This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 2fd3387aec57a23e43a70531aba3b58bbb11b19f (commit) via 16c18d2ea06f833cec3ea7058b8ebd0368b685ba (commit) via 589b334571919c64acd25fb9906d39f621f64a3d (commit) via 9c7093a18bb01066834deb865cee976efbe3385d (commit) via 962ac5bdc6d8abd09819c2a43d4bf2cbd5fc5336 (commit) via d81456730cbb515711e9ea796f14048b0c4009f5 (commit) via a9600358d86b78d144376fffc8c3b91da6c29e26 (commit) via d9e80e0b0914f71c90f1bf743be0bc412afe1115 (commit) via 086eb9b58233ec19e555a9ded97d00a863fef404 (commit) via 58efaf8e1807eda1f4dbf3bc360698b075ef51d1 (commit) via ba837e88425933b863ed2a430a0a53995a57a840 (commit) via ad39b30985d0fe217f355491bbbe9a5515026927 (commit) via 898474e6ffc676ebc71636cde5bdacf370f3d083 (commit) via 5d5f5393fe4a1ef2aa07ee59ab7120112b25fe93 (commit) via 9acda8fa69b22f410b2b3787b7fad5cff899488d (commit) via 1d47c971e6bd4490fb54c6dd333f307d89f9cfee (commit) via 0ed7b61325996686b956ba398ccb830b53253253 (commit) via dcca805182bef76740752aa90542362806eaa47f (commit) via 5ea73f56601411d842456243fc88bdde8834742c (commit) via 39889f8a0b4cc0e8494acc6ddaec8fa42f1baa93 (commit) via afdf1483887e7c31567ed4469b3b9922d213e295 (commit) via 6e609c0d20716604eabd84361845d72d17b139dc (commit) via 242694089f1a666b5cfcabbeb17440a2d8e54409 (commit) via a8440dab51dc24fb990cbdde82472018b76a13ba (commit) via e1c540b08eb637ee26fd18696920a603a085ccbd (commit) via b33e050763f5c752aadedc62c4da75f3392aca25 (commit) via f63cb53f4aa6b049e01aad78a724c9b5dca1a42a (commit) via dfbee171cc3ee4d05958a5a35bacaa68b7a4445d (commit) via 359efc4bfd201a2972387b30c93372541d56feab (commit) via b59da37ee2e5755c93645271ff810d284a014d35 (commit) via afa91a4df5755569b91c87a6b3b6fae095529ed1 (commit) via 11e2e672e8cb351ca79418a518e726a83e30b15d (commit) via f28a284c33a77cbbe06fa63480eb559877906c26 (commit) via 97a5baac82620e31e3446a276e3eb94b43418ff8 (commit) via 2c97e773002a5d63c2bfda7cc904082a06652c28 (commit) via 9666a34d0e20328bc43ba90904382176b7844796 (commit) via a8e3b15d77512134c29d86ec0489d25f8a801fec (commit) via 57e86b559393116238e67dd3a7593d0ffcff6a1e (commit) via 61e19f97aa1ee3a68e7b8e720ae1e55940ff43fc (commit) via 382ffe320c05b4dc99a77f4e5002265d0e0c70c6 (commit) via 0ee35ce0cac70ac4da8817f2ed3c84d84ddcfc44 (commit) via 3ea01fe042cfb1619415aed3e69bc700dd48ad53 (commit) via 88b1e637ac581b836bcdfa4a44deeef2d8ff9711 (commit) via 49c3105cc3fa4b988bc9d4596f4021c02fa15086 (commit) via 2c531c2132ae6681d5b0dc6ec114fb5e8cbb0040 (commit) via 8d1e36cca59e68d3061d2c53a535bfadebe4edf1 (commit) via f0dba37096d2e7dcf59e75b42cdff8b3ba613bac (commit) via 57e527c84a4e3952c7842637e2e4b6f252394de2 (commit) via 6caea1086d15a0f6d797da31a67d132a298c5d14 (commit) via 85a6f39c39385d3867a95b037adfd601718735c5 (commit) via 5f206778640a463babeb4640304b94283eabe34f (commit) via e798fee78d9164b20f4b9ef14be4743c83a44676 (commit) via 2bcd81934d900845fa178bf11d138c95715f11c9 (commit) via 0e2f9b011b8945dbfdfd3cac9fe1a486c48732e1 (commit) via 3bcb59ab211cec80576e8e0c1202364e3001defc (commit) via a24062d12bf6e8623f2316d6fbb0551ce553f0b5 (commit) via cbdee67e068441c10284e1ab290ca4db226dd37f (commit) via 1cbc5ca0a4e0827ae5073ddf19c515e4492baa16 (commit) via eb7e5ec69ffcf35b1748b8fa2e5ed6fd07763014 (commit) via f68ae02d39eb10fa949f07b1c4cfc68b224a1ee0 (commit) via 30ca037fb35df6e60681201efe04e2cf17ffd305 (commit) via 7fe566950277075323b28aa1be202a9d7402edc9 (commit) via ffe32bf7ae117d9ce3c19f93db72058c9ba56c77 (commit) via 6ac0a1a38f8272038250445d7e05aca1870ad23d (commit) via 0596fb2d1dc21f47811322b0ca6c8fb5f0458665 (commit) via 1b1401b9df9288b9b877e38dccbdc53accfeb6e0 (commit) via b0b8729a32a4c43a76184432a7c624c58874d155 (commit) via 942299ebeb641e985ee055fde61c6576c1f1f284 (commit) via 023919034a6bcc31cd4032192862894b695fd94e (commit) via 1a8999b3d61d23094485c9d43385be35676d0a26 (commit) via e0c923f424c0d4a8a8a873ee3f84a065ecce58f7 (commit) via 7f16c6664788ef9616c16a4b87ba98893c46fedb (commit) via 0594323b79a4bf8ba390a4cd9a2c6833983174ac (commit) via f3c793854077e1368768af0137ffc1a885490381 (commit) via 67a0c5180db8bef41def07e9d6a8e11efca4fd35 (commit) via d0b47c7a8fb8b0be065e1874bb664b4fd01e9e00 (commit) via 432bc116fb34fd796c70132d184a3e3d1e126b4f (commit) via 991082e93600c3c2ba529ea8bbc0437c5764c964 (commit) via 45ff420ec7e3ad522dc6d0e53837a6e1951407fc (commit) via 37de68c96531e9d968f45f345c813d3d240e6a48 (commit) via 69a419b19ac9c314b98cdc0ce72734f55857bb90 (commit) via 4ad384c68d90a912406aae93371ddb87808c6202 (commit) via ba1abcb658a524b3d8af3b4f8b4baad4802f3476 (commit) via 8e41b852876fabd8e07cd72d9c61c62f8dc5d9be (commit) via 851a984121f4a20d646de229c7901258fe5605d2 (commit) via b013822b996302d7c3344019fe555d60280ef5c2 (commit) via 07e1b6c0afaf2cc7ee42c6d7a2a58bfda5d33af0 (commit) via 0a11f8761ae9464e6321e2259899c3d5ec71a7a4 (commit) via a4d24f90525ff980c36decfda4755777f3974004 (commit) via 78039c1585df96ae932d3b9c50168c052186ec16 (commit) via e8b3bb0edcf5b6768326b01620f318a56aaf4814 (commit) via 92a6d92e826f056ae788da902dffb0513f1152df (commit) via 334620ee2bf24a4d80303b766f91bc64178c4042 (commit) via db1078ff114c1cd6b8818848660ee72848874836 (commit) via 0fa8d28e8fe5f6a9a04b8d13b4dc6bb6b1f54c8f (commit) via a47376207fbce85385dc6086a87d54ec2e6aa0f1 (commit) via a54ec49e18e2a77ab0003fbae92ae31068f8d9fc (commit) via c4e106d181124550af7c9bd81e07e9eee4b985ee (commit) via b3c1c8342cf336b949b849579bce76b2de83cfde (commit) via 2b4830c5ab71ce04cc14979ec3ed9c91049c8d4c (commit) via 0505af9dc07f3a2b46d15e726d40585e4ee20099 (commit) via 785c9195204b12f9391d3d13e56e7ec11576cfeb (commit) via 2e28ecea3ef7b96ef55d9b3dc3ad67414c023853 (commit) via 0c89de671678acb83c46df6600382b076535cd10 (commit) via fde9c9dd035ebd5a24527e1b99069d3df5a03d13 (commit) via 1245aa72df932f3764be1ba7c5ce09b89b79ac5e (commit) via 2805275ecca612fc88319f44a4395802150ce17a (commit) via dc127e0faab368273aca09a57cc79f8186547189 (commit) via c98b743c09cac78a865ca8ef102dacf69a5004da (commit) via f51bc66149e561868041407d4e3e447d2c84ea7b (commit) via fb245d5ec12977d91670dc04590758a4e173dfed (commit) via ab2d15486b4f874ebd832dfce84081031f42b7c5 (commit) via f14de8277aad5e57267d843e63b111e575801ab9 (commit) via 0389942c2bc24b93de68269606bcd11a4ce57dab (commit) via 49b70d62a939c564bb1386d3f5b13eb1f98bd55f (commit) via d54a2ce45232412d2b674df51cc8012d8e2c846d (commit) via db5b5de9a9cbb53b713cbc95a80021e458a5041f (commit) via 4d9e31ab78dbcf8d6c7cd5720d7cdf410281d778 (commit) via 46d3a4cb16ea09393fa141f56478e7d1d247b67c (commit) via b8fe6ca756adb45f7ea92b6211204d17fc701ff1 (commit) via 30654fd82b9185597689c701c99987e02de2a959 (commit) via cbc5a4374fd19c8657792f14813da52b801fd681 (commit) via 91d6b6ef07fc9915dcb2ca8ed0147118615b690d (commit) via e6c4f090b694a8d102da5b2765dcdac871f20517 (commit) via 30986dbf03b2ce231f3a53989d4d81ec7ccb1681 (commit) via 65f2c9bb3940fab663248f81aae2161a3d1e13a5 (commit) via 0778b991c9e9a12ab4eee66c5846d56a708a5418 (commit) via 758d959652ee8fbc018b04d75624ec61ed64e227 (commit) via 96737543858a2d78d61da981dd10c5e9a3b671a4 (commit) via b171633c7e15a1fceacfae9953ad9b5b6a07e945 (commit) via 32a5fec71c317aa47ad27abecd3a63bda513972b (commit) via 39d435690fa0fa56886bc95a00f7eb01463b7b80 (commit) via 212fd689a30a7b2f627149ead8d45823dc8a68af (commit) via ad50a299c8717ffdd3a0ec02b0db40888f5d9e73 (commit) via 578f23c8e140cb896b5e1e4c36bdecad2c76ffe7 (commit) via d4ee6f08135135d7abac777a63fdadccda156052 (commit) via 040ec360f90d43fbb9fa0fb9bc1f7f52b09eaf77 (commit) via c17883fdcd250064ab1d2f3e922b619d77e282b7 (commit) via 05583186d6cabdab8801045c491ba3d606690fb4 (commit) via acb759575e610e8a94f6b05ff19a5418aa7a91b7 (commit) via f3dce179849c7898cafff729f17b4b407b1f155e (commit) via 0fbba54e825ad4d21762e0deb788ec6614d0e744 (commit) via 1164cb0d0b56006d228ac3a9ec2b20ca1f2a7167 (commit) via 054d584786a60ed443d96642eb5a094e265da637 (commit) via d0552ea9bfc1dc55fc5930128b60877fad4da444 (commit) via 80d83d13d8a1e794e7e4d1da90f83f297ce04191 (commit) via ad592fb878653d2abf970da02453d4a4893ac0a9 (commit) via 9ee54998cbb36cf1781c0e1ba856992d3d1f068a (commit) via 0f3d0cec24c4a75d59e4a105e5f4d6b24fb6d5aa (commit) via ecb2d6b954ba5f7cee25ac0e46f245c16e49ceaa (commit) via b1636efd0b3f4faa3e4d08f54c2b2dfa170e373f (commit) via 15847a8001e5adda6bf253f3c329fce11d5a05b1 (commit) via c6ce1e7ecb8f053bff2cbca975fa1246b75c0bdf (commit) via b0b61056a72dad063e56a4093e0bfbc087eb7985 (commit) via 32218ed0bab94adc0be85d37ed475869fd5ebccc (commit) via 6b6730a95f8bb7a370203716d7ae568efae74707 (commit) via f94223119075377b14f6c25c573be533f3681013 (commit) via 2be0bc4410b7d2f5039eae7b464db7b8ee6564db (commit) via ca6be40f92988ec3202e1f669c1a033bbbf3cd38 (commit) via 8f548dfe366e63af924e559a9275ce734a099942 (commit) via 668ea5d311f10b63dd69718b9a43aa5d03029d5d (commit) via 79b269802d00653f32c43899767c9bea53d83702 (commit) via ef4edcfb203a3610efb7e47cb6f4e3337cb2e312 (commit) via a8e59d803594f5af0ac1532e89aac6bd11600ecf (commit) via 0ff5b2b0ac39be6954e0b727e21d98c631bb051b (commit) via 64d886f53f0dcd5c6284b56b4965ad19eaf4d80a (commit) via 0d573e226f956e32035a41674e6f79e169305172 (commit) via 6ecbdec1b76812fc2657c11a66aecb7dc34ee658 (commit) via df5fbff5319a798146ecf1365a4638b5c1a1c888 (commit) via b34ba990aa7365be679774e6a4c938825f6f25f5 (commit) via 23e591db40e7dc6b02e2d826cf80cfac2dc32f9a (commit) via bac04b5e3c86e269a7674da16798bc22edda85bb (commit) via e0d006cd8e186d28ce11d20a9ab6f8462de882fe (commit) via 0a565414dd9e4ed8a050430e18490ad0ef61b4d3 (commit) via 5b3bd19f310f8389eef1bb0d4107bce4aab26cb1 (commit) via b63c35cae117ed4fb0871955b741016915ba61da (commit) via a8d9f5cec1db248c75dc991d21186da554ca48ec (commit) via fffb0165b6f85068a60c9bb816ba09a4d6934fb2 (commit) via e0b9a600e19f3829dcdf9858c776d7a169ea2ccc (commit) via a40a1e25f7d1e6ec648afd10c8873611d139bfd9 (commit) via 85abe3323a0b43976686d1c8e875861c7510abce (commit) via 9384b26ba9f448783244d238d750293da418ec51 (commit) via 3b9b58f95646c95b0fd7b2e8de90d074cb70cc70 (commit) via d9f47d9b9e5041ee9b9d5fc40471cffe67d2a35e (commit) via 79cfa337b16e54e86b7812fb0166639759af29fe (commit) via 2acac5421f03eccd0e603106093489b985c65cb8 (commit) via 7f5795c65fa65e4835cfcb60408a64581813e9ca (commit) via 857a15f38b1c48c6eeb8109ae18d1c2ad1fbb95c (commit) via c3c2e81c6fd50e102b10891c980e515d1bb072a0 (commit) via 261121f1dff82f158289368bafedc9a1c89e9261 (commit) via 35817283ac87378350b1149ea466a1c4432449e8 (commit) via 3847730c176a3ff5a710ec5400d13c35f8d16fd1 (commit) via 6f49ea2ea269b1ef456f7594f67296fd86776dc5 (commit) via c366dbb4337921e3e581498bc2b85f787a6913f4 (commit) via c98cc4ae90643b9a43431be5de7d821c110267c0 (commit) via 07f0e777f015303f1921f4d7e582890e8268563a (commit) via d4ce4207ce49701b70a60114a1777e75118c9aa4 (commit) via 2f2b5105c47db6b8b9ec42e2bbfa28d967fe1178 (commit) via 1342aaf8dd0a0c55d960817e88cac5d379029054 (commit) via a8fda3e94150bc3087e09b141b5f2c73721a4517 (commit) via b339fb7f142ac96d440b0951728d194f0c2a5fc2 (commit) via 32470b20b1728075af1bc641a38b98bb51e8d2b8 (commit) via d478b830bb792256fad7ae821101bbb7099d1f90 (commit) via adb742c03b962b013233789cd8799090bca0b8ab (commit) via 6e9fc7b868c52a6d2991d9878e1e96a7eb1eb4b4 (commit) via 23a42d00de983ba50f1caecbb0719e2d4fdefbc9 (commit) via 3db2633165c196c0ae4537199596201b940e71eb (commit) via 53103ab55c63eda3cd302c9b8af743429b62726c (commit) via 1ed8aedfdb9af8deaafac797b85b68c407feb6d7 (commit) via 0bb4b135d121cec8efbae6c63b3ea6cf85eacb97 (commit) via e24668f99a053d2073de80fe2d0dc8c5d73d2cbc (commit) via 663221a256af64d3bfe8c9bc0fe534059eb7dcee (commit) via 16bbdeb988cec0e4af25a0be334e23842ad9414a (commit) via 93bfe63d55bf611887fbc25c251c6fb0ce2ab1d4 (commit) via e60cd3a4042e95cf2748aac2de9d991c724ef24d (commit) via dfea4f86c22c83e07d0f4a6f2a02166229ecb120 (commit) via 2d0c7a9f7b8f830a5e2b193ffea4334409e25bf1 (commit) via becbf67de73290f43fd6658c2c66c6e174d6afe2 (commit) via ea40188f66d78c16956cdeb6d5c806bb7117c7f1 (commit) via b8a97bd9436f3494745b95868dc5b0774d0c40e8 (commit) via 61c6e9b71da9f623bf74f8cb2bab6cf311e7df45 (commit) via 4e341f19b076e906c493347c8a11af5c45efc976 (commit) via 600b99fb315f02cd778b7725cdf54ca95caf095d (commit) via 535e2ce295d8fb2d27c743ebe560e7e3b9a5e35b (commit) via 1e6f74df8923eb09455248fd5940996f02cc7202 (commit) via 709564103eba30e14e25d4ebda86413dda823354 (commit) via 04ad584f354fde63a04ad5d50b4092ff044186ff (commit) via 3672decfa350c29b4ce5da3f0932286cae7164f2 (commit) via c1e9ba671ef74ad305067e4d82e81bcd3b5863a2 (commit) via 899a422790a6fc56a7eeaf5070332232af0d6879 (commit) via b9ca2fa60f1ac0127d0bbddb016d0acb578e660d (commit) via 6897c329b5b323567267d364fefdf01a9bff5688 (commit) via 2e3cb8edbc9f203adf6d702cfddf465ccaf2e2d7 (commit) via bc9446c65ff048ebce8c0665cc0efe2231fb37de (commit) via d9bf6d8b2f195e8d1f0287af19cf9fed331e9377 (commit) via c0a97a0f4a9c7787801015301a34a01da39596f5 (commit) via e472a10de91406b6440add5245de388cb4ab34f5 (commit) via 1dcd87157d4b52ee304094a586674dcb4919c3ba (commit) via 2b7fe21aa71ff782dc36e0400cc3367d2f106e47 (commit) via d5781436789241a7891dbdd80d4b256c76d9aedf (commit) via 8996f5a3bb3f6daa9df6190042bb0927d5f5b470 (commit) via 4313aa18e9e3b3f6717946b88c8a67f79dea40be (commit) via eea2501f5fe935eabd34781baff06beb7e275898 (commit) via e0f8464866f71590e7f5c9a43a59a60e633a6c8f (commit) via 2e7c1bcb98af17284681b86435f8f753209aa292 (commit) via 6a71b0b013fbc0fa73319e4ed1daa34524a17a4f (commit) via 192a8266e2571a324a793fa512a9c852661ae25b (commit) via a2b7328a265fb414929d8194b509580054f5c753 (commit) via e497310ee02c7b6f2071bf021f26bc254d97f439 (commit) via 0909c0d15058ddf023369afefab634781cc2702d (commit) via 58c74d078780b88bf060fa179bd55dd483164b87 (commit) via f2d941436b9721cdbfc37f0c7769088d14621d13 (commit) via 211694e588cf65dba21b6f9eb32f1ca7fd4520eb (commit) via 593c32275adf2b5bc7a887ad1d14350863ee57e4 (commit) via cab02e2a5f77eaf0bc12f7c115348baf2a04b699 (commit) via 484e01fc3791c7cce818c4d578b5e883846b4c51 (commit) via 2285f9da225d245dda6653ce05de9665bd9a792d (commit) via ca842e182227d69ea70e90e18f5a81d458cf06d3 (commit) via cc26ba71a193700177d8bc118e79b050964562f7 (commit) via 11ad82532e54fedd2a9b55f5c4a7b2f7a62a2002 (commit) via 91634dbe88cc85a77b1b30246e527d3dac908f24 (commit) via cebb1b7cb1327b87e3fa6932eee151a26a9f85c2 (commit) via b8e0573b5c698df6ba5587da9c4fc9595288ae79 (commit) via 72074fcdd2169a4698d5a5dec288e2adeca9af67 (commit) via bf235e962cdd2d0d95d9a6ccfef0b449d181bb04 (commit) via 15809a0166b58ce30d39c40603d01cc783cf8f3d (commit) via 67716b19bb5ab806fdd63f630e53c158dabedf2d (commit) via 4acb9a1a9b8ef9e51635de6545609d3a6455dd83 (commit) via a44790b647b40130187fdaff4cec710bbaad7ed9 (commit) from 9ba3be2bebcc589243a626d7b958be96b82ba3aa (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 2fd3387aec57a23e43a70531aba3b58bbb11b19f Merge: 9ba3be2 16c18d2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri May 8 18:31:47 2015 +0200
Merge branch 'next'
-----------------------------------------------------------------------
Summary of changes: config/backup/include | 1 + config/backup/includes/esniper | 5 - config/cfgroot/general-functions.pl | 1 + config/cfgroot/geoip-functions.pl | 105 ++ config/cfgroot/header.pl | 2 +- config/cron/crontab | 3 + config/firewall/firewall-lib.pl | 61 ++ config/firewall/geoipblock | 1 + config/firewall/rules.pl | 77 +- config/hostapd/config | 185 +++- config/httpd/global.conf | 2 +- config/httpd/httpd.conf | 3 +- config/httpd/vhosts.d/esniper.conf | 22 - config/httpd/vhosts.d/phpaj.conf | 16 - .../kernel/kernel.config.armv5tel-ipfire-kirkwood | 4 +- config/kernel/kernel.config.armv5tel-ipfire-multi | 4 +- config/kernel/kernel.config.armv5tel-ipfire-rpi | 4 +- config/kernel/kernel.config.i586-ipfire | 5 +- config/kernel/kernel.config.i586-ipfire-pae | 5 +- config/menu/50-firewall.menu | 6 + config/qemu/qemu | 10 + config/rootfiles/common/Locale-Country | 63 +- config/rootfiles/common/apache2 | 91 +- config/rootfiles/common/armv5tel/initscripts | 3 + config/rootfiles/common/armv5tel/linux-multi | 1 + config/rootfiles/common/collectd | 10 +- config/rootfiles/common/configroot | 3 + config/rootfiles/common/curl | 227 ++++- config/rootfiles/common/cyrus-sasl | 42 +- config/rootfiles/common/dhcp | 3 +- config/rootfiles/common/dhcpcd | 5 + config/rootfiles/common/expat | 15 +- config/rootfiles/common/flag-icons | 243 +++++ config/rootfiles/common/groff | 1000 +++++++++++--------- config/rootfiles/common/i586/initscripts | 3 + config/rootfiles/common/i586/openssl-sse2 | 1 + config/rootfiles/common/logrotate | 1 + config/rootfiles/common/logwatch | 66 +- config/rootfiles/common/misc-progs | 1 + config/rootfiles/common/openssl-compat | 2 - config/rootfiles/common/perl-Text-CSV_XS | 8 + config/rootfiles/common/squid | 1 - config/rootfiles/common/stage2 | 4 + config/rootfiles/common/strongswan | 11 +- config/rootfiles/common/udev | 3 +- config/rootfiles/common/web-user-interface | 358 +++++++ config/rootfiles/common/xtables-addons | 33 + config/rootfiles/common/xz | 6 +- config/rootfiles/core/90/exclude | 28 + config/rootfiles/core/90/filelists/Locale-Country | 1 + .../{oldcore/77 => core/90}/filelists/apache2 | 0 .../87 => core/90}/filelists/armv5tel/glibc | 0 .../90}/filelists/armv5tel/linux-kirkwood | 0 .../87 => core/90}/filelists/armv5tel/linux-multi | 0 .../87 => core/90}/filelists/armv5tel/linux-rpi | 0 .../{oldcore/71 => core/90}/filelists/curl | 0 .../{oldcore/77 => core/90}/filelists/cyrus-sasl | 0 .../{oldcore/81 => core/90}/filelists/ddns | 0 .../{oldcore/66 => core/90}/filelists/dhcp | 0 .../{oldcore/44 => core/90}/filelists/dhcpcd | 0 .../{oldcore/84 => core/90}/filelists/dnsmasq | 0 .../{oldcore/87 => core/90}/filelists/dracut | 0 config/rootfiles/core/90/filelists/expat | 1 + config/rootfiles/core/90/filelists/files | 36 + .../{oldcore/87 => core/90}/filelists/fireinfo | 0 config/rootfiles/core/90/filelists/flag-icons | 1 + config/rootfiles/core/90/filelists/groff | 1 + .../{oldcore/66 => core/90}/filelists/i586/acpid | 0 .../{oldcore/87 => core/90}/filelists/i586/glibc | 0 .../{oldcore/87 => core/90}/filelists/i586/linux | 0 .../87 => core/90}/filelists/i586/linux-initrd | 0 .../rootfiles/core/90/filelists/i586/openssl-sse2 | 1 + .../{oldcore/77 => core/90}/filelists/iptables | 0 .../{oldcore/82 => core/90}/filelists/iputils | 0 .../{oldcore/70 => core/90}/filelists/libjpeg | 0 config/rootfiles/core/90/filelists/logrotate | 1 + .../{oldcore/61 => core/90}/filelists/logwatch | 0 .../{oldcore/87 => core/90}/filelists/openssl | 0 .../core/90/filelists/openssl-0.9.8-files | 19 + .../rootfiles/core/90/filelists/perl-Text-CSV_XS | 1 + .../{oldcore/84 => core/90}/filelists/squid | 0 .../{oldcore/87 => core/90}/filelists/strongswan | 0 .../{oldcore/87 => core/90}/filelists/tzdata | 0 .../{oldcore/77 => core/90}/filelists/udev | 0 .../87 => core/90}/filelists/wpa_supplicant | 0 config/rootfiles/core/90/filelists/xtables-addons | 1 + .../rootfiles/{oldcore/77 => core/90}/filelists/xz | 0 config/rootfiles/{oldcore/87 => core/90}/meta | 0 config/rootfiles/core/90/update.sh | 305 ++++++ config/rootfiles/packages/clamav | 6 +- config/rootfiles/packages/libsrtp | 1 + config/rootfiles/packages/qemu | 30 +- config/rootfiles/packages/tor | 2 - config/ssl/openssl.cnf | 4 +- config/syslinux/syslinux.cfg | 1 + config/udev/60-net.rules | 3 + .../udev/network-hotplug-rename | 65 +- config/xtables-addons/mconfig | 24 + doc/language_issues.de | 10 + doc/language_issues.en | 10 + doc/language_issues.es | 12 + doc/language_issues.fr | 16 + doc/{language_issues.tr => language_issues.it} | 41 +- doc/language_issues.nl | 16 + doc/language_issues.pl | 12 + doc/language_issues.ru | 16 + doc/language_issues.tr | 16 + doc/language_missings | 70 ++ html/cgi-bin/connections.cgi | 3 +- html/cgi-bin/country.cgi | 11 +- html/cgi-bin/ddns.cgi | 11 +- html/cgi-bin/firewall.cgi | 90 +- html/cgi-bin/fwhosts.cgi | 534 ++++++++++- html/cgi-bin/geoip-block.cgi | 263 +++++ html/cgi-bin/index.cgi | 4 +- html/cgi-bin/logs.cgi/firewalllog.dat | 29 +- html/cgi-bin/logs.cgi/firewalllogcountry.dat | 15 +- html/cgi-bin/logs.cgi/firewalllogip.dat | 21 +- html/cgi-bin/netovpnsrv.cgi | 2 +- html/cgi-bin/ovpnmain.cgi | 71 +- html/cgi-bin/pakfire.cgi | 6 +- html/cgi-bin/services.cgi | 3 + html/cgi-bin/tor.cgi | 6 +- html/cgi-bin/vpnmain.cgi | 268 +++--- html/cgi-bin/wlanap.cgi | 31 +- html/html/images/flags/ad.png | Bin 570 -> 0 bytes html/html/images/flags/ae.png | Bin 411 -> 0 bytes html/html/images/flags/af.png | Bin 594 -> 0 bytes html/html/images/flags/ag.png | Bin 670 -> 0 bytes html/html/images/flags/ai.png | Bin 670 -> 0 bytes html/html/images/flags/al.png | Bin 572 -> 0 bytes html/html/images/flags/am.png | Bin 574 -> 0 bytes html/html/images/flags/an.png | Bin 578 -> 0 bytes html/html/images/flags/ao.png | Bin 588 -> 0 bytes html/html/images/flags/aq.png | Bin 610 -> 0 bytes html/html/images/flags/ar.png | Bin 578 -> 0 bytes html/html/images/flags/as.png | Bin 653 -> 0 bytes html/html/images/flags/at.png | Bin 551 -> 0 bytes html/html/images/flags/au.png | Bin 634 -> 0 bytes html/html/images/flags/aw.png | Bin 573 -> 0 bytes html/html/images/flags/az.png | Bin 603 -> 0 bytes html/html/images/flags/ba.png | Bin 619 -> 0 bytes html/html/images/flags/bb.png | Bin 574 -> 0 bytes html/html/images/flags/bd.png | Bin 572 -> 0 bytes html/html/images/flags/be.png | Bin 534 -> 0 bytes html/html/images/flags/bf.png | Bin 568 -> 0 bytes html/html/images/flags/bg.png | Bin 555 -> 0 bytes html/html/images/flags/bh.png | Bin 514 -> 0 bytes html/html/images/flags/bi.png | Bin 668 -> 0 bytes html/html/images/flags/bj.png | Bin 544 -> 0 bytes html/html/images/flags/bm.png | Bin 615 -> 0 bytes html/html/images/flags/bn.png | Bin 633 -> 0 bytes html/html/images/flags/bo.png | Bin 583 -> 0 bytes html/html/images/flags/br.png | Bin 665 -> 0 bytes html/html/images/flags/bs.png | Bin 606 -> 0 bytes html/html/images/flags/bt.png | Bin 614 -> 0 bytes html/html/images/flags/bv.png | Bin 604 -> 0 bytes html/html/images/flags/bw.png | Bin 566 -> 0 bytes html/html/images/flags/by.png | Bin 556 -> 0 bytes html/html/images/flags/bz.png | Bin 618 -> 0 bytes html/html/images/flags/ca.png | Bin 606 -> 0 bytes html/html/images/flags/cc.png | Bin 668 -> 0 bytes html/html/images/flags/cd.png | Bin 608 -> 0 bytes html/html/images/flags/cf.png | Bin 611 -> 0 bytes html/html/images/flags/cg.png | Bin 558 -> 0 bytes html/html/images/flags/ch.png | Bin 581 -> 0 bytes html/html/images/flags/ci.png | Bin 533 -> 0 bytes html/html/images/flags/ck.png | Bin 606 -> 0 bytes html/html/images/flags/cl.png | Bin 481 -> 0 bytes html/html/images/flags/cm.png | Bin 548 -> 0 bytes html/html/images/flags/cn.png | Bin 482 -> 0 bytes html/html/images/flags/co.png | Bin 573 -> 0 bytes html/html/images/flags/cr.png | Bin 593 -> 0 bytes html/html/images/flags/cs.png | Bin 442 -> 0 bytes html/html/images/flags/cu.png | Bin 624 -> 0 bytes html/html/images/flags/cv.png | Bin 603 -> 0 bytes html/html/images/flags/cx.png | Bin 627 -> 0 bytes html/html/images/flags/cy.png | Bin 564 -> 0 bytes html/html/images/flags/cz.png | Bin 582 -> 0 bytes html/html/images/flags/de.png | Bin 540 -> 0 bytes html/html/images/flags/dj.png | Bin 509 -> 0 bytes html/html/images/flags/dk.png | Bin 562 -> 0 bytes html/html/images/flags/dm.png | Bin 681 -> 0 bytes html/html/images/flags/do.png | Bin 607 -> 0 bytes html/html/images/flags/dz.png | Bin 568 -> 0 bytes html/html/images/flags/ec.png | Bin 607 -> 0 bytes html/html/images/flags/ee.png | Bin 543 -> 0 bytes html/html/images/flags/eg.png | Bin 559 -> 0 bytes html/html/images/flags/eh.png | Bin 552 -> 0 bytes html/html/images/flags/er.png | Bin 606 -> 0 bytes html/html/images/flags/es.png | Bin 589 -> 0 bytes html/html/images/flags/et.png | Bin 607 -> 0 bytes html/html/images/flags/eu.png | Bin 632 -> 0 bytes html/html/images/flags/fi.png | Bin 569 -> 0 bytes html/html/images/flags/fj.png | Bin 612 -> 0 bytes html/html/images/flags/fk.png | Bin 684 -> 0 bytes html/html/images/flags/fm.png | Bin 572 -> 0 bytes html/html/images/flags/fo.png | Bin 583 -> 0 bytes html/html/images/flags/fr.png | Bin 522 -> 0 bytes html/html/images/flags/ga.png | Bin 580 -> 0 bytes html/html/images/flags/gb.png | Bin 679 -> 0 bytes html/html/images/flags/gd.png | Bin 599 -> 0 bytes html/html/images/flags/ge.png | Bin 495 -> 0 bytes html/html/images/flags/gf.png | Bin 514 -> 0 bytes html/html/images/flags/gh.png | Bin 456 -> 0 bytes html/html/images/flags/gi.png | Bin 561 -> 0 bytes html/html/images/flags/gl.png | Bin 574 -> 0 bytes html/html/images/flags/gm.png | Bin 457 -> 0 bytes html/html/images/flags/gn.png | Bin 543 -> 0 bytes html/html/images/flags/gp.png | Bin 577 -> 0 bytes html/html/images/flags/gq.png | Bin 585 -> 0 bytes html/html/images/flags/gr.png | Bin 585 -> 0 bytes html/html/images/flags/gs.png | Bin 661 -> 0 bytes html/html/images/flags/gt.png | Bin 595 -> 0 bytes html/html/images/flags/gu.png | Bin 579 -> 0 bytes html/html/images/flags/gw.png | Bin 461 -> 0 bytes html/html/images/flags/gy.png | Bin 535 -> 0 bytes html/html/images/flags/hk.png | Bin 609 -> 0 bytes html/html/images/flags/hm.png | Bin 651 -> 0 bytes html/html/images/flags/hn.png | Bin 578 -> 0 bytes html/html/images/flags/hr.png | Bin 604 -> 0 bytes html/html/images/flags/ht.png | Bin 587 -> 0 bytes html/html/images/flags/hu.png | Bin 552 -> 0 bytes html/html/images/flags/id.png | Bin 535 -> 0 bytes html/html/images/flags/ie.png | Bin 518 -> 0 bytes html/html/images/flags/il.png | Bin 590 -> 0 bytes html/html/images/flags/in.png | Bin 578 -> 0 bytes html/html/images/flags/io.png | Bin 760 -> 0 bytes html/html/images/flags/iq.png | Bin 583 -> 0 bytes html/html/images/flags/ir.png | Bin 573 -> 0 bytes html/html/images/flags/is.png | Bin 608 -> 0 bytes html/html/images/flags/it.png | Bin 504 -> 0 bytes html/html/images/flags/jm.png | Bin 663 -> 0 bytes html/html/images/flags/jo.png | Bin 597 -> 0 bytes html/html/images/flags/jp.png | Bin 556 -> 0 bytes html/html/images/flags/ke.png | Bin 614 -> 0 bytes html/html/images/flags/kg.png | Bin 563 -> 0 bytes html/html/images/flags/kh.png | Bin 606 -> 0 bytes html/html/images/flags/ki.png | Bin 608 -> 0 bytes html/html/images/flags/km.png | Bin 562 -> 0 bytes html/html/images/flags/kn.png | Bin 611 -> 0 bytes html/html/images/flags/kp.png | Bin 624 -> 0 bytes html/html/images/flags/kr.png | Bin 611 -> 0 bytes html/html/images/flags/kw.png | Bin 456 -> 0 bytes html/html/images/flags/ky.png | Bin 605 -> 0 bytes html/html/images/flags/kz.png | Bin 603 -> 0 bytes html/html/images/flags/la.png | Bin 528 -> 0 bytes html/html/images/flags/lb.png | Bin 594 -> 0 bytes html/html/images/flags/lc.png | Bin 613 -> 0 bytes html/html/images/flags/li.png | Bin 481 -> 0 bytes html/html/images/flags/lk.png | Bin 599 -> 0 bytes html/html/images/flags/lr.png | Bin 567 -> 0 bytes html/html/images/flags/ls.png | Bin 668 -> 0 bytes html/html/images/flags/lt.png | Bin 531 -> 0 bytes html/html/images/flags/lu.png | Bin 554 -> 0 bytes html/html/images/flags/lv.png | Bin 565 -> 0 bytes html/html/images/flags/ly.png | Bin 463 -> 0 bytes html/html/images/flags/ma.png | Bin 527 -> 0 bytes html/html/images/flags/mc.png | Bin 519 -> 0 bytes html/html/images/flags/md.png | Bin 577 -> 0 bytes html/html/images/flags/mg.png | Bin 548 -> 0 bytes html/html/images/flags/mh.png | Bin 680 -> 0 bytes html/html/images/flags/mk.png | Bin 657 -> 0 bytes html/html/images/flags/ml.png | Bin 436 -> 0 bytes html/html/images/flags/mm.png | Bin 528 -> 0 bytes html/html/images/flags/mn.png | Bin 560 -> 0 bytes html/html/images/flags/mo.png | Bin 590 -> 0 bytes html/html/images/flags/mp.png | Bin 623 -> 0 bytes html/html/images/flags/mq.png | Bin 514 -> 0 bytes html/html/images/flags/mr.png | Bin 510 -> 0 bytes html/html/images/flags/ms.png | Bin 617 -> 0 bytes html/html/images/flags/mt.png | Bin 497 -> 0 bytes html/html/images/flags/mu.png | Bin 419 -> 0 bytes html/html/images/flags/mv.png | Bin 591 -> 0 bytes html/html/images/flags/mw.png | Bin 463 -> 0 bytes html/html/images/flags/mx.png | Bin 606 -> 0 bytes html/html/images/flags/my.png | Bin 597 -> 0 bytes html/html/images/flags/mz.png | Bin 602 -> 0 bytes html/html/images/flags/na.png | Bin 653 -> 0 bytes html/html/images/flags/nc.png | Bin 621 -> 0 bytes html/html/images/flags/ne.png | Bin 527 -> 0 bytes html/html/images/flags/nf.png | Bin 583 -> 0 bytes html/html/images/flags/ng.png | Bin 513 -> 0 bytes html/html/images/flags/ni.png | Bin 524 -> 0 bytes html/html/images/flags/nl.png | Bin 554 -> 0 bytes html/html/images/flags/no.png | Bin 615 -> 0 bytes html/html/images/flags/np.png | Bin 531 -> 0 bytes html/html/images/flags/nr.png | Bin 578 -> 0 bytes html/html/images/flags/nu.png | Bin 531 -> 0 bytes html/html/images/flags/nz.png | Bin 606 -> 0 bytes html/html/images/flags/om.png | Bin 551 -> 0 bytes html/html/images/flags/pa.png | Bin 587 -> 0 bytes html/html/images/flags/pe.png | Bin 583 -> 0 bytes html/html/images/flags/pf.png | Bin 606 -> 0 bytes html/html/images/flags/pg.png | Bin 557 -> 0 bytes html/html/images/flags/ph.png | Bin 606 -> 0 bytes html/html/images/flags/pk.png | Bin 616 -> 0 bytes html/html/images/flags/pl.png | Bin 514 -> 0 bytes html/html/images/flags/pm.png | Bin 653 -> 0 bytes html/html/images/flags/pn.png | Bin 693 -> 0 bytes html/html/images/flags/pr.png | Bin 607 -> 0 bytes html/html/images/flags/ps.png | Bin 481 -> 0 bytes html/html/images/flags/pt.png | Bin 573 -> 0 bytes html/html/images/flags/pw.png | Bin 571 -> 0 bytes html/html/images/flags/py.png | Bin 579 -> 0 bytes html/html/images/flags/qa.png | Bin 520 -> 0 bytes html/html/images/flags/re.png | Bin 514 -> 0 bytes html/html/images/flags/ro.png | Bin 542 -> 0 bytes html/html/images/flags/ru.png | Bin 550 -> 0 bytes html/html/images/flags/rw.png | Bin 471 -> 0 bytes html/html/images/flags/sa.png | Bin 558 -> 0 bytes html/html/images/flags/sb.png | Bin 637 -> 0 bytes html/html/images/flags/sc.png | Bin 646 -> 0 bytes html/html/images/flags/sd.png | Bin 579 -> 0 bytes html/html/images/flags/se.png | Bin 608 -> 0 bytes html/html/images/flags/sg.png | Bin 557 -> 0 bytes html/html/images/flags/sh.png | Bin 632 -> 0 bytes html/html/images/flags/si.png | Bin 576 -> 0 bytes html/html/images/flags/sj.png | Bin 604 -> 0 bytes html/html/images/flags/sk.png | Bin 596 -> 0 bytes html/html/images/flags/sl.png | Bin 560 -> 0 bytes html/html/images/flags/sm.png | Bin 591 -> 0 bytes html/html/images/flags/sn.png | Bin 494 -> 0 bytes html/html/images/flags/so.png | Bin 558 -> 0 bytes html/html/images/flags/sr.png | Bin 525 -> 0 bytes html/html/images/flags/st.png | Bin 526 -> 0 bytes html/html/images/flags/sv.png | Bin 543 -> 0 bytes html/html/images/flags/sy.png | Bin 448 -> 0 bytes html/html/images/flags/sz.png | Bin 723 -> 0 bytes html/html/images/flags/tc.png | Bin 609 -> 0 bytes html/html/images/flags/td.png | Bin 560 -> 0 bytes html/html/images/flags/tf.png | Bin 548 -> 0 bytes html/html/images/flags/tg.png | Bin 596 -> 0 bytes html/html/images/flags/th.png | Bin 574 -> 0 bytes html/html/images/flags/tj.png | Bin 524 -> 0 bytes html/html/images/flags/tk.png | Bin 685 -> 0 bytes html/html/images/flags/tl.png | Bin 520 -> 0 bytes html/html/images/flags/tm.png | Bin 548 -> 0 bytes html/html/images/flags/tn.png | Bin 601 -> 0 bytes html/html/images/flags/to.png | Bin 543 -> 0 bytes html/html/images/flags/tp.png | Bin 582 -> 0 bytes html/html/images/flags/tr.png | Bin 551 -> 0 bytes html/html/images/flags/tt.png | Bin 664 -> 0 bytes html/html/images/flags/tv.png | Bin 606 -> 0 bytes html/html/images/flags/tw.png | Bin 525 -> 0 bytes html/html/images/flags/tz.png | Bin 621 -> 0 bytes html/html/images/flags/ua.png | Bin 551 -> 0 bytes html/html/images/flags/ug.png | Bin 607 -> 0 bytes html/html/images/flags/um.png | Bin 599 -> 0 bytes html/html/images/flags/us.png | Bin 570 -> 0 bytes html/html/images/flags/uy.png | Bin 560 -> 0 bytes html/html/images/flags/uz.png | Bin 536 -> 0 bytes html/html/images/flags/va.png | Bin 574 -> 0 bytes html/html/images/flags/vc.png | Bin 548 -> 0 bytes html/html/images/flags/ve.png | Bin 579 -> 0 bytes html/html/images/flags/vg.png | Bin 613 -> 0 bytes html/html/images/flags/vi.png | Bin 646 -> 0 bytes html/html/images/flags/vn.png | Bin 566 -> 0 bytes html/html/images/flags/vu.png | Bin 572 -> 0 bytes html/html/images/flags/wf.png | Bin 514 -> 0 bytes html/html/images/flags/ws.png | Bin 537 -> 0 bytes html/html/images/flags/ye.png | Bin 543 -> 0 bytes html/html/images/flags/yt.png | Bin 514 -> 0 bytes html/html/images/flags/yu.png | Bin 567 -> 0 bytes html/html/images/flags/za.png | Bin 662 -> 0 bytes html/html/images/flags/zm.png | Bin 525 -> 0 bytes html/html/images/flags/zw.png | Bin 618 -> 0 bytes html/html/themes/darkdos/include/style.css | 4 + html/html/themes/ipfire-legacy/include/style.css | 4 + html/html/themes/ipfire/include/css/style.css | 4 + html/html/themes/maniac/include/style.css | 4 + langs/de/cgi-bin/de.pl | 20 + langs/en/cgi-bin/en.pl | 20 + langs/es/cgi-bin/es.pl | 10 + lfs/Locale-Country | 4 +- lfs/acpid | 6 +- lfs/apache2 | 43 +- lfs/asterisk | 6 +- lfs/backports | 1 + lfs/clamav | 6 +- lfs/configroot | 5 +- lfs/curl | 6 +- lfs/cyrus-sasl | 8 +- lfs/ddns | 3 + lfs/dhcp | 65 +- lfs/dhcpcd | 6 +- lfs/dnsmasq | 16 + lfs/dracut | 1 + lfs/expat | 10 +- lfs/fireinfo | 1 + lfs/{pound => flag-icons} | 42 +- lfs/flash-images | 1 + lfs/glibc | 2 + lfs/groff | 6 +- lfs/hostapd | 7 +- lfs/initscripts | 1 + lfs/iptables | 3 - lfs/iputils | 15 +- lfs/libjpeg | 6 +- lfs/libsrtp | 8 +- lfs/linux | 26 +- lfs/logrotate | 6 +- lfs/logwatch | 8 +- lfs/monit | 6 +- lfs/nasm | 6 +- lfs/nfs | 2 +- lfs/openssl | 81 +- lfs/openssl-compat | 102 -- lfs/{Locale-Country => perl-Text-CSV_XS} | 12 +- lfs/pound | 5 +- lfs/qemu | 22 +- lfs/squid | 6 +- lfs/squid-accounting | 4 +- lfs/stage2 | 2 +- lfs/strongswan | 14 +- lfs/tor | 6 +- lfs/tzdata | 6 +- lfs/udev | 9 +- lfs/{nasm => web-user-interface} | 61 +- lfs/wpa_supplicant | 4 +- lfs/{ddns => xtables-addons} | 44 +- lfs/xz | 4 +- make.sh | 36 +- src/initscripts/init.d/firewall | 5 + src/initscripts/init.d/hostapd | 32 +- src/initscripts/init.d/network-trigger | 22 + .../init.d/networking/functions.network | 4 +- .../init.d/networking/red.up/99-geoip-database | 23 + src/initscripts/init.d/nfs-server | 20 +- src/installer/main.c | 26 +- src/installer/po/pt_BR.po | 19 +- src/misc-progs/Makefile | 2 +- src/misc-progs/ddnsctrl.c | 37 + src/misc-progs/ipsecctrl.c | 24 +- ....18.1-1_rt2x00usb_suppress_queue_warnings.patch | 42 + src/patches/cyrus-sasl-2.1.22-bad-elif.patch | 21 - .../001-ddns-007-perform-lazy-database-init.patch | 89 ++ ...-also-open-database-for-search-operations.patch | 40 + src/patches/ddns/ddns-005-Add-changeip-com.patch | 85 -- src/patches/ddns/ddns-005-SPDNS-fix-auth.patch | 23 - src/patches/dhcp-4.2.0-add_timeout_when_NULL.patch | 14 - src/patches/dhcp-4.2.0-errwarn-message.patch | 30 - src/patches/dhcp-4.2.0-garbage-chars.patch | 12 - src/patches/dhcp-4.2.0-inherit-leases.patch | 34 - src/patches/dhcp-4.2.0-logpid.patch | 12 - .../dhcp-4.2.0-missing-ipv6-not-fatal.patch | 40 - src/patches/dhcp-4.2.0-noprefixavail.patch | 140 --- src/patches/dhcp-4.2.1-64_bit_lease_parse.patch | 94 -- src/patches/dhcp-4.2.1-invalid-dhclient-conf.patch | 12 - src/patches/dhcp-4.2.1-retransmission.patch | 48 - src/patches/dhcp-4.2.2-dhclient-usage.patch | 14 - src/patches/dhcp-4.2.2-remove-bind.patch | 149 --- src/patches/dhcp-4.2.2-sharedlib.patch | 119 --- src/patches/dhcp/dhcp-64_bit_lease_parse.patch | 75 ++ .../dhcp-CLOEXEC.patch} | 239 ++--- .../{dhcp-4.2.0-PPP.patch => dhcp/dhcp-PPP.patch} | 124 +-- .../dhcp-UseMulticast.patch} | 58 +- src/patches/dhcp/dhcp-add_timeout_when_NULL.patch | 14 + .../dhcp-capability.patch} | 165 +--- .../dhcp-default-requested-options.patch} | 8 +- .../dhcp-dhclient-decline-backoff.patch} | 36 +- .../dhcp-dhclient-options.patch} | 220 +++-- src/patches/dhcp/dhcp-errwarn-message.patch | 22 + src/patches/dhcp/dhcp-garbage-chars.patch | 12 + .../dhcp-gpxe-cid.patch} | 79 +- .../dhcp-honor-expired.patch} | 10 +- .../dhcp-improved-xid.patch} | 40 +- src/patches/dhcp/dhcp-logpid.patch | 11 + .../dhcp-lpf-ib.patch} | 277 +++--- .../dhcp-manpages.patch} | 223 ++--- src/patches/dhcp/dhcp-paranoia.patch | 156 +++ .../dhcp-paths.patch} | 11 +- .../dhcp-release-by-ifup.patch} | 10 +- src/patches/dhcp/dhcp-remove-bind.patch | 192 ++++ .../dhcp-rfc3442-classless-static-routes.patch} | 124 +-- .../dhcp-sendDecline.patch} | 22 +- src/patches/dhcp/dhcp-sharedlib.patch | 107 +++ src/patches/dhcp/dhcp-stateless-DUID-LLT.patch | 48 + .../dhcp-unicast-bootp.patch} | 32 +- .../dhcp-xen-checksum.patch} | 90 +- ...newline-at-the-end-of-example-config-file.patch | 2 +- ...artup-when-an-empty-suffix-is-supplied-to.patch | 2 +- .../0003-Debian-build-fixes-for-kFreeBSD.patch | 2 +- ...04-Set-conntrack-mark-before-connect-call.patch | 2 +- .../dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch | 2 +- .../dnsmasq/0006-Fit-example-conf-file-typo.patch | 2 +- ...-compliance-when-unable-to-supply-address.patch | 2 +- .../0008-Fix-conntrack-with-bind-interfaces.patch | 2 +- ...9-Use-inotify-instead-of-polling-on-Linux.patch | 2 +- ...Teach-the-new-inotify-code-about-symlinks.patch | 2 +- ...ve-floor-on-EDNS0-packet-size-with-DNSSEC.patch | 2 +- .../dnsmasq/0012-CHANGELOG-re.-inotify.patch | 2 +- ...ix-breakage-of-domain-domain-subnet-local.patch | 2 +- ...ve-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch | 2 +- ...Pv6-privacy-addresses-from-interface-name.patch | 2 +- ...-width-in-cache-dump-to-avoid-truncating-.patch | 2 +- ...n-DNSSEC-code-when-attempting-to-verify-l.patch | 2 +- ...g-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch | 2 +- ...x-problems-validating-NSEC3-and-wildcards.patch | 2 +- .../dnsmasq/0020-Initialise-return-value.patch | 2 +- .../dnsmasq/0021-Add-ignore-address-option.patch | 2 +- .../dnsmasq/0022-Bad-packet-protection.patch | 2 +- ...-build-failure-in-new-inotify-code-on-BSD.patch | 2 +- ...t-makefile-dependencies-on-COPTS-variable.patch | 2 +- ...0025-Fix-race-condition-issue-in-makefile.patch | 2 +- ...op-down-search-for-limit-of-secure-delega.patch | 2 +- ...ries-extra-option-for-more-complete-loggi.patch | 2 +- .../dnsmasq/0028-Add-min-cache-ttl-option.patch | 2 +- ...ort-of-requestor-when-doing-extra-logging.patch | 2 +- ...r-from-cache-RRsets-from-wildcards-as-we-.patch | 2 +- .../0031-Logs-for-DS-records-consistent.patch | 2 +- ...ultiple-interfaces-with-the-same-LL-addre.patch | 2 +- ...n-t-treat-SERVFAIL-as-a-recoverable-error.patch | 2 +- .../0034-Add-dhcp-hostsdir-config-option.patch | 2 +- .../dnsmasq/0035-Update-German-translation.patch | 2 +- ...-to-DHCPv6-SOLICIT-messages-when-not-conf.patch | 2 +- ...fy-to-be-disabled-at-compile-time-on-Linu.patch | 2 +- ...ify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch | 2 +- .../0039-Update-copyrights-for-dawn-of-2015.patch | 2 +- .../0040-inotify-documentation-updates.patch | 2 +- .../0041-Fix-broken-ECDSA-DNSSEC-signatures.patch | 2 +- src/patches/dnsmasq/0042-BSD-make-support.patch | 2 +- .../0043-Fix-build-failure-on-openBSD.patch | 2 +- src/patches/dnsmasq/0044-Manpage-typo-fix.patch | 2 +- ...configs-after-reading-extra-hostfiles-wit.patch | 2 +- .../0046-Extra-logging-for-inotify-code.patch | 2 +- src/patches/dnsmasq/0047-man-page-typo.patch | 2 +- ...sion-script-which-returned-wrong-tag-in-s.patch | 2 +- src/patches/dnsmasq/0049-Typos.patch | 2 +- ...ynamic-hosts-files-work-when-no-hosts-set.patch | 2 +- ...-trivial-memory-leaks-to-quieten-valgrind.patch | 2 +- ...ninitialized-value-used-in-get_client_mac.patch | 2 +- ...-Log-parsing-utils-in-contrib-reverse-dns.patch | 2 +- ...