This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 131cfcf223f97a00375489f9a001a6a1dc23e972 (commit) via c64dc3bef5562448f8ed1e7d40a5174028370f32 (commit) via b71a7fb97dfa9bc041d6782a2b2cd0dd5e9cd66e (commit) via 8c946d1c0afc79808c9f1c8ec14c1ae917c64cdd (commit) from dd2c09fd6bf60c5659e41109d7fbad3f99e228c3 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 131cfcf223f97a00375489f9a001a6a1dc23e972 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 13 15:34:59 2021 +0000
strip: Silence any warnings for files without capabilities
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c64dc3bef5562448f8ed1e7d40a5174028370f32 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 13 15:30:53 2021 +0000
vpnmain.cgi: Join certificate output before &Header::cleanhtml();
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b71a7fb97dfa9bc041d6782a2b2cd0dd5e9cd66e Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 13 15:30:52 2021 +0000
Partially revert "vpnmain.cgi: Use new system methods"
This reverts commit a81cbf61273536ee36f3d26504aabdcd65d39cca.
It was no longer possible to generate the root/host certificates.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8c946d1c0afc79808c9f1c8ec14c1ae917c64cdd Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 13 15:30:51 2021 +0000
ovpnmain.cgi: Join certificate output before &Header::cleanhtml();
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: html/cgi-bin/ovpnmain.cgi | 24 +++++++++--------- html/cgi-bin/vpnmain.cgi | 64 ++++++++++++++++------------------------------- src/stripper | 2 +- 3 files changed, 35 insertions(+), 55 deletions(-)
Difference in files: diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 7a2833ce6..3cd2f9381 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1532,8 +1532,8 @@ END &Header::openbigbox('100%', 'LEFT', '', $errormessage); &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:"); my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem"); - @output = &Header::cleanhtml(@output,"y"); - print "<pre>@output</pre>\n"; + my $output = &Header::cleanhtml(join("", @output),"y"); + print "<pre>$output</pre>\n"; &Header::closebox(); print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); @@ -1652,8 +1652,8 @@ END &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:"); @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem"); } - @output = &Header::cleanhtml(@output,"y"); - print "<pre>@output</pre>\n"; + my $output = &Header::cleanhtml(join("", @output), "y"); + print "<pre>$output</pre>\n"; &Header::closebox(); print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); @@ -2616,8 +2616,8 @@ else &Header::openbigbox('100%', 'LEFT', '', ''); &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:"); my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - @output = &Header::cleanhtml(@output,"y"); - print "<pre>@output</pre>\n"; + my $output = &Header::cleanhtml(join("", @output), "y"); + print "<pre>$output</pre>\n"; &Header::closebox(); print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); @@ -2638,8 +2638,8 @@ else &Header::openbigbox('100%', 'LEFT', '', ''); &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:"); my @output = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem"); - @output = &Header::cleanhtml(@output,"y"); - print "<pre>@output</pre>\n"; + my $output = &Header::cleanhtml(join("", @output) ,"y"); + print "<pre>$output</pre>\n"; &Header::closebox(); print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); @@ -2664,8 +2664,8 @@ else my @output = <FILE>; close(FILE);
