authorMichael Tremer <michael.tremer@ipfire.org>
Sun, 11 Aug 2013 11:22:10 +0000 (13:22 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Sun, 11 Aug 2013 11:22:10 +0000 (13:22 +0200)
58 files changed:
config/backup/includes/tor [new file with mode: 0644]
config/menu/EX-tor.menu [new file with mode: 0644]
config/ovpn/verify
config/rootfiles/common/armv5tel/initscripts
config/rootfiles/common/configroot
config/rootfiles/common/daq
config/rootfiles/common/gperf [new file with mode: 0644]
config/rootfiles/common/i586/initscripts
config/rootfiles/common/misc-progs
config/rootfiles/common/strongswan
config/rootfiles/core/72/exclude
config/rootfiles/core/72/filelists/daq [new symlink]
config/rootfiles/core/72/filelists/files
config/rootfiles/core/72/filelists/i586/strongswan-padlock [new symlink]
config/rootfiles/core/72/filelists/snort [new symlink]
config/rootfiles/core/72/filelists/squid [new symlink]
config/rootfiles/core/72/filelists/strongswan [new symlink]
config/rootfiles/core/72/update.sh
config/rootfiles/core/73/exclude [new file with mode: 0644]
config/rootfiles/core/73/filelists/files [new file with mode: 0644]
config/rootfiles/core/73/meta [new file with mode: 0644]
config/rootfiles/core/73/update.sh [new file with mode: 0644]
config/rootfiles/packages/arm [new file with mode: 0644]
config/rootfiles/packages/tor [new file with mode: 0644]
config/tor/defaults-torrc [new file with mode: 0644]
config/tor/tor.logrotate [new file with mode: 0644]
doc/language_issues.de
doc/language_issues.en
doc/language_issues.es
doc/language_issues.fr
doc/language_issues.nl
doc/language_issues.pl
doc/language_issues.ru
doc/language_issues.tr
doc/language_missings
html/cgi-bin/ddns.cgi
html/cgi-bin/ids.cgi
html/cgi-bin/tor.cgi [new file with mode: 0644]
html/cgi-bin/wirelessclient.cgi [changed mode: 0755->0644]
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
lfs/arm [new file with mode: 0644]
lfs/daq
lfs/gperf [new file with mode: 0644]
lfs/samba
lfs/snort
lfs/squid
lfs/strongswan
lfs/tor [new file with mode: 0644]
make.sh
src/initscripts/init.d/firewall
src/initscripts/init.d/tor [new file with mode: 0644]
src/misc-progs/Makefile
src/misc-progs/torctrl.c [new file with mode: 0644]
src/patches/arm-dont-require-distutils.patch [new file with mode: 0644]
src/patches/squid-3.1-10486.patch [new file with mode: 0644]
src/patches/squid-3.1-10487.patch [new file with mode: 0644]
src/scripts/setddns.pl

diff --git a/config/backup/includes/tor b/config/backup/includes/tor
new file mode 100644 (file)
index 0000000..bff4956
--- /dev/null
@@ -0,0 +1,4 @@
+/etc/tor
+/var/ipfire/tor
+/var/lib/tor/fingerprint
+/var/lib/tor/keys
diff --git a/config/menu/EX-tor.menu b/config/menu/EX-tor.menu
new file mode 100644 (file)
index 0000000..00ddffe
--- /dev/null
@@ -0,0 +1,6 @@
+$subipfire->{'50.tor'} = {
+       'caption' => $Lang::tr{'tor'},
+       'uri' => '/cgi-bin/tor.cgi',
+       'title' => $Lang::tr{'tor'},
+       'enabled' => 1,
+};
index 7233429..44ed110 100644 (file)
@@ -49,7 +49,7 @@ if (-f "${General::swroot}/ovpn/ovpnconfig"){
                exit 0 if ($cn eq $CN);
 
                # Compatibility code for incorrectly saved CNs.
-               $cn =~ s/\ /_/;
+               $cn =~ s/\ /_/g;
                exit 0 if ($cn eq $CN);
        }
 }
index ff6d731..25fca8d 100644 (file)
@@ -126,6 +126,7 @@ etc/rc.d/init.d/teamspeak
 etc/rc.d/init.d/template
 #etc/rc.d/init.d/tftpd
 etc/rc.d/init.d/tmpfs
+#etc/rc.d/init.d/tor
 etc/rc.d/init.d/udev
 etc/rc.d/init.d/udev_retry
 etc/rc.d/init.d/upnpd
index cd33ec4..8965ff7 100644 (file)
@@ -91,6 +91,7 @@ var/ipfire/menu.d/70-log.menu
 #var/ipfire/menu.d/EX-imspector.menu
 #var/ipfire/menu.d/EX-mpfire.menu
 #var/ipfire/menu.d/EX-samba.menu
+#var/ipfire/menu.d/EX-tor.menu
 #var/ipfire/menu.d/EX-tripwire.menu
 #var/ipfire/menu.d/EX-wlanap.menu
 var/ipfire/modem
index 10ec777..4467545 100644 (file)
@@ -21,7 +21,7 @@ usr/lib/daq
 #usr/lib/libdaq.la
 #usr/lib/libdaq.so
 usr/lib/libdaq.so.2
-usr/lib/libdaq.so.2.0.0
+usr/lib/libdaq.so.2.0.1
 #usr/lib/libdaq_static.a
 #usr/lib/libdaq_static.la
 #usr/lib/libdaq_static_modules.a
diff --git a/config/rootfiles/common/gperf b/config/rootfiles/common/gperf
new file mode 100644 (file)
index 0000000..7c3a1cb
--- /dev/null
@@ -0,0 +1,4 @@
+#usr/bin/gperf
+#usr/share/doc/gperf.html
+#usr/share/info/gperf.info
+#usr/share/man/man1/gperf.1
index 55cee86..3aca59e 100644 (file)
@@ -128,6 +128,7 @@ etc/rc.d/init.d/teamspeak
 etc/rc.d/init.d/template
 #etc/rc.d/init.d/tftpd
 etc/rc.d/init.d/tmpfs
+#etc/rc.d/init.d/tor
 #etc/rc.d/init.d/transmission
 etc/rc.d/init.d/udev
 etc/rc.d/init.d/udev_retry
index a8dac59..8fd9b0b 100644 (file)
@@ -32,6 +32,7 @@ usr/local/bin/squidctrl
 usr/local/bin/sshctrl
 usr/local/bin/syslogdctrl
 usr/local/bin/timectrl
+#usr/local/bin/torctrl
 #usr/local/bin/tripwirectrl
 usr/local/bin/updxlratorctrl
 usr/local/bin/upnpctrl
index 627b8d2..5d61ec1 100644 (file)
@@ -61,15 +61,18 @@ usr/lib/ipsec/plugins/libstrongswan-openssl.so
 usr/lib/ipsec/plugins/libstrongswan-pem.so
 usr/lib/ipsec/plugins/libstrongswan-pgp.so
 usr/lib/ipsec/plugins/libstrongswan-pkcs1.so
+usr/lib/ipsec/plugins/libstrongswan-pkcs12.so
 usr/lib/ipsec/plugins/libstrongswan-pkcs7.so
 usr/lib/ipsec/plugins/libstrongswan-pkcs8.so
 usr/lib/ipsec/plugins/libstrongswan-pubkey.so
 usr/lib/ipsec/plugins/libstrongswan-random.so
+usr/lib/ipsec/plugins/libstrongswan-rc2.so
 usr/lib/ipsec/plugins/libstrongswan-resolve.so
 usr/lib/ipsec/plugins/libstrongswan-revocation.so
 usr/lib/ipsec/plugins/libstrongswan-sha1.so
 usr/lib/ipsec/plugins/libstrongswan-sha2.so
 usr/lib/ipsec/plugins/libstrongswan-socket-default.so
+usr/lib/ipsec/plugins/libstrongswan-sshkey.so
 usr/lib/ipsec/plugins/libstrongswan-stroke.so
 usr/lib/ipsec/plugins/libstrongswan-updown.so
 usr/lib/ipsec/plugins/libstrongswan-x509.so
index 321a931..e8ae55d 100644 (file)
@@ -10,8 +10,8 @@ etc/ipsec.user.secrets
 var/log/cache
 var/updatecache
 etc/localtime
-var/ipfire/ovpn
 etc/ssh/ssh_config
 etc/ssh/sshd_config
 etc/ssl/openssl.cnf
 var/state/dhcp/dhcpd.leases
+etc/snort/snort.conf
diff --git a/config/rootfiles/core/72/filelists/daq b/config/rootfiles/core/72/filelists/daq
new file mode 120000 (symlink)
index 0000000..d0e0956
--- /dev/null
@@ -0,0 +1 @@
+../../../common/daq
\ No newline at end of file
index 7ab00d4..e8f90a1 100644 (file)
@@ -1,4 +1,11 @@
 etc/system-release
 etc/issue
+etc/rc.d/init.d/firewall
+srv/web/ipfire/cgi-bin/ddns.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
 usr/local/bin/openvpnctrl
+usr/local/bin/setddns.pl
+var/ipfire/langs
+var/ipfire/ovpn/verify
diff --git a/config/rootfiles/core/72/filelists/i586/strongswan-padlock b/config/rootfiles/core/72/filelists/i586/strongswan-padlock
new file mode 120000 (symlink)
index 0000000..2412824
--- /dev/null
@@ -0,0 +1 @@
+../../../../common/i586/strongswan-padlock
\ No newline at end of file
diff --git a/config/rootfiles/core/72/filelists/snort b/config/rootfiles/core/72/filelists/snort
new file mode 120000 (symlink)
index 0000000..9406ce0
--- /dev/null
@@ -0,0 +1 @@
+../../../common/snort
\ No newline at end of file
diff --git a/config/rootfiles/core/72/filelists/squid b/config/rootfiles/core/72/filelists/squid
new file mode 120000 (symlink)
index 0000000..2dc8372
--- /dev/null
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/core/72/filelists/strongswan b/config/rootfiles/core/72/filelists/strongswan
new file mode 120000 (symlink)
index 0000000..90c727e
--- /dev/null
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
index f365abb..c3dc20a 100644 (file)
@@ -34,7 +34,9 @@ done
 
 #
 #Stop services
-
+/etc/init.d/ipsec stop
+/etc/init.d/snort stop
+/etc/init.d/squid stop
 
 #
 #Extract files
@@ -43,10 +45,16 @@ extract_files
 
 #
 #Start services
+/etc/init.d/squid start
+/etc/init.d/snort start
+if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
+       /etc/init.d/ipsec start
+fi
+
 