-Add-dnssec-timestamp-option-and-facility.patch | 2 +- ...mmit-to-not-crash-if-uid-changing-not-con.patch | 2 +- .../0056-New-version-of-contrib-reverse-dns.patch | 2 +- ...C-timestamp-code-to-create-file-later-rem.patch | 2 +- ...late-code-for-re-running-system-calls-on-.patch | 2 +- ...s-example.com-equivalent-to-server-exampl.patch | 2 +- ...tbound-interface-via-cmsg-in-unicast-repl.patch | 2 +- ...DNSSEC-when-a-signed-CNAME-dangles-into-a.patch | 2 +- ...Return-SERVFAIL-when-validation-abandoned.patch | 2 +- ...3-Protect-against-broken-DNSSEC-upstreams.patch | 2 +- ...EC-fix-for-non-ascii-characters-in-labels.patch | 2 +- ...ol-characters-in-names-in-the-cache-handl.patch | 2 +- .../dnsmasq/0066-Fix-crash-in-last-commit.patch | 2 +- .../dnsmasq/0067-Merge-message-translations.patch | 2 +- ...-tftp-no-fail-to-ignore-missing-tftp-root.patch | 2 +- src/patches/dnsmasq/0069-Whitespace-fixes.patch | 2 +- ...CURE-rather-than-BOGUS-when-DS-proved-not.patch | 2 +- ...ompiler-warning-when-not-including-DNSSEC.patch | 2 +- ...aused-by-looking-up-servers.bind-when-man.patch | 54 ++ ...n-receipt-of-certain-malformed-DNS-reques.patch | 61 ++ ...crash-in-auth-code-with-odd-configuration.patch | 113 +++ ...rect-replies-to-NS-and-SOA-in-.arpa-zones.patch | 106 +++ ...rk-induced-crash-in-new-tftp_no_fail-code.patch | 36 + src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch | 26 + ...-when-reporting-DNSSEC-validation-failure.patch | 59 ++ ...ddress-command-line-arg-in-dhcp_release.c.patch | 28 + ...38dd574c51d96fef100285a0d225824534f9-and-.patch | 53 ++ ...-domain-names-with-.-or-000-within-labels.patch | 215 +++++ ...eaks-to-previous-DNS-label-charset-commit.patch | 136 +++ ...s-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch | 46 + ...version-work-when-repo-is-a-git-submodule.patch | 28 + ...t-order-botch-which-broke-DNSSEC-for-TCP-.patch | 40 + ...e-RRSIG-RR-from-answers-to-ANY-queries-wh.patch | 29 + ...tify-some-DHCP-lease-management-functions.patch | 57 ++ src/patches/dracut-038_add_sdhci-pci.patch | 12 + ...-for-hypervisor-name-when-the-CPU-string-.patch | 34 + src/patches/glibc/glibc-rh1207995.patch | 27 + src/patches/glibc/glibc-rh1209375.patch | 18 + .../hostapd-2.3_increase_EAPOL-timeouts.patch | 16 + src/patches/linux-3.14.x-hyperv-2008-fix.patch | 50 + .../linux-3.14.x-lamobo-r1-fix-sata-pwr.patch | 49 - ...pmbuild.patch => openssl-1.0.2a-rpmbuild.patch} | 57 +- .../openssl-1.0.2a_auto_enable_padlock.patch | 34 + .../openssl-1.0.2a_disable_ssse3_for_amd.patch | 11 + .../qemu-0.15.0_missing_definitions_hack.patch | 40 - .../strongswan-5.2.2-issue-816-650a3ad.patch | 35 - .../strongswan-5.2.2-issue-816-dd0ebb.patch | 42 - .../strongswan-5.2.2-issue-816-eb25190.patch | 31 - .../strongswan-5.2.2-issue-819-cd2c30a.patch | 50 - ...-stroke-Increase-stroke-buffer-size-to-8k.patch | 34 + ...-5.0.2_ipfire.patch => strongswan-ipfire.patch} | 114 +-- src/scripts/ovpn-ccd-convert | 2 +- src/scripts/xt_geoip_build | 89 ++ src/scripts/xt_geoip_update | 137 +++ src/setup/netstuff.c | 21 - src/setup/networking.c | 1 - src/setup/po/pt_BR.po | 65 +- src/setup/po/tr.po | 4 +- src/setup/setup.h | 1 - src/squid-accounting/accounting.cgi | 21 +- src/squid-accounting/acct-lib.pl | 12 +- src/squid-accounting/acct.pl | 2 +- tools/{checkwronginitlinks => checkrootfiles} | 16 +- 596 files changed, 7868 insertions(+), 3684 deletions(-) delete mode 100644 config/backup/includes/esniper create mode 100644 config/cfgroot/geoip-functions.pl mode change 100755 => 100644 config/firewall/firewall-lib.pl create mode 100644 config/firewall/geoipblock mode change 100755 => 100644 config/firewall/rules.pl delete mode 100644 config/httpd/vhosts.d/esniper.conf delete mode 100644 config/httpd/vhosts.d/phpaj.conf create mode 100644 config/qemu/qemu create mode 100644 config/rootfiles/common/flag-icons create mode 100644 config/rootfiles/common/i586/openssl-sse2 delete mode 100644 config/rootfiles/common/openssl-compat create mode 100644 config/rootfiles/common/perl-Text-CSV_XS create mode 100644 config/rootfiles/common/web-user-interface create mode 100644 config/rootfiles/common/xtables-addons create mode 100644 config/rootfiles/core/90/exclude create mode 120000 config/rootfiles/core/90/filelists/Locale-Country copy config/rootfiles/{oldcore/77 => core/90}/filelists/apache2 (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/armv5tel/glibc (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/armv5tel/linux-kirkwood (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/armv5tel/linux-multi (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/armv5tel/linux-rpi (100%) copy config/rootfiles/{oldcore/71 => core/90}/filelists/curl (100%) copy config/rootfiles/{oldcore/77 => core/90}/filelists/cyrus-sasl (100%) copy config/rootfiles/{oldcore/81 => core/90}/filelists/ddns (100%) copy config/rootfiles/{oldcore/66 => core/90}/filelists/dhcp (100%) copy config/rootfiles/{oldcore/44 => core/90}/filelists/dhcpcd (100%) copy config/rootfiles/{oldcore/84 => core/90}/filelists/dnsmasq (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/dracut (100%) create mode 120000 config/rootfiles/core/90/filelists/expat create mode 100644 config/rootfiles/core/90/filelists/files copy config/rootfiles/{oldcore/87 => core/90}/filelists/fireinfo (100%) create mode 120000 config/rootfiles/core/90/filelists/flag-icons create mode 120000 config/rootfiles/core/90/filelists/groff copy config/rootfiles/{oldcore/66 => core/90}/filelists/i586/acpid (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/i586/glibc (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/i586/linux (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/i586/linux-initrd (100%) create mode 120000 config/rootfiles/core/90/filelists/i586/openssl-sse2 copy config/rootfiles/{oldcore/77 => core/90}/filelists/iptables (100%) copy config/rootfiles/{oldcore/82 => core/90}/filelists/iputils (100%) copy config/rootfiles/{oldcore/70 => core/90}/filelists/libjpeg (100%) create mode 120000 config/rootfiles/core/90/filelists/logrotate copy config/rootfiles/{oldcore/61 => core/90}/filelists/logwatch (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/openssl (100%) create mode 100644 config/rootfiles/core/90/filelists/openssl-0.9.8-files create mode 120000 config/rootfiles/core/90/filelists/perl-Text-CSV_XS copy config/rootfiles/{oldcore/84 => core/90}/filelists/squid (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/strongswan (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/tzdata (100%) copy config/rootfiles/{oldcore/77 => core/90}/filelists/udev (100%) copy config/rootfiles/{oldcore/87 => core/90}/filelists/wpa_supplicant (100%) create mode 120000 config/rootfiles/core/90/filelists/xtables-addons copy config/rootfiles/{oldcore/77 => core/90}/filelists/xz (100%) copy config/rootfiles/{oldcore/87 => core/90}/meta (100%) create mode 100644 config/rootfiles/core/90/update.sh create mode 100644 config/udev/60-net.rules copy tools/checkwronginitlinks => config/udev/network-hotplug-rename (53%) mode change 100755 => 100644 create mode 100644 config/xtables-addons/mconfig copy doc/{language_issues.tr => language_issues.it} (94%) create mode 100644 html/cgi-bin/geoip-block.cgi delete mode 100644 html/html/images/flags/ad.png delete mode 100644 html/html/images/flags/ae.png delete mode 100644 html/html/images/flags/af.png delete mode 100644 html/html/images/flags/ag.png delete mode 100644 html/html/images/flags/ai.png delete mode 100644 html/html/images/flags/al.png delete mode 100644 html/html/images/flags/am.png delete mode 100644 html/html/images/flags/an.png delete mode 100644 html/html/images/flags/ao.png delete mode 100644 html/html/images/flags/aq.png delete mode 100644 html/html/images/flags/ar.png delete mode 100644 html/html/images/flags/as.png delete mode 100644 html/html/images/flags/at.png delete mode 100644 html/html/images/flags/au.png delete mode 100644 html/html/images/flags/aw.png delete mode 100644 html/html/images/flags/az.png delete mode 100644 html/html/images/flags/ba.png delete mode 100644 html/html/images/flags/bb.png delete mode 100644 html/html/images/flags/bd.png delete mode 100644 html/html/images/flags/be.png delete mode 100644 html/html/images/flags/bf.png delete mode 100644 html/html/images/flags/bg.png delete mode 100644 html/html/images/flags/bh.png delete mode 100644 html/html/images/flags/bi.png delete mode 100644 html/html/images/flags/bj.png delete mode 100644 html/html/images/flags/bm.png delete mode 100644 html/html/images/flags/bn.png delete mode 100644 html/html/images/flags/bo.png delete mode 100644 html/html/images/flags/br.png delete mode 100644 html/html/images/flags/bs.png delete mode 100644 html/html/images/flags/bt.png delete mode 100644 html/html/images/flags/bv.png delete mode 100644 html/html/images/flags/bw.png delete mode 100644 html/html/images/flags/by.png delete mode 100644 html/html/images/flags/bz.png delete mode 100644 html/html/images/flags/ca.png delete mode 100644 html/html/images/flags/cc.png delete mode 100644 html/html/images/flags/cd.png delete mode 100644 html/html/images/flags/cf.png delete mode 100644 html/html/images/flags/cg.png delete mode 100644 html/html/images/flags/ch.png delete mode 100644 html/html/images/flags/ci.png delete mode 100644 html/html/images/flags/ck.png delete mode 100644 html/html/images/flags/cl.png delete mode 100644 html/html/images/flags/cm.png delete mode 100644 html/html/images/flags/cn.png delete mode 100644 html/html/images/flags/co.png delete mode 100644 html/html/images/flags/cr.png delete mode 100644 html/html/images/flags/cs.png delete mode 100644 html/html/images/flags/cu.png delete mode 100644 html/html/images/flags/cv.png delete mode 100644 html/html/images/flags/cx.png delete mode 100644 html/html/images/flags/cy.png delete mode 100644 html/html/images/flags/cz.png delete mode 100644 html/html/images/flags/de.png delete mode 100644 html/html/images/flags/dj.png delete mode 100644 html/html/images/flags/dk.png delete mode 100644 html/html/images/flags/dm.png delete mode 100644 html/html/images/flags/do.png delete mode 100644 html/html/images/flags/dz.png delete mode 100644 html/html/images/flags/ec.png delete mode 100644 html/html/images/flags/ee.png delete mode 100644 html/html/images/flags/eg.png delete mode 100644 html/html/images/flags/eh.png delete mode 100644 html/html/images/flags/er.png delete mode 100644 html/html/images/flags/es.png delete mode 100644 html/html/images/flags/et.png delete mode 100644 html/html/images/flags/eu.png delete mode 100644 html/html/images/flags/fi.png delete mode 100644 html/html/images/flags/fj.png delete mode 100644 html/html/images/flags/fk.png delete mode 100644 html/html/images/flags/fm.png delete mode 100644 html/html/images/flags/fo.png delete mode 100644 html/html/images/flags/fr.png delete mode 100644 html/html/images/flags/ga.png delete mode 100644 html/html/images/flags/gb.png delete mode 100644 html/html/images/flags/gd.png delete mode 100644 html/html/images/flags/ge.png delete mode 100644 html/html/images/flags/gf.png delete mode 100644 html/html/images/flags/gh.png delete mode 100644 html/html/images/flags/gi.png delete mode 100644 html/html/images/flags/gl.png delete mode 100644 html/html/images/flags/gm.png delete mode 100644 html/html/images/flags/gn.png delete mode 100644 html/html/images/flags/gp.png delete mode 100644 html/html/images/flags/gq.png delete mode 100644 html/html/images/flags/gr.png delete mode 100644 html/html/images/flags/gs.png delete mode 100644 html/html/images/flags/gt.png delete mode 100644 html/html/images/flags/gu.png delete mode 100644 html/html/images/flags/gw.png delete mode 100644 html/html/images/flags/gy.png delete mode 100644 html/html/images/flags/hk.png delete mode 100644 html/html/images/flags/hm.png delete mode 100644 html/html/images/flags/hn.png delete mode 100644 html/html/images/flags/hr.png delete mode 100644 html/html/images/flags/ht.png delete mode 100644 html/html/images/flags/hu.png delete mode 100644 html/html/images/flags/id.png delete mode 100644 html/html/images/flags/ie.png delete mode 100644 html/html/images/flags/il.png delete mode 100644 html/html/images/flags/in.png delete mode 100644 html/html/images/flags/io.png delete mode 100644 html/html/images/flags/iq.png delete mode 100644 html/html/images/flags/ir.png delete mode 100644 html/html/images/flags/is.png delete mode 100644 html/html/images/flags/it.png delete mode 100644 html/html/images/flags/jm.png delete mode 100644 html/html/images/flags/jo.png delete mode 100644 html/html/images/flags/jp.png delete mode 100644 html/html/images/flags/ke.png delete mode 100644 html/html/images/flags/kg.png delete mode 100644 html/html/images/flags/kh.png delete mode 100644 html/html/images/flags/ki.png delete mode 100644 html/html/images/flags/km.png delete mode 100644 html/html/images/flags/kn.png delete mode 100644 html/html/images/flags/kp.png delete mode 100644 html/html/images/flags/kr.png delete mode 100644 html/html/images/flags/kw.png delete mode 100644 html/html/images/flags/ky.png delete mode 100644 html/html/images/flags/kz.png delete mode 100644 html/html/images/flags/la.png delete mode 100644 html/html/images/flags/lb.png delete mode 100644 html/html/images/flags/lc.png delete mode 100644 html/html/images/flags/li.png delete mode 100644 html/html/images/flags/lk.png delete mode 100644 html/html/images/flags/lr.png delete mode 100644 html/html/images/flags/ls.png delete mode 100644 html/html/images/flags/lt.png delete mode 100644 html/html/images/flags/lu.png delete mode 100644 html/html/images/flags/lv.png delete mode 100644 html/html/images/flags/ly.png delete mode 100644 html/html/images/flags/ma.png delete mode 100644 html/html/images/flags/mc.png delete mode 100644 html/html/images/flags/md.png delete mode 100644 html/html/images/flags/mg.png delete mode 100644 html/html/images/flags/mh.png delete mode 100644 html/html/images/flags/mk.png delete mode 100644 html/html/images/flags/ml.png delete mode 100644 html/html/images/flags/mm.png delete mode 100644 html/html/images/flags/mn.png delete mode 100644 html/html/images/flags/mo.png delete mode 100644 html/html/images/flags/mp.png delete mode 100644 html/html/images/flags/mq.png delete mode 100644 html/html/images/flags/mr.png delete mode 100644 html/html/images/flags/ms.png delete mode 100644 html/html/images/flags/mt.png delete mode 100644 html/html/images/flags/mu.png delete mode 100644 html/html/images/flags/mv.png delete mode 100644 html/html/images/flags/mw.png delete mode 100644 html/html/images/flags/mx.png delete mode 100644 html/html/images/flags/my.png delete mode 100644 html/html/images/flags/mz.png delete mode 100644 html/html/images/flags/na.png delete mode 100644 html/html/images/flags/nc.png delete mode 100644 html/html/images/flags/ne.png delete mode 100644 html/html/images/flags/nf.png delete mode 100644 html/html/images/flags/ng.png delete mode 100644 html/html/images/flags/ni.png delete mode 100644 html/html/images/flags/nl.png delete mode 100644 html/html/images/flags/no.png delete mode 100644 html/html/images/flags/np.png delete mode 100644 html/html/images/flags/nr.png delete mode 100644 html/html/images/flags/nu.png delete mode 100644 html/html/images/flags/nz.png delete mode 100644 html/html/images/flags/om.png delete mode 100644 html/html/images/flags/pa.png delete mode 100644 html/html/images/flags/pe.png delete mode 100644 html/html/images/flags/pf.png delete mode 100644 html/html/images/flags/pg.png delete mode 100644 html/html/images/flags/ph.png delete mode 100644 html/html/images/flags/pk.png delete mode 100644 html/html/images/flags/pl.png delete mode 100644 html/html/images/flags/pm.png delete mode 100644 html/html/images/flags/pn.png delete mode 100644 html/html/images/flags/pr.png delete mode 100644 html/html/images/flags/ps.png delete mode 100644 html/html/images/flags/pt.png delete mode 100644 html/html/images/flags/pw.png delete mode 100644 html/html/images/flags/py.png delete mode 100644 html/html/images/flags/qa.png delete mode 100644 html/html/images/flags/re.png delete mode 100644 html/html/images/flags/ro.png delete mode 100644 html/html/images/flags/ru.png delete mode 100644 html/html/images/flags/rw.png delete mode 100644 html/html/images/flags/sa.png delete mode 100644 html/html/images/flags/sb.png delete mode 100644 html/html/images/flags/sc.png delete mode 100644 html/html/images/flags/sd.png delete mode 100644 html/html/images/flags/se.png delete mode 100644 html/html/images/flags/sg.png delete mode 100644 html/html/images/flags/sh.png delete mode 100644 html/html/images/flags/si.png delete mode 100644 html/html/images/flags/sj.png delete mode 100644 html/html/images/flags/sk.png delete mode 100644 html/html/images/flags/sl.png delete mode 100644 html/html/images/flags/sm.png delete mode 100644 html/html/images/flags/sn.png delete mode 100644 html/html/images/flags/so.png delete mode 100644 html/html/images/flags/sr.png delete mode 100644 html/html/images/flags/st.png delete mode 100644 html/html/images/flags/sv.png delete mode 100644 html/html/images/flags/sy.png delete mode 100644 html/html/images/flags/sz.png delete mode 100644 html/html/images/flags/tc.png delete mode 100644 html/html/images/flags/td.png delete mode 100644 html/html/images/flags/tf.png delete mode 100644 html/html/images/flags/tg.png delete mode 100644 html/html/images/flags/th.png delete mode 100644 html/html/images/flags/tj.png delete mode 100644 html/html/images/flags/tk.png delete mode 100644 html/html/images/flags/tl.png delete mode 100644 html/html/images/flags/tm.png delete mode 100644 html/html/images/flags/tn.png delete mode 100644 html/html/images/flags/to.png delete mode 100644 html/html/images/flags/tp.png delete mode 100644 html/html/images/flags/tr.png delete mode 100644 html/html/images/flags/tt.png delete mode 100644 html/html/images/flags/tv.png delete mode 100644 html/html/images/flags/tw.png delete mode 100644 html/html/images/flags/tz.png delete mode 100644 html/html/images/flags/ua.png delete mode 100644 html/html/images/flags/ug.png delete mode 100644 html/html/images/flags/um.png delete mode 100644 html/html/images/flags/us.png delete mode 100644 html/html/images/flags/uy.png delete mode 100644 html/html/images/flags/uz.png delete mode 100644 html/html/images/flags/va.png delete mode 100644 html/html/images/flags/vc.png delete mode 100644 html/html/images/flags/ve.png delete mode 100644 html/html/images/flags/vg.png delete mode 100644 html/html/images/flags/vi.png delete mode 100644 html/html/images/flags/vn.png delete mode 100644 html/html/images/flags/vu.png delete mode 100644 html/html/images/flags/wf.png delete mode 100644 html/html/images/flags/ws.png delete mode 100644 html/html/images/flags/ye.png delete mode 100644 html/html/images/flags/yt.png delete mode 100644 html/html/images/flags/yu.png delete mode 100644 html/html/images/flags/za.png delete mode 100644 html/html/images/flags/zm.png delete mode 100644 html/html/images/flags/zw.png copy lfs/{pound => flag-icons} (77%) delete mode 100644 lfs/openssl-compat copy lfs/{Locale-Country => perl-Text-CSV_XS} (93%) copy lfs/{nasm => web-user-interface} (69%) copy lfs/{ddns => xtables-addons} (76%) create mode 100644 src/initscripts/init.d/network-trigger create mode 100644 src/initscripts/init.d/networking/red.up/99-geoip-database create mode 100644 src/misc-progs/ddnsctrl.c create mode 100644 src/patches/backports-3.18.1-1_rt2x00usb_suppress_queue_warnings.patch delete mode 100644 src/patches/cyrus-sasl-2.1.22-bad-elif.patch create mode 100644 src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch create mode 100644 src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch delete mode 100644 src/patches/ddns/ddns-005-Add-changeip-com.patch delete mode 100644 src/patches/ddns/ddns-005-SPDNS-fix-auth.patch delete mode 100644 src/patches/dhcp-4.2.0-add_timeout_when_NULL.patch delete mode 100644 src/patches/dhcp-4.2.0-errwarn-message.patch delete mode 100644 src/patches/dhcp-4.2.0-garbage-chars.patch delete mode 100644 src/patches/dhcp-4.2.0-inherit-leases.patch delete mode 100644 src/patches/dhcp-4.2.0-logpid.patch delete mode 100644 src/patches/dhcp-4.2.0-missing-ipv6-not-fatal.patch delete