Development November 2015

development@lists.ipfire.org

13 participants
29 discussions

[PATCH] BUG10984: Fix portforwardconverter for upgrades before core 77
by Alexander Marx 16 Nov '15

16 Nov '15

When upgrading from a post core-77 installation, the portforwarding rules seem to get broken. With this patch the sourceports and the subnetmasks from the rules are converted correctly. Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org> --- config/firewall/convert-portfw | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/config/firewall/convert-portfw b/config/firewall/convert-portfw index 8660e7c..8383b5a 100755 --- a/config/firewall/convert-portfw +++ b/config/firewall/convert-portfw @@ -60,24 +60,24 @@ close(ALIAS); &write_rules; sub get_config { + my $baseipfireport; + my $basesource; print LOG "STEP 1: Get config from old portforward\n#########################################\n"; foreach my $line (@current){ - if($jump eq '1'){ - $jump=''; - $count++; - next; - } my $u=$count+1; ($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark) = split(",",$line); ($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1) = split(",",$current[$u]); - if ($flag1 eq '1'){ - $source=$source1; - $jump='1'; + if ($key == $key1 && $flag == '0'){ + $baseipfireport = $ipfireport; + } + if ($key == $key1 && $flag1 == '1'){ + $count++; + next; } my $now=localtime; chomp($remark); - print LOG "$now processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT: $ipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $alias SOURCE: $source REM: $remark Doublerule: $jump\n"; - push (@values,$prot.",".$ipfireport.",".$target.",".$targetport.",".$active.",".$alias.",".$source.",".$remark); + print LOG "$now processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT: $baseipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $alias SOURCE: $source REM: $remark Doublerule: $jump\n"; + push (@values,$prot.",".$baseipfireport.",".$target.",".$targetport.",".$active.",".$alias.",".$source.",".$remark); $count++; } } @@ -101,10 +101,15 @@ sub build_rules }else{ $src = 'src_addr'; my ($a,$b) = split("/",$source); - $src1 = $a."/32"; + if ($b != ''){ + $b = &General::iporsubtocidr($b); + }else{ + $b = "32"; + } + $src1 = $a."/".$b; } #get ipfire ip - if($alias eq '0.0.0.0'){ + if($alias eq '0.0.0.0' || $alias eq '0'){ $alias='Default IP'; }else{ foreach my $ali (@alias){ -- 1.9.1

1 0

[PATCH] BUG10963: implement a better email verification
by Alexander Marx 16 Nov '15

16 Nov '15

We now check all allowed chars in the address before the @ sign. To check the fqdn of an email the function validfqdn has been adapted as well. Here a valid domain part is for example: user@ipfire or user(a)localhost.localdomain Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org> --- config/cfgroot/general-functions.pl | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 2b5cd19..1bbcf85 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -653,9 +653,6 @@ sub validfqdn # Checks a fully qualified domain name against RFC1035 my $fqdn = $_[0]; my @parts = split (/\./, $fqdn); # Split hostname at the '.' - if (scalar(@parts) < 2) { # At least two parts should - return 0;} # exist in a FQDN - # (i.e. hostname.domain) foreach $part (@parts) { # Each part should be at least one character in length # but no more than 63 characters @@ -747,14 +744,25 @@ sub ipcidr2msk { } sub validemail { - my $mail = shift; - return 0 if ( $mail !~ /^[0-9a-zA-Z\.\-\_]+\(a)[0-9a-zA-Z\.\-]+$/ ); - return 0 if ( $mail =~ /^[^0-9a-zA-Z]|[^0-9a-zA-Z]$/); - return 0 if ( $mail !~ /([0-9a-zA-Z]{1})\@./ ); - return 0 if ( $mail !~ /.\@([0-9a-zA-Z]{1})/ ); - return 0 if ( $mail =~ /.\.\-.|.\-\..|.\.\..|.\-\-./g ); - return 0 if ( $mail =~ /.\.\_.|.\-\_.|.\_\..|.\_\-.|.\_\_./g ); - return 0 if ( $mail !~ /\.([a-zA-Z]{2,4})$/ ); + my $address = shift; + my @parts = split( /\@/, $address ); + my $anz=@parts; + + #check if we have one part before and after '@' + return 0 if ( $anz != 2 ); + + #check if one of the parts starts or ends with a dot + return 0 if ( substr($parts[0],0,1) eq '.' ); + return 0 if ( substr($parts[0],-1,1) eq '.' ); + return 0 if ( substr($parts[1],0,1) eq '.' ); + return 0 if ( substr($parts[1],-1,1) eq '.' ); + + #check first addresspart (before '@' sign) + return 0 if ( $parts[0] !~ m/^[a-zA-Z0-9\.!\-\+#]+$/ ); + + #check second addresspart (after '@' sign) + return 0 if ( !&validfqdn( $parts[1] ) ); + return 1; } -- 1.9.1