 #
 #Update Language cache
-#perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
 
 sync
 
@@ -59,4 +67,3 @@ sync
 sendprofile
 #Don't report the exitcode last command
 exit 0
-
diff --git a/config/rootfiles/core/73/exclude b/config/rootfiles/core/73/exclude
new file mode 100644 (file)
index 0000000..321a931
--- /dev/null
@@ -0,0 +1,17 @@
+srv/web/ipfire/html/proxy.pac
+boot/config.txt
+etc/udev/rules.d/30-persistent-network.rules
+etc/collectd.custom
+etc/shadow
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+var/log/cache
+var/updatecache
+etc/localtime
+var/ipfire/ovpn
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+var/state/dhcp/dhcpd.leases
diff --git a/config/rootfiles/core/73/filelists/files b/config/rootfiles/core/73/filelists/files
new file mode 100644 (file)
index 0000000..409e5fe
--- /dev/null
@@ -0,0 +1,2 @@
+etc/system-release
+etc/issue
diff --git a/config/rootfiles/core/73/meta b/config/rootfiles/core/73/meta
new file mode 100644 (file)
index 0000000..d547fa8
--- /dev/null
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/core/73/update.sh b/config/rootfiles/core/73/update.sh
new file mode 100644 (file)
index 0000000..446e8a0
--- /dev/null
@@ -0,0 +1,63 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 3 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2013 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+#
+# Remove old core updates from pakfire cache to save space...
+core=73
+for (( i=1; i<=$core; i++ ))
+do
+       rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+
+#
+#Stop services
+
+
+#
+#Extract files
+extract_files
+
+
+#
+#Start services
+
+#
+#Update Language cache
+#perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+sync
+
+# This update need a reboot...
+#touch /var/run/need_reboot
+
+#
+#Finish
+/etc/init.d/fireinfo start
+sendprofile
+#Don't report the exitcode last command
+exit 0
+
diff --git a/config/rootfiles/packages/arm b/config/rootfiles/packages/arm
new file mode 100644 (file)
index 0000000..eb9d128
--- /dev/null
@@ -0,0 +1,166 @@
+usr/bin/arm
+#usr/share/arm
+#usr/share/arm-1.4.5.0-py2.7.egg-info
+usr/share/arm/TorCtl
+usr/share/arm/TorCtl/GeoIPSupport.py
+usr/share/arm/TorCtl/GeoIPSupport.pyc
+usr/share/arm/TorCtl/PathSupport.py
+usr/share/arm/TorCtl/PathSupport.pyc
+usr/share/arm/TorCtl/SQLSupport.py
+usr/share/arm/TorCtl/SQLSupport.pyc
+usr/share/arm/TorCtl/ScanSupport.py
+usr/share/arm/TorCtl/ScanSupport.pyc
+usr/share/arm/TorCtl/StatsSupport.py
+usr/share/arm/TorCtl/StatsSupport.pyc
+usr/share/arm/TorCtl/TorCtl.py
+usr/share/arm/TorCtl/TorCtl.pyc
+usr/share/arm/TorCtl/TorUtil.py
+usr/share/arm/TorCtl/TorUtil.pyc
+usr/share/arm/TorCtl/__init__.py
+usr/share/arm/TorCtl/__init__.pyc
+usr/share/arm/TorCtl/example.py
+usr/share/arm/TorCtl/example.pyc
+usr/share/arm/__init__.py
+usr/share/arm/__init__.pyc
+usr/share/arm/cli
+usr/share/arm/cli/__init__.py
+usr/share/arm/cli/__init__.pyc
+usr/share/arm/cli/configPanel.py
+usr/share/arm/cli/configPanel.pyc
+usr/share/arm/cli/connections
+usr/share/arm/cli/connections/__init__.py
+usr/share/arm/cli/connections/__init__.pyc
+usr/share/arm/cli/connections/circEntry.py
+usr/share/arm/cli/connections/circEntry.pyc
+usr/share/arm/cli/connections/connEntry.py
+usr/share/arm/cli/connections/connEntry.pyc
+usr/share/arm/cli/connections/connPanel.py
+usr/share/arm/cli/connections/connPanel.pyc
+usr/share/arm/cli/connections/countPopup.py
+usr/share/arm/cli/connections/countPopup.pyc
+usr/share/arm/cli/connections/descriptorPopup.py
+usr/share/arm/cli/connections/descriptorPopup.pyc
+usr/share/arm/cli/connections/entries.py
+usr/share/arm/cli/connections/entries.pyc
+usr/share/arm/cli/controller.py
+usr/share/arm/cli/controller.pyc
+usr/share/arm/cli/graphing
+usr/share/arm/cli/graphing/__init__.py
+usr/share/arm/cli/graphing/__init__.pyc
+usr/share/arm/cli/graphing/bandwidthStats.py
+usr/share/arm/cli/graphing/bandwidthStats.pyc
+usr/share/arm/cli/graphing/connStats.py
+usr/share/arm/cli/graphing/connStats.pyc
+usr/share/arm/cli/graphing/graphPanel.py
+usr/share/arm/cli/graphing/graphPanel.pyc
+usr/share/arm/cli/graphing/resourceStats.py
+usr/share/arm/cli/graphing/resourceStats.pyc
+usr/share/arm/cli/headerPanel.py
+usr/share/arm/cli/headerPanel.pyc
+usr/share/arm/cli/interpretorPanel.py
+usr/share/arm/cli/interpretorPanel.pyc
+usr/share/arm/cli/logPanel.py
+usr/share/arm/cli/logPanel.pyc
+usr/share/arm/cli/menu
+usr/share/arm/cli/menu/__init__.py
+usr/share/arm/cli/menu/__init__.pyc
+usr/share/arm/cli/menu/actions.py
+usr/share/arm/cli/menu/actions.pyc
+usr/share/arm/cli/menu/item.py
+usr/share/arm/cli/menu/item.pyc
+usr/share/arm/cli/menu/menu.py
+usr/share/arm/cli/menu/menu.pyc
+usr/share/arm/cli/popups.py
+usr/share/arm/cli/popups.pyc
+usr/share/arm/cli/torrcPanel.py
+usr/share/arm/cli/torrcPanel.pyc
+usr/share/arm/cli/wizard.py
+usr/share/arm/cli/wizard.pyc
+usr/share/arm/gui
+usr/share/arm/gui/__init__.py
+usr/share/arm/gui/__init__.pyc
+usr/share/arm/gui/arm.xml
+usr/share/arm/gui/configPanel.py
+usr/share/arm/gui/configPanel.pyc
+usr/share/arm/gui/connections
+usr/share/arm/gui/connections/__init__.py
+usr/share/arm/gui/connections/__init__.pyc
+usr/share/arm/gui/connections/circEntry.py
+usr/share/arm/gui/connections/circEntry.pyc
+usr/share/arm/gui/connections/connEntry.py
+usr/share/arm/gui/connections/connEntry.pyc
+usr/share/arm/gui/connections/connPanel.py
+usr/share/arm/gui/connections/connPanel.pyc
+usr/share/arm/gui/controller.py
+usr/share/arm/gui/controller.pyc
+usr/share/arm/gui/generalPanel.py
+usr/share/arm/gui/generalPanel.pyc
+usr/share/arm/gui/graphing
+usr/share/arm/gui/graphing/__init__.py
+usr/share/arm/gui/graphing/__init__.pyc
+usr/share/arm/gui/graphing/bandwidthStats.py
+usr/share/arm/gui/graphing/bandwidthStats.pyc
+usr/share/arm/gui/graphing/graphPanel.py
+usr/share/arm/gui/graphing/graphPanel.pyc
+usr/share/arm/gui/logPanel.py
+usr/share/arm/gui/logPanel.pyc
+usr/share/arm/prereq.py
+usr/share/arm/prereq.pyc
+#usr/share/arm/resources
+#usr/share/arm/resources/arm.1
+#usr/share/arm/resources/exitNotice
+#usr/share/arm/resources/exitNotice/how_tor_works_thumb.png
+#usr/share/arm/resources/exitNotice/index.html
+#usr/share/arm/resources/startTor
+#usr/share/arm/resources/tor-arm.desktop
+#usr/share/arm/resources/tor-arm.svg
+#usr/share/arm/resources/torConfigDesc.txt
+#usr/share/arm/resources/torrcOverride
+#usr/share/arm/resources/torrcOverride/override.c
+#usr/share/arm/resources/torrcOverride/override.h
+#usr/share/arm/resources/torrcOverride/override.py
+#usr/share/arm/resources/torrcTemplate.txt
+usr/share/arm/settings.cfg
+usr/share/arm/starter.py
+usr/share/arm/starter.pyc
+usr/share/arm/test.py
+usr/share/arm/test.pyc
+#usr/share/arm/uninstall
+usr/share/arm/util
+usr/share/arm/util/__init__.py
+usr/share/arm/util/__init__.pyc
+usr/share/arm/util/conf.py
+usr/share/arm/util/conf.pyc
+usr/share/arm/util/connections.py
+usr/share/arm/util/connections.pyc
+usr/share/arm/util/enum.py
+usr/share/arm/util/enum.pyc
+usr/share/arm/util/gtkTools.py
+usr/share/arm/util/gtkTools.pyc
+usr/share/arm/util/hostnames.py
+usr/share/arm/util/hostnames.pyc
+usr/share/arm/util/log.py
+usr/share/arm/util/log.pyc
+usr/share/arm/util/panel.py
+usr/share/arm/util/panel.pyc
+usr/share/arm/util/procName.py
+usr/share/arm/util/procName.pyc
+usr/share/arm/util/procTools.py
+usr/share/arm/util/procTools.pyc
+usr/share/arm/util/sysTools.py
+usr/share/arm/util/sysTools.pyc
+usr/share/arm/util/textInput.py
+usr/share/arm/util/textInput.pyc
+usr/share/arm/util/torConfig.py
+usr/share/arm/util/torConfig.pyc
+usr/share/arm/util/torInterpretor.py
+usr/share/arm/util/torInterpretor.pyc
+usr/share/arm/util/torTools.py
+usr/share/arm/util/torTools.pyc
+usr/share/arm/util/uiTools.py
+usr/share/arm/util/uiTools.pyc
+usr/share/arm/version.py
+usr/share/arm/version.pyc
+#usr/share/doc/arm
+#usr/share/doc/arm/armrc.sample
+#usr/share/man/man1/arm.1.gz
diff --git a/config/rootfiles/packages/tor b/config/rootfiles/packages/tor
new file mode 100644 (file)
index 0000000..8eb6dad
--- /dev/null
@@ -0,0 +1,31 @@
+#etc/logrotate.d
+etc/logrotate.d/tor
+etc/rc.d/init.d/tor
+#etc/tor
+etc/tor/tor-tsocks.conf
+etc/tor/torrc
+srv/web/ipfire/cgi-bin/tor.cgi
+usr/bin/tor
+usr/bin/tor-gencert
+usr/bin/tor-resolve
+#usr/bin/torify
+usr/local/bin/torctrl
+#usr/share/doc/tor
+#usr/share/doc/tor/tor-gencert.html
+#usr/share/doc/tor/tor-resolve.html
+#usr/share/doc/tor/tor.html
+#usr/share/doc/tor/torify.html
+#usr/share/man/man1/tor-gencert.1
+#usr/share/man/man1/tor-resolve.1
+#usr/share/man/man1/tor.1
+#usr/share/man/man1/torify.1
+usr/share/tor
+usr/share/tor/defaults-torrc
+usr/share/tor/geoip
+var/ipfire/backup/addons/includes/tor
+var/ipfire/menu.d/EX-tor.menu
+var/ipfire/tor
+var/ipfire/tor/settings
+var/ipfire/tor/torrc
+var/lib/tor
+var/log/tor
diff --git a/config/tor/defaults-torrc b/config/tor/defaults-torrc
new file mode 100644 (file)
index 0000000..703d821
--- /dev/null
@@ -0,0 +1,3 @@
+DataDirectory /var/lib/tor
+User nobody
+Log notice syslog
diff --git a/config/tor/tor.logrotate b/config/tor/tor.logrotate
new file mode 100644 (file)
index 0000000..49fe002
--- /dev/null
@@ -0,0 +1,13 @@
+/var/log/tor/*.log {
+    daily
+    rotate 5
+    compress
+    delaycompress
+    missingok
+    notifempty
+    create 0640 nobody nobody
+    sharedscripts
+    postrotate
+        /etc/init.d/tor reload >/dev/null 2>&1 || :
+    endscript
+}
index 3b6e117..bbe5e1d 100644 (file)
@@ -406,6 +406,10 @@ WARNING: translation string unused: to email adr
 WARNING: translation string unused: to install an update
 WARNING: translation string unused: to warn email bad
 WARNING: translation string unused: too long 80 char max
+WARNING: translation string unused: tor accounting period daily
+WARNING: translation string unused: tor accounting period monthly
+WARNING: translation string unused: tor accounting period weekly
+WARNING: translation string unused: tor exit country
 WARNING: translation string unused: traffic back
 WARNING: translation string unused: traffic calc time
 WARNING: translation string unused: traffic calc time bad
index 8f530a3..1248957 100644 (file)
@@ -437,6 +437,12 @@ WARNING: translation string unused: to email adr
 WARNING: translation string unused: to install an update
 WARNING: translation string unused: to warn email bad
 WARNING: translation string unused: too long 80 char max
+WARNING: translation string unused: tor accounting period daily