mode 100644 src/patches/dhcp-4.2.0-noprefixavail.patch delete mode 100644 src/patches/dhcp-4.2.1-64_bit_lease_parse.patch delete mode 100644 src/patches/dhcp-4.2.1-invalid-dhclient-conf.patch delete mode 100644 src/patches/dhcp-4.2.1-retransmission.patch delete mode 100644 src/patches/dhcp-4.2.2-dhclient-usage.patch delete mode 100644 src/patches/dhcp-4.2.2-remove-bind.patch delete mode 100644 src/patches/dhcp-4.2.2-sharedlib.patch create mode 100644 src/patches/dhcp/dhcp-64_bit_lease_parse.patch rename src/patches/{dhcp-4.2.2-CLOEXEC.patch => dhcp/dhcp-CLOEXEC.patch} (52%) rename src/patches/{dhcp-4.2.0-PPP.patch => dhcp/dhcp-PPP.patch} (59%) rename src/patches/{dhcp-4.2.0-UseMulticast.patch => dhcp/dhcp-UseMulticast.patch} (83%) create mode 100644 src/patches/dhcp/dhcp-add_timeout_when_NULL.patch rename src/patches/{dhcp-4.2.2-capability.patch => dhcp/dhcp-capability.patch} (51%) rename src/patches/{dhcp-4.2.0-default-requested-options.patch => dhcp/dhcp-default-requested-options.patch} (81%) rename src/patches/{dhcp-4.2.0-dhclient-decline-backoff.patch => dhcp/dhcp-dhclient-decline-backoff.patch} (58%) rename src/patches/{dhcp-4.2.2-options.patch => dhcp/dhcp-dhclient-options.patch} (65%) create mode 100644 src/patches/dhcp/dhcp-errwarn-message.patch create mode 100644 src/patches/dhcp/dhcp-garbage-chars.patch rename src/patches/{dhcp-4.2.2-gpxe-cid.patch => dhcp/dhcp-gpxe-cid.patch} (50%) rename src/patches/{dhcp-4.2.0-honor-expired.patch => dhcp/dhcp-honor-expired.patch} (77%) rename src/patches/{dhcp-4.2.2-improved-xid.patch => dhcp/dhcp-improved-xid.patch} (78%) create mode 100644 src/patches/dhcp/dhcp-logpid.patch rename src/patches/{dhcp-4.2.2-lpf-ib.patch => dhcp/dhcp-lpf-ib.patch} (67%) rename src/patches/{dhcp-4.2.1-manpages.patch => dhcp/dhcp-manpages.patch} (53%) create mode 100644 src/patches/dhcp/dhcp-paranoia.patch rename src/patches/{dhcp-4.2.0-paths.patch => dhcp/dhcp-paths.patch} (72%) rename src/patches/{dhcp-4.2.0-release-by-ifup.patch => dhcp/dhcp-release-by-ifup.patch} (88%) create mode 100644 src/patches/dhcp/dhcp-remove-bind.patch rename src/patches/{dhcp-4.2.2-rfc3442-classless-static-routes.patch => dhcp/dhcp-rfc3442-classless-static-routes.patch} (74%) rename src/patches/{dhcp-4.2.1-sendDecline.patch => dhcp/dhcp-sendDecline.patch} (89%) create mode 100644 src/patches/dhcp/dhcp-sharedlib.patch create mode 100644 src/patches/dhcp/dhcp-stateless-DUID-LLT.patch rename src/patches/{dhcp-4.2.0-unicast-bootp.patch => dhcp/dhcp-unicast-bootp.patch} (72%) rename src/patches/{dhcp-4.2.2-xen-checksum.patch => dhcp/dhcp-xen-checksum.patch} (71%) create mode 100644 src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch create mode 100644 src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch create mode 100644 src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch create mode 100644 src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch create mode 100644 src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch create mode 100644 src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch create mode 100644 src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch create mode 100644 src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch create mode 100644 src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch create mode 100644 src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch create mode 100644 src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch create mode 100644 src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch create mode 100644 src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch create mode 100644 src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch create mode 100644 src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch create mode 100644 src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch create mode 100644 src/patches/dracut-038_add_sdhci-pci.patch create mode 100644 src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch create mode 100644 src/patches/glibc/glibc-rh1207995.patch create mode 100644 src/patches/glibc/glibc-rh1209375.patch create mode 100644 src/patches/hostapd-2.3_increase_EAPOL-timeouts.patch create mode 100644 src/patches/linux-3.14.x-hyperv-2008-fix.patch delete mode 100644 src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch rename src/patches/{openssl-1.0.1e-rpmbuild.patch => openssl-1.0.2a-rpmbuild.patch} (60%) create mode 100644 src/patches/openssl-1.0.2a_auto_enable_padlock.patch create mode 100644 src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch delete mode 100644 src/patches/qemu-0.15.0_missing_definitions_hack.patch delete mode 100644 src/patches/strongswan-5.2.2-issue-816-650a3ad.patch delete mode 100644 src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch delete mode 100644 src/patches/strongswan-5.2.2-issue-816-eb25190.patch delete mode 100644 src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch create mode 100644 src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch rename src/patches/{strongswan-5.0.2_ipfire.patch => strongswan-ipfire.patch} (78%) create mode 100644 src/scripts/xt_geoip_build create mode 100644 src/scripts/xt_geoip_update rename tools/{checkwronginitlinks => checkrootfiles} (76%)
Difference in files: diff --git a/config/backup/include b/config/backup/include index d7a1d3a..159ff9a 100644 --- a/config/backup/include +++ b/config/backup/include @@ -13,6 +13,7 @@ /etc/hosts* /etc/httpd/* /etc/ssh/ssh_host* +/etc/ssh/sshd_config /etc/logrotate.d /var/ipfire/auth/users /var/ipfire/dhcp/* diff --git a/config/backup/includes/esniper b/config/backup/includes/esniper deleted file mode 100644 index 14434aa..0000000 --- a/config/backup/includes/esniper +++ /dev/null @@ -1,5 +0,0 @@ -/srv/web/esniper/.htaccess -/srv/web/esniper/.config.php -/srv/web/esniper/.config.state.php -/srv/web/esniper/local/ -/srv/web/esniper/.run/ diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 35ae7c0..2b5cd19 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -17,6 +17,7 @@ package General; use strict; use Socket; use IO::Socket; +use Locale::Codes::Country; use Net::SSLeay; use Net::IPv4Addr qw(:all); $|=1; # line buffering diff --git a/config/cfgroot/geoip-functions.pl b/config/cfgroot/geoip-functions.pl new file mode 100644 index 0000000..fc2dfdd --- /dev/null +++ b/config/cfgroot/geoip-functions.pl @@ -0,0 +1,105 @@ +#!/usr/bin/perl -w +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2015 IPFire Team info@ipfire.org. # +# # +############################################################################ + +package GeoIP; + +use Locale::Codes::Country; + +# Function to get the flag icon for a specified country code. +sub get_flag_icon($) { + my ($input) = @_; + + # Webserver's root dir. (Required for generating full path) + my $webroot = "/srv/web/ipfire/html"; + + # Directory which contains the flag icons. + my $flagdir = "/images/flags"; + + # File extension of the country flags. + my $ext = "png"; + + # Remove whitespaces. + chomp($input); + + # Convert given country code to upper case. + my $ccode = uc($input); + + # Generate filename, based on the contry code in lower case + # and the defined file extension. + my $file = join('.', $ccode,$ext); + + # Generate path inside webroot to the previously generated file. + my $flag_icon = join('/', $flagdir,$file); + + # Generate absolute path to the icon file. + my $absolute_path = join('', $webroot,$flag_icon); + + # Check if the a icon file exists. + if (-e "$absolute_path") { + # Return content of flag_icon. + return $flag_icon; + } else { + # If no icon for the specified country exists, try to use + # the icon for "unknown". + my $ccode = "unknown"; + + # Redoing all the stuff from abouve for the "unknown" icon. + my $file = join('.', $ccode,$ext); + my $flag_icon = join('/', $flagdir,$file); + my $absolute_path = join('', $webroot,$flag_icon); + + # Check if the icon is present. + if (-e "$absolute_path") { + # Return "unknown" icon. + return $flag_icon; + } + } +} + +# Function to get the county name by a given country code. +sub get_full_country_name($) { + my ($input) = @_; + my $name; + + # Remove whitespaces. + chomp($input); + + # Convert input into lower case format. + my $code = lc($input); + + # Handle country codes which are not in the list. + if ($code eq "a1") { $name = "Anonymous Proxy" } + elsif ($code eq "a2") { $name = "Satellite Provider" } + elsif ($code eq "o1") { $name = "Other Country" } + elsif ($code eq "ap") { $name = "Asia/Pacific Region" } + elsif ($code eq "eu") { $name = "Europe" } + elsif ($code eq "yu") { $name = "Yugoslavia" } + else { + # Use perl built-in module to get the country code. + $name = &Locale::Codes::Country::code2country($code); + } + + return $name; +} + +1; diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl index cf895bf..974c4d8 100644 --- a/config/cfgroot/header.pl +++ b/config/cfgroot/header.pl @@ -263,7 +263,7 @@ sub getcgihash { return if ($ENV{'REQUEST_METHOD'} ne 'POST'); if (!$params->{'wantfile'}) { $CGI::DISABLE_UPLOADS = 1; - $CGI::POST_MAX = 512 * 1024; + $CGI::POST_MAX = 1024 * 1024; } else { $CGI::POST_MAX = 10 * 1024 * 1024; } diff --git a/config/cron/crontab b/config/cron/crontab index d78d08f..d5e5d7e 100644 --- a/config/cron/crontab +++ b/config/cron/crontab @@ -57,3 +57,6 @@ HOME=/ # Re-read firewall rules every Sunday in March, October and November to take care of daylight saving time 00 3 * 3 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl 00 2 * 10-11 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl + +# Update GeoIP database once a month. +%monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1 diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl old mode 100755 new mode 100644 index f3cd67f..b389fac --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -27,6 +27,7 @@ package fwlib; my %customnetwork=(); my %customhost=(); my %customgrp=(); +my %customgeoipgrp=(); my %customservice=(); my %customservicegrp=(); my %ccdnet=(); @@ -42,6 +43,7 @@ require '/var/ipfire/general-functions.pl'; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; +my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp"; my $configsrv = "${General::swroot}/fwhosts/customservices"; my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; my $configccdnet = "${General::swroot}/ovpn/ccd.conf"; @@ -59,6 +61,7 @@ my $netsettings = "${General::swroot}/ethernet/settings"; &General::readhasharray("$confignet", %customnetwork); &General::readhasharray("$confighost", %customhost); &General::readhasharray("$configgrp", %customgrp); +&General::readhasharray("$configgeoipgrp", %customgeoipgrp); &General::readhasharray("$configccdnet", %ccdnet); &General::readhasharray("$configccdhost", %ccdhost); &General::readhasharray("$configipsec", %ipsecconf); @@ -300,6 +303,17 @@ sub get_addresses } } } + }elsif ($addr_type ~~ ["cust_geoip_src", "cust_geoip_tgt"] && $value =~ "group:") { + $value=substr($value,6); + foreach my $grp (sort {$a <=> $b} keys %customgeoipgrp) { + if ($customgeoipgrp{$grp}[0] eq $value) { + my @address = &get_address($addr_type, $customgeoipgrp{$grp}[2], $type); + + if (@address) { + push(@addresses, @address); + } + } + } } else { my @address = &get_address($addr_type, $value, $type);
@@ -414,6 +428,20 @@ sub get_address } }
+ # Handle rule options with GeoIP as source. + } elsif ($key eq "cust_geoip_src") { + # Get external interface. + my $external_interface = &get_external_interface(); + + push(@ret, ["-m geoip --src-cc $value", "$external_interface"]); + + # Handle rule options with GeoIP as target. + } elsif ($key eq "cust_geoip_tgt") { + # Get external interface. + my $external_interface = &get_external_interface(); + + push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]); + # If nothing was selected, we assume "any". } else { push(@ret, ["0/0", ""]); @@ -552,4 +580,37 @@ sub get_internal_firewall_ip_address return 0; }
+sub get_geoip_locations() { + # Path to the directory which contains the binary geoip + # databases. + my $directory="/usr/share/xt_geoip/LE"; + + # Array to store the final country list. + my @country_codes = (); + + # Open location and do a directory listing. + opendir(DIR, "$directory"); + my @locations = readdir(DIR); + closedir(DIR); + + # Loop through the directory listing, and cut of the file extensions. + foreach my $location (sort @locations) { + # skip . and .. + next if($location =~ /^.$/); + next if($location =~ /^..$/); + + # Remove whitespaces. + chomp($location); + + # Cut-off file extension. + my ($country_code, $extension) = split(/./, $location); + + # Add country code to array. + push(@country_codes, $country_code); + } + + # Return final array. + return @country_codes; +} + return 1; diff --git a/config/firewall/geoipblock b/config/firewall/geoipblock new file mode 100644 index 0000000..4d483d3 --- /dev/null +++ b/config/firewall/geoipblock @@ -0,0 +1 @@ +GEOIPBLOCK_ENABLED=off diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl old mode 100755 new mode 100644 index 97b8897..daa9565 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -60,6 +60,7 @@ my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; my $configoutgoing = "${General::swroot}/firewall/outgoing"; my $p2pfile = "${General::swroot}/firewall/p2protocols"; +my $geoipfile = "${General::swroot}/firewall/geoipblock"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; my $netsettings = "${General::swroot}/ethernet/settings";
@@ -88,14 +89,30 @@ sub main { # Flush all chains. &flush();
- # Reload firewall rules. - &preparerules(); + # Prepare firewall rules. + if (! -z "${General::swroot}/firewall/input"){ + &buildrules(%configinputfw); + } + if (! -z "${General::swroot}/firewall/outgoing"){ + &buildrules(%configoutgoingfw); + } + if (! -z "${General::swroot}/firewall/config"){ + &buildrules(%configfwdfw); + }
# Load P2P block rules. &p2pblock();
+ # Load GeoIP block rules. + &geoipblock(); + # Reload firewall policy. run("/usr/sbin/firewall-policy"); + + #Reload firewall.local if present + if ( -f '/etc/sysconfig/firewall.local'){ + run("/etc/sysconfig/firewall.local reload"); + } }
sub run { @@ -146,18 +163,6 @@ sub flush { run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX"); }
-sub preparerules { - if (! -z "${General::swroot}/firewall/input"){ - &buildrules(%configinputfw); - } - if (! -z "${General::swroot}/firewall/outgoing"){ - &buildrules(%configoutgoingfw); - } - if (! -z "${General::swroot}/firewall/config"){ - &buildrules(%configfwdfw); - } -} - sub buildrules { my $hash = shift;
@@ -364,13 +369,17 @@ sub buildrules { my @source_options = (); if ($source =~ /mac/) { push(@source_options, $source); - } elsif ($source) { + } elsif ($source =~ /-m geoip/) { + push(@source_options, $source); + } elsif($source) { push(@source_options, ("-s", $source)); }
# Prepare destination options. my @destination_options = (); - if ($destination) { + if ($destination =~ /-m geoip/) { + push(@destination_options, $destination); + } elsif ($destination) { push(@destination_options, ("-d", $destination)); }
@@ -512,10 +521,6 @@ sub buildrules { } } } - #Reload firewall.local if present - if ( -f '/etc/sysconfig/firewall.local'){ - run("/etc/sysconfig/firewall.local reload"); - } }
# Formats the given timestamp into the iptables format which is "hh:mm" UTC. @@ -573,6 +578,38 @@ sub p2pblock { } }
+sub geoipblock { + my %geoipsettings = (); + $geoipsettings{'GEOIPBLOCK_ENABLED'} = "off"; + + # Flush iptables chain. + run("$IPTABLES -F GEOIPBLOCK"); + + # Check if the geoip settings file exists + if (-e "$geoipfile") { + # Read settings file + &General::readhash("$geoipfile", %geoipsettings); + } + + # If geoip blocking is not enabled, we are finished here. + if ($geoipsettings{'GEOIPBLOCK_ENABLED'} ne "on") { + # Exit submodule. Process remaining script. + return; + } + + # Get supported locations. + my @locations = &fwlib::get_geoip_locations(); + + # Loop through all supported geoip locations and + # create iptables rules, if blocking this country + # is enabled. + foreach my $location (@locations) { + if($geoipsettings{$location} eq "on") { + run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc $location -j DROP"); + } + } +} + sub get_protocols { my $hash = shift; my $key = shift; diff --git a/config/hostapd/config b/config/hostapd/config index 1cd7676..c3672c5 100644 --- a/config/hostapd/config +++ b/config/hostapd/config @@ -15,10 +15,6 @@ CONFIG_DRIVER_HOSTAP=y # Driver interface for wired authenticator #CONFIG_DRIVER_WIRED=y
-# Driver interface for madwifi driver -#CONFIG_DRIVER_MADWIFI=y -#CFLAGS += -I../../madwifi # change to the madwifi source directory - # Driver interface for Prism54 driver CONFIG_DRIVER_PRISM54=y
@@ -49,14 +45,14 @@ CONFIG_RSN_PREAUTH=y CONFIG_PEERKEY=y
# IEEE 802.11w (management frame protection) -# This version is an experimental implementation based on IEEE 802.11w/D1.0 -# draft and is subject to change since the standard has not yet been finalized. -# Driver support is also needed for IEEE 802.11w. -#CONFIG_IEEE80211W=y +CONFIG_IEEE80211W=y
# Integrated EAP server CONFIG_EAP=y
+# EAP Re-authentication Protocol (ERP) in integrated EAP server +CONFIG_ERP=y + # EAP-MD5 for the integrated EAP server CONFIG_EAP_MD5=y
@@ -91,6 +87,9 @@ CONFIG_EAP_TTLS=y # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y
+# EAP-pwd for the integrated EAP server (secure authentication with a password) +#CONFIG_EAP_PWD=y + # EAP-SAKE for the integrated EAP server #CONFIG_EAP_SAKE=y
@@ -110,6 +109,8 @@ CONFIG_EAP_TTLS=y CONFIG_WPS=y # Enable UPnP support for external WPS Registrars CONFIG_WPS_UPNP=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y
# EAP-IKEv2 CONFIG_EAP_IKEV2=y @@ -117,6 +118,9 @@ CONFIG_EAP_IKEV2=y # Trusted Network Connect (EAP-TNC) CONFIG_EAP_TNC=y
+# EAP-EKE for the integrated EAP server +#CONFIG_EAP_EKE=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -138,14 +142,171 @@ CONFIG_IEEE80211R=y # IEEE 802.11n (High Throughput) support CONFIG_IEEE80211N=y
+# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# IEEE 802.11ac (Very High Throughput) support +CONFIG_IEEE80211AC=y + # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging # code is not needed. CONFIG_NO_STDOUT_DEBUG=y
-# IEEE 802.11ac (Very High Throughput) support -CONFIG_IEEE80211AC=y
