This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 131cfcf223f97a00375489f9a001a6a1dc23e972 (commit)
via c64dc3bef5562448f8ed1e7d40a5174028370f32 (commit)
via b71a7fb97dfa9bc041d6782a2b2cd0dd5e9cd66e (commit)
via 8c946d1c0afc79808c9f1c8ec14c1ae917c64cdd (commit)
from dd2c09fd6bf60c5659e41109d7fbad3f99e228c3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 131cfcf223f97a00375489f9a001a6a1dc23e972
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 13 15:34:59 2021 +0000
strip: Silence any warnings for files without capabilities
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c64dc3bef5562448f8ed1e7d40a5174028370f32
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 13 15:30:53 2021 +0000
vpnmain.cgi: Join certificate output before &Header::cleanhtml();
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b71a7fb97dfa9bc041d6782a2b2cd0dd5e9cd66e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 13 15:30:52 2021 +0000
Partially revert "vpnmain.cgi: Use new system methods"
This reverts commit a81cbf61273536ee36f3d26504aabdcd65d39cca.
It was no longer possible to generate the root/host certificates.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8c946d1c0afc79808c9f1c8ec14c1ae917c64cdd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 13 15:30:51 2021 +0000
ovpnmain.cgi: Join certificate output before &Header::cleanhtml();
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
html/cgi-bin/ovpnmain.cgi | 24 +++++++++---------
html/cgi-bin/vpnmain.cgi | 64 ++++++++++++++++-------------------------------
src/stripper | 2 +-
3 files changed, 35 insertions(+), 55 deletions(-)
Difference in files:
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 7a2833ce6..3cd2f9381 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1532,8 +1532,8 @@ END
&Header::openbigbox('100%', 'LEFT', '', $errormessage);
&Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output),"y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
@@ -1652,8 +1652,8 @@ END
&Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
}
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output), "y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
@@ -2616,8 +2616,8 @@ else
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output), "y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
@@ -2638,8 +2638,8 @@ else
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
my @output = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output) ,"y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
@@ -2664,8 +2664,8 @@ else
my @output = <FILE>;
close(FILE);
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output),"y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
@@ -2687,8 +2687,8 @@ else
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
my @output = &General::system_output("/usr/bin/openssl", "crl", "-text", "-noout", "-in", "${General::swroot}/ovpn/crls/cacrl.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output), "y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 8f13cf51f..d54b56577 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -226,13 +226,9 @@ sub newcleanssldatabase {
###
sub callssl ($) {
my $opt = shift;
-
- # Split the given argument string into single pieces and assign them to an array.
- my @opts = split(/ /, $opt);
-
- my @retssl = &General::system_output("/usr/bin/openssl", @opts); #redirect stderr
+ my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr
my $ret = '';
- foreach my $line (split (/\n/, @retssl)) {
+ foreach my $line (split (/\n/, $retssl)) {
&General::log("ipsec", "$line") if (0); # 1 for verbose logging
$ret .= '<br>'.$line if ( $line =~ /error|unknown/ );
}
@@ -246,21 +242,13 @@ sub callssl ($) {
###
sub getCNfromcert ($) {
#&General::log("ipsec", "Extracting name from $_[0]...");
- my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
- my $temp;
-
- foreach my $line (@temp) {
- if ($line =~ /Subject:.*CN = (.*)[\n]/) {
- $temp = $1;
- $temp =~ s+/Email+, E+;
- $temp =~ s/ ST = / S = /;
- $temp =~ s/,//g;
- $temp =~ s/\'//g;
-
- last;
- }
- }
-
+ my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+ $temp =~ /Subject:.*CN = (.*)[\n]/;
+ $temp = $1;
+ $temp =~ s+/Email+, E+;
+ $temp =~ s/ ST = / S = /;
+ $temp =~ s/,//g;
+ $temp =~ s/\'//g;
return $temp;
}
###
@@ -268,19 +256,11 @@ sub getCNfromcert ($) {
###
sub getsubjectfromcert ($) {
#&General::log("ipsec", "Extracting subject from $_[0]...");
- my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]");
- my $temp;
-
- foreach my $line (@temp) {
- if($line =~ /Subject: (.*)[\n]/) {
- $temp = $1;
- $temp =~ s+/Email+, E+;
- $temp =~ s/ ST = / S = /;
-
- last;
- }
- }
-
+ my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+ $temp =~ /Subject: (.*)[\n]/;
+ $temp = $1;
+ $temp =~ s+/Email+, E+;
+ $temp =~ s/ ST = / S = /;
return $temp;
}
###
@@ -689,8 +669,8 @@ END
$errormessage = $!;
goto UPLOADCA_ERROR;
}
- my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
- if (! grep(/CA:TRUE/, @temp)) {
+ my $temp = `/usr/bin/openssl x509 -text -in $filename`;
+ if ($temp !~ /CA:TRUE/i) {
$errormessage = $Lang::tr{'not a valid ca certificate'};
unlink ($filename);
goto UPLOADCA_ERROR;
@@ -725,8 +705,8 @@ END
&Header::openbigbox('100%', 'left', '', '');
&Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:");
my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output) ,"y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
@@ -852,8 +832,8 @@ END
&Header::openbox('100%', 'left', "$Lang::tr{'host certificate'}:");
@output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/hostcert.pem");
}
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output) ,"y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
@@ -1541,8 +1521,8 @@ END
&Header::openbigbox('100%', 'left', '', '');
&Header::openbox('100%', 'left', "$Lang::tr{'cert'}:");
my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
- @output = &Header::cleanhtml(@output,"y");
- print "<pre>@output</pre>\n";
+ my $output = &Header::cleanhtml(join("", @output) ,"y");
+ print "<pre>$output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
diff --git a/src/stripper b/src/stripper
index e51463c69..6f449bb39 100755
--- a/src/stripper
+++ b/src/stripper
@@ -29,7 +29,7 @@ function _strip() {
# Fetch any capabilities
local capabilities="$(getfattr --no-dereference --name="security.capability" \
- --absolute-names --dump "${file}")"
+ --absolute-names --dump "${file}" 2>/dev/null)"
local cmd=( "${strip}" )
hooks/post-receive
--
IPFire 2.x development tree