+WARNING: translation string unused: tor accounting period monthly
+WARNING: translation string unused: tor accounting period weekly
+WARNING: translation string unused: tor bridge enabled
+WARNING: translation string unused: tor errmsg invalid node id
+WARNING: translation string unused: tor exit country
 WARNING: translation string unused: traffic back
 WARNING: translation string unused: traffic calc time
 WARNING: translation string unused: traffic calc time bad
index 2258d1b..790ce1a 100644 (file)
@@ -549,6 +549,13 @@ WARNING: untranslated string: ccd routes
 WARNING: untranslated string: ccd subnet
 WARNING: untranslated string: ccd used
 WARNING: untranslated string: deprecated fs warn
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
@@ -618,6 +625,50 @@ WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
 WARNING: untranslated string: static routes
 WARNING: untranslated string: system information
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn keyexchange
index 58f4454..41d8d9d 100644 (file)
@@ -549,6 +549,13 @@ WARNING: untranslated string: ccd subnet
 WARNING: untranslated string: ccd used
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: dns address deleted txt
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
@@ -603,6 +610,50 @@ WARNING: untranslated string: server restart
 WARNING: untranslated string: snort working
 WARNING: untranslated string: static routes
 WARNING: untranslated string: system information
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: upload new ruleset
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: urlfilter file ext block
index d7a7ff7..46838b0 100644 (file)
@@ -513,6 +513,13 @@ WARNING: untranslated string: age sminute
 WARNING: untranslated string: age ssecond
 WARNING: untranslated string: bytes
 WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: new
 WARNING: untranslated string: outgoing firewall reserved groupname
 WARNING: untranslated string: qos enter bandwidths
@@ -520,6 +527,50 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: wlan client
 WARNING: untranslated string: wlan client advanced settings
index 2258d1b..790ce1a 100644 (file)
@@ -549,6 +549,13 @@ WARNING: untranslated string: ccd routes
 WARNING: untranslated string: ccd subnet
 WARNING: untranslated string: ccd used
 WARNING: untranslated string: deprecated fs warn
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
@@ -618,6 +625,50 @@ WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
 WARNING: untranslated string: static routes
 WARNING: untranslated string: system information
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn keyexchange
index 7b83295..6700696 100644 (file)
@@ -542,6 +542,13 @@ WARNING: untranslated string: ccd used
 WARNING: untranslated string: community rules
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: disk access per
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: emerging rules
 WARNING: untranslated string: extrahd because there is already a device mounted
 WARNING: untranslated string: extrahd cant umount
@@ -583,6 +590,50 @@ WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
 WARNING: untranslated string: server restart
 WARNING: untranslated string: static routes
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: uptime load average
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn keyexchange
index 1756840..6c4502f 100644 (file)
@@ -510,12 +510,63 @@ WARNING: translation string unused: year-graph
 WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: bytes
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
 WARNING: untranslated string: new
 WARNING: untranslated string: outgoing firewall reserved groupname
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
 WARNING: untranslated string: wlan client
 WARNING: untranslated string: wlan client advanced settings
 WARNING: untranslated string: wlan client and
index b78b367..3c611e6 100644 (file)
 < ccd used
 < deprecated fs warn
 < dns address deleted txt
+< dnsforward
+< dnsforward add a new entry
+< dnsforward configuration
+< dnsforward edit an entry
+< dnsforward entries
+< dnsforward forward_server
+< dnsforward zone
 < fireinfo ipfire version
 < fireinfo is disabled
 < fireinfo is enabled
 < snort working
 < static routes
 < system information
+< tor
+< tor accounting
+< tor accounting bytes
+< tor accounting bytes left
+< tor accounting interval
+< tor accounting limit
+< tor accounting period
+< tor accounting period daily
+< tor accounting period monthly
+< tor accounting period weekly
+< tor acls
+< tor allowed subnets
+< tor bandwidth burst
+< tor bandwidth rate
+< tor bandwidth settings
+< tor bandwidth unlimited
+< tor common settings
+< tor configuration
+< tor connected relays
+< tor contact info
+< tor enabled
+< tor errmsg invalid accounting limit
+< tor errmsg invalid ip or mask
+< tor errmsg invalid relay address
+< tor errmsg invalid relay name
+< tor errmsg invalid relay port
+< tor errmsg invalid socks port
+< tor exit country
+< tor exit country any
+< tor exit nodes
+< tor relay address
+< tor relay configuration
+< tor relay enabled
+< tor relay external address
+< tor relay fingerprint
+< tor relay mode
+< tor relay mode bridge
+< tor relay mode exit
+< tor relay mode private bridge
+< tor relay mode relay
+< tor relay nickname
+< tor relay port
+< tor socks port
+< tor stats
+< tor traffic limit hard
+< tor traffic limit soft
+< tor traffic read written
+< tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
 < upload new ruleset
 < ccd subnet
 < ccd used
 < deprecated fs warn
+< dnsforward
+< dnsforward add a new entry
+< dnsforward configuration
+< dnsforward edit an entry
+< dnsforward entries
+< dnsforward forward_server
+< dnsforward zone
 < fireinfo ipfire version
 < fireinfo is disabled
 < fireinfo is enabled
 < Set time on boot
 < static routes
 < system information
+< tor
+< tor accounting
+< tor accounting bytes
+< tor accounting bytes left
+< tor accounting interval
+< tor accounting limit
+< tor accounting period
+< tor accounting period daily
+< tor accounting period monthly
+< tor accounting period weekly
+< tor acls
+< tor allowed subnets
+< tor bandwidth burst
+< tor bandwidth rate
+< tor bandwidth settings
+< tor bandwidth unlimited
+< tor common settings
+< tor configuration
+< tor connected relays
+< tor contact info
+< tor enabled
+< tor errmsg invalid accounting limit
+< tor errmsg invalid ip or mask
+< tor errmsg invalid relay address
+< tor errmsg invalid relay name
+< tor errmsg invalid relay port
+< tor errmsg invalid socks port
+< tor exit country
+< tor exit country any
+< tor exit nodes
+< tor relay address
+< tor relay configuration
+< tor relay enabled
+< tor relay external address
+< tor relay fingerprint
+< tor relay mode
+< tor relay mode bridge
+< tor relay mode exit
+< tor relay mode private bridge
+< tor relay mode relay
+< tor relay nickname
+< tor relay port
+< tor socks port
+< tor stats
+< tor traffic limit hard
+< tor traffic limit soft
+< tor traffic read written
+< tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
 < uptime
 < ccd subnet
 < ccd used
 < deprecated fs warn
+< dnsforward
+< dnsforward add a new entry
+< dnsforward configuration
+< dnsforward edit an entry
+< dnsforward entries
+< dnsforward forward_server
+< dnsforward zone
 < extrahd because there is already a device mounted
 < extrahd cant umount
 < extrahd install or load driver
 < qos enter bandwidths
 < server restart
 < static routes
+< tor
+< tor accounting
+< tor accounting bytes
+< tor accounting bytes left
+< tor accounting interval
+< tor accounting limit
+< tor accounting period
+< tor accounting period daily
+< tor accounting period monthly
+< tor accounting period weekly
+< tor acls
+< tor allowed subnets
+< tor bandwidth burst
+< tor bandwidth rate
+< tor bandwidth settings
+< tor bandwidth unlimited
+< tor common settings
+< tor configuration
+< tor connected relays
+< tor contact info
+< tor enabled
+< tor errmsg invalid accounting limit
+< tor errmsg invalid ip or mask
+< tor errmsg invalid relay address
+< tor errmsg invalid relay name
+< tor errmsg invalid relay port
+< tor errmsg invalid socks port
+< tor exit country
+< tor exit country any
+< tor exit nodes
+< tor relay address
+< tor relay configuration
+< tor relay enabled
+< tor relay external address
+< tor relay fingerprint
+< tor relay mode
+< tor relay mode bridge
+< tor relay mode exit
+< tor relay mode private bridge
+< tor relay mode relay
+< tor relay nickname
+< tor relay port
+< tor socks port
+< tor stats
+< tor traffic limit hard
+< tor traffic limit soft
+< tor traffic read written
+< tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
 < uptime
 < day-graph
 < deprecated fs warn
 < disk access per
+< dnsforward
+< dnsforward add a new entry
+< dnsforward configuration
+< dnsforward edit an entry
+< dnsforward entries
+< dnsforward forward_server
+< dnsforward zone
 < Edit an existing route
 < extrahd because there is already a device mounted
 < extrahd cant umount
 < qos enter bandwidths
 < server restart
 < static routes
+< tor
+< tor accounting
+< tor accounting bytes
+< tor accounting bytes left
+< tor accounting interval
+< tor accounting limit
+< tor accounting period
+< tor accounting period daily
+< tor accounting period monthly
+< tor accounting period weekly
+< tor acls
+< tor allowed subnets
+< tor bandwidth burst
+< tor bandwidth rate
+< tor bandwidth settings
+< tor bandwidth unlimited
+< tor common settings
+< tor configuration
+< tor connected relays
+< tor contact info
+< tor enabled
+< tor errmsg invalid accounting limit
+< tor errmsg invalid ip or mask
+< tor errmsg invalid relay address
+< tor errmsg invalid relay name
+< tor errmsg invalid relay port
+< tor errmsg invalid socks port
+< tor exit country
+< tor exit country any
+< tor exit nodes
+< tor relay address
+< tor relay configuration
+< tor relay enabled
+< tor relay external address
+< tor relay fingerprint
+< tor relay mode
+< tor relay mode bridge
+< tor relay mode exit
+< tor relay mode private bridge
+< tor relay mode relay
+< tor relay nickname
+< tor relay port
+< tor socks port
+< tor stats
+< tor traffic limit hard
+< tor traffic limit soft
+< tor traffic read written
+< tor use exit nodes
 < updxlrtr sources
 < updxlrtr standard view
 < uptime
index d840d39..88847a0 100644 (file)
@@ -232,6 +232,7 @@ if ($settings{'ACTION'} eq '')
 &Header::openbigbox('100%', 'left', '', $errormessage);
 