1 0

[PATCH] BUG10963: implement a better email verification
by Alexander Marx 16 Nov '15

16 Nov '15

1 0

mail configuration too tight validating sender e-mail address
by R. W. Rodolico 16 Nov '15

16 Nov '15

this is NOT critical and is only personal preference. I tend to have my firewalls set on something like "router.example.local". However, when I put in the sender e-mail address as "root(a)router.example.local" it is rejected as an invalid e-mail address. Maybe this is by designed; some spam filters will reject mail with a From: that uses .local as a TLD. If so, ignore this. -- Rod Rodolico Daily Data, Inc. POB 140465 Dallas TX 75214-0465 214.827.2170 http://www.dailydata.net

2 1

Core Update 95 release schedule
by Michael Tremer 15 Nov '15

15 Nov '15

Hello, this is just a short information about the upcoming Core Update. Core Update 95 has been branched and will only accept bug fixes. It will appear on the testing tree shortly and I *strongly* recommend to install the update as soon as possible and to give it a good test. Arne will be away for the next week and some time after that so that it would be very convenient if as many bugs can be found as possible before the end of this week. We would like to release this update in a bit over two weeks. See the Git repository for changes. A summarized changelog will follow on the IPFire Planet as usual. Best, -Michael

5 11

Update to a new core version via ssd drive
by Ritchie 14 Nov '15

14 Nov '15

Hi to all, I have a IPFire installation with a SSD card and would like to ask if it is still needed to move the logfile of the drive after running the update. I have core 93 and would like to move to 94. I am using this script: #!/bin/sh echo create a log folder of the ssd drive mkdir /mnt/harddisk/log echo "copy the existing log file to ssd card" cp -vp /var/log /mnt/harddisk/log echo "rename var folder to old" mv /var/log /var/log-old echo "create a symbolic link" ln -s /mnt/harddisk/log /var/log echo "check the state of the log file" ls -la /var/log/ Thanks for any information. Best regards R.

1 0

[PATCH] BUG10963: implement a better email verification
by Alexander Marx 12 Nov '15

12 Nov '15

With this patch the new domains with german umlauts are checked. In addition we check all allowed chars in the address before the @ sign. To check the fqdn of an email the function validfqdn has been adapted as well. Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org> --- config/cfgroot/general-functions.pl | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 2b5cd19..55ea5b6 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -662,13 +662,13 @@ sub validfqdn if (length ($part) < 1 || length ($part) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($part !~ /^[a-zA-Z0-9-]*$/) { + if ($part !~ /^[a-zA-ZöäüÖÄÜ0-9-]*$/) { return 0;} # First character can only be a letter or a digit - if (substr ($part, 0, 1) !~ /^[a-zA-Z0-9]*$/) { + if (substr ($part, 0, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9]*$/) { return 0;} # Last character can only be a letter or a digit - if (substr ($part, -1, 1) !~ /^[a-zA-Z0-9]*$/) { + if (substr ($part, -1, 1) !~ /^[a-zA-ZöäüÖÄÜ0-9]*$/) { return 0;} } return 1; @@ -747,14 +747,25 @@ sub ipcidr2msk { } sub validemail { - my $mail = shift; - return 0 if ( $mail !~ /^[0-9a-zA-Z\.\-\_]+\(a)[0-9a-zA-Z\.\-]+$/ ); - return 0 if ( $mail =~ /^[^0-9a-zA-Z]|[^0-9a-zA-Z]$/); - return 0 if ( $mail !~ /([0-9a-zA-Z]{1})\@./ ); - return 0 if ( $mail !~ /.\@([0-9a-zA-Z]{1})/ ); - return 0 if ( $mail =~ /.\.\-.|.\-\..|.\.\..|.\-\-./g ); - return 0 if ( $mail =~ /.\.\_.|.\-\_.|.\_\..|.\_\-.|.\_\_./g ); - return 0 if ( $mail !~ /\.([a-zA-Z]{2,4})$/ ); + my $address = shift; + my @positionen = split( /\@/, $address ); + my $anz=@positionen; + + #check if we have one part before and after '@' + return 0 if ( $anz != 2 ); + + #check if one of the parts starts or ends with a dot + return 0 if ( substr($positionen[0],0,1) eq '.' ); + return 0 if ( substr($positionen[0],-1,1) eq '.' ); + return 0 if ( substr($positionen[1],0,1) eq '.' ); + return 0 if ( substr($positionen[1],-1,1) eq '.' ); + + #check first addresspart (before '@' sign) + return 0 if ( $positionen[0] !~ m/^[a-zA-Z0-9\.!\-\+#]+$/ ); + + #check second addresspart (after '@' sign) + return 0 if ( !&validfqdn( $positionen[1] ) ); + return 1; } -- 1.9.1