-# Enable AUTO_CHANNEL_SELECTION -# This is needed for dfs (radar detection) channels +# Add support for writing debug log to a file: -f /tmp/hostapd.log +# Disabled by default. +#CONFIG_DEBUG_FILE=y + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Remove support for RADIUS accounting +#CONFIG_NO_ACCOUNTING=y + +# Remove support for RADIUS +#CONFIG_NO_RADIUS=y + +# Remove support for VLANs +#CONFIG_NO_VLAN=y + +# Enable support for fully dynamic VLANs. This enables hostapd to +# automatically create bridge and VLAN interfaces if necessary. +#CONFIG_FULL_DYNAMIC_VLAN=y + +# Use netlink-based kernel API for VLAN operations instead of ioctl() +# Note: This requires libnl 3.1 or newer. +#CONFIG_VLAN_NETLINK=y + +# Remove support for dumping internal state through control interface commands +# This can be used to reduce binary size at the cost of disabling a debugging +# option. +#CONFIG_NO_DUMP_STATE=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# hostapd depends on strong random number generation being available from the +# operating system. os_get_random() function is used to fetch random data when +# needed, e.g., for key generation. On Linux and BSD systems, this works by +# reading /dev/urandom. It should be noted that the OS entropy pool needs to be +# properly initialized before hostapd is started. This is important especially +# on embedded devices that do not have a hardware random number generator and +# may by default start up with minimal entropy available for random number +# generation. +# +# As a safety net, hostapd is by default trying to internally collect +# additional entropy for generating random data to mix in with the data +# fetched from the OS. This by itself is not considered to be very strong, but +# it may help in cases where the system pool is not initialized properly. +# However, it is very strongly recommended that the system pool is initialized +# with enough entropy either by using hardware assisted random number +# generator or by storing state over device reboots. +# +# hostapd can be configured to maintain its own entropy store over restarts to +# enhance random number generation. This is not perfect, but it is much more +# secure than using the same sequence of random numbers after every reboot. +# This can be enabled with -e<entropy file> command line option. The specified +# file needs to be readable and writable by hostapd. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal hostapd random pool can be disabled. +# This will save some in binary size and CPU use. However, this should only be +# considered for builds that are known to be used on devices that meet the +# requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +#CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. +#CONFIG_TLSV12=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks. +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file +#CONFIG_SQLITE=y + +# Testing options +# This can be used to enable some testing options (see also the example +# configuration file) that are really useful only for testing clients that +# connect to this hostapd. These options allow, for example, to drop a +# certain percentage of probe requests or auth/(re)assoc frames. +# +#CONFIG_TESTING_OPTIONS=y + +# Automatic Channel Selection +# This will allow hostapd to pick the channel automatically when channel is set +# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# You can customize the ACS survey algorithm with the hostapd.conf variable +# acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +# CONFIG_ACS=y diff --git a/config/httpd/global.conf b/config/httpd/global.conf index a977026..3fbd5e2 100644 --- a/config/httpd/global.conf +++ b/config/httpd/global.conf @@ -1,7 +1,7 @@ Timeout 300 ServerSignature on UseCanonicalName off -ServerTokens Full +ServerTokens Prod LogLevel warn CustomLog /var/log/httpd/access_log combined Include /etc/httpd/conf/hostname.conf diff --git a/config/httpd/httpd.conf b/config/httpd/httpd.conf index 7e00b88..9c1fb2b 100644 --- a/config/httpd/httpd.conf +++ b/config/httpd/httpd.conf @@ -117,4 +117,5 @@ Include /etc/httpd/conf/default-server.conf # Include /etc/httpd/conf/vhosts.d/*.conf
- +# Dummy LoadModule directive to aid module installations +#LoadModule dummy_module /usr/lib/apache2/modules/mod_dummy.so diff --git a/config/httpd/vhosts.d/esniper.conf b/config/httpd/vhosts.d/esniper.conf deleted file mode 100644 index e1c4dd4..0000000 --- a/config/httpd/vhosts.d/esniper.conf +++ /dev/null @@ -1,22 +0,0 @@ -Listen 1006 - -<VirtualHost *:1006> - - SSLEngine on - SSLProtocol all -SSLv2 - SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP - SSLCertificateFile /etc/httpd/server.crt - SSLCertificateKeyFile /etc/httpd/server.key - - DocumentRoot /srv/web/esniper - - Include /etc/httpd/conf/conf.d/php*.conf - - <Directory /srv/web/esniper> - Options None - AllowOverride None - Order allow,deny - Allow from all - </Directory> - -</VirtualHost> diff --git a/config/httpd/vhosts.d/phpaj.conf b/config/httpd/vhosts.d/phpaj.conf deleted file mode 100644 index a6b764e..0000000 --- a/config/httpd/vhosts.d/phpaj.conf +++ /dev/null @@ -1,16 +0,0 @@ -Listen 1002 - -<VirtualHost *:1002> - - DocumentRoot /srv/web/phpaj - - Include /etc/httpd/conf/conf.d/php*.conf - - <Directory /srv/web/phpaj> - Options None - AllowOverride None - Order allow,deny - Allow from all - </Directory> - -</VirtualHost> diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index 18ffcd7..cf44486 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 3.14.30 Kernel Configuration +# Linux/arm 3.14.37 Kernel Configuration # CONFIG_ARM=y CONFIG_SYS_SUPPORTS_APM_EMULATION=y @@ -5042,7 +5042,6 @@ CONFIG_DEBUG_KERNEL=y # # Memory Debugging # -# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set @@ -5275,6 +5274,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_RENAME=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y
diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index e3fa93e..25de266 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 3.14.30 Kernel Configuration +# Linux/arm 3.14.37 Kernel Configuration # CONFIG_ARM=y CONFIG_MIGHT_HAVE_PCI=y @@ -5530,7 +5530,6 @@ CONFIG_DEBUG_KERNEL=y # # Memory Debugging # -# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y @@ -5764,6 +5763,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_RENAME=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y
diff --git a/config/kernel/kernel.config.armv5tel-ipfire-rpi b/config/kernel/kernel.config.armv5tel-ipfire-rpi index 17a7305..b25210a 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-rpi +++ b/config/kernel/kernel.config.armv5tel-ipfire-rpi @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 3.14.30 Kernel Configuration +# Linux/arm 3.14.37 Kernel Configuration # CONFIG_ARM=y CONFIG_SYS_SUPPORTS_APM_EMULATION=y @@ -3643,7 +3643,6 @@ CONFIG_DEBUG_KERNEL=y # # Memory Debugging # -# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set @@ -3858,6 +3857,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_RENAME=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y
diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 87687d9..f5ff73e 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.30 Kernel Configuration +# Linux/x86 3.14.37 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -410,6 +410,7 @@ CONFIG_SCHED_MC=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set +CONFIG_X86_UP_APIC_MSI=y CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y @@ -5494,7 +5495,6 @@ CONFIG_DEBUG_KERNEL=y # # Memory Debugging # -# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set @@ -5766,6 +5766,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_RENAME=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y
diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index c5a437a..8e72201 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.30 Kernel Configuration +# Linux/x86 3.14.37 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -420,6 +420,7 @@ CONFIG_SCHED_MC=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set +CONFIG_X86_UP_APIC_MSI=y CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y @@ -5537,7 +5538,6 @@ CONFIG_DEBUG_KERNEL=y # # Memory Debugging # -# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set @@ -5807,6 +5807,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_RENAME=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y
diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu index e872e64..7271b32 100644 --- a/config/menu/50-firewall.menu +++ b/config/menu/50-firewall.menu @@ -22,6 +22,12 @@ 'title' => "P2P-Block", 'enabled' => 1, }; + $subfirewall->{'50.geoipblock'} = { + 'caption' => $Lang::tr{'geoipblock'}, + 'uri' => '/cgi-bin/geoip-block.cgi', + 'title' => $Lang::tr{'geoipblock'}, + 'enabled' => 1, + }; $subfirewall->{'60.wireless'} = { 'caption' => $Lang::tr{'blue access'}, 'uri' => '/cgi-bin/wireless.cgi', diff --git a/config/qemu/qemu b/config/qemu/qemu new file mode 100644 index 0000000..64b458a --- /dev/null +++ b/config/qemu/qemu @@ -0,0 +1,10 @@ +#!/bin/bash +# +# QEMU wrapper to enable kvm as default like old qemu-kvm... +# +if [[ $* == *" -no-kvm"* ]]; then + qemu-system-i386 $* +else + qemu-system-i386 -enable-kvm $* +fi +exit ${?} diff --git a/config/rootfiles/common/Locale-Country b/config/rootfiles/common/Locale-Country index bbe51ee..58c2406 100644 --- a/config/rootfiles/common/Locale-Country +++ b/config/rootfiles/common/Locale-Country @@ -1,13 +1,50 @@ -#usr/lib/perl5/site_perl/5.12.3/Locale -usr/lib/perl5/site_perl/5.12.3/Locale/Constants.pm -usr/lib/perl5/site_perl/5.12.3/Locale/Constants.pod -usr/lib/perl5/site_perl/5.12.3/Locale/Country.pm -usr/lib/perl5/site_perl/5.12.3/Locale/Country.pod -usr/lib/perl5/site_perl/5.12.3/Locale/Currency.pm -usr/lib/perl5/site_perl/5.12.3/Locale/Currency.pod -usr/lib/perl5/site_perl/5.12.3/Locale/Language.pm -usr/lib/perl5/site_perl/5.12.3/Locale/Language.pod -usr/lib/perl5/site_perl/5.12.3/Locale/Script.pm -usr/lib/perl5/site_perl/5.12.3/Locale/Script.pod -#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Locale-Codes -#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Locale-Codes/.packlist +#usr/lib/perl5/5.12.3/Locale/Codes +usr/lib/perl5/5.12.3/Locale/Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes.pod +usr/lib/perl5/5.12.3/Locale/Codes/API.pod +usr/lib/perl5/5.12.3/Locale/Codes/Changes.pod +usr/lib/perl5/5.12.3/Locale/Codes/Constants.pm +usr/lib/perl5/5.12.3/Locale/Codes/Constants.pod +usr/lib/perl5/5.12.3/Locale/Codes/Country.pm +usr/lib/perl5/5.12.3/Locale/Codes/Country.pod +usr/lib/perl5/5.12.3/Locale/Codes/Country_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/Country_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/Currency.pm +usr/lib/perl5/5.12.3/Locale/Codes/Currency.pod +usr/lib/perl5/5.12.3/Locale/Codes/Currency_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/Currency_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangExt.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangExt.pod +usr/lib/perl5/5.12.3/Locale/Codes/LangExt_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangExt_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangFam.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangFam.pod +usr/lib/perl5/5.12.3/Locale/Codes/LangFam_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangFam_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangVar.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangVar.pod +usr/lib/perl5/5.12.3/Locale/Codes/LangVar_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/LangVar_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/Language.pm +usr/lib/perl5/5.12.3/Locale/Codes/Language.pod +usr/lib/perl5/5.12.3/Locale/Codes/Language_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/Language_Retired.pm +usr/lib/perl5/5.12.3/Locale/Codes/Script.pm +usr/lib/perl5/5.12.3/Locale/Codes/Script.pod +usr/lib/perl5/5.12.3/Locale/Codes/Script_Codes.pm +usr/lib/perl5/5.12.3/Locale/Codes/Script_Retired.pm +#usr/lib/perl5/5.12.3/MACHINE-linux-thread-multi/auto/Locale +#usr/lib/perl5/5.12.3/MACHINE-linux-thread-multi/auto/Locale/Codes +#usr/lib/perl5/5.12.3/MACHINE-linux-thread-multi/auto/Locale/Codes/.packlist +#usr/share/man/man3/Locale::Codes.3 +#usr/share/man/man3/Locale::Codes::API.3 +#usr/share/man/man3/Locale::Codes::Changes.3 +#usr/share/man/man3/Locale::Codes::Constants.3 +#usr/share/man/man3/Locale::Codes::Country.3 +#usr/share/man/man3/Locale::Codes::Currency.3 +#usr/share/man/man3/Locale::Codes::LangExt.3 +#usr/share/man/man3/Locale::Codes::LangFam.3 +#usr/share/man/man3/Locale::Codes::LangFam_Retired.3 +#usr/share/man/man3/Locale::Codes::LangVar.3 +#usr/share/man/man3/Locale::Codes::Language.3 +#usr/share/man/man3/Locale::Codes::Script.3 diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2 index 3eabe9f..7e33a15 100644 --- a/config/rootfiles/common/apache2 +++ b/config/rootfiles/common/apache2 @@ -1,5 +1,8 @@ #etc/httpd #etc/httpd/conf +#etc/httpd/conf/conf.d +etc/httpd/conf/conf.d/php5.conf +etc/httpd/conf/default-server.conf #etc/httpd/conf/extra #etc/httpd/conf/extra/httpd-autoindex.conf #etc/httpd/conf/extra/httpd-dav.conf @@ -12,9 +15,14 @@ #etc/httpd/conf/extra/httpd-ssl.conf #etc/httpd/conf/extra/httpd-userdir.conf #etc/httpd/conf/extra/httpd-vhosts.conf +etc/httpd/conf/global.conf +etc/httpd/conf/hostname.conf etc/httpd/conf/httpd.conf +etc/httpd/conf/listen.conf +etc/httpd/conf/loadmodule.conf etc/httpd/conf/magic etc/httpd/conf/mime.types +etc/httpd/conf/mod_log_config.conf #etc/httpd/conf/original #etc/httpd/conf/original/extra #etc/httpd/conf/original/extra/httpd-autoindex.conf @@ -29,6 +37,14 @@ etc/httpd/conf/mime.types #etc/httpd/conf/original/extra/httpd-userdir.conf #etc/httpd/conf/original/extra/httpd-vhosts.conf #etc/httpd/conf/original/httpd.conf +etc/httpd/conf/server-tuning.conf +etc/httpd/conf/ssl-global.conf +etc/httpd/conf/uid.conf +#etc/httpd/conf/vhosts.d +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf +etc/httpd/conf/vhosts.d/ipfire-interface.conf +#etc/httpd/conf/vhosts.d/nagios.conf +#etc/httpd/conf/vhosts.d/openmailadmin.conf #srv/web #srv/web/ipfire #srv/web/ipfire/cgi-bin @@ -1336,7 +1352,7 @@ usr/lib/apr-util-1/apr_dbd_sqlite3.so #usr/lib/libapr-1.la usr/lib/libapr-1.so usr/lib/libapr-1.so.0 -usr/lib/libapr-1.so.0.5.0 +usr/lib/libapr-1.so.0.5.1 #usr/lib/libaprutil-1.a #usr/lib/libaprutil-1.la usr/lib/libaprutil-1.so @@ -1373,76 +1389,3 @@ usr/sbin/httpd #usr/share/man/man8/rotatelogs.8 #usr/share/man/man8/suexec.8 var/log/httpd -etc/httpd/conf/conf.d -etc/httpd/conf/default-server.conf -etc/httpd/conf/global.conf -etc/httpd/conf/hostname.conf -etc/httpd/conf/listen.conf -etc/httpd/conf/loadmodule.conf -etc/httpd/conf/mod_log_config.conf -etc/httpd/conf/server-tuning.conf -etc/httpd/conf/ssl-global.conf -etc/httpd/conf/uid.conf -etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf -etc/httpd/conf/vhosts.d/ipfire-interface.conf -srv/web/ipfire/cgi-bin/aliases.cgi -srv/web/ipfire/cgi-bin/atm-status.cgi -srv/web/ipfire/cgi-bin/backup.cgi -srv/web/ipfire/cgi-bin/chpasswd.cgi -srv/web/ipfire/cgi-bin/connections.cgi -srv/web/ipfire/cgi-bin/connscheduler.cgi -srv/web/ipfire/cgi-bin/country.cgi -srv/web/ipfire/cgi-bin/credits.cgi -srv/web/ipfire/cgi-bin/dns.cgi -srv/web/ipfire/cgi-bin/dnsforward.cgi -srv/web/ipfire/cgi-bin/ddns.cgi -srv/web/ipfire/cgi-bin/dhcp.cgi -srv/web/ipfire/cgi-bin/entropy.cgi -srv/web/ipfire/cgi-bin/extrahd.cgi -srv/web/ipfire/cgi-bin/fireinfo.cgi -srv/web/ipfire/cgi-bin/firewall.cgi -srv/web/ipfire/cgi-bin/fwhosts.cgi -srv/web/ipfire/cgi-bin/gpl.cgi -srv/web/ipfire/cgi-bin/gui.cgi -srv/web/ipfire/cgi-bin/hardwaregraphs.cgi -srv/web/ipfire/cgi-bin/hosts.cgi -srv/web/ipfire/cgi-bin/ids.cgi -srv/web/ipfire/cgi-bin/index.cgi -srv/web/ipfire/cgi-bin/ipinfo.cgi -srv/web/ipfire/cgi-bin/iptables.cgi -srv/web/ipfire/cgi-bin/logs.cgi -srv/web/ipfire/cgi-bin/mac.cgi -srv/web/ipfire/cgi-bin/media.cgi -srv/web/ipfire/cgi-bin/memory.cgi -srv/web/ipfire/cgi-bin/modem.cgi -srv/web/ipfire/cgi-bin/modem-status.cgi -srv/web/ipfire/cgi-bin/netexternal.cgi -srv/web/ipfire/cgi-bin/netinternal.cgi -srv/web/ipfire/cgi-bin/netother.cgi -srv/web/ipfire/cgi-bin/netovpnrw.cgi -srv/web/ipfire/cgi-bin/netovpnsrv.cgi -srv/web/ipfire/cgi-bin/optionsfw.cgi -srv/web/ipfire/cgi-bin/ovpnmain.cgi -srv/web/ipfire/cgi-bin/p2p-block.cgi -srv/web/ipfire/cgi-bin/pakfire.cgi -srv/web/ipfire/cgi-bin/pppsetup.cgi -srv/web/ipfire/cgi-bin/proxy.cgi -srv/web/ipfire/cgi-bin/qos.cgi -srv/web/ipfire/cgi-bin/remote.cgi -srv/web/ipfire/cgi-bin/routing.cgi -srv/web/ipfire/cgi-bin/services.cgi -srv/web/ipfire/cgi-bin/shutdown.cgi -srv/web/ipfire/cgi-bin/speed.cgi -srv/web/ipfire/cgi-bin/system.cgi -srv/web/ipfire/cgi-bin/time.cgi -srv/web/ipfire/cgi-bin/traffic.cgi -srv/web/ipfire/cgi-bin/updatexlrator.cgi -srv/web/ipfire/cgi-bin/upnp.cgi -srv/web/ipfire/cgi-bin/urlfilter.cgi -srv/web/ipfire/cgi-bin/vpnmain.cgi -srv/web/ipfire/cgi-bin/wakeonlan.cgi -srv/web/ipfire/cgi-bin/webaccess.cgi -srv/web/ipfire/cgi-bin/wireless.cgi -srv/web/ipfire/cgi-bin/wirelessclient.cgi -srv/web/ipfire/html -var/updatecache diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index 5248766..b4cd8f8 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -61,6 +61,7 @@ etc/rc.d/init.d/mounttmpfs #etc/rc.d/init.d/mysql #etc/rc.d/init.d/netsnmpd etc/rc.d/init.d/network +etc/rc.d/init.d/network-trigger etc/rc.d/init.d/network-vlans #etc/rc.d/init.d/networking etc/rc.d/init.d/networking/any @@ -91,6 +92,7 @@ etc/rc.d/init.d/networking/red.up/50-ipsec etc/rc.d/init.d/networking/red.up/50-ovpn etc/rc.d/init.d/networking/red.up/98-leds etc/rc.d/init.d/networking/red.up/99-fireinfo +etc/rc.d/init.d/networking/red.up/99-geoip-database etc/rc.d/init.d/networking/red.up/99-pakfire-update etc/rc.d/init.d/networking/wpa_supplicant.exe #etc/rc.d/init.d/nfs-server @@ -229,6 +231,7 @@ etc/rc.d/rcsysinit.d/S73swconfig etc/rc.d/rcsysinit.d/S75firstsetup etc/rc.d/rcsysinit.d/S80localnet etc/rc.d/rcsysinit.d/S85firewall +etc/rc.d/rcsysinit.d/S90network-trigger etc/rc.d/rcsysinit.d/S91network-vlans etc/rc.d/rcsysinit.d/S92rngd etc/rc.d/rc3.d/S15fireinfo diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index fa07629..c2d3cd2 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -53,6 +53,7 @@ boot/dtb-KVER-ipfire-multi #boot/dtb-KVER-ipfire-multi/imx6dl-sabresd.dtb #boot/dtb-KVER-ipfire-multi/imx6dl-wandboard.dtb #boot/dtb-KVER-ipfire-multi/imx6q-arm2.dtb +#boot/dtb-KVER-ipfire-multi/imx6q-cm-fx6.dtb #boot/dtb-KVER-ipfire-multi/imx6q-cubox-i.dtb #boot/dtb-KVER-ipfire-multi/imx6q-gw51xx.dtb #boot/dtb-KVER-ipfire-multi/imx6q-gw52xx.dtb diff --git a/config/rootfiles/common/collectd b/config/rootfiles/common/collectd index 2732494..cac4c3d 100644 --- a/config/rootfiles/common/collectd +++ b/config/rootfiles/common/collectd @@ -218,11 +218,11 @@ usr/lib/libcollectdclient.so.0.0.0 #usr/lib/perl5/Collectd/Plugins #usr/lib/perl5/Collectd/Plugins/OpenVZ.pm #usr/lib/perl5/Collectd/Unixsock.pm -#usr/lib/perl5/i586-linux-thread-multi -#usr/lib/perl5/i586-linux-thread-multi/auto -#usr/lib/perl5/i586-linux-thread-multi/auto/Collectd -#usr/lib/perl5/i586-linux-thread-multi/auto/Collectd/.packlist -#usr/lib/perl5/i586-linux-thread-multi/perllocal.pod +#usr/lib/perl5/MACHINE-linux-thread-multi +#usr/lib/perl5/MACHINE-linux-thread-multi/auto +#usr/lib/perl5/MACHINE-linux-thread-multi/auto/Collectd +#usr/lib/perl5/MACHINE-linux-thread-multi/auto/Collectd/.packlist +#usr/lib/perl5/MACHINE-linux-thread-multi/perllocal.pod #usr/lib/pkgconfig/libcollectdclient.pc #usr/man/man3/Collectd::Unixsock.3 usr/sbin/collectd diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index eaf1af6..f6cbb61 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -52,6 +52,7 @@ var/ipfire/extrahd var/ipfire/firewall #var/ipfire/firewall/config #var/ipfire/firewall/dmz +#var/ipfire/firewall/geoipblock #var/ipfire/firewall/input #var/ipfire/firewall/nat #var/ipfire/firewall/outgoing @@ -59,6 +60,7 @@ var/ipfire/firewall #var/ipfire/firewall/settings var/ipfire/fwhosts #var/ipfire/fwhosts/customgroups +#var/ipfire/fwhosts/customgeoipgrp #var/ipfire/fwhosts/customhosts #var/ipfire/fwhosts/customnetworks #var/ipfire/fwhosts/customservicegrp @@ -69,6 +71,7 @@ var/ipfire/fwlogs #var/ipfire/fwlogs/ipsettings #var/ipfire/fwlogs/portsettings var/ipfire/general-functions.pl +var/ipfire/geoip-functions.pl var/ipfire/graphs.pl var/ipfire/header.pl var/ipfire/isdn diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index c556751..af32dfa 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -10,7 +10,6 @@ usr/bin/curl #usr/include/curl/multi.h #usr/include/curl/stdcheaders.h #usr/include/curl/typecheck-gcc.h -#usr/include/curl/types.h #usr/lib/libcurl.a #usr/lib/libcurl.la usr/lib/libcurl.so @@ -18,9 +17,233 @@ usr/lib/libcurl.so.3 usr/lib/libcurl.so.4 usr/lib/libcurl.so.4.3.0 #usr/lib/pkgconfig/libcurl.pc +#usr/share/aclocal/libcurl.m4 #usr/share/man/man1/curl-config.1 #usr/share/man/man1/curl.1 -#usr/share/man/man1/mk-ca-bundle.1 +#usr/share/man/man3/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 +#usr/share/man/man3/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 +#usr/share/man/man3/CURLMOPT_MAXCONNECTS.3 +#usr/share/man/man3/CURLMOPT_MAX_HOST_CONNECTIONS.3 +#usr/share/man/man3/CURLMOPT_MAX_PIPELINE_LENGTH.3 +#usr/share/man/man3/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 +#usr/share/man/man3/CURLMOPT_PIPELINING.3 +#usr/share/man/man3/CURLMOPT_PIPELINING_SERVER_BL.3 +#usr/share/man/man3/CURLMOPT_PIPELINING_SITE_BL.3 +#usr/share/man/man3/CURLMOPT_SOCKETDATA.3 +#usr/share/man/man3/CURLMOPT_SOCKETFUNCTION.3 +#usr/share/man/man3/CURLMOPT_TIMERDATA.3 +#usr/share/man/man3/CURLMOPT_TIMERFUNCTION.3 +#usr/share/man/man3/CURLOPT_ACCEPTTIMEOUT_MS.3 +#usr/share/man/man3/CURLOPT_ACCEPT_ENCODING.3 +#usr/share/man/man3/CURLOPT_ADDRESS_SCOPE.3 +#usr/share/man/man3/CURLOPT_APPEND.3 +#usr/share/man/man3/CURLOPT_AUTOREFERER.3 +#usr/share/man/man3/CURLOPT_BUFFERSIZE.3 +#usr/share/man/man3/CURLOPT_CAINFO.3 +#usr/share/man/man3/CURLOPT_CAPATH.3 +#usr/share/man/man3/CURLOPT_CERTINFO.3 +#usr/share/man/man3/CURLOPT_CHUNK_BGN_FUNCTION.3 +#usr/share/man/man3/CURLOPT_CHUNK_DATA.3 +#usr/share/man/man3/CURLOPT_CHUNK_END_FUNCTION.3 +#usr/share/man/man3/CURLOPT_CLOSESOCKETDATA.3 +#usr/share/man/man3/CURLOPT_CLOSESOCKETFUNCTION.3 +#usr/share/man/man3/CURLOPT_CONNECTTIMEOUT.3 +#usr/share/man/man3/CURLOPT_CONNECTTIMEOUT_MS.3 +#usr/share/man/man3/CURLOPT_CONNECT_ONLY.3 +#usr/share/man/man3/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3 +#usr/share/man/man3/CURLOPT_CONV_FROM_UTF8_FUNCTION.3 +#usr/share/man/man3/CURLOPT_CONV_TO_NETWORK_FUNCTION.3 +#usr/share/man/man3/CURLOPT_COOKIE.3 +#usr/share/man/man3/CURLOPT_COOKIEFILE.3 +#usr/share/man/man3/CURLOPT_COOKIEJAR.3 +#usr/share/man/man3/CURLOPT_COOKIELIST.3 +#usr/share/man/man3/CURLOPT_COOKIESESSION.3 +#usr/share/man/man3/CURLOPT_COPYPOSTFIELDS.3 +#usr/share/man/man3/CURLOPT_CRLF.3 +#usr/share/man/man3/CURLOPT_CRLFILE.3 +#usr/share/man/man3/CURLOPT_CUSTOMREQUEST.3 +#usr/share/man/man3/CURLOPT_DEBUGDATA.3 +#usr/share/man/man3/CURLOPT_DEBUGFUNCTION.3 +#usr/share/man/man3/CURLOPT_DIRLISTONLY.3 +#usr/share/man/man3/CURLOPT_DNS_CACHE_TIMEOUT.3 +#usr/share/man/man3/CURLOPT_DNS_INTERFACE.3 +#usr/share/man/man3/CURLOPT_DNS_LOCAL_IP4.3 +#usr/share/man/man3/CURLOPT_DNS_LOCAL_IP6.3 +#usr/share/man/man3/CURLOPT_DNS_SERVERS.3 +#usr/share/man/man3/CURLOPT_DNS_USE_GLOBAL_CACHE.3 +#usr/share/man/man3/CURLOPT_EGDSOCKET.3 +#usr/share/man/man3/CURLOPT_ERRORBUFFER.3 +#usr/share/man/man3/CURLOPT_EXPECT_100_TIMEOUT_MS.3 +#usr/share/man/man3/CURLOPT_FAILONERROR.3 +#usr/share/man/man3/CURLOPT_FILETIME.3 +#usr/share/man/man3/CURLOPT_FNMATCH_DATA.3 +#usr/share/man/man3/CURLOPT_FNMATCH_FUNCTION.3 +#usr/share/man/man3/CURLOPT_FOLLOWLOCATION.3 +#usr/share/man/man3/CURLOPT_FORBID_REUSE.3 +#usr/share/man/man3/CURLOPT_FRESH_CONNECT.3 +#usr/share/man/man3/CURLOPT_FTPPORT.3 +#usr/share/man/man3/CURLOPT_FTPSSLAUTH.3 +#usr/share/man/man3/CURLOPT_FTP_ACCOUNT.3 +#usr/share/man/man3/CURLOPT_FTP_ALTERNATIVE_TO_USER.3 +#usr/share/man/man3/CURLOPT_FTP_CREATE_MISSING_DIRS.3 +#usr/share/man/man3/CURLOPT_FTP_FILEMETHOD.3 +#usr/share/man/man3/CURLOPT_FTP_RESPONSE_TIMEOUT.3 +#usr/share/man/man3/CURLOPT_FTP_SKIP_PASV_IP.3 +#usr/share/man/man3/CURLOPT_FTP_SSL_CCC.3 +#usr/share/man/man3/CURLOPT_FTP_USE_EPRT.3 +#usr/share/man/man3/CURLOPT_FTP_USE_EPSV.3 +#usr/share/man/man3/CURLOPT_FTP_USE_PRET.3 +#usr/share/man/man3/CURLOPT_GSSAPI_DELEGATION.3 +#usr/share/man/man3/CURLOPT_HEADER.3 +#usr/share/man/man3/CURLOPT_HEADERDATA.3 +#usr/share/man/man3/CURLOPT_HEADERFUNCTION.3 +#usr/share/man/man3/CURLOPT_HEADEROPT.3 +#usr/share/man/man3/CURLOPT_HTTP200ALIASES.3 +#usr/share/man/man3/CURLOPT_HTTPAUTH.3 +#usr/share/man/man3/CURLOPT_HTTPGET.3 +#usr/share/man/man3/CURLOPT_HTTPHEADER.3 +#usr/share/man/man3/CURLOPT_HTTPPOST.3 +#usr/share/man/man3/CURLOPT_HTTPPROXYTUNNEL.3 +#usr/share/man/man3/CURLOPT_HTTP_CONTENT_DECODING.3 +#usr/share/man/man3/CURLOPT_HTTP_TRANSFER_DECODING.3 +#usr/share/man/man3/CURLOPT_HTTP_VERSION.3 +#usr/share/man/man3/CURLOPT_IGNORE_CONTENT_LENGTH.3 +#usr/share/man/man3/CURLOPT_INFILESIZE.3 +#usr/share/man/man3/CURLOPT_INFILESIZE_LARGE.3 +#usr/share/man/man3/CURLOPT_INTERFACE.3 +#usr/share/man/man3/CURLOPT_INTERLEAVEDATA.3 +#usr/share/man/man3/CURLOPT_INTERLEAVEFUNCTION.3 +#usr/share/man/man3/CURLOPT_IOCTLDATA.3 +#usr/share/man/man3/CURLOPT_IOCTLFUNCTION.3 +#usr/share/man/man3/CURLOPT_IPRESOLVE.3 +#usr/share/man/man3/CURLOPT_ISSUERCERT.3 +#usr/share/man/man3/CURLOPT_KEYPASSWD.3 +#usr/share/man/man3/CURLOPT_KRBLEVEL.3 +#usr/share/man/man3/CURLOPT_LOCALPORT.3 +#usr/share/man/man3/CURLOPT_LOCALPORTRANGE.3 +#usr/share/man/man3/CURLOPT_LOGIN_OPTIONS.3 +#usr/share/man/man3/CURLOPT_LOW_SPEED_LIMIT.3 +#usr/share/man/man3/CURLOPT_LOW_SPEED_TIME.3 +#usr/share/man/man3/CURLOPT_MAIL_AUTH.3 +#usr/share/man/man3/CURLOPT_MAIL_FROM.3 +#usr/share/man/man3/CURLOPT_MAIL_RCPT.3 +#usr/share/man/man3/CURLOPT_MAXCONNECTS.3 +#usr/share/man/man3/CURLOPT_MAXFILESIZE.3 +#usr/share/man/man3/CURLOPT_MAXFILESIZE_LARGE.3 +#usr/share/man/man3/CURLOPT_MAXREDIRS.3 +#usr/share/man/man3/CURLOPT_MAX_RECV_SPEED_LARGE.3 +#usr/share/man/man3/CURLOPT_MAX_SEND_SPEED_LARGE.3 +#usr/share/man/man3/CURLOPT_NETRC.3 +#usr/share/man/man3/CURLOPT_NETRC_FILE.3 +#usr/share/man/man3/CURLOPT_NEW_DIRECTORY_PERMS.3 +#usr/share/man/man3/CURLOPT_NEW_FILE_PERMS.3 +#usr/share/man/man3/CURLOPT_NOBODY.3 +#usr/share/man/man3/CURLOPT_NOPROGRESS.3 +#usr/share/man/man3/CURLOPT_NOPROXY.3 +#usr/share/man/man3/CURLOPT_NOSIGNAL.3 +#usr/share/man/man3/CURLOPT_OPENSOCKETDATA.3 +#usr/share/man/man3/CURLOPT_OPENSOCKETFUNCTION.3 +#usr/share/man/man3/CURLOPT_PASSWORD.3 +#usr/share/man/man3/CURLOPT_PORT.3 +#usr/share/man/man3/CURLOPT_POST.3 +#usr/share/man/man3/CURLOPT_POSTFIELDS.3 +#usr/share/man/man3/CURLOPT_POSTFIELDSIZE.3 +#usr/share/man/man3/CURLOPT_POSTFIELDSIZE_LARGE.3 +#usr/share/man/man3/CURLOPT_POSTQUOTE.3 +#usr/share/man/man3/CURLOPT_POSTREDIR.3 +#usr/share/man/man3/CURLOPT_PREQUOTE.3 +#usr/share/man/man3/CURLOPT_PRIVATE.3 +#usr/share/man/man3/CURLOPT_PROGRESSDATA.3 +#usr/share/man/man3/CURLOPT_PROGRESSFUNCTION.3 +#usr/share/man/man3/CURLOPT_PROTOCOLS.3 +#usr/share/man/man3/CURLOPT_PROXY.3 +#usr/share/man/man3/CURLOPT_PROXYAUTH.3 +#usr/share/man/man3/CURLOPT_PROXYHEADER.3 +#usr/share/man/man3/CURLOPT_PROXYPASSWORD.3 +#usr/share/man/man3/CURLOPT_PROXYPORT.3 +#usr/share/man/man3/CURLOPT_PROXYTYPE.3 +#usr/share/man/man3/CURLOPT_PROXYUSERNAME.3 +#usr/share/man/man3/CURLOPT_PROXYUSERPWD.3 +#usr/share/man/man3/CURLOPT_PROXY_TRANSFER_MODE.3 +#usr/share/man/man3/CURLOPT_PUT.3 +#usr/share/man/man3/CURLOPT_QUOTE.3 +#usr/share/man/man3/CURLOPT_RANDOM_FILE.3 +#usr/share/man/man3/CURLOPT_RANGE.3 +#usr/share/man/man3/CURLOPT_READDATA.3 +#usr/share/man/man3/CURLOPT_READFUNCTION.3 +#usr/share/man/man3/CURLOPT_REDIR_PROTOCOLS.3 +#usr/share/man/man3/CURLOPT_REFERER.3 +#usr/share/man/man3/CURLOPT_RESOLVE.3 +#usr/share/man/man3/CURLOPT_RESUME_FROM.3 +#usr/share/man/man3/CURLOPT_RESUME_FROM_LARGE.3 +#usr/share/man/man3/CURLOPT_RTSP_CLIENT_CSEQ.3 +#usr/share/man/man3/CURLOPT_RTSP_REQUEST.3 +#usr/share/man/man3/CURLOPT_RTSP_SERVER_CSEQ.3 +#usr/share/man/man3/CURLOPT_RTSP_SESSION_ID.3 +#usr/share/man/man3/CURLOPT_RTSP_STREAM_URI.3 +#usr/share/man/man3/CURLOPT_RTSP_TRANSPORT.3 +#usr/share/man/man3/CURLOPT_SASL_IR.3 +#usr/share/man/man3/CURLOPT_SEEKDATA.3 +#usr/share/man/man3/CURLOPT_SEEKFUNCTION.3 +#usr/share/man/man3/CURLOPT_SHARE.3 +#usr/share/man/man3/CURLOPT_SOCKOPTDATA.3 +#usr/share/man/man3/CURLOPT_SOCKOPTFUNCTION.3 +#usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_NEC.3 +#usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 +#usr/share/man/man3/CURLOPT_SSH_AUTH_TYPES.3 +#usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 +#usr/share/man/man3/CURLOPT_SSH_KEYDATA.3 +#usr/share/man/man3/CURLOPT_SSH_KEYFUNCTION.3 +#usr/share/man/man3/CURLOPT_SSH_KNOWNHOSTS.3 +#usr/share/man/man3/CURLOPT_SSH_PRIVATE_KEYFILE.3 +#usr/share/man/man3/CURLOPT_SSH_PUBLIC_KEYFILE.3 +#usr/share/man/man3/CURLOPT_SSLCERT.3 +#usr/share/man/man3/CURLOPT_SSLCERTTYPE.3 +#usr/share/man/man3/CURLOPT_SSLENGINE.3 +#usr/share/man/man3/CURLOPT_SSLENGINE_DEFAULT.3 +#usr/share/man/man3/CURLOPT_SSLKEY.3 +#usr/share/man/man3/CURLOPT_SSLKEYTYPE.3 +#usr/share/man/man3/CURLOPT_SSLVERSION.3 +#usr/share/man/man3/CURLOPT_SSL_CIPHER_LIST.3 +#usr/share/man/man3/CURLOPT_SSL_CTX_DATA.3 +#usr/share/man/man3/CURLOPT_SSL_CTX_FUNCTION.3 +#usr/share/man/man3/CURLOPT_SSL_ENABLE_ALPN.3 +#usr/share/man/man3/CURLOPT_SSL_ENABLE_NPN.3 +#usr/share/man/man3/CURLOPT_SSL_OPTIONS.3 +#usr/share/man/man3/CURLOPT_SSL_SESSIONID_CACHE.3 +#usr/share/man/man3/CURLOPT_SSL_VERIFYHOST.3 +#usr/share/man/man3/CURLOPT_SSL_VERIFYPEER.3 +#usr/share/man/man3/CURLOPT_STDERR.3 +#usr/share/man/man3/CURLOPT_TCP_KEEPALIVE.3 +#usr/share/man/man3/CURLOPT_TCP_KEEPIDLE.3 +#usr/share/man/man3/CURLOPT_TCP_KEEPINTVL.3 +#usr/share/man/man3/CURLOPT_TCP_NODELAY.3 +#usr/share/man/man3/CURLOPT_TELNETOPTIONS.3 +#usr/share/man/man3/CURLOPT_TFTP_BLKSIZE.3 +#usr/share/man/man3/CURLOPT_TIMECONDITION.3 +#usr/share/man/man3/CURLOPT_TIMEOUT.3 +#usr/share/man/man3/CURLOPT_TIMEOUT_MS.3 +#usr/share/man/man3/CURLOPT_TIMEVALUE.3 +#usr/share/man/man3/CURLOPT_TLSAUTH_PASSWORD.3 +#usr/share/man/man3/CURLOPT_TLSAUTH_TYPE.3 +#usr/share/man/man3/CURLOPT_TLSAUTH_USERNAME.3 +#usr/share/man/man3/CURLOPT_TRANSFERTEXT.3 +#usr/share/man/man3/CURLOPT_TRANSFER_ENCODING.3 +#usr/share/man/man3/CURLOPT_UNIX_SOCKET_PATH.3 +#usr/share/man/man3/CURLOPT_UNRESTRICTED_AUTH.3 +#usr/share/man/man3/CURLOPT_UPLOAD.3 +#usr/share/man/man3/CURLOPT_URL.3 +#usr/share/man/man3/CURLOPT_USERAGENT.3 +#usr/share/man/man3/CURLOPT_USERNAME.3 +#usr/share/man/man3/CURLOPT_USERPWD.3 +#usr/share/man/man3/CURLOPT_USE_SSL.3 +#usr/share/man/man3/CURLOPT_VERBOSE.3 +#usr/share/man/man3/CURLOPT_WILDCARDMATCH.3 +#usr/share/man/man3/CURLOPT_WRITEDATA.3 +#usr/share/man/man3/CURLOPT_WRITEFUNCTION.3 +#usr/share/man/man3/CURLOPT_XFERINFODATA.3 +#usr/share/man/man3/CURLOPT_XFERINFOFUNCTION.3 +#usr/share/man/man3/CURLOPT_XOAUTH2_BEARER.3 #usr/share/man/man3/curl_easy_cleanup.3 #usr/share/man/man3/curl_easy_duphandle.3 #usr/share/man/man3/curl_easy_escape.3 diff --git a/config/rootfiles/common/cyrus-sasl b/config/rootfiles/common/cyrus-sasl index 08a7321..7934c1c 100644 --- a/config/rootfiles/common/cyrus-sasl +++ b/config/rootfiles/common/cyrus-sasl @@ -1,4 +1,3 @@ -etc/rc.d/init.d/cyrus-sasl #usr/include/sasl #usr/include/sasl/hmac-md5.h #usr/include/sasl/md5.h @@ -9,39 +8,44 @@ etc/rc.d/init.d/cyrus-sasl #usr/include/sasl/saslutil.h #usr/lib/libsasl2.la usr/lib/libsasl2.so -usr/lib/libsasl2.so.2 -usr/lib/libsasl2.so.2.0.21 +usr/lib/libsasl2.so.3 +usr/lib/libsasl2.so.3.0.0 +#usr/lib/pkgconfig/libsasl2.pc #usr/lib/sasl2 #usr/lib/sasl2/libanonymous.la usr/lib/sasl2/libanonymous.so -usr/lib/sasl2/libanonymous.so.2 -usr/lib/sasl2/libanonymous.so.2.0.21 +usr/lib/sasl2/libanonymous.so.3 +usr/lib/sasl2/libanonymous.so.3.0.0 #usr/lib/sasl2/libcrammd5.la usr/lib/sasl2/libcrammd5.so -usr/lib/sasl2/libcrammd5.so.2 -usr/lib/sasl2/libcrammd5.so.2.0.21 +usr/lib/sasl2/libcrammd5.so.3 +usr/lib/sasl2/libcrammd5.so.3.0.0 #usr/lib/sasl2/libdigestmd5.la usr/lib/sasl2/libdigestmd5.so -usr/lib/sasl2/libdigestmd5.so.2 -usr/lib/sasl2/libdigestmd5.so.2.0.21 +usr/lib/sasl2/libdigestmd5.so.3 +usr/lib/sasl2/libdigestmd5.so.3.0.0 #usr/lib/sasl2/libotp.la usr/lib/sasl2/libotp.so -usr/lib/sasl2/libotp.so.2 -usr/lib/sasl2/libotp.so.2.0.21 +usr/lib/sasl2/libotp.so.3 +usr/lib/sasl2/libotp.so.3.0.0 #usr/lib/sasl2/libplain.la usr/lib/sasl2/libplain.so -usr/lib/sasl2/libplain.so.2 -usr/lib/sasl2/libplain.so.2.0.21 +usr/lib/sasl2/libplain.so.3 +usr/lib/sasl2/libplain.so.3.0.0 #usr/lib/sasl2/libsasldb.la usr/lib/sasl2/libsasldb.so -usr/lib/sasl2/libsasldb.so.2 -usr/lib/sasl2/libsasldb.so.2.0.21 +usr/lib/sasl2/libsasldb.so.3 +usr/lib/sasl2/libsasldb.so.3.0.0 +#usr/lib/sasl2/libscram.la +usr/lib/sasl2/libscram.so +usr/lib/sasl2/libscram.so.3 +usr/lib/sasl2/libscram.so.3.0.0 usr/lib/sasl2/smtpd.conf -#usr/man/cat8 -#usr/man/cat8/saslauthd.8 +usr/sbin/pluginviewer usr/sbin/saslauthd usr/sbin/sasldblistusers2 usr/sbin/saslpasswd2 +usr/sbin/testsaslauthd #usr/share/man/man3/sasl.3 #usr/share/man/man3/sasl_authorize_t.3 #usr/share/man/man3/sasl_auxprop.3 @@ -64,6 +68,7 @@ usr/sbin/saslpasswd2 #usr/share/man/man3/sasl_errdetail.3 #usr/share/man/man3/sasl_errors.3 #usr/share/man/man3/sasl_errstring.3 +#usr/share/man/man3/sasl_getconfpath_t.3 #usr/share/man/man3/sasl_getopt_t.3 #usr/share/man/man3/sasl_getpath_t.3 #usr/share/man/man3/sasl_getprop.3 @@ -84,6 +89,9 @@ usr/sbin/saslpasswd2 #usr/share/man/man3/sasl_setprop.3 #usr/share/man/man3/sasl_user_exists.3 #usr/share/man/man3/sasl_verifyfile_t.3 +#usr/share/man/man8/pluginviewer.8 +#usr/share/man/man8/saslauthd.8 #usr/share/man/man8/sasldblistusers2.8 #usr/share/man/man8/saslpasswd2.8 var/lib/sasl +etc/rc.d/init.d/cyrus-sasl diff --git a/config/rootfiles/common/dhcp b/config/rootfiles/common/dhcp index 2c2cfee..ff225a5 100644 --- a/config/rootfiles/common/dhcp +++ b/config/rootfiles/common/dhcp @@ -1,6 +1,7 @@ #etc/dhcp -#etc/dhcp/dhclient.conf +#etc/dhcp/dhclient.conf.example etc/dhcp/dhcpd.conf +#etc/dhcp/dhcpd.conf.example #usr/bin/omshell #usr/include/dhcpctl #usr/include/dhcpctl/dhcpctl.h diff --git a/config/rootfiles/common/dhcpcd b/config/rootfiles/common/dhcpcd index 3f62fc6..ffbe04a 100644 --- a/config/rootfiles/common/dhcpcd +++ b/config/rootfiles/common/dhcpcd @@ -1,3 +1,6 @@ +#lib/dhcpcd +#lib/dhcpcd/dev +#lib/dhcpcd/dev/udev.so sbin/dhcpcd #usr/share/man/man5/dhcpcd.conf.5 #usr/share/man/man8/dhcpcd-run-hooks.8 @@ -6,6 +9,8 @@ var/ipfire/dhcpc/dhcpcd-hooks #var/ipfire/dhcpc/dhcpcd-hooks/01-test #var/ipfire/dhcpc/dhcpcd-hooks/02-dump #var/ipfire/dhcpc/dhcpcd-hooks/10-mtu +#var/ipfire/dhcpc/dhcpcd-hooks/10-wpa_supplicant +#var/ipfire/dhcpc/dhcpcd-hooks/15-timezone #var/ipfire/dhcpc/dhcpcd-hooks/29-lookup-hostname #var/ipfire/dhcpc/dhcpcd-hooks/30-hostname #var/ipfire/dhcpc/dhcpcd-hooks/70-dhcpcd.exe diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 17081c4..aaa8265 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -5,10 +5,11 @@ #usr/lib/libexpat.la usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.5.0 -#usr/man/man1/xmlwf.1 -#usr/share/doc/expat-2.0.0 -#usr/share/doc/expat-2.0.0/expat.png -#usr/share/doc/expat-2.0.0/reference.html -#usr/share/doc/expat-2.0.0/style.css -#usr/share/doc/expat-2.0.0/valid-xhtml10.png +usr/lib/libexpat.so.1.6.0 +#usr/lib/pkgconfig/expat.pc +#usr/share/doc/expat-2.1.0 +#usr/share/doc/expat-2.1.0/expat.png +#usr/share/doc/expat-2.1.0/reference.html +#usr/share/doc/expat-2.1.0/style.css +#usr/share/doc/expat-2.1.0/valid-xhtml10.png +#usr/share/man/man1/xmlwf.1 diff --git a/config/rootfiles/common/flag-icons b/config/rootfiles/common/flag-icons new file mode 100644 index 0000000..eee2c0c --- /dev/null +++ b/config/rootfiles/common/flag-icons @@ -0,0 +1,243 @@ +srv/web/ipfire/html/images/flags +#srv/web/ipfire/html/images/flags/AD.png +#srv/web/ipfire/html/images/flags/AE.png +#srv/web/ipfire/html/images/flags/AF.png +#srv/web/ipfire/html/images/flags/AG.png +#srv/web/ipfire/html/images/flags/AI.png +#srv/web/ipfire/html/images/flags/AL.png +#srv/web/ipfire/html/images/flags/AM.png +#srv/web/ipfire/html/images/flags/AN.png +#srv/web/ipfire/html/images/flags/AO.png +#srv/web/ipfire/html/images/flags/AQ.png +#srv/web/ipfire/html/images/flags/AR.png +#srv/web/ipfire/html/images/flags/AS.png +#srv/web/ipfire/html/images/flags/AT.png +#srv/web/ipfire/html/images/flags/AU.png +#srv/web/ipfire/html/images/flags/AW.png +#srv/web/ipfire/html/images/flags/AX.png +#srv/web/ipfire/html/images/flags/AZ.png +#srv/web/ipfire/html/images/flags/BA.png +#srv/web/ipfire/html/images/flags/BB.png +#srv/web/ipfire/html/images/flags/BD.png +#srv/web/ipfire/html/images/flags/BE.png +#srv/web/ipfire/html/images/flags/BF.png +#srv/web/ipfire/html/images/flags/BG.png +#srv/web/ipfire/html/images/flags/BH.png +#srv/web/ipfire/html/images/flags/BI.png +#srv/web/ipfire/html/images/flags/BJ.png +#srv/web/ipfire/html/images/flags/BL.png +#srv/web/ipfire/html/images/flags/BM.png +#srv/web/ipfire/html/images/flags/BN.png +#srv/web/ipfire/html/images/flags/BO.png +#srv/web/ipfire/html/images/flags/BR.png +#srv/web/ipfire/html/images/flags/BS.png +#srv/web/ipfire/html/images/flags/BT.png +#srv/web/ipfire/html/images/flags/BW.png +#srv/web/ipfire/html/images/flags/BY.png +#srv/web/ipfire/html/images/flags/BZ.png +#srv/web/ipfire/html/images/flags/CA.png +#srv/web/ipfire/html/images/flags/CC.png +#srv/web/ipfire/html/images/flags/CD.png +#srv/web/ipfire/html/images/flags/CF.png +#srv/web/ipfire/html/images/flags/CG.png +#srv/web/ipfire/html/images/flags/CH.png +#srv/web/ipfire/html/images/flags/CI.png +#srv/web/ipfire/html/images/flags/CK.png +#srv/web/ipfire/html/images/flags/CL.png +#srv/web/ipfire/html/images/flags/CM.png +#srv/web/ipfire/html/images/flags/CN.png +#srv/web/ipfire/html/images/flags/CO.png +#srv/web/ipfire/html/images/flags/CR.png +#srv/web/ipfire/html/images/flags/CU.png +#srv/web/ipfire/html/images/flags/CV.png +#srv/web/ipfire/html/images/flags/CW.png +#srv/web/ipfire/html/images/flags/CX.png +#srv/web/ipfire/html/images/flags/CY.png +#srv/web/ipfire/html/images/flags/CZ.png +#srv/web/ipfire/html/images/flags/DE.png +#srv/web/ipfire/html/images/flags/DJ.png +#srv/web/ipfire/html/images/flags/DK.png +#srv/web/ipfire/html/images/flags/DM.png +#srv/web/ipfire/html/images/flags/DO.png +#srv/web/ipfire/html/images/flags/DZ.png +#srv/web/ipfire/html/images/flags/EC.png +#srv/web/ipfire/html/images/flags/EE.png +#srv/web/ipfire/html/images/flags/EG.png +#srv/web/ipfire/html/images/flags/EH.png +#srv/web/ipfire/html/images/flags/ER.png +#srv/web/ipfire/html/images/flags/ES.png +#srv/web/ipfire/html/images/flags/ET.png +#srv/web/ipfire/html/images/flags/EU.png +#srv/web/ipfire/html/images/flags/FI.png +#srv/web/ipfire/html/images/flags/FJ.png +#srv/web/ipfire/html/images/flags/FK.png +#srv/web/ipfire/html/images/flags/FM.png +#srv/web/ipfire/html/images/flags/FO.png +#srv/web/ipfire/html/images/flags/FR.png +#srv/web/ipfire/html/images/flags/GA.png +#srv/web/ipfire/html/images/flags/GB.png +#srv/web/ipfire/html/images/flags/GD.png +#srv/web/ipfire/html/images/flags/GE.png +#srv/web/ipfire/html/images/flags/GG.png +#srv/web/ipfire/html/images/flags/GH.png +#srv/web/ipfire/html/images/flags/GI.png +#srv/web/ipfire/html/images/flags/GL.png +#srv/web/ipfire/html/images/flags/GM.png +#srv/web/ipfire/html/images/flags/GN.png +#srv/web/ipfire/html/images/flags/GQ.png +#srv/web/ipfire/html/images/flags/GR.png +#srv/web/ipfire/html/images/flags/GS.png +#srv/web/ipfire/html/images/flags/GT.png +#srv/web/ipfire/html/images/flags/GU.png +#srv/web/ipfire/html/images/flags/GW.png +#srv/web/ipfire/html/images/flags/GY.png +#srv/web/ipfire/html/images/flags/HK.png +#srv/web/ipfire/html/images/flags/HN.png +#srv/web/ipfire/html/images/flags/HR.png +#srv/web/ipfire/html/images/flags/HT.png +#srv/web/ipfire/html/images/flags/HU.png +#srv/web/ipfire/html/images/flags/IC.png +#srv/web/ipfire/html/images/flags/ID.png +#srv/web/ipfire/html/images/flags/IE.png +#srv/web/ipfire/html/images/flags/IL.png +#srv/web/ipfire/html/images/flags/IM.png +#srv/web/ipfire/html/images/flags/IN.png +#srv/web/ipfire/html/images/flags/IQ.png +#srv/web/ipfire/html/images/flags/IR.png +#srv/web/ipfire/html/images/flags/IS.png +#srv/web/ipfire/html/images/flags/IT.png +#srv/web/ipfire/html/images/flags/JE.png +#srv/web/ipfire/html/images/flags/JM.png +#srv/web/ipfire/html/images/flags/JO.png +#srv/web/ipfire/html/images/flags/JP.png +#srv/web/ipfire/html/images/flags/KE.png +#srv/web/ipfire/html/images/flags/KG.png +#srv/web/ipfire/html/images/flags/KH.png +#srv/web/ipfire/html/images/flags/KI.png +#srv/web/ipfire/html/images/flags/KM.png +#srv/web/ipfire/html/images/flags/KN.png +#srv/web/ipfire/html/images/flags/KP.png +#srv/web/ipfire/html/images/flags/KR.png +#srv/web/ipfire/html/images/flags/KW.png +#srv/web/ipfire/html/images/flags/KY.png +#srv/web/ipfire/html/images/flags/KZ.png +#srv/web/ipfire/html/images/flags/LA.png +#srv/web/ipfire/html/images/flags/LB.png +#srv/web/ipfire/html/images/flags/LC.png +#srv/web/ipfire/html/images/flags/LI.png +#srv/web/ipfire/html/images/flags/LK.png +#srv/web/ipfire/html/images/flags/LR.png +#srv/web/ipfire/html/images/flags/LS.png +#srv/web/ipfire/html/images/flags/LT.png +#srv/web/ipfire/html/images/flags/LU.png +#srv/web/ipfire/html/images/flags/LV.png +#srv/web/ipfire/html/images/flags/LY.png +#srv/web/ipfire/html/images/flags/MA.png +#srv/web/ipfire/html/images/flags/MC.png +#srv/web/ipfire/html/images/flags/MD.png +#srv/web/ipfire/html/images/flags/ME.png +#srv/web/ipfire/html/images/flags/MF.png +#srv/web/ipfire/html/images/flags/MG.png +#srv/web/ipfire/html/images/flags/MH.png +#srv/web/ipfire/html/images/flags/MK.png +#srv/web/ipfire/html/images/flags/ML.png +#srv/web/ipfire/html/images/flags/MM.png +#srv/web/ipfire/html/images/flags/MN.png +#srv/web/ipfire/html/images/flags/MO.png +#srv/web/ipfire/html/images/flags/MP.png +#srv/web/ipfire/html/images/flags/MQ.png +#srv/web/ipfire/html/images/flags/MR.png +#srv/web/ipfire/html/images/flags/MS.png +#srv/web/ipfire/html/images/flags/MT.png +#srv/web/ipfire/html/images/flags/MU.png +#srv/web/ipfire/html/images/flags/MV.png +#srv/web/ipfire/html/images/flags/MW.png +#srv/web/ipfire/html/images/flags/MX.png +#srv/web/ipfire/html/images/flags/MY.png +#srv/web/ipfire/html/images/flags/MZ.png +#srv/web/ipfire/html/images/flags/NA.png +#srv/web/ipfire/html/images/flags/NC.png +#srv/web/ipfire/html/images/flags/NE.png +#srv/web/ipfire/html/images/flags/NF.png +#srv/web/ipfire/html/images/flags/NG.png +#srv/web/ipfire/html/images/flags/NI.png +#srv/web/ipfire/html/images/flags/NL.png +#srv/web/ipfire/html/images/flags/NO.png +#srv/web/ipfire/html/images/flags/NP.png +#srv/web/ipfire/html/images/flags/NR.png +#srv/web/ipfire/html/images/flags/NU.png +#srv/web/ipfire/html/images/flags/NZ.png +#srv/web/ipfire/html/images/flags/OM.png +#srv/web/ipfire/html/images/flags/PA.png +#srv/web/ipfire/html/images/flags/PE.png +#srv/web/ipfire/html/images/flags/PF.png +#srv/web/ipfire/html/images/flags/PG.png +#srv/web/ipfire/html/images/flags/PH.png +#srv/web/ipfire/html/images/flags/PK.png +#srv/web/ipfire/html/images/flags/PL.png +#srv/web/ipfire/html/images/flags/PN.png +#srv/web/ipfire/html/images/flags/PR.png +#srv/web/ipfire/html/images/flags/PS.png +#srv/web/ipfire/html/images/flags/PT.png +#srv/web/ipfire/html/images/flags/PW.png +#srv/web/ipfire/html/images/flags/PY.png +#srv/web/ipfire/html/images/flags/QA.png +#srv/web/ipfire/html/images/flags/RO.png +#srv/web/ipfire/html/images/flags/RS.png +#srv/web/ipfire/html/images/flags/RU.png +#srv/web/ipfire/html/images/flags/RW.png +#srv/web/ipfire/html/images/flags/SA.png +#srv/web/ipfire/html/images/flags/SB.png +#srv/web/ipfire/html/images/flags/SC.png +#srv/web/ipfire/html/images/flags/SD.png +#srv/web/ipfire/html/images/flags/SE.png +#srv/web/ipfire/html/images/flags/SG.png +#srv/web/ipfire/html/images/flags/SH.png +#srv/web/ipfire/html/images/flags/SI.png +#srv/web/ipfire/html/images/flags/SK.png +#srv/web/ipfire/html/images/flags/SL.png +#srv/web/ipfire/html/images/flags/SM.png +#srv/web/ipfire/html/images/flags/SN.png +#srv/web/ipfire/html/images/flags/SO.png +#srv/web/ipfire/html/images/flags/SR.png +#srv/web/ipfire/html/images/flags/SS.png +#srv/web/ipfire/html/images/flags/ST.png +#srv/web/ipfire/html/images/flags/SV.png +#srv/web/ipfire/html/images/flags/SY.png +#srv/web/ipfire/html/images/flags/SZ.png +#srv/web/ipfire/html/images/flags/TC.png +#srv/web/ipfire/html/images/flags/TD.png +#srv/web/ipfire/html/images/flags/TF.png +#srv/web/ipfire/html/images/flags/TG.png +#srv/web/ipfire/html/images/flags/TH.png +#srv/web/ipfire/html/images/flags/TJ.png +#srv/web/ipfire/html/images/flags/TK.png +#srv/web/ipfire/html/images/flags/TL.png +#srv/web/ipfire/html/images/flags/TM.png +#srv/web/ipfire/html/images/flags/TN.png +#srv/web/ipfire/html/images/flags/TO.png +#srv/web/ipfire/html/images/flags/TR.png +#srv/web/ipfire/html/images/flags/TT.png +#srv/web/ipfire/html/images/flags/TV.png +#srv/web/ipfire/html/images/flags/TW.png +#srv/web/ipfire/html/images/flags/TZ.png +#srv/web/ipfire/html/images/flags/UA.png +#srv/web/ipfire/html/images/flags/UG.png +#srv/web/ipfire/html/images/flags/US.png +#srv/web/ipfire/html/images/flags/UY.png +#srv/web/ipfire/html/images/flags/UZ.png +#srv/web/ipfire/html/images/flags/VA.png +#srv/web/ipfire/html/images/flags/VC.png +#srv/web/ipfire/html/images/flags/VE.png +#srv/web/ipfire/html/images/flags/VG.png +#srv/web/ipfire/html/images/flags/VI.png +#srv/web/ipfire/html/images/flags/VN.png +#srv/web/ipfire/html/images/flags/VU.png +#srv/web/ipfire/html/images/flags/WF.png +#srv/web/ipfire/html/images/flags/WS.png +#srv/web/ipfire/html/images/flags/YE.png +#srv/web/ipfire/html/images/flags/YT.png +#srv/web/ipfire/html/images/flags/ZA.png +#srv/web/ipfire/html/images/flags/ZM.png +#srv/web/ipfire/html/images/flags/ZW.png +#srv/web/ipfire/html/images/flags/unknown.png diff --git a/config/rootfiles/common/groff b/config/rootfiles/common/groff index c27e594..de59084 100644 --- a/config/rootfiles/common/groff +++ b/config/rootfiles/common/groff @@ -5,6 +5,9 @@ #usr/bin/eqn2graph #usr/bin/gdiffmk #usr/bin/geqn +#usr/bin/glilypond +#usr/bin/gperl +#usr/bin/gpinyin #usr/bin/grap2graph #usr/bin/grn #usr/bin/grodvi @@ -13,6 +16,7 @@ #usr/bin/grog #usr/bin/grolbp #usr/bin/grolj4 +#usr/bin/gropdf #usr/bin/grops #usr/bin/grotty #usr/bin/gtbl @@ -23,6 +27,7 @@ #usr/bin/mmroff #usr/bin/neqn #usr/bin/nroff +#usr/bin/pdfmom #usr/bin/pdfroff #usr/bin/pfbtops #usr/bin/pic @@ -42,482 +47,530 @@ #usr/bin/tfmtodit #usr/bin/troff #usr/lib/groff +#usr/lib/groff/glilypond +#usr/lib/groff/glilypond/args.pl +#usr/lib/groff/glilypond/oop_fh.pl +#usr/lib/groff/glilypond/subs.pl +#usr/lib/groff/gpinyin +#usr/lib/groff/gpinyin/subs.pl +#usr/lib/groff/groff_opts_no_arg.txt +#usr/lib/groff/groff_opts_with_arg.txt #usr/lib/groff/groffer -#usr/lib/groff/groffer/func.pl +#usr/lib/groff/groffer/main_subs.pl #usr/lib/groff/groffer/man.pl -#usr/lib/groff/groffer/perl_test.pl #usr/lib/groff/groffer/split_env.sh +#usr/lib/groff/groffer/subs.pl #usr/lib/groff/groffer/version.sh +#usr/lib/groff/grog +#usr/lib/groff/grog/subs.pl +#usr/lib/groff/refer #usr/lib/groff/site-tmac -#usr/share/doc/groff-1.21 -#usr/share/doc/groff-1.21/examples -#usr/share/doc/groff-1.21/examples/chem -#usr/share/doc/groff-1.21/examples/chem/122 -#usr/share/doc/groff-1.21/examples/chem/122/README -#usr/share/doc/groff-1.21/examples/chem/122/ch2a_ethyl.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch2b_benzene.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch2c_benzene_right.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4a_stick.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4b_methyl_acetate.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4c_colon.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4d_HCl.H2O.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4e_CaSO4.2H2O.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4f_C.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4g_BP.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4h_methacrylate.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4i_cyclo.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4j_ring4.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4k_ring3.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4l_vertex.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4m_double.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4n_triple.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4o_aromatic.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4p_cholestanol.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4q_rings.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4r_spiro.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4s_heteroatoms.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4t_polycyclic.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4u_nicotine.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4v_histidine.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4w_lsd.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4x_anisole.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4y_reserpine.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4z1_eqn_glutamic.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch4z2_text.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch5a_size.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch6a_pic.chem -#usr/share/doc/groff-1.21/examples/chem/122/ch6b_dna.chem -#usr/share/doc/groff-1.21/examples/chem/122/chAa_polymer.chem -#usr/share/doc/groff-1.21/examples/chem/122/chAb_vinyl_chloro.chem -#usr/share/doc/groff-1.21/examples/chem/122/chAc_morphine.chem -#usr/share/doc/groff-1.21/examples/chem/122/chAd_chlorophyll.chem -#usr/share/doc/groff-1.21/examples/chem/122/chAe_chair.chem -#usr/share/doc/groff-1.21/examples/chem/122/chAf_arrow.chem -#usr/share/doc/groff-1.21/examples/chem/122/chAg_circle.chem -#usr/share/doc/groff-1.21/examples/chem/122/chAh_brackets.chem -#usr/share/doc/groff-1.21/examples/chem/122/chAi_poly_vinyl_chloride.chem -#usr/share/doc/groff-1.21/examples/chem/122/chBa_jump.chem -#usr/share/doc/groff-1.21/examples/chem/122/chBb_bonds.chem -#usr/share/doc/groff-1.21/examples/chem/122/chBc_rings.chem -#usr/share/doc/groff-1.21/examples/chem/README -#usr/share/doc/groff-1.21/examples/chem/atp.chem -#usr/share/doc/groff-1.21/examples/chem/cholesterin.chem -#usr/share/doc/groff-1.21/examples/chem/ethamivan.chem -#usr/share/doc/groff-1.21/examples/chem/lsd.chem -#usr/share/doc/groff-1.21/examples/chem/morphine.chem -#usr/share/doc/groff-1.21/examples/chem/penicillin.chem -#usr/share/doc/groff-1.21/examples/chem/reserpine.chem -#usr/share/doc/groff-1.21/examples/gnu.eps -#usr/share/doc/groff-1.21/examples/grnexmpl.g -#usr/share/doc/groff-1.21/examples/grnexmpl.me -#usr/share/doc/groff-1.21/examples/grnexmpl.ps -#usr/share/doc/groff-1.21/examples/groff.css -#usr/share/doc/groff-1.21/examples/hdtbl -#usr/share/doc/groff-1.21/examples/hdtbl/chess_board.ps -#usr/share/doc/groff-1.21/examples/hdtbl/chess_board.roff -#usr/share/doc/groff-1.21/examples/hdtbl/col_rowspan_colors.ps -#usr/share/doc/groff-1.21/examples/hdtbl/col_rowspan_colors.roff -#usr/share/doc/groff-1.21/examples/hdtbl/color_boxes.ps -#usr/share/doc/groff-1.21/examples/hdtbl/color_boxes.roff -#usr/share/doc/groff-1.21/examples/hdtbl/color_nested_tables.ps -#usr/share/doc/groff-1.21/examples/hdtbl/color_nested_tables.roff -#usr/share/doc/groff-1.21/examples/hdtbl/color_table_cells.ps -#usr/share/doc/groff-1.21/examples/hdtbl/color_table_cells.roff -#usr/share/doc/groff-1.21/examples/hdtbl/color_transitions.ps -#usr/share/doc/groff-1.21/examples/hdtbl/color_transitions.roff -#usr/share/doc/groff-1.21/examples/hdtbl/common.roff -#usr/share/doc/groff-1.21/examples/hdtbl/fonts_n.ps -#usr/share/doc/groff-1.21/examples/hdtbl/fonts_n.roff -#usr/share/doc/groff-1.21/examples/hdtbl/fonts_x.ps -#usr/share/doc/groff-1.21/examples/hdtbl/fonts_x.roff -#usr/share/doc/groff-1.21/examples/hdtbl/gnu.eps -#usr/share/doc/groff-1.21/examples/hdtbl/mixed_pickles.ps -#usr/share/doc/groff-1.21/examples/hdtbl/mixed_pickles.roff -#usr/share/doc/groff-1.21/examples/hdtbl/rainbow.ps -#usr/share/doc/groff-1.21/examples/hdtbl/rainbow.roff -#usr/share/doc/groff-1.21/examples/hdtbl/short_reference.ps -#usr/share/doc/groff-1.21/examples/hdtbl/short_reference.roff -#usr/share/doc/groff-1.21/examples/mom -#usr/share/doc/groff-1.21/examples/mom/README.txt -#usr/share/doc/groff-1.21/examples/mom/elvis_syntax -#usr/share/doc/groff-1.21/examples/mom/elvis_syntax.new -#usr/share/doc/groff-1.21/examples/mom/letter.mom -#usr/share/doc/groff-1.21/examples/mom/letter.ps -#usr/share/doc/groff-1.21/examples/mom/penguin.ps -#usr/share/doc/groff-1.21/examples/mom/sample_docs.mom -#usr/share/doc/groff-1.21/examples/mom/sample_docs.ps -#usr/share/doc/groff-1.21/examples/mom/typesetting.mom -#usr/share/doc/groff-1.21/examples/mom/typesetting.ps -#usr/share/doc/groff-1.21/examples/webpage.ms -#usr/share/doc/groff-1.21/examples/webpage.ps -#usr/share/doc/groff-1.21/html -#usr/share/doc/groff-1.21/html/mom -#usr/share/doc/groff-1.21/html/mom/appendices.html -#usr/share/doc/groff-1.21/html/mom/color.html -#usr/share/doc/groff-1.21/html/mom/cover.html -#usr/share/doc/groff-1.21/html/mom/definitions.html -#usr/share/doc/groff-1.21/html/mom/docelement.html -#usr/share/doc/groff-1.21/html/mom/docprocessing.html -#usr/share/doc/groff-1.21/html/mom/goodies.html -#usr/share/doc/groff-1.21/html/mom/graphical.html -#usr/share/doc/groff-1.21/html/mom/headfootpage.html -#usr/share/doc/groff-1.21/html/mom/images.html -#usr/share/doc/groff-1.21/html/mom/inlines.html -#usr/share/doc/groff-1.21/html/mom/intro.html -#usr/share/doc/groff-1.21/html/mom/letters.html -#usr/share/doc/groff-1.21/html/mom/macrolist.html -#usr/share/doc/groff-1.21/html/mom/rectoverso.html -#usr/share/doc/groff-1.21/html/mom/refer.html -#usr/share/doc/groff-1.21/html/mom/reserved.html -#usr/share/doc/groff-1.21/html/mom/stylesheet.css -#usr/share/doc/groff-1.21/html/mom/tables-of-contents.html -#usr/share/doc/groff-1.21/html/mom/toc.html -#usr/share/doc/groff-1.21/html/mom/typesetting.html -#usr/share/doc/groff-1.21/html/mom/using.html -#usr/share/doc/groff-1.21/meintro.me -#usr/share/doc/groff-1.21/meintro.ps -#usr/share/doc/groff-1.21/meref.me -#usr/share/doc/groff-1.21/meref.ps -#usr/share/doc/groff-1.21/pic.ms -#usr/share/doc/groff-1.21/pic.ps +#usr/share/doc/groff-1.22.3 +#usr/share/doc/groff-1.22.3/examples +#usr/share/doc/groff-1.22.3/examples/chem +#usr/share/doc/groff-1.22.3/examples/chem/122 +#usr/share/doc/groff-1.22.3/examples/chem/122/README +#usr/share/doc/groff-1.22.3/examples/chem/122/ch2a_ethyl.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch2b_benzene.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch2c_benzene_right.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4a_stick.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4b_methyl_acetate.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4c_colon.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4d_HCl.H2O.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4e_CaSO4.2H2O.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4f_C.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4g_BP.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4h_methacrylate.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4i_cyclo.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4j_ring4.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4k_ring3.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4l_vertex.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4m_double.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4n_triple.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4o_aromatic.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4p_cholestanol.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4q_rings.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4r_spiro.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4s_heteroatoms.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4t_polycyclic.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4u_nicotine.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4v_histidine.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4w_lsd.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4x_anisole.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4y_reserpine.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4z1_eqn_glutamic.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch4z2_text.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch5a_size.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch6a_pic.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/ch6b_dna.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chAa_polymer.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chAb_vinyl_chloro.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chAc_morphine.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chAd_chlorophyll.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chAe_chair.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chAf_arrow.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chAg_circle.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chAh_brackets.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chAi_poly_vinyl_chloride.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chBa_jump.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chBb_bonds.chem +#usr/share/doc/groff-1.22.3/examples/chem/122/chBc_rings.chem +#usr/share/doc/groff-1.22.3/examples/chem/README +#usr/share/doc/groff-1.22.3/examples/chem/atp.chem +#usr/share/doc/groff-1.22.3/examples/chem/cholesterin.chem +#usr/share/doc/groff-1.22.3/examples/chem/ethamivan.chem +#usr/share/doc/groff-1.22.3/examples/chem/lsd.chem +#usr/share/doc/groff-1.22.3/examples/chem/morphine.chem +#usr/share/doc/groff-1.22.3/examples/chem/penicillin.chem +#usr/share/doc/groff-1.22.3/examples/chem/reserpine.chem +#usr/share/doc/groff-1.22.3/examples/gnu.eps +#usr/share/doc/groff-1.22.3/examples/grnexmpl.g +#usr/share/doc/groff-1.22.3/examples/grnexmpl.me +#usr/share/doc/groff-1.22.3/examples/grnexmpl.ps +#usr/share/doc/groff-1.22.3/examples/groff.css +#usr/share/doc/groff-1.22.3/examples/hdtbl +#usr/share/doc/groff-1.22.3/examples/hdtbl/chess_board.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/chess_board.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/col_rowspan_colors.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/col_rowspan_colors.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/color_boxes.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/color_boxes.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/color_nested_tables.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/color_nested_tables.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/color_table_cells.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/color_table_cells.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/color_transitions.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/color_transitions.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/common.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/fonts_n.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/fonts_n.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/fonts_x.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/fonts_x.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/gnu.eps +#usr/share/doc/groff-1.22.3/examples/hdtbl/mixed_pickles.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/mixed_pickles.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/rainbow.