 my %checked =();     # Checkbox manipulations
+$checked{'SERVICE'}{'all-inkl.com'} = '';
 $checked{'SERVICE'}{'cjb.net'} = '';
 $checked{'SERVICE'}{'dhs.org'} = '';
 $checked{'SERVICE'}{'dnspark.com'} = '';
@@ -327,6 +328,7 @@ print <<END
 <tr>
     <td width='25%' class='base'>$Lang::tr{'service'}:</td>
     <td width='25%'><select size='1' name='SERVICE'>
+    <option $checked{'SERVICE'}{'all-inkl.com'}>all-inkl.com</option>
     <option $checked{'SERVICE'}{'cjb.net'}>cjb.net</option>
     <option $checked{'SERVICE'}{'dhs.org'}>dhs.org</option>
     <option $checked{'SERVICE'}{'dnspark.com'}>dnspark.com</option>
index 62bb03a..4bd0128 100644 (file)
@@ -263,7 +263,7 @@ if (-e "/etc/snort/snort.conf") {
 #######################  End added for snort rules control  #################################
 
 if ($snortsettings{'RULES'} eq 'subscripted') {
-       $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
+       $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2953.tar.gz/$snortsettings{'OINKCODE'}";
 } elsif ($snortsettings{'RULES'} eq 'registered') {
        $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
 } elsif ($snortsettings{'RULES'} eq 'community') {
diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
new file mode 100644 (file)
index 0000000..2a31dd4
--- /dev/null
@@ -0,0 +1,902 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2013  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+use Locale::Country;
+
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::colouryellow} );
+undef (@dummy);
+
+my @bandwidth_limits = (
+       1000 * 1024, # 1G
+        500 * 1024,
+        200 * 1024,
+        100 * 1024, # 100M
+         64 * 1024,
+         50 * 1024,
+         25 * 1024,
+         20 * 1024,
+         16 * 1024,
+         10 * 1024,
+          8 * 1024,
+          4 * 1024,
+          2 * 1024,
+              1024, # 1M
+               512,
+               256,
+               160
+);
+my @accounting_periods = ('daily', 'weekly', 'monthly');
+
+my $TOR_CONTROL_PORT = 9051;
+
+our %netsettings = ();
+&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+our %settings = ();
+
+$settings{'TOR_ENABLED'} = 'off';
+$settings{'TOR_SOCKS_PORT'} = 9050;
+$settings{'TOR_EXIT_COUNTRY'} = '';
+$settings{'TOR_USE_EXIT_NODES'} = '';
+$settings{'TOR_ALLOWED_SUBNETS'} = "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}";
+if (&Header::blue_used()) {
+       $settings{'TOR_ALLOWED_SUBNETS'} .= ",$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}";
+}
+
+$settings{'TOR_RELAY_ENABLED'} = 'off';
+$settings{'TOR_RELAY_MODE'} = 'exit';
+$settings{'TOR_RELAY_ADDRESS'} = '';
+$settings{'TOR_RELAY_PORT'} = 9001;
+$settings{'TOR_RELAY_NICKNAME'} = '';
+$settings{'TOR_RELAY_CONTACT_INFO'} = '';
+$settings{'TOR_RELAY_BANDWIDTH_RATE'} = 0;
+$settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
+$settings{'TOR_RELAY_ACCOUNTING_LIMIT'} = 0;
+$settings{'TOR_RELAY_ACCOUNTING_PERIOD'} = 'daily';
+
+$settings{'ACTION'} = '';
+
+my $errormessage = '';
+my $warnmessage = '';
+
+&Header::showhttpheaders();
+
+# Get GUI values.
+&Header::getcgihash(\%settings);
+
+# Create tor command connection.
+our $torctrl = &TorConnect();
+
+# Toggle enable/disable field.
+if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
+       if ($settings{'TOR_RELAY_NICKNAME'} ne '') {
+               if ($settings{'TOR_RELAY_NICKNAME'} !~ /^[a-zA-Z0-9]+$/) {
+                       $errormessage = "$Lang::tr{'tor errmsg invalid relay name'}: $settings{'TOR_RELAY_NICKNAME'}";
+               }
+       }
+
+       if (!&General::validport($settings{'TOR_SOCKS_PORT'})) {
+               $errormessage = "$Lang::tr{'tor errmsg invalid socks port'}: $settings{'TOR_SOCKS_PORT'}";
+       }
+
+       if (!&General::validport($settings{'TOR_RELAY_PORT'})) {
+               $errormessage = "$Lang::tr{'tor errmsg invalid relay port'}: $settings{'TOR_RELAY_PORT'}";
+       }
+
+       if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
+               if ((!&General::validfqdn($settings{'TOR_RELAY_ADDRESS'})) && (!&General::validip($settings{'TOR_RELAY_ADDRESS'}))) {
+                       $errormessage = "$Lang::tr{'tor errmsg invalid relay address'}: $settings{'TOR_RELAY_ADDRESS'}";
+               }
+       }
+
+       if ($settings{'TOR_RELAY_ACCOUNTING_LIMIT'} !~ /^\d+$/) {
+               $errormessage = "$Lang::tr{'tor errmsg invalid accounting limit'}: $settings{'TOR_RELAY_ACCOUNTING_LIMIT'}";
+       }
+
+       my @temp = split(/[\n,]/,$settings{'TOR_ALLOWED_SUBNETS'});
+       $settings{'TOR_ALLOWED_SUBNETS'} = "";
+       foreach (@temp) {
+               s/^\s+//g; s/\s+$//g;
+               if ($_) {
+                       unless (&General::validipandmask($_)) {
+                               $errormessage = "$Lang::tr{'tor errmsg invalid ip or mask'}: $_";
+                       }
+                       $settings{'TOR_ALLOWED_SUBNETS'} .= $_.",";
+               }
+       }
+
+       @temp = split(/[\n,]/,$settings{'TOR_USE_EXIT_NODES'});
+       $settings{'TOR_USE_EXIT_NODES'} = "";
+       foreach (@temp) {
+               s/^\s+//g; s/\s+$//g;
+               if ($_) {
+                       $settings{'TOR_USE_EXIT_NODES'} .= $_.",";
+               }
+       }
+
+       # Burst bandwidth must be less or equal to bandwidth rate.
+       if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} == 0) {
+               $settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
+
+       } elsif ($settings{'TOR_RELAY_BANDWIDTH_BURST'} < $settings{'TOR_RELAY_BANDWIDTH_RATE'}) {
+               $settings{'TOR_RELAY_BANDWIDTH_BURST'} = $settings{'TOR_RELAY_BANDWIDTH_RATE'};
+       }
+
+       if ($errormessage eq '') {
+               # Write configuration settings to file.
+               &General::writehash("${General::swroot}/tor/settings", \%settings);
+
+               # Update configuration files.
+               &BuildConfiguration();
+       }
+} else {
+       # Load settings from file.
+       &General::readhash("${General::swroot}/tor/settings", \%settings);
+}
+
+&showMainBox();
+
+# Close Tor control connection.
+&TorClose($torctrl);
+
+# Functions
+
+sub showMainBox() {
+       my %checked = ();
+       my %selected = ();
+
+       $checked{'TOR_ENABLED'}{'on'} = '';
+       $checked{'TOR_ENABLED'}{'off'} = '';
+       $checked{'TOR_ENABLED'}{$settings{'TOR_ENABLED'}} = 'checked';
+
+       $checked{'TOR_RELAY_ENABLED'}{'on'} = '';
+       $checked{'TOR_RELAY_ENABLED'}{'off'} = '';
+       $checked{'TOR_RELAY_ENABLED'}{$settings{'TOR_RELAY_ENABLED'}} = 'checked';
+
+       &Header::openpage($Lang::tr{'tor configuration'}, 1, '');
+       &Header::openbigbox('100%', 'left', '', $errormessage);
+
+       if ($errormessage) {
+               &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+               print "<font class='base'>$errormessage&nbsp;</font>\n";
+               &Header::closebox();
+       }
+
+       print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
+
+       &Header::openbox('100%', 'left', $Lang::tr{'tor configuration'});
+
+       print <<END;
+               <table width='100%'>
+                       <tr>
+                               <td colspan='4' class='base'><b>$Lang::tr{'tor common settings'}</b></td>
+                       </tr>
+                       <tr>
+                               <td width='25%' class='base'>$Lang::tr{'tor enabled'}:</td>
+                               <td width='30%'><input type='checkbox' name='TOR_ENABLED' $checked{'TOR_ENABLED'}{'on'} /></td>
+                               <td width='25%' class='base'>$Lang::tr{'tor socks port'}:</td>
+                               <td width='20%'><input type='text' name='TOR_SOCKS_PORT' value='$settings{'TOR_SOCKS_PORT'}' size='5' /></td>
+                       </tr>
+                       <tr>
+                               <td width='25%' class='base'>$Lang::tr{'tor relay enabled'}:</td>
+                               <td width='30%'><input type='checkbox' name='TOR_RELAY_ENABLED' $checked{'TOR_RELAY_ENABLED'}{'on'} /></td>
+                               <td width='25%' class='base'></td>
+                               <td width='20%'></td>
+                       </tr>
+               </table>
+END
+
+       my @temp = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
+       $settings{'TOR_ALLOWED_SUBNETS'} = join("\n", @temp);
+
+       @temp = split(",", $settings{'TOR_USE_EXIT_NODES'});
+       $settings{'TOR_USE_EXIT_NODES'} = join("\n", @temp);
+
+       print <<END;
+               <br>
+               <hr size='1'>
+               <br>
+
+               <table width='100%'>
+                       <tr>
+                               <td colspan='4' class='base'><b>$Lang::tr{'tor acls'}</b></td>
+                       </tr>
+                       <tr>
+                               <td colspan='2' class='base' width='55%'>
+                                       $Lang::tr{'tor allowed subnets'}:
+                               </td>
+                               <td colspan='2' width='45%'></td>
+                       </tr>
+                       <tr>
+                               <td colspan='2' class='base' width='55%'>
+                                       <textarea name='TOR_ALLOWED_SUBNETS' cols='32' rows='3' wrap='off'>$settings{'TOR_ALLOWED_SUBNETS'}</textarea>
+                               </td>
+                               <td colspan='2' width='45%'></td>
+                       </tr>
+               </table>
+
+               <br>
+               <hr size='1'>
+               <br>
+
+               <table width='100%'>
+                       <tr>
+                               <td colspan='4' class='base'><b>$Lang::tr{'tor exit nodes'}</b></td>
+                       </tr>
+                       <tr>
+                               <td colspan='2' class='base' width='55%'></td>
+                               <td colspan='2' class='base' width='45%'>$Lang::tr{'tor use exit nodes'}:</td>
+                       </tr>
+                       <tr>
+                               <td width='50%' colspan='2'>
+                                       <select name='TOR_EXIT_COUNTRY'>
+                                               <option value=''>- $Lang::tr{'tor exit country any'} -</option>
+END
+
+               my @country_names = Locale::Country::all_country_names();
+               foreach my $country_name (sort @country_names) {
+                       my $country_code = Locale::Country::country2code($country_name);
+                       $country_code = uc($country_code);
+                       print "<option value='$country_code'>$country_name ($country_code)</option>\n";
+               }
+
+       print <<END;
+                                       </select>
+                               </td>
+                               <td width='50%' colspan='2'>
+                                       <textarea name='TOR_USE_EXIT_NODES' cols='32' rows='3' wrap='off'>$settings{'TOR_USE_EXIT_NODES'}</textarea>
+                               </td>
+                       </tr>
+               </table>
+               <br><br>
+END
+
+       &Header::closebox();
+
+       # Tor relay box
+       $selected{'TOR_RELAY_MODE'}{'bridge'} = '';
+       $selected{'TOR_RELAY_MODE'}{'exit'} = '';
+       $selected{'TOR_RELAY_MODE'}{'private-bridge'} = '';
+       $selected{'TOR_RELAY_MODE'}{'relay'} = '';
+       $selected{'TOR_RELAY_MODE'}{$settings{'TOR_RELAY_MODE'}} = 'selected';
+
+       $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'} = '';
+       foreach (@bandwidth_limits) {
+               $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_} = '';
+       }
+       $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$settings{'TOR_RELAY_BANDWIDTH_RATE'}} = 'selected';
+
+       $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'} = '';
+       foreach (@bandwidth_limits) {
+               $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_} = '';
+       }
+       $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$settings{'TOR_RELAY_BANDWIDTH_BURST'}} = 'selected';
+
+       foreach (@accounting_periods) {
+               $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_} = '';
+       }
+       $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$settings{'TOR_RELAY_ACCOUNTING_PERIOD'}} = 'selected';
+
+       &Header::openbox('100%', 'left', $Lang::tr{'tor relay configuration'});
+
+       print <<END;
+               <table width='100%'>
+                       <tr>
+                               <td width='25%' class='base'>$Lang::tr{'tor relay mode'}:</td>
+                               <td width='30%'>
+                                       <select name='TOR_RELAY_MODE'>
+                                               <option value='exit' $selected{'TOR_RELAY_MODE'}{'exit'}>$Lang::tr{'tor relay mode exit'}</option>
+                                               <option value='relay' $selected{'TOR_RELAY_MODE'}{'relay'}>$Lang::tr{'tor relay mode relay'}</option>
+                                               <option value='bridge' $selected{'TOR_RELAY_MODE'}{'bridge'}>$Lang::tr{'tor relay mode bridge'}</option>
+                                               <option value='private-bridge' $selected{'TOR_RELAY_MODE'}{'private-bridge'}>$Lang::tr{'tor relay mode private bridge'}</option>
+                                       </select>
+                               </td>
+                               <td width='25%' class='base'>$Lang::tr{'tor relay nickname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+                               <td width='20%'>
+                                       <input type='text' name='TOR_RELAY_NICKNAME' value='$settings{'TOR_RELAY_NICKNAME'}' />
+                               </td>
+                       </tr>
+                       <tr>
+                               <td width='25%' class='base'>$Lang::tr{'tor relay address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+                               <td width='30%'>