- @output = &Header::cleanhtml(@output,"y"); - print "<pre>@output</pre>\n"; + my $output = &Header::cleanhtml(join("", @output),"y"); + print "<pre>$output</pre>\n"; &Header::closebox(); print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); @@ -2687,8 +2687,8 @@ else &Header::openbigbox('100%', 'LEFT', '', ''); &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:"); my @output = &General::system_output("/usr/bin/openssl", "crl", "-text", "-noout", "-in", "${General::swroot}/ovpn/crls/cacrl.pem"); - @output = &Header::cleanhtml(@output,"y"); - print "<pre>@output</pre>\n"; + my $output = &Header::cleanhtml(join("", @output), "y"); + print "<pre>$output</pre>\n"; &Header::closebox(); print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 8f13cf51f..d54b56577 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -226,13 +226,9 @@ sub newcleanssldatabase { ### sub callssl ($) { my $opt = shift; - - # Split the given argument string into single pieces and assign them to an array. - my @opts = split(/ /, $opt); - - my @retssl = &General::system_output("/usr/bin/openssl", @opts); #redirect stderr + my $retssl = `/usr/bin/openssl $opt 2>&1`; #redirect stderr my $ret = ''; - foreach my $line (split (/\n/, @retssl)) { + foreach my $line (split (/\n/, $retssl)) { &General::log("ipsec", "$line") if (0); # 1 for verbose logging $ret .= '<br>'.$line if ( $line =~ /error|unknown/ ); } @@ -246,21 +242,13 @@ sub callssl ($) { ### sub getCNfromcert ($) { #&General::log("ipsec", "Extracting name from $_[0]..."); - my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]"); - my $temp; - - foreach my $line (@temp) { - if ($line =~ /Subject:.*CN = (.*)[\n]/) { - $temp = $1; - $temp =~ s+/Email+, E+; - $temp =~ s/ ST = / S = /; - $temp =~ s/,//g; - $temp =~ s/'//g; - - last; - } - } - + my $temp = `/usr/bin/openssl x509 -text -in $_[0]`; + $temp =~ /Subject:.*CN = (.*)[\n]/; + $temp = $1; + $temp =~ s+/Email+, E+; + $temp =~ s/ ST = / S = /; + $temp =~ s/,//g; + $temp =~ s/'//g; return $temp; } ### @@ -268,19 +256,11 @@ sub getCNfromcert ($) { ### sub getsubjectfromcert ($) { #&General::log("ipsec", "Extracting subject from $_[0]..."); - my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$_[0]"); - my $temp; - - foreach my $line (@temp) { - if($line =~ /Subject: (.*)[\n]/) { - $temp = $1; - $temp =~ s+/Email+, E+; - $temp =~ s/ ST = / S = /; - - last; - } - } - + my $temp = `/usr/bin/openssl x509 -text -in $_[0]`; + $temp =~ /Subject: (.*)[\n]/; + $temp = $1; + $temp =~ s+/Email+, E+; + $temp =~ s/ ST = / S = /; return $temp; } ### @@ -689,8 +669,8 @@ END $errormessage = $!; goto UPLOADCA_ERROR; } - my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename"); - if (! grep(/CA:TRUE/, @temp)) { + my $temp = `/usr/bin/openssl x509 -text -in $filename`; + if ($temp !~ /CA:TRUE/i) { $errormessage = $Lang::tr{'not a valid ca certificate'}; unlink ($filename); goto UPLOADCA_ERROR; @@ -725,8 +705,8 @@ END &Header::openbigbox('100%', 'left', '', ''); &Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:"); my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem"); - @output = &Header::cleanhtml(@output,"y"); - print "<pre>@output</pre>\n"; + my $output = &Header::cleanhtml(join("", @output) ,"y"); + print "<pre>$output</pre>\n"; &Header::closebox(); print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); @@ -852,8 +832,8 @@ END &Header::openbox('100%', 'left', "$Lang::tr{'host certificate'}:"); @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/hostcert.pem"); } - @output = &Header::cleanhtml(@output,"y"); - print "<pre>@output</pre>\n"; + my $output = &Header::cleanhtml(join("", @output) ,"y"); + print "<pre>$output</pre>\n"; &Header::closebox(); print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); @@ -1541,8 +1521,8 @@ END &Header::openbigbox('100%', 'left', '', ''); &Header::openbox('100%', 'left', "$Lang::tr{'cert'}:"); my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - @output = &Header::cleanhtml(@output,"y"); - print "<pre>@output</pre>\n"; + my $output = &Header::cleanhtml(join("", @output) ,"y"); + print "<pre>$output</pre>\n"; &Header::closebox(); print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); diff --git a/src/stripper b/src/stripper index e51463c69..6f449bb39 100755 --- a/src/stripper +++ b/src/stripper @@ -29,7 +29,7 @@ function _strip() {
# Fetch any capabilities local capabilities="$(getfattr --no-dereference --name="security.capability" \ - --absolute-names --dump "${file}")" + --absolute-names --dump "${file}" 2>/dev/null)"
local cmd=( "${strip}" )
hooks/post-receive -- IPFire 2.x development tree