2 1

[PATCH] BUG10955: Add dma-cleanup-spool script to dma
by Alexander Marx 12 Nov '15

12 Nov '15

This file cleans up the spool directory from DMA Mailservice after defined period of time Otherwise the spool dir may be flooded Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org> --- dma/dma-cleanup-spool | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ dma/dma.nm | 4 ++++ 2 files changed, 52 insertions(+) create mode 100644 dma/dma-cleanup-spool diff --git a/dma/dma-cleanup-spool b/dma/dma-cleanup-spool new file mode 100644 index 0000000..92af30c --- /dev/null +++ b/dma/dma-cleanup-spool @@ -0,0 +1,48 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2015 Michael Tremer <michael.tremer(a)ipfire.org> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <http://www.gnu.org/licenses/>. # +# # +############################################################################### + +SPOOL_DIR="/var/spool/dma" + +find_messages() { + find "${SPOOL_DIR}" -type f -name "M*" -mtime +30 +} + +remove_message() { + local f_message="${1}" + local f_queue="${f_message/${SPOOL_DIR}\/M/${SPOOL_DIR}\/Q}" + + # If a message file and a queue file exist, delete both + [ -f "${f_message}" ] || return 1 + [ -f "${f_queue}" ] || return 1 + + rm -f "${f_message}" "${f_queue}" + return 0 +} + +main() { + for message in $(find_messages); do + remove_message "${message}" + done + + return 0 +} + +main || exit $? diff --git a/dma/dma.nm b/dma/dma.nm index 79fe021..259421a 100644 --- a/dma/dma.nm +++ b/dma/dma.nm @@ -35,6 +35,10 @@ build make_install_targets += PREFIX=%{prefix} \ sendmail-link mailq-link install-spool-dirs install-etc + + install_cmds + install -m 755 %{DIR_SOURCE}/dma-cleanup-spool %{BUILDROOT}%{sbindir} + end end packages -- 1.8.1

2 1

Restart of the SSH daemon with Core 94
by Larsen 11 Nov '15

11 Nov '15

Hi, when I updated my installation to Core 94 some days ago, the ssh connection was interrupted surprisingly. I didn't see a note on this in the release notes http://www.ipfire.org/news/ipfire-2-17-core-update-94-released . In case there will be another update anytime in the future, it would be good to inform the user in the release notes about it. Would it also be possible to ask the user right before cutting the connection if this should really be done? So he could eventually cancel the restart of the SSH daemon. Lars

1 0

[PATCH] BUG10964: When entering wrong data in dma setup, the fields are blanked
by Alexander Marx 10 Nov '15

10 Nov '15

When entring wrong values in the fields and saving the site, there comes an errormessage and all fields except mailserver and port are blanked. Now the fileds are preserved and all data is displayed even after an errormessage Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org> --- html/cgi-bin/mail.cgi | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi index 072888c..9cf14ca 100755 --- a/html/cgi-bin/mail.cgi +++ b/html/cgi-bin/mail.cgi @@ -153,12 +153,15 @@ sub configsite{ #If update set fieldvalues new if($cgiparams{'update'} eq 'on'){ - $dma{'USEMAIL'}= 'on'; + $mail{'USEMAIL'} = 'on'; + $mail{'SENDER'} = $cgiparams{'txt_mailsender'}; + $mail{'RECIPIENT'} = $cgiparams{'txt_recipient'}; $dma{'SMARTHOST'} = $cgiparams{'txt_mailserver'}; $dma{'PORT'} = $cgiparams{'txt_mailport'}; - $auth{'AUTHUSER'} = $cgiparams{'txt_mailuser'}; + $auth{'AUTHNAME'} = $cgiparams{'txt_mailuser'}; $auth{'AUTHHOST'} = $cgiparams{'txt_mailserver'}; $auth{'AUTHPASS'} = $cgiparams{'txt_mailpass'}; + $dma{'STARTTLS'} = $cgiparams{'mail_tls'}; } #find preselections $checked{'usemail'}{$mail{'USEMAIL'}} = 'CHECKED'; @@ -235,7 +238,7 @@ END <td><input type='checkbox' name='mail_tls' $checked{'mail_tls'}{'on'}></td> </tr> END - if (! -z $dmafile && $mail{'USEMAIL'} eq 'on'){ + if (! -z $dmafile && $mail{'USEMAIL'} eq 'on' && !$errormessage){ print "<tr>"; print "<td></td>"; print "<td><input type='submit' name='ACTION' value='$Lang::tr{'email testmail'}'></td>"; -- 1.9.1

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development November 2015