+                                       <input type='text' name='TOR_RELAY_ADDRESS' value='$settings{'TOR_RELAY_ADDRESS'}' />
+                               </td>
+                               <td width='25%' class='base'>$Lang::tr{'tor relay port'}:</td>
+                               <td width='20%'>
+                                       <input type='text' name='TOR_RELAY_PORT' value='$settings{'TOR_RELAY_PORT'}' size='5' />
+                               </td>
+                       </tr>
+                       <tr>
+                               <td width='25%' class='base'>$Lang::tr{'tor contact info'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+                               <td width='75%' colspan='3'>
+                                       <input type='text' name='TOR_RELAY_CONTACT_INFO' value='$settings{'TOR_RELAY_CONTACT_INFO'}' style='width: 98%;' />
+                               </td>
+                       </tr>
+               </table>
+
+               <hr size='1'>
+
+               <table width='100%'>
+                       <tr>
+                               <td colspan='4' class='base'><b>$Lang::tr{'tor bandwidth settings'}</b></td>
+                       </tr>
+                       <tr>
+                               <td width='25%' class='base'>$Lang::tr{'tor bandwidth rate'}:</td>
+                               <td width='30%' class='base'>
+                                       <select name='TOR_RELAY_BANDWIDTH_RATE'>
+END
+
+       foreach (@bandwidth_limits) {
+               if ($_ >= 1024) {
+                       print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
+               } else {
+                       print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>$_ kBit/s</option>\n";
+               }
+       }
+
+       print <<END;
+                                               <option value='0' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
+                                       </select>
+                               </td>
+                               <td width='25%' class='base'>$Lang::tr{'tor accounting limit'}:</td>
+                               <td width='20%'>
+                                       <input type='text' name='TOR_RELAY_ACCOUNTING_LIMIT' value='$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}' size='12' />
+                               </td>
+                       </tr>
+                       <tr>
+                               <td width='25%' class='base'>$Lang::tr{'tor bandwidth burst'}:</td>
+                               <td width='20%' class='base'>
+                                       <select name='TOR_RELAY_BANDWIDTH_BURST'>
+END
+
+       foreach (@bandwidth_limits) {
+               if ($_ >= 1024) {
+                       print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
+               } else {
+                       print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>$_ kBit/s</option>\n";
+               }
+       }
+       print <<END;
+                                               <option value='0' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
+                                       </select>
+                               </td>
+                               <td width='25%' class='base'>$Lang::tr{'tor accounting period'}:</td>
+                               <td width='20%'>
+                                       <select name='TOR_RELAY_ACCOUNTING_PERIOD'>
+END
+
+       foreach (@accounting_periods) {
+               print "<option value='$_' $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_}>$Lang::tr{'tor accounting period '.$_}</option>";
+       }
+
+       print <<END;
+                                       </select>
+                               </td>
+                       </tr>
+               </table>
+END
+
+       &Header::closebox();
+
+       print <<END;
+               <table width='100%'>
+                       <tr>
+                               <td>
+                                       <img src='/blob.gif' align='top' alt='*' />&nbsp;<font class='base'>$Lang::tr{'this field may be blank'}</font>
+                               </td>
+                               <td align='right'>&nbsp;</td>
+                       </tr>
+               </table>
+
+               <hr>
+
+               <table width='100%'>
+                       <tr>
+                               <td>&nbsp;</td>
+                               <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+                               <td>&nbsp;</td>
+                       </tr>
+               </table>
+END
+
+       # If we have a control connection, show the stats.
+       if ($torctrl) {
+               &Header::openbox('100%', 'left', $Lang::tr{'tor stats'});
+
+               my @traffic = &TorTrafficStats($torctrl);
+
+               if (@traffic) {
+                       print <<END;
+                               <table width='100%'>
+END
+
+               if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
+                       my $fingerprint = &TorRelayFingerprint($torctrl);
+                       if ($fingerprint) {
+                               print <<END;
+                                       <tr>
+                                               <td width='40%' class='base'>$Lang::tr{'tor relay fingerprint'}:</td>
+                                               <td width='60%'>
+                                                       <a href='https://atlas.torproject.org/#details/$fingerprint' target='_blank'>$fingerprint</a>
+                                               </td>
+                                       </tr>
+END
+                       }
+               }
+
+               my $address = TorGetInfo($torctrl, "address");
+               if ($address) {
+                       print <<END;
+                               <tr>
+                                       <td width='40%' class='base'>$Lang::tr{'tor relay external address'}:</td>
+                                       <td width='60%'>$address</td>
+                               </tr>
+END
+               }
+
+               print <<END;
+                                       <tr>
+                                               <td width='40%'>$Lang::tr{'tor traffic read written'}:</td>
+END
+                       print "<td width='60%'>" . &FormatBytes($traffic[0]) ."/". &FormatBytes($traffic[1]) . "</td>";
+                       print <<END;
+                                       </tr>
+                               </table>
+END
+               }
+
+               my $accounting = &TorAccountingStats($torctrl);
+               if ($accounting) {
+                       print <<END;
+                               <table width='100%'>
+                                       <tr>
+                                               <td colspan='2' class='base'><b>$Lang::tr{'tor accounting'}</b></td>
+                                       </tr>
+END
+
+                       if ($accounting->{'hibernating'} eq "hard") {
+                               print <<END;
+                                       <tr>
+                                               <td class='base' colspan='2' bgcolor="$Header::colourred" align='center'>
+                                                       <font color='white'>$Lang::tr{'tor traffic limit hard'}</font>
+                                               </td>
+                                       </tr>
+END
+                       } elsif ($accounting->{'hibernating'} eq "soft") {
+                               print <<END;
+                                       <tr>
+                                               <td class='base' colspan='2' bgcolor="$Header::colourorange" align='center'>
+                                                       <font color='white'>$Lang::tr{'tor traffic limit soft'}</font>
+                                               </td>
+                                       </tr>
+END
+                       }
+
+                       print <<END;
+                                       <tr>
+                                               <td width='40%' class='base'>$Lang::tr{'tor accounting interval'}</td>
+                                               <td width='60%'>
+                                                       $accounting->{'interval-start'} - $accounting->{'interval-end'}
+                                               </td>
+                                       </tr>
+                                       <tr>
+                                               <td width='40%' class='base'>$Lang::tr{'tor accounting bytes'}</td>
+                                               <td width='60%'>
+END
+
+                       print &FormatBytes($accounting->{'bytes_read'}) . "/" . &FormatBytes($accounting->{'bytes_written'});
+                       print " (" . &FormatBytes($accounting->{'bytes-left_read'}) . "/" . &FormatBytes($accounting->{'bytes-left_written'});
+                       print " $Lang::tr{'tor accounting bytes left'})";
+
+                       print <<END;
+                                               </td>
+                                       </tr>
+                               </table>
+END
+               }
+
+               my @nodes = &TorORConnStatus($torctrl);
+               if (@nodes) {
+                       my $nodes_length = scalar @nodes;
+                       print <<END;
+                               <table width='100%'>
+                                       <tr>
+                                               <td width='40%' class='base'><b>$Lang::tr{'tor connected relays'}</b></td>
+                                               <td width='60%' colspan='2'>($nodes_length)</td>
+                                       </tr>
+END
+
+                       foreach my $node (@nodes) {
+                               print <<END;
+                                       <tr>
+                                               <td width='40%'>
+                                                       <a href='https://atlas.torproject.org/#details/$node->{'fingerprint'}' target='_blank'>
+                                                               $node->{'name'}
+                                                       </a>
+                                               </td>
+                                               <td width='30%'>
+END
+
+                               if (exists($node->{'country_code'})) {
+                                               print "<a href='country.cgi#$node->{'country_code'}'><img src='/images/flags/$node->{'country_code'}.png' border='0' align='absmiddle' alt='$node->{'country_code'}'></a>";
+                               }
+
+                               print <<END;
+                                                       <a href='ipinfo.cgi?ip=$node->{'address'}'>$node->{'address'}</a>:$node->{'port'}
+                                               </td>
+                                               <td width='30%' align='right'>
+                                                       ~$node->{'bandwidth_string'}
+                                               </td>
+                                       </tr>
+END
+                       }
+                       print "</table>";
+               }
+
+               &Header::closebox();
+       }
+
+       print "</form>\n";
+
+       &Header::closebigbox();
+       &Header::closepage();
+}
+
+sub BuildConfiguration() {
+       my %settings = ();
+       &General::readhash("${General::swroot}/tor/settings", \%settings);
+
+       my $torrc = "${General::swroot}/tor/torrc";
+
+       open(FILE, ">$torrc");
+
+       # Global settings.
+       print FILE "ControlPort $TOR_CONTROL_PORT\n";
+
+       if ($settings{'TOR_ENABLED'} eq 'on') {
+               my $strict_nodes = 0;
+
+               print FILE "SocksPort 0.0.0.0:$settings{'TOR_SOCKS_PORT'}\n";
+
+               my @subnets = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
+               foreach (@subnets) {
+                       print FILE "SocksPolicy accept $_\n" if (&General::validipandmask($_));
+               }
+               print FILE "SocksPolicy reject *\n" if (@subnets);
+
+               if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
+                       $strict_nodes = 1;
+
+                       print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n";
+               }
+
+               if ($settings{'TOR_USE_EXIT_NODES'} ne '') {
+                       $strict_nodes = 1;
+
+                       my @nodes = split(",", $settings{'TOR_USE_EXIT_NODES'});
+                       foreach (@nodes) {
+                               print FILE "ExitNode $_\n";
+                       }
+               }
+
+               if ($strict_nodes > 0) {
+                       print FILE "StrictNodes 1\n";
+               }
+       }
+
+       if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
+               # Reject access to private networks.
+               print FILE "ExitPolicyRejectPrivate 1\n";
+
+               print FILE "ORPort $settings{'TOR_RELAY_PORT'}\n";
+
+               if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
+                       print FILE "Address $settings{'TOR_RELAY_ADDRESS'}\n";
+               }
+
+               if ($settings{'TOR_RELAY_NICKNAME'} ne '') {
+                       print FILE "Nickname $settings{'TOR_RELAY_NICKNAME'}\n";
+               }
+
+               if ($settings{'TOR_RELAY_CONTACT_INFO'} ne '') {
+                       print FILE "ContactInfo $settings{'TOR_RELAY_CONTACT_INFO'}\n";
+               }
+
+               # Limit to bridge mode.
+               my $is_bridge = 0;
+
+               if ($settings{'TOR_RELAY_MODE'} eq 'bridge') {
+                       $is_bridge++;
+
+               # Private bridge.
+               } elsif ($settings{'TOR_RELAY_MODE'} eq 'private-bridge') {
+                       $is_bridge++;
+
+                       print FILE "PublishServerDescriptor 0\n";
+
+               # Exit node.
+               } elsif ($settings{'TOR_RELAY_MODE'} eq 'exit') {
+                       print FILE "ExitPolicy accept *:*\n";
+
+               # Relay only.
+               } elsif ($settings{'TOR_RELAY_MODE'} eq 'relay') {
+                       print FILE "ExitPolicy reject *:*\n";
+               }
+
+               if ($is_bridge > 0) {
+                       print FILE "BridgeRelay 1\n";
+                       print FILE "Exitpolicy reject *:*\n";
+               }
+
+               if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} > 0) {
+                       print FILE "RelayBandwidthRate ";
+                       print FILE $settings{'TOR_RELAY_BANDWIDTH_RATE'} / 8;
+                       print FILE " KB\n";
+
+                       if ($settings{'TOR_RELAY_BANDWIDTH_BURST'} > 0) {
+                               print FILE "RelayBandwidthBurst ";
+                               print FILE $settings{'TOR_RELAY_BANDWIDTH_BURST'} / 8;
+                               print FILE " KB\n";
+                       }
+               }
+
+               if ($settings{'TOR_RELAY_ACCOUNTING_LIMIT'} > 0) {
+                       print FILE "AccountingMax ".$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}." MB\n";
+
+                       if ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'daily') {
+                               print FILE "AccountingStart day 00:00\n";
+                       } elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'weekly') {
+                               print FILE "AccountingStart week 1 00:00\n";
+                       } elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'monthly') {
+                               print FILE "AccountingStart month 1 00:00\n";
+                       }
+               }
+       }
+
+       close(FILE);
+
+       # Restart the service.
+       if (($settings{'TOR_ENABLED'} eq 'on') || ($settings{'TOR_RELAY_ENABLED'} eq 'on')) {
+               system("/usr/local/bin/torctrl restart &>/dev/null");
+       } else {
+               system("/usr/local/bin/torctrl stop &>/dev/null");
+       }
+}
+
+sub TorConnect() {
+       my $socket = new IO::Socket::INET(
+               Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => $TOR_CONTROL_PORT,
+       ) or return;
+
+       $socket->autoflush(1);
+
+       # Authenticate.
+       &TorSendCommand($socket, "AUTHENTICATE");
+
+       return $socket;
+}
+
+sub TorSendCommand() {
+       my ($socket, $cmd) = @_;
+
+       # Replace line ending with \r\n.
+       chomp $cmd;
+       $cmd .= "\r\n";
+
+       $socket->send($cmd);
+
+       my @output = ();
+       while (my $line = <$socket>) {
+               # Skip empty lines.
+               if ($line =~ /^.\r\n$/) {
+                       next;
+               }
+
+               # Command has been successfully executed.
+               if ($line =~ /250 OK/) {
+                       last;
+
+               # Error.
+               } elsif ($line =~ /^5\d+/) {
+                       last;
+
+               } else {
+                       # Remove line endings.
+                       $line =~ s/\r\n$//;
+
+                       push(@output, $line);
+               }
+       }
+
+       return @output;
+}
+
+sub TorSendCommandOneLine() {
+       my ($tor, $cmd) = @_;
+
+       my @output = &TorSendCommand($tor, $cmd);
+       return $output[0];
+}
+
+sub TorGetInfo() {
+       my ($tor, $cmd) = @_;
+
+       my $output = &TorSendCommandOneLine($tor, "GETINFO ".$cmd);
+
+       my ($key, $value) = split("=", $output);
+       return $value;
+}
+
+sub TorClose() {
+       my $socket = shift;
+
+       if ($socket) {
+               $socket->shutdown(2);
+       }
+}
+
+sub TorTrafficStats() {
+       my $tor = shift;
+
+       my $output_read    = &TorGetInfo($tor, "traffic/read");
+       my $output_written = &TorGetInfo($tor, "traffic/written");
+
+       return ($output_read, $output_written);
+}
+
+sub TorRelayFingerprint() {
+       my $tor = shift;
+
+       return &TorGetInfo($tor, "fingerprint");
+}
+
+sub TorORConnStatus() {
+       my $tor = shift;
+       my @nodes = ();
+
+       my @output = &TorSendCommand($tor, "GETINFO orconn-status");
+       foreach (@output) {
+               $_ =~ s/^250[\+-]orconn-status=//;
+               next if ($_ eq "");
+               last if ($_ eq ".");
+               next unless ($_ =~ /^\$/);
+
+               my @line = split(" ", $_);
+               my @node = split(/[=~]/, $line[0]);
+
+               my $node = &TorNodeDescription($tor, $node[0]);
+               if ($node) {
+                       push(@nodes, $node);
+               }
+       }
+
+       # Sort by names.
+       @nodes = sort { $a->{'name'} cmp $b->{'name'} } @nodes;
+
+       return @nodes;
+}
+
+sub TorNodeDescription() {
+       my ($tor, $fingerprint) = @_;
+       $fingerprint =~ s/\$//;
+
+       my $node = {
+               fingerprint  => $fingerprint,
+               exit_node    => 0,
+       };
+
+       my @output = &TorSendCommand($tor, "GETINFO ns/id/$node->{'fingerprint'}");
+
+       foreach (@output) {
+               # Router
+               if ($_ =~ /^r (\w+) (.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\d+)/) {
+                       $node->{'name'}    = $1;
+                       $node->{'address'} = $3;
+                       $node->{'port'}    = $4;
+
+                       my $country_code = &TorGetInfo($tor, "ip-to-country/$node->{'address'}");
+                       $node->{'country_code'} = $country_code;
+
+               # Flags
+               } elsif ($_ =~ /^s (.*)$/) {
+                       $node->{'flags'} = split(" ", $1);
+
+                       foreach my $flag ($node->{'flags'}) {
+                               if ($flag eq "Exit") {
+                                       $node->{'exit_node'}++;
+                               }
+                       }
+
+               # Bandwidth
+               } elsif ($_ =~ /^w Bandwidth=(\d+)/) {
+                       $node->{'bandwidth'} = $1 * 8;
+                       $node->{'bandwidth_string'} = &FormatBitsPerSecond($node->{'bandwidth'});
+               }
+       }
+
+       if (exists($node->{'name'})) {
+               return $node;
+       }
+}
+
+sub TorAccountingStats() {
+       my $tor = shift;
+       my $ret = {};
+
+       my $enabled = &TorGetInfo($tor, "accounting/enabled");
+       if ($enabled ne '1') {
+               return;
+       }
+
+       my @cmds = ("hibernating", "interval-start", "interval-end");
+       foreach (@cmds) {
+               $ret->{$_} = &TorGetInfo($tor, "accounting/$_");
+       }
+
+       my @cmds = ("bytes", "bytes-left");
+       foreach (@cmds) {
+               my $output = &TorGetInfo($tor, "accounting/$_");
+               my @bytes = split(" ", $output);
+
+               $ret->{$_."_read"}    = $bytes[0];
+               $ret->{$_."_written"} = $bytes[1];
+       }
+
+       return $ret;
+}
+
+sub FormatBytes() {
+       my $bytes = shift;
+
+       my @units = ("B", "KB", "MB", "GB", "TB");
+       my $units_index = 0;
+
+       while (($units_index <= $#units) && ($bytes >= 1024)) {
+               $units_index++;
+               $bytes /= 1024;
+       }
+
+       return sprintf("%.2f %s", $bytes, $units[$units_index]);
+}
+
+sub FormatBitsPerSecond() {
+       my $bits = shift;
+
+       my @units = ("Bit/s", "KBit/s", "MBit/s", "GBit/s", "TBit/s");
+       my $units_index = 0;
+
+       while (($units_index <= $#units) && ($bits >= 1024)) {
+               $units_index++;
+               $bits /= 1024;
+       }
+
+       return sprintf("%.2f %s", $bits, $units[$units_index]);
+}
old mode 100755 (executable)
new mode 100644 (file)
index d1ad7b0..a0c426f 100644 (file)
 'tone' => 'Ton',
 'tone dial' => 'Tonwahl:',
 'too long 80 char max' => ' ist zu lang, es sind maximal 80 Zeichen erlaubt',
+'tor' => 'Tor',
+'tor accounting' => 'Accounting',
+'tor accounting bytes' => 'Traffic (empfangen/gesendet)',
+'tor accounting bytes left' => 'übrig',
+'tor accounting interval' => 'Intervall (UTC)',
+'tor accounting limit' => 'Übertragungslimit (MB)',
+'tor accounting period' => 'Accounting-Periode',
+'tor accounting period daily' => 'täglich',
+'tor accounting period monthly' => 'monatlich',
+'tor accounting period weekly' => 'wöchentlich',
+'tor acls' => 'Zugriffskontrolle',
+'tor allowed subnets' => 'Erlaubte Subnetze (eins pro Zeile)',
+'tor bandwidth burst' => 'Max. Spitzenwert (Burst)',
+'tor bandwidth rate' => 'Max. Bandbreite',
+'tor bandwidth settings' => 'Bandbreiteneinstellungen',
+'tor bandwidth unlimited' => 'unlimitiert',
+'tor common settings' => 'Einstellungen',
+'tor configuration' => 'Tor-Konfiguration',
+'tor connected relays' => 'Verbundene Relays',
+'tor contact info' => 'Kontaktinformationen',
+'tor enabled' => 'Tor einschalten',
+'tor errmsg invalid accounting limit' => 'Ungültiges Accounting-Limit',
+'tor errmsg invalid ip or mask' => 'Ungültiges IP-Subnetz',
+'tor errmsg invalid relay address' => 'Ungültige Relay-Adresse',
+'tor errmsg invalid relay name' => 'Ungültiger Relay-Nickname.',
+'tor errmsg invalid relay port' => 'Ungültiger Relay-Port',
+'tor errmsg invalid socks port' => 'Ungültiger SOCKS-Port',
+'tor exit country' => 'Exit-Land',
+'tor exit country any' => 'Beliebig',
+'tor exit nodes' => 'Exit-Nodes',
+'tor relay address' => 'Relay-Adresse',
+'tor relay configuration' => 'Tor-Relay-Konfiguration',
+'tor relay enabled' => 'Tor-Relay einschalten',
+'tor relay external address' => 'Externe Relay-Adresse',
+'tor relay fingerprint' => 'Relay-Fingerabdruck',
+'tor relay mode' => 'Relay-Modues',
+'tor relay mode bridge' => 'Bridge',
+'tor relay mode exit' => 'Exit-Node',
+'tor relay mode private bridge' => 'private Bridge',
+'tor relay mode relay' => 'Nur Relay',
+'tor relay nickname' => 'Relay-Nickname',
+'tor relay port' => 'Relay-Port',
+'tor socks port' => 'SOCKS-Port',
+'tor stats' => 'Statistiken',
+'tor traffic limit hard' => 'Das Übertragungslimit wurde erreicht.',
+'tor traffic limit soft' => 'Das Übertragungslimit wurde fast erreicht. Es werden keine neuen Verbindungen akzeptiert.',
+'tor traffic read written' => 'Gesamter Traffic (empfangen/gesendet)',
+'tor use exit nodes' => 'Nur diese Exit-Nodes benutzen (eins pro Zeile)',
 'total connection time' => 'Verbindungszeit',
 'total hits for log section' => 'Gesamte Treffer für Log Sektion',
 'traffic back' => 'Zurück',
index 30d0734..b12ae7d 100644 (file)
 'tone' => 'Tone',
 'tone dial' => 'Tone dial:',
 'too long 80 char max' => ' is too long, maximum allowed is 80 characters',
+'tor' => 'Tor',
+'tor accounting' => 'Accounting',
+'tor accounting bytes' => 'Traffic (read/written)',
+'tor accounting bytes left' => 'left',
+'tor accounting interval' => 'Interval (UTC)',
+'tor accounting limit' => 'Accounting limit (MB)',
+'tor accounting period' => 'Accounting period',
+'tor accounting period daily' => 'daily',
+'tor accounting period monthly' => 'monthly',
+'tor accounting period weekly' => 'weekly',
+'tor acls' => 'Access Control',
+'tor allowed subnets' => 'Allowed subnets (one per line)',
+'tor bandwidth burst' => 'Max. burst',
+'tor bandwidth rate' => 'Max. rate',
+'tor bandwidth settings' => 'Bandwidth Settings',
+'tor bandwidth unlimited' => 'unlimited',
+'tor bridge enabled' => 'Enable Tor bridge',
+'tor common settings' => 'Common Settings',
+'tor configuration' => 'Tor Configuration',
+'tor connected relays' => 'Connected relays',
+'tor contact info' => 'Contact Info',
+'tor enabled' => 'Enable Tor',
+'tor errmsg invalid accounting limit' => 'Invalid accounting limit',
+'tor errmsg invalid ip or mask' => 'Invalid IP subnet',
+'tor errmsg invalid node id' => 'Invalid node ID',
+'tor errmsg invalid relay address' => 'Invalid relay address',
+'tor errmsg invalid relay name' => 'Invalid relay nickname',
+'tor errmsg invalid relay port' => 'Invalid relay port',
+'tor errmsg invalid socks port' => 'Invalid SOCKS port',
+'tor exit country' => 'Exit country',
+'tor exit country any' => 'Any country',
+'tor exit nodes' => 'Exit Nodes',
+'tor relay address' => 'Relay address',
+'tor relay configuration' => 'Tor Relay Configuration',
+'tor relay enabled' => 'Enable Tor Relay',
+'tor relay external address' => 'Relay external address',
+'tor relay fingerprint' => 'Relay fingerprint',
+'tor relay mode' => 'Relay mode',
+'tor relay mode bridge' => 'Bridge',
+'tor relay mode exit' => 'Exit-Node',
+'tor relay mode private bridge' => 'Private bridge',
+'tor relay mode relay' => 'Relay only',
+'tor relay nickname' => 'Relay nickname',
+'tor relay port' => 'Relay port',
+'tor socks port' => 'SOCKS port',
+'tor stats' => 'Statistics',
+'tor traffic limit hard' => 'Traffic limit has been reached.',
+'tor traffic limit soft' => 'Traffic limit almost reached. Not accepting any new connections.',
+'tor traffic read written' => 'Total traffic (read/written)',
+'tor use exit nodes' => 'Use only these exit nodes (one per line)',
 'total connection time' => 'Total connection time',
 'total hits for log section' => 'Total hits for log section',
 'traffic back' => 'Back',
diff --git a/lfs/arm b/lfs/arm
new file mode 100644 (file)
index 0000000..2fbf65e
--- /dev/null
+++ b/lfs/arm
@@ -0,0 +1,83 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.4.5.0
+
+THISAPP    = arm-$(VER)
+DL_FILE    = $(THISAPP).tar.bz2
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/arm
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = arm
+PAK_VER    = 1
+
+DEPS       = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = f85f306e50b90796ab7097d948e8fcf2
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+       @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/arm-dont-require-distutils.patch
+       cd $(DIR_APP) && ./install
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
diff --git a/lfs/daq b/lfs/daq
index cac012b..e6fd8fb 100644 (file)
--- a/lfs/daq
+++ b/lfs/daq
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.0.0
+VER        = 2.0.1
 
 THISAPP    = daq-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = a00855a153647df76d47f1ea454f74ae
+$(DL_FILE)_MD5 = 044aa3663d44580d005293eeb8ccf175
 
 install : $(TARGET)
 
diff --git a/lfs/gperf b/lfs/gperf
new file mode 100644 (file)
index 0000000..ac33857
--- /dev/null
+++ b/lfs/gperf
@@ -0,0 +1,76 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2013 IPFire Development Team                                  #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 3.0.4
+
+THISAPP    = gperf-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = c1f1db32fb6598d6a93e6e88796a8632
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
+       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make install
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
index cf7b4b9..b598008 100644 (file)
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.6.16
+VER        = 3.6.17
 
 THISAPP    = samba-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 50
+PAK_VER    = 51
 
 DEPS       = "cups"
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 12c6785802813c2c5bf66e5c4c4e1d93
+$(DL_FILE)_MD5 = c67c3330545c8f1f7ee26e017c28439b
 
 install : $(TARGET)
 
index daec621..2d5d04a 100644 (file)
--- a/lfs/snort
+++ b/lfs/snort
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.9.5
+VER        = 2.9.5.3
 
 THISAPP    = snort-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = f5fc0e176afca5989d47509478758fc7
+$(DL_FILE)_MD5 = f99465c0734a6173bfca899dcb72266b
 
 install : $(TARGET)
 
@@ -75,6 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --enable-linux-smp-stats --enable-smb-alerts \
                --enable-gre --enable-mpls --enable-targetbased \
                --enable-decoder-preprocessor-rules --enable-ppm \
+               --enable-non-ether-decoders \
                --enable-perfprofiling --enable-zlib --enable-active-response \
                --enable-normalizer --enable-reload --enable-react --enable-flexresp3
        cd $(DIR_APP) && make
index fde8606..81118c2 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -71,6 +71,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xjf $(DIR_DL)/$(DL_FILE)
 
+       cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.1-10486.patch
+       cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.1-10487.patch
+
        cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls \
           --datadir=/usr/lib/squid \
           --mandir=/usr/share/man --libexecdir=/usr/lib/squid \
index a6075a2..4701f34 100644 (file)
 
 include Config
 
-VER        = 5.0.4
+VER        = 5.1.0
 
 THISAPP    = strongswan-$(VER)
-DL_FILE    = $(THISAPP).tar.gz
+DL_FILE    = $(THISAPP).tar.bz2
 DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/$(THISAPP)
+DIR_APP    = $(DIR_SRC)/strongswan-$(VER)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 ifeq "$(MACHINE)" "i586"
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 7085ac1d28dcc250096553fa51c3a4ea
+$(DL_FILE)_MD5 = c1cd0a3ba9960f590cae28c8470800e8
 
 install : $(TARGET)
 
@@ -79,6 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.5.3_ipfire.patch
 
+       cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
        cd $(DIR_APP) && ./configure \
                --prefix="/usr" \
                --sysconfdir="/etc" \
@@ -93,7 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --enable-eap-identity \
                $(PADLOCK)
 
-       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt"
        cd $(DIR_APP) && make install
 
        # Remove all library files we don't want or need.
diff --git a/lfs/tor b/lfs/tor
new file mode 100644 (file)
index 0000000..8bce4be
--- /dev/null
+++ b/lfs/tor
@@ -0,0 +1,113 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2013   IPFire Team   <info@ipfire.org>                   #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 0.2.3.25
+
+THISAPP    = tor-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = tor
+PAK_VER    = 1
+
+DEPS       = "libevent2"
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = a1c364189a9a66ed9daa8e6436489daf
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+       @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && \
+               ./configure \
+                       --prefix=/usr \
+                       --sysconfdir=/etc \
+                       --localstatedir=/var \
+                       --with-tor-user=nobody \
+                       --with-tor-group=nobody
+
+       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make install
+
+       # Install configuration files.
+       mkdir -pv /var/ipfire/tor /var/lib/tor /var/log/tor
+       touch /var/ipfire/tor/settings
+       mv /etc/tor/torrc.sample /var/ipfire/tor/torrc
+       ln -svf /var/ipfire/tor/torrc /etc/tor/torrc
+
+       # Adjust ownerships.
+       chown -R nobody:nobody /var/lib/tor /var/ipfire/tor
+
+       # Logrotate
+       mkdir -pv /etc/logrotate.d
+       install -v -m 644 $(DIR_SRC)/config/tor/tor.logrotate \
+               /etc/logrotate.d/tor
+
+       # Defaults
+       mkdir -pv /usr/share/tor
+       install -v -m 644 $(DIR_SRC)/config/tor/defaults-torrc \
+               /usr/share/tor/defaults-torrc
+
+       install -v -m 644 $(DIR_SRC)/config/backup/includes/tor \
+                        /var/ipfire/backup/addons/includes/tor
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 8ca36bf..7b63bd4 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -25,8 +25,8 @@
 NAME="IPFire"                                                  # Software name
 SNAME="ipfire"                                                 # Short name
 VERSION="2.13"                                                 # Version number
-CORE="72"                                                      # Core Level (Filename)
-PAKFIRE_CORE="71"                                              # Core Level (PAKFIRE)
+CORE="73"                                                      # Core Level (Filename)
+PAKFIRE_CORE="72"                                              # Core Level (PAKFIRE)
 GIT_BRANCH=`git status | head -n1 | cut -d" " -f4`             # Git Branch
 SLOGAN="www.ipfire.org"                                                # Software slogan
 CONFIG_ROOT=/var/ipfire                                                # Configuration rootdir
@@ -333,6 +333,7 @@ buildbase() {
     lfsmake2 gettext
     lfsmake2 grep
     lfsmake2 groff
+    lfsmake2 gperf
     lfsmake2 gzip
     lfsmake2 inetutils
     lfsmake2 iproute2
@@ -779,6 +780,8 @@ buildipfire() {
   ipfiremake perl-File-Tail
   ipfiremake perl-TimeDate
   ipfiremake swatch
+  ipfiremake tor
+  ipfiremake arm
   echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
   cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
   echo >> $BASEDIR/build/var/ipfire/firebuild
index 844618a..0237297 100644 (file)
@@ -188,6 +188,10 @@ case "$1" in
        /sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
        /sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
 
+       # TOR
+       /sbin/iptables -N TOR_INPUT
+       /sbin/iptables -A INPUT -j TOR_INPUT
+
        # Outgoing Firewall
        /sbin/iptables -A FORWARD -j OUTGOINGFWMAC
 
diff --git a/src/initscripts/init.d/tor b/src/initscripts/init.d/tor
new file mode 100644 (file)
index 0000000..e27241f
--- /dev/null
@@ -0,0 +1,82 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/tor
+#
+# Description : Anonymizing overlay network for TCP
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+function setup_firewall() {
+       eval $(/usr/local/bin/readhash /var/ipfire/tor/settings)
+
+       # Flush all rules.
+       flush_firewall
+
+       if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
+               iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_PORT}" -j ACCEPT
+       fi
+}
+
+function flush_firewall() {
+       # Flush all rules.
+       iptables -F TOR_INPUT
+}
+
+case "${1}" in
+       start)
+               # Setup firewall.
+               setup_firewall
+
+               boot_mesg "Starting tor..."
+               loadproc /usr/bin/tor \
+                       --runasdaemon 1 \
+                       --defaults-torrc /usr/share/tor/defaults-torrc \
+                       -f /etc/tor/torrc \
+                       --quiet
+               ;;
+
+       stop)
+               # Flush firewall.
+               flush_firewall
+
+               boot_mesg "Stopping tor..."
+               killproc /usr/bin/tor
+               ;;
+
+       reload)
+               # Setup firewall.
+               setup_firewall
+
+               boot_mesg "Reloading tor..."
+               reloadproc /usr/bin/tor
+               ;;
+
+       restart)
+               ${0} stop
+               sleep 1
+               ${0} start
+               ;;
+
+       reload-or-restart)
+               # Reload the process if it is already running. Otherwise, restart.
+               if pidofproc -s /usr/bin/tor; then
+                       $0 reload
+               else
+                       $0 restart
+               fi
+               ;;
+
+       status)
+               statusproc /usr/bin/tor
+               ;;
+
+       *)
+               echo "Usage: ${0} {start|stop|reload|restart|reload-or-restart|status}"
+               exit 1
+               ;;
+esac
+
+# End $rc_base/init.d/tor
index 2ec7878..4d09fbf 100644 (file)
@@ -33,7 +33,7 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
        redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
        smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
        setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
-       getconntracktable wirelessclient dnsmasqctrl
+       getconntracktable wirelessclient dnsmasqctrl torctrl
 SUID_UPDX = updxsetperms
 
 install : all
@@ -164,3 +164,6 @@ wirelessclient: wirelessclient.c setuid.o ../install+setup/libsmooth/varval.o
 
 dnsmasqctrl: dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o
        $(COMPILE) -I../install+setup/libsmooth/ dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
+
+torctrl: torctrl.c setuid.o ../install+setup/libsmooth/varval.o
+       $(COMPILE) -I../install+setup/libsmooth/ torctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
diff --git a/src/misc-progs/torctrl.c b/src/misc-progs/torctrl.c
new file mode 100644 (file)
index 0000000..39d4956
--- /dev/null
@@ -0,0 +1,36 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[]) {
+       if (!(initsetuid()))
+               exit(1);
+
+       if (argc < 2) {
+               fprintf(stderr, "\nNo argument given.\n\ntorctrl (restart|stop)\n\n");
+               exit(1);
+       }
+
+       if (strcmp(argv[1], "restart") == 0) {
+               safe_system("/etc/rc.d/init.d/tor reload-or-restart");
+
+       } else if (strcmp(argv[1], "stop") == 0) {
+               safe_system("/etc/rc.d/init.d/tor stop");
+
+       } else {
+               fprintf(stderr, "\nBad argument given.\n\ntorctrl (restart|stop)\n\n");
+               exit(1);
+       }
+
+       return 0;
+}
diff --git a/src/patches/arm-dont-require-distutils.patch b/src/patches/arm-dont-require-distutils.patch
new file mode 100644 (file)
index 0000000..1fe2b8a
--- /dev/null
@@ -0,0 +1,20 @@
+diff -Nur arm.vanilla/src/util/hostnames.py arm/src/util/hostnames.py
+--- arm.vanilla/src/util/hostnames.py  2012-04-29 05:59:24.000000000 +0200
++++ arm/src/util/hostnames.py  2013-07-31 17:59:19.245591564 +0200
+@@ -30,7 +30,6 @@
+ import threading
+ import itertools
+ import Queue
+-import distutils.sysconfig
+ from util import log, sysTools
+@@ -264,7 +263,7 @@
+     # 'socket.gethostbyaddr'. The following checks if the system has the
+     # gethostbyname_r function, which determines if python resolutions can be
+     # done in parallel or not. If so, this is preferable.
+-    isSocketResolutionParallel = distutils.sysconfig.get_config_var("HAVE_GETHOSTBYNAME_R")
++    isSocketResolutionParallel = True #distutils.sysconfig.get_config_var("HAVE_GETHOSTBYNAME_R")
+     self.useSocketResolution = CONFIG["queries.hostnames.useSocketModule"] and isSocketResolutionParallel
+     
+     for _ in range(CONFIG["queries.hostnames.poolSize"]):
diff --git a/src/patches/squid-3.1-10486.patch b/src/patches/squid-3.1-10486.patch
new file mode 100644 (file)
index 0000000..6a0388e
--- /dev/null
@@ -0,0 +1,54 @@
+------------------------------------------------------------
+revno: 10486
+revision-id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
+parent: squid3@treenet.co.nz-20130109021503-hqg7ufldrudpzr9l
+fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3790
+author: Reinhard Sojka <reinhard.sojka@parlament.gv.at>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: SQUID_3_1
+timestamp: Fri 2013-02-22 04:13:25 -0700
+message:
+  Bug 3790: cachemgr.cgi crash with authentication
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_1
+# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b
+# timestamp: 2013-02-22 11:17:18 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_1
+# base_revision_id: squid3@treenet.co.nz-20130109021503-\
+#   hqg7ufldrudpzr9l
+# 
+# Begin patch
+=== modified file 'tools/cachemgr.cc'
+--- tools/cachemgr.cc  2013-01-08 23:11:51 +0000
++++ tools/cachemgr.cc  2013-02-22 11:13:25 +0000
+@@ -1162,7 +1162,6 @@
+ {
+     static char buf[1024];
+     size_t stringLength = 0;
+-    const char *str64;
+     if (!req->passwd)
+         return "";
+@@ -1171,15 +1170,12 @@
+              req->user_name ? req->user_name : "",
+              req->passwd);
+-    str64 = base64_encode(buf);
+-
+-    stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64);
++    stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf));
+     assert(stringLength < sizeof(buf));
+-    snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64);
++    snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf));
+-    xxfree(str64);
+     return buf;
+ }
+
diff --git a/src/patches/squid-3.1-10487.patch b/src/patches/squid-3.1-10487.patch
new file mode 100644 (file)
index 0000000..2ca4848
--- /dev/null
@@ -0,0 +1,73 @@
+------------------------------------------------------------
+revno: 10487
+revision-id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
+parent: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
+author: Nathan Hoad <nathan@getoffmalawn.com>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: SQUID_3_1
+timestamp: Wed 2013-07-10 06:47:48 -0600
+message:
+  Protect against buffer overrun in DNS query generation
+  
+  see SQUID-2013:2.
+  
+  This bug has been present as long as the internal DNS component however
+  most code reaching this point is passing through URL validation first.
+  With Squid-3.2 Host header verification using DNS directly we may have
+  problems.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_1
+# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0
+# timestamp: 2013-07-10 12:48:57 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_1
+# base_revision_id: squid3@treenet.co.nz-20130222111325-\
+#   zizr296kq3te4g7h
+# 
+# Begin patch
+=== modified file 'src/dns_internal.cc'
+--- src/dns_internal.cc        2011-10-11 02:12:56 +0000
++++ src/dns_internal.cc        2013-07-10 12:47:48 +0000
+@@ -1532,22 +1532,26 @@
+ void
+ idnsALookup(const char *name, IDNSCB * callback, void *data)
+ {
+-    unsigned int i;
++    size_t nameLength = strlen(name);
++
++    // Prevent buffer overflow on q->name
++    if (nameLength > NS_MAXDNAME) {
++        debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details.");
++        callback(data, NULL, 0, "Internal error");
++        return;
++    }
++
++    if (idnsCachedLookup(name, callback, data))
++        return;
++
++    idns_query *q = cbdataAlloc(idns_query);
++    q->id = idnsQueryID();
+     int nd = 0;
+-    idns_query *q;
+-
+-    if (idnsCachedLookup(name, callback, data))
+-        return;
+-
+-    q = cbdataAlloc(idns_query);
+-
+-    q->id = idnsQueryID();
+-
+-    for (i = 0; i < strlen(name); i++)
++    for (unsigned int i = 0; i < nameLength; ++i)
+         if (name[i] == '.')
+             nd++;
+-    if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
++    if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
+         q->do_searchpath = 1;
+     } else {
+         q->do_searchpath = 0;
+
index 6c4c369..f943ac8 100644 (file)
@@ -150,6 +150,27 @@ if ($ip ne $ipcache) {
                                }
                        }
 
+                       elsif ($settings{'SERVICE'} eq 'all-inkl') {
+                           my %proxysettings;
+                           &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
+                           if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
+                               my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
+                               Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
+                           }
+
+                           my ($out, $response) = Net::SSLeay::get_https("dyndns.kasserver.com", 443, "/", Net::SSLeay::make_headers(
+                                       'User-Agent' => 'IPFire', 'Authorization' => 'Basic ' . encode_base64("$settings{'LOGIN'}:$settings{'PASSWORD'}")
+                           ));
+
+                           # Valid response are 'ok'   'nochange'
+                           if ($response =~ m%HTTP/1\.. 200 OK%) {
+                               &General::log("Dynamic DNS ip-update for $settings{'HOSTNAME'}.$settings{'DOMAIN'} : success");
+                               $success++;
+                           } else {
+                               &General::log("Dynamic DNS ip-update for $settings{'HOSTNAME'}.$settings{'DOMAIN'} : failure (could not connect to server, check your credentials)");
+                           }
+                       }
+
                        elsif ($settings{'SERVICE'} eq 'cjb') {
                            # use proxy ?
                            my %proxysettings;