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/rainbow.roff +#usr/share/doc/groff-1.22.3/examples/hdtbl/short_reference.ps +#usr/share/doc/groff-1.22.3/examples/hdtbl/short_reference.roff +#usr/share/doc/groff-1.22.3/examples/mom +#usr/share/doc/groff-1.22.3/examples/mom/README.txt +#usr/share/doc/groff-1.22.3/examples/mom/elvis_syntax +#usr/share/doc/groff-1.22.3/examples/mom/elvis_syntax.new +#usr/share/doc/groff-1.22.3/examples/mom/letter.mom +#usr/share/doc/groff-1.22.3/examples/mom/mom-pdf.mom +#usr/share/doc/groff-1.22.3/examples/mom/mom.vim +#usr/share/doc/groff-1.22.3/examples/mom/penguin.pdf +#usr/share/doc/groff-1.22.3/examples/mom/penguin.ps +#usr/share/doc/groff-1.22.3/examples/mom/sample_docs.mom +#usr/share/doc/groff-1.22.3/examples/mom/typesetting.mom +#usr/share/doc/groff-1.22.3/examples/webpage.ms +#usr/share/doc/groff-1.22.3/examples/webpage.ps +#usr/share/doc/groff-1.22.3/html +#usr/share/doc/groff-1.22.3/html/mom +#usr/share/doc/groff-1.22.3/html/mom/appendices.html +#usr/share/doc/groff-1.22.3/html/mom/color.html +#usr/share/doc/groff-1.22.3/html/mom/cover.html +#usr/share/doc/groff-1.22.3/html/mom/definitions.html +#usr/share/doc/groff-1.22.3/html/mom/docelement.html +#usr/share/doc/groff-1.22.3/html/mom/docprocessing.html +#usr/share/doc/groff-1.22.3/html/mom/goodies.html +#usr/share/doc/groff-1.22.3/html/mom/graphical.html +#usr/share/doc/groff-1.22.3/html/mom/headfootpage.html +#usr/share/doc/groff-1.22.3/html/mom/images.html +#usr/share/doc/groff-1.22.3/html/mom/inlines.html +#usr/share/doc/groff-1.22.3/html/mom/intro.html +#usr/share/doc/groff-1.22.3/html/mom/letters.html +#usr/share/doc/groff-1.22.3/html/mom/macrolist.html +#usr/share/doc/groff-1.22.3/html/mom/rectoverso.html +#usr/share/doc/groff-1.22.3/html/mom/refer.html +#usr/share/doc/groff-1.22.3/html/mom/reserved.html +#usr/share/doc/groff-1.22.3/html/mom/stylesheet.css +#usr/share/doc/groff-1.22.3/html/mom/tables-of-contents.html +#usr/share/doc/groff-1.22.3/html/mom/toc.html +#usr/share/doc/groff-1.22.3/html/mom/typesetting.html +#usr/share/doc/groff-1.22.3/html/mom/using.html +#usr/share/doc/groff-1.22.3/html/mom/version-2.html +#usr/share/doc/groff-1.22.3/meintro.me +#usr/share/doc/groff-1.22.3/meintro.ps +#usr/share/doc/groff-1.22.3/meintro_fr.me +#usr/share/doc/groff-1.22.3/meintro_fr.ps +#usr/share/doc/groff-1.22.3/meref.me +#usr/share/doc/groff-1.22.3/meref.ps +#usr/share/doc/groff-1.22.3/pic.ms +#usr/share/doc/groff-1.22.3/pic.ps #usr/share/groff -#usr/share/groff/1.21 -#usr/share/groff/1.21/eign -#usr/share/groff/1.21/font -#usr/share/groff/1.21/font/devascii -#usr/share/groff/1.21/font/devascii/B -#usr/share/groff/1.21/font/devascii/BI -#usr/share/groff/1.21/font/devascii/DESC -#usr/share/groff/1.21/font/devascii/I -#usr/share/groff/1.21/font/devascii/R -#usr/share/groff/1.21/font/devdvi -#usr/share/groff/1.21/font/devdvi/CW -#usr/share/groff/1.21/font/devdvi/CWEC -#usr/share/groff/1.21/font/devdvi/CWI -#usr/share/groff/1.21/font/devdvi/CWIEC -#usr/share/groff/1.21/font/devdvi/CWITC -#usr/share/groff/1.21/font/devdvi/CWTC -#usr/share/groff/1.21/font/devdvi/DESC -#usr/share/groff/1.21/font/devdvi/EX -#usr/share/groff/1.21/font/devdvi/HB -#usr/share/groff/1.21/font/devdvi/HBEC -#usr/share/groff/1.21/font/devdvi/HBI -#usr/share/groff/1.21/font/devdvi/HBIEC -#usr/share/groff/1.21/font/devdvi/HBITC -#usr/share/groff/1.21/font/devdvi/HBTC -#usr/share/groff/1.21/font/devdvi/HI -#usr/share/groff/1.21/font/devdvi/HIEC -#usr/share/groff/1.21/font/devdvi/HITC -#usr/share/groff/1.21/font/devdvi/HR -#usr/share/groff/1.21/font/devdvi/HREC -#usr/share/groff/1.21/font/devdvi/HRTC -#usr/share/groff/1.21/font/devdvi/MI -#usr/share/groff/1.21/font/devdvi/S -#usr/share/groff/1.21/font/devdvi/SA -#usr/share/groff/1.21/font/devdvi/SB -#usr/share/groff/1.21/font/devdvi/SC -#usr/share/groff/1.21/font/devdvi/TB -#usr/share/groff/1.21/font/devdvi/TBEC -#usr/share/groff/1.21/font/devdvi/TBI -#usr/share/groff/1.21/font/devdvi/TBIEC -#usr/share/groff/1.21/font/devdvi/TBITC -#usr/share/groff/1.21/font/devdvi/TBTC -#usr/share/groff/1.21/font/devdvi/TI -#usr/share/groff/1.21/font/devdvi/TIEC -#usr/share/groff/1.21/font/devdvi/TITC -#usr/share/groff/1.21/font/devdvi/TR -#usr/share/groff/1.21/font/devdvi/TREC -#usr/share/groff/1.21/font/devdvi/TRTC -#usr/share/groff/1.21/font/devdvi/generate -#usr/share/groff/1.21/font/devdvi/generate/CompileFonts -#usr/share/groff/1.21/font/devdvi/generate/Makefile -#usr/share/groff/1.21/font/devdvi/generate/ec.map -#usr/share/groff/1.21/font/devdvi/generate/msam.map -#usr/share/groff/1.21/font/devdvi/generate/msbm.map -#usr/share/groff/1.21/font/devdvi/generate/tc.map -#usr/share/groff/1.21/font/devdvi/generate/texb.map -#usr/share/groff/1.21/font/devdvi/generate/texex.map -#usr/share/groff/1.21/font/devdvi/generate/texi.map -#usr/share/groff/1.21/font/devdvi/generate/texmi.map -#usr/share/groff/1.21/font/devdvi/generate/texr.map -#usr/share/groff/1.21/font/devdvi/generate/texsy.map -#usr/share/groff/1.21/font/devdvi/generate/textex.map -#usr/share/groff/1.21/font/devdvi/generate/textt.map -#usr/share/groff/1.21/font/devhtml -#usr/share/groff/1.21/font/devhtml/B -#usr/share/groff/1.21/font/devhtml/BI -#usr/share/groff/1.21/font/devhtml/CB -#usr/share/groff/1.21/font/devhtml/CBI -#usr/share/groff/1.21/font/devhtml/CI -#usr/share/groff/1.21/font/devhtml/CR -#usr/share/groff/1.21/font/devhtml/DESC -#usr/share/groff/1.21/font/devhtml/I -#usr/share/groff/1.21/font/devhtml/R -#usr/share/groff/1.21/font/devhtml/S -#usr/share/groff/1.21/font/devlatin1 -#usr/share/groff/1.21/font/devlatin1/B -#usr/share/groff/1.21/font/devlatin1/BI -#usr/share/groff/1.21/font/devlatin1/DESC -#usr/share/groff/1.21/font/devlatin1/I -#usr/share/groff/1.21/font/devlatin1/R -#usr/share/groff/1.21/font/devlbp -#usr/share/groff/1.21/font/devlbp/CB -#usr/share/groff/1.21/font/devlbp/CI -#usr/share/groff/1.21/font/devlbp/CR -#usr/share/groff/1.21/font/devlbp/DESC -#usr/share/groff/1.21/font/devlbp/EB -#usr/share/groff/1.21/font/devlbp/EI -#usr/share/groff/1.21/font/devlbp/ER -#usr/share/groff/1.21/font/devlbp/HB -#usr/share/groff/1.21/font/devlbp/HBI -#usr/share/groff/1.21/font/devlbp/HI -#usr/share/groff/1.21/font/devlbp/HNB -#usr/share/groff/1.21/font/devlbp/HNBI -#usr/share/groff/1.21/font/devlbp/HNI -#usr/share/groff/1.21/font/devlbp/HNR -#usr/share/groff/1.21/font/devlbp/HR -#usr/share/groff/1.21/font/devlbp/TB -#usr/share/groff/1.21/font/devlbp/TBI -#usr/share/groff/1.21/font/devlbp/TI -#usr/share/groff/1.21/font/devlbp/TR -#usr/share/groff/1.21/font/devlj4 -#usr/share/groff/1.21/font/devlj4/AB -#usr/share/groff/1.21/font/devlj4/ABI -#usr/share/groff/1.21/font/devlj4/AI -#usr/share/groff/1.21/font/devlj4/ALBB -#usr/share/groff/1.21/font/devlj4/ALBR -#usr/share/groff/1.21/font/devlj4/AOB -#usr/share/groff/1.21/font/devlj4/AOI -#usr/share/groff/1.21/font/devlj4/AOR -#usr/share/groff/1.21/font/devlj4/AR -#usr/share/groff/1.21/font/devlj4/CB -#usr/share/groff/1.21/font/devlj4/CBI -#usr/share/groff/1.21/font/devlj4/CI -#usr/share/groff/1.21/font/devlj4/CLARENDON -#usr/share/groff/1.21/font/devlj4/CORONET -#usr/share/groff/1.21/font/devlj4/CR -#usr/share/groff/1.21/font/devlj4/DESC -#usr/share/groff/1.21/font/devlj4/GB -#usr/share/groff/1.21/font/devlj4/GBI -#usr/share/groff/1.21/font/devlj4/GI -#usr/share/groff/1.21/font/devlj4/GR -#usr/share/groff/1.21/font/devlj4/LGB -#usr/share/groff/1.21/font/devlj4/LGI -#usr/share/groff/1.21/font/devlj4/LGR -#usr/share/groff/1.21/font/devlj4/MARIGOLD -#usr/share/groff/1.21/font/devlj4/OB -#usr/share/groff/1.21/font/devlj4/OBI -#usr/share/groff/1.21/font/devlj4/OI -#usr/share/groff/1.21/font/devlj4/OR -#usr/share/groff/1.21/font/devlj4/S -#usr/share/groff/1.21/font/devlj4/SYMBOL -#usr/share/groff/1.21/font/devlj4/TB -#usr/share/groff/1.21/font/devlj4/TBI -#usr/share/groff/1.21/font/devlj4/TI -#usr/share/groff/1.21/font/devlj4/TNRB -#usr/share/groff/1.21/font/devlj4/TNRBI -#usr/share/groff/1.21/font/devlj4/TNRI -#usr/share/groff/1.21/font/devlj4/TNRR -#usr/share/groff/1.21/font/devlj4/TR -#usr/share/groff/1.21/font/devlj4/UB -#usr/share/groff/1.21/font/devlj4/UBI -#usr/share/groff/1.21/font/devlj4/UCB -#usr/share/groff/1.21/font/devlj4/UCBI -#usr/share/groff/1.21/font/devlj4/UCI -#usr/share/groff/1.21/font/devlj4/UCR -#usr/share/groff/1.21/font/devlj4/UI -#usr/share/groff/1.21/font/devlj4/UR -#usr/share/groff/1.21/font/devlj4/WINGDINGS -#usr/share/groff/1.21/font/devlj4/generate -#usr/share/groff/1.21/font/devlj4/generate/Makefile -#usr/share/groff/1.21/font/devlj4/generate/special.awk -#usr/share/groff/1.21/font/devlj4/generate/special.map -#usr/share/groff/1.21/font/devlj4/generate/symbol.map -#usr/share/groff/1.21/font/devlj4/generate/text.map -#usr/share/groff/1.21/font/devlj4/generate/wingdings.map -#usr/share/groff/1.21/font/devps -#usr/share/groff/1.21/font/devps/AB -#usr/share/groff/1.21/font/devps/ABI -#usr/share/groff/1.21/font/devps/AI -#usr/share/groff/1.21/font/devps/AR -#usr/share/groff/1.21/font/devps/BMB -#usr/share/groff/1.21/font/devps/BMBI -#usr/share/groff/1.21/font/devps/BMI -#usr/share/groff/1.21/font/devps/BMR -#usr/share/groff/1.21/font/devps/CB -#usr/share/groff/1.21/font/devps/CBI -#usr/share/groff/1.21/font/devps/CI -#usr/share/groff/1.21/font/devps/CR -#usr/share/groff/1.21/font/devps/DESC -#usr/share/groff/1.21/font/devps/EURO -#usr/share/groff/1.21/font/devps/HB -#usr/share/groff/1.21/font/devps/HBI -#usr/share/groff/1.21/font/devps/HI -#usr/share/groff/1.21/font/devps/HNB -#usr/share/groff/1.21/font/devps/HNBI -#usr/share/groff/1.21/font/devps/HNI -#usr/share/groff/1.21/font/devps/HNR -#usr/share/groff/1.21/font/devps/HR -#usr/share/groff/1.21/font/devps/NB -#usr/share/groff/1.21/font/devps/NBI -#usr/share/groff/1.21/font/devps/NI -#usr/share/groff/1.21/font/devps/NR -#usr/share/groff/1.21/font/devps/PB -#usr/share/groff/1.21/font/devps/PBI -#usr/share/groff/1.21/font/devps/PI -#usr/share/groff/1.21/font/devps/PR -#usr/share/groff/1.21/font/devps/S -#usr/share/groff/1.21/font/devps/SS -#usr/share/groff/1.21/font/devps/TB -#usr/share/groff/1.21/font/devps/TBI -#usr/share/groff/1.21/font/devps/TI -#usr/share/groff/1.21/font/devps/TR -#usr/share/groff/1.21/font/devps/ZCMI -#usr/share/groff/1.21/font/devps/ZD -#usr/share/groff/1.21/font/devps/ZDR -#usr/share/groff/1.21/font/devps/download -#usr/share/groff/1.21/font/devps/freeeuro.afm -#usr/share/groff/1.21/font/devps/freeeuro.pfa -#usr/share/groff/1.21/font/devps/generate -#usr/share/groff/1.21/font/devps/generate/Makefile -#usr/share/groff/1.21/font/devps/generate/afmname -#usr/share/groff/1.21/font/devps/generate/dingbats.map -#usr/share/groff/1.21/font/devps/generate/dingbats.rmap -#usr/share/groff/1.21/font/devps/generate/lgreekmap -#usr/share/groff/1.21/font/devps/generate/symbol.sed -#usr/share/groff/1.21/font/devps/generate/symbolchars -#usr/share/groff/1.21/font/devps/generate/symbolsl.afm -#usr/share/groff/1.21/font/devps/generate/textmap -#usr/share/groff/1.21/font/devps/prologue -#usr/share/groff/1.21/font/devps/symbolsl.pfa -#usr/share/groff/1.21/font/devps/text.enc -#usr/share/groff/1.21/font/devps/zapfdr.pfa -#usr/share/groff/1.21/font/devutf8 -#usr/share/groff/1.21/font/devutf8/B -#usr/share/groff/1.21/font/devutf8/BI -#usr/share/groff/1.21/font/devutf8/DESC -#usr/share/groff/1.21/font/devutf8/I -#usr/share/groff/1.21/font/devutf8/R -#usr/share/groff/1.21/oldfont -#usr/share/groff/1.21/oldfont/devps -#usr/share/groff/1.21/oldfont/devps/CB -#usr/share/groff/1.21/oldfont/devps/CBI -#usr/share/groff/1.21/oldfont/devps/CI -#usr/share/groff/1.21/oldfont/devps/CR -#usr/share/groff/1.21/oldfont/devps/HB -#usr/share/groff/1.21/oldfont/devps/HBI -#usr/share/groff/1.21/oldfont/devps/HI -#usr/share/groff/1.21/oldfont/devps/HNB -#usr/share/groff/1.21/oldfont/devps/HNBI -#usr/share/groff/1.21/oldfont/devps/HNI -#usr/share/groff/1.21/oldfont/devps/HNR -#usr/share/groff/1.21/oldfont/devps/HR -#usr/share/groff/1.21/oldfont/devps/NB -#usr/share/groff/1.21/oldfont/devps/NBI -#usr/share/groff/1.21/oldfont/devps/NI -#usr/share/groff/1.21/oldfont/devps/NR -#usr/share/groff/1.21/oldfont/devps/PB -#usr/share/groff/1.21/oldfont/devps/PBI -#usr/share/groff/1.21/oldfont/devps/PI -#usr/share/groff/1.21/oldfont/devps/PR -#usr/share/groff/1.21/oldfont/devps/S -#usr/share/groff/1.21/oldfont/devps/SS -#usr/share/groff/1.21/oldfont/devps/TB -#usr/share/groff/1.21/oldfont/devps/TBI -#usr/share/groff/1.21/oldfont/devps/TI -#usr/share/groff/1.21/oldfont/devps/TR -#usr/share/groff/1.21/oldfont/devps/symbol.afm -#usr/share/groff/1.21/oldfont/devps/symbolsl.afm -#usr/share/groff/1.21/oldfont/devps/zapfdr.afm -#usr/share/groff/1.21/oldfont/devps/zapfdr.ps -#usr/share/groff/1.21/pic -#usr/share/groff/1.21/pic/chem.pic -#usr/share/groff/1.21/tmac -#usr/share/groff/1.21/tmac/62bit.tmac -#usr/share/groff/1.21/tmac/X.tmac -#usr/share/groff/1.21/tmac/Xps.tmac -#usr/share/groff/1.21/tmac/a4.tmac -#usr/share/groff/1.21/tmac/an-ext.tmac -#usr/share/groff/1.21/tmac/an-old.tmac -#usr/share/groff/1.21/tmac/an.tmac -#usr/share/groff/1.21/tmac/andoc.tmac -#usr/share/groff/1.21/tmac/composite.tmac -#usr/share/groff/1.21/tmac/cp1047.tmac -#usr/share/groff/1.21/tmac/cs.tmac -#usr/share/groff/1.21/tmac/de.tmac -#usr/share/groff/1.21/tmac/den.tmac -#usr/share/groff/1.21/tmac/devtag.tmac -#usr/share/groff/1.21/tmac/doc-old.tmac -#usr/share/groff/1.21/tmac/doc.tmac -#usr/share/groff/1.21/tmac/dvi.tmac -#usr/share/groff/1.21/tmac/e.tmac -#usr/share/groff/1.21/tmac/ec.tmac -#usr/share/groff/1.21/tmac/eqnrc -#usr/share/groff/1.21/tmac/europs.tmac -#usr/share/groff/1.21/tmac/fr.tmac -#usr/share/groff/1.21/tmac/hdmisc.tmac -#usr/share/groff/1.21/tmac/hdtbl.tmac -#usr/share/groff/1.21/tmac/html-end.tmac -#usr/share/groff/1.21/tmac/html.tmac -#usr/share/groff/1.21/tmac/hyphen.cs -#usr/share/groff/1.21/tmac/hyphen.den -#usr/share/groff/1.21/tmac/hyphen.det -#usr/share/groff/1.21/tmac/hyphen.fr -#usr/share/groff/1.21/tmac/hyphen.sv -#usr/share/groff/1.21/tmac/hyphen.us -#usr/share/groff/1.21/tmac/hyphenex.cs -#usr/share/groff/1.21/tmac/hyphenex.det -#usr/share/groff/1.21/tmac/hyphenex.us -#usr/share/groff/1.21/tmac/ja.tmac -#usr/share/groff/1.21/tmac/latin1.tmac -#usr/share/groff/1.21/tmac/latin2.tmac -#usr/share/groff/1.21/tmac/latin5.tmac -#usr/share/groff/1.21/tmac/latin9.tmac -#usr/share/groff/1.21/tmac/lbp.tmac -#usr/share/groff/1.21/tmac/lj4.tmac -#usr/share/groff/1.21/tmac/m.tmac -#usr/share/groff/1.21/tmac/man.tmac -#usr/share/groff/1.21/tmac/mandoc.tmac -#usr/share/groff/1.21/tmac/mdoc -#usr/share/groff/1.21/tmac/mdoc.tmac -#usr/share/groff/1.21/tmac/mdoc/doc-common -#usr/share/groff/1.21/tmac/mdoc/doc-ditroff -#usr/share/groff/1.21/tmac/mdoc/doc-nroff -#usr/share/groff/1.21/tmac/mdoc/doc-syms -#usr/share/groff/1.21/tmac/me.tmac -#usr/share/groff/1.21/tmac/mm -#usr/share/groff/1.21/tmac/mm.tmac -#usr/share/groff/1.21/tmac/mm/0.MT -#usr/share/groff/1.21/tmac/mm/4.MT -#usr/share/groff/1.21/tmac/mm/5.MT -#usr/share/groff/1.21/tmac/mm/locale -#usr/share/groff/1.21/tmac/mm/ms.cov -#usr/share/groff/1.21/tmac/mm/se_locale -#usr/share/groff/1.21/tmac/mm/se_ms.cov -#usr/share/groff/1.21/tmac/mmse.tmac -#usr/share/groff/1.21/tmac/mom.tmac -#usr/share/groff/1.21/tmac/ms.tmac -#usr/share/groff/1.21/tmac/mse.tmac -#usr/share/groff/1.21/tmac/om.tmac -#usr/share/groff/1.21/tmac/papersize.tmac -#usr/share/groff/1.21/tmac/pdfmark.tmac -#usr/share/groff/1.21/tmac/pic.tmac -#usr/share/groff/1.21/tmac/ps.tmac -#usr/share/groff/1.21/tmac/psatk.tmac -#usr/share/groff/1.21/tmac/psold.tmac -#usr/share/groff/1.21/tmac/pspic.tmac -#usr/share/groff/1.21/tmac/s.tmac -#usr/share/groff/1.21/tmac/safer.tmac -#usr/share/groff/1.21/tmac/spdf.tmac -#usr/share/groff/1.21/tmac/sv.tmac -#usr/share/groff/1.21/tmac/trace.tmac -#usr/share/groff/1.21/tmac/trans.tmac -#usr/share/groff/1.21/tmac/troffrc -#usr/share/groff/1.21/tmac/troffrc-end -#usr/share/groff/1.21/tmac/tty-char.tmac -#usr/share/groff/1.21/tmac/tty.tmac -#usr/share/groff/1.21/tmac/unicode.tmac -#usr/share/groff/1.21/tmac/www.tmac +#usr/share/groff/1.22.3 +#usr/share/groff/1.22.3/eign +#usr/share/groff/1.22.3/font +#usr/share/groff/1.22.3/font/devascii +#usr/share/groff/1.22.3/font/devascii/B +#usr/share/groff/1.22.3/font/devascii/BI +#usr/share/groff/1.22.3/font/devascii/DESC +#usr/share/groff/1.22.3/font/devascii/I +#usr/share/groff/1.22.3/font/devascii/R +#usr/share/groff/1.22.3/font/devdvi +#usr/share/groff/1.22.3/font/devdvi/CW +#usr/share/groff/1.22.3/font/devdvi/CWEC +#usr/share/groff/1.22.3/font/devdvi/CWI +#usr/share/groff/1.22.3/font/devdvi/CWIEC +#usr/share/groff/1.22.3/font/devdvi/CWITC +#usr/share/groff/1.22.3/font/devdvi/CWTC +#usr/share/groff/1.22.3/font/devdvi/DESC +#usr/share/groff/1.22.3/font/devdvi/EX +#usr/share/groff/1.22.3/font/devdvi/HB +#usr/share/groff/1.22.3/font/devdvi/HBEC +#usr/share/groff/1.22.3/font/devdvi/HBI +#usr/share/groff/1.22.3/font/devdvi/HBIEC +#usr/share/groff/1.22.3/font/devdvi/HBITC +#usr/share/groff/1.22.3/font/devdvi/HBTC +#usr/share/groff/1.22.3/font/devdvi/HI +#usr/share/groff/1.22.3/font/devdvi/HIEC +#usr/share/groff/1.22.3/font/devdvi/HITC +#usr/share/groff/1.22.3/font/devdvi/HR +#usr/share/groff/1.22.3/font/devdvi/HREC +#usr/share/groff/1.22.3/font/devdvi/HRTC +#usr/share/groff/1.22.3/font/devdvi/MI +#usr/share/groff/1.22.3/font/devdvi/S +#usr/share/groff/1.22.3/font/devdvi/SA +#usr/share/groff/1.22.3/font/devdvi/SB +#usr/share/groff/1.22.3/font/devdvi/SC +#usr/share/groff/1.22.3/font/devdvi/TB +#usr/share/groff/1.22.3/font/devdvi/TBEC +#usr/share/groff/1.22.3/font/devdvi/TBI +#usr/share/groff/1.22.3/font/devdvi/TBIEC +#usr/share/groff/1.22.3/font/devdvi/TBITC +#usr/share/groff/1.22.3/font/devdvi/TBTC +#usr/share/groff/1.22.3/font/devdvi/TI +#usr/share/groff/1.22.3/font/devdvi/TIEC +#usr/share/groff/1.22.3/font/devdvi/TITC +#usr/share/groff/1.22.3/font/devdvi/TR +#usr/share/groff/1.22.3/font/devdvi/TREC +#usr/share/groff/1.22.3/font/devdvi/TRTC +#usr/share/groff/1.22.3/font/devdvi/generate +#usr/share/groff/1.22.3/font/devdvi/generate/CompileFonts +#usr/share/groff/1.22.3/font/devdvi/generate/Makefile +#usr/share/groff/1.22.3/font/devdvi/generate/ec.map +#usr/share/groff/1.22.3/font/devdvi/generate/msam.map +#usr/share/groff/1.22.3/font/devdvi/generate/msbm.map +#usr/share/groff/1.22.3/font/devdvi/generate/tc.map +#usr/share/groff/1.22.3/font/devdvi/generate/texb.map +#usr/share/groff/1.22.3/font/devdvi/generate/texex.map +#usr/share/groff/1.22.3/font/devdvi/generate/texi.map +#usr/share/groff/1.22.3/font/devdvi/generate/texmi.map +#usr/share/groff/1.22.3/font/devdvi/generate/texr.map +#usr/share/groff/1.22.3/font/devdvi/generate/texsy.map +#usr/share/groff/1.22.3/font/devdvi/generate/textex.map +#usr/share/groff/1.22.3/font/devdvi/generate/textt.map +#usr/share/groff/1.22.3/font/devhtml +#usr/share/groff/1.22.3/font/devhtml/B +#usr/share/groff/1.22.3/font/devhtml/BI +#usr/share/groff/1.22.3/font/devhtml/CB +#usr/share/groff/1.22.3/font/devhtml/CBI +#usr/share/groff/1.22.3/font/devhtml/CI +#usr/share/groff/1.22.3/font/devhtml/CR +#usr/share/groff/1.22.3/font/devhtml/DESC +#usr/share/groff/1.22.3/font/devhtml/I +#usr/share/groff/1.22.3/font/devhtml/R +#usr/share/groff/1.22.3/font/devhtml/S +#usr/share/groff/1.22.3/font/devlatin1 +#usr/share/groff/1.22.3/font/devlatin1/B +#usr/share/groff/1.22.3/font/devlatin1/BI +#usr/share/groff/1.22.3/font/devlatin1/DESC +#usr/share/groff/1.22.3/font/devlatin1/I +#usr/share/groff/1.22.3/font/devlatin1/R +#usr/share/groff/1.22.3/font/devlbp +#usr/share/groff/1.22.3/font/devlbp/CB +#usr/share/groff/1.22.3/font/devlbp/CI +#usr/share/groff/1.22.3/font/devlbp/CR +#usr/share/groff/1.22.3/font/devlbp/DESC +#usr/share/groff/1.22.3/font/devlbp/EB +#usr/share/groff/1.22.3/font/devlbp/EI +#usr/share/groff/1.22.3/font/devlbp/ER +#usr/share/groff/1.22.3/font/devlbp/HB +#usr/share/groff/1.22.3/font/devlbp/HBI +#usr/share/groff/1.22.3/font/devlbp/HI +#usr/share/groff/1.22.3/font/devlbp/HNB +#usr/share/groff/1.22.3/font/devlbp/HNBI +#usr/share/groff/1.22.3/font/devlbp/HNI +#usr/share/groff/1.22.3/font/devlbp/HNR +#usr/share/groff/1.22.3/font/devlbp/HR +#usr/share/groff/1.22.3/font/devlbp/TB +#usr/share/groff/1.22.3/font/devlbp/TBI +#usr/share/groff/1.22.3/font/devlbp/TI +#usr/share/groff/1.22.3/font/devlbp/TR +#usr/share/groff/1.22.3/font/devlj4 +#usr/share/groff/1.22.3/font/devlj4/AB +#usr/share/groff/1.22.3/font/devlj4/ABI +#usr/share/groff/1.22.3/font/devlj4/AI +#usr/share/groff/1.22.3/font/devlj4/ALBB +#usr/share/groff/1.22.3/font/devlj4/ALBR +#usr/share/groff/1.22.3/font/devlj4/AOB +#usr/share/groff/1.22.3/font/devlj4/AOI +#usr/share/groff/1.22.3/font/devlj4/AOR +#usr/share/groff/1.22.3/font/devlj4/AR +#usr/share/groff/1.22.3/font/devlj4/CB +#usr/share/groff/1.22.3/font/devlj4/CBI +#usr/share/groff/1.22.3/font/devlj4/CI +#usr/share/groff/1.22.3/font/devlj4/CLARENDON +#usr/share/groff/1.22.3/font/devlj4/CORONET +#usr/share/groff/1.22.3/font/devlj4/CR +#usr/share/groff/1.22.3/font/devlj4/DESC +#usr/share/groff/1.22.3/font/devlj4/GB +#usr/share/groff/1.22.3/font/devlj4/GBI +#usr/share/groff/1.22.3/font/devlj4/GI +#usr/share/groff/1.22.3/font/devlj4/GR +#usr/share/groff/1.22.3/font/devlj4/LGB +#usr/share/groff/1.22.3/font/devlj4/LGI +#usr/share/groff/1.22.3/font/devlj4/LGR +#usr/share/groff/1.22.3/font/devlj4/MARIGOLD +#usr/share/groff/1.22.3/font/devlj4/OB +#usr/share/groff/1.22.3/font/devlj4/OBI +#usr/share/groff/1.22.3/font/devlj4/OI +#usr/share/groff/1.22.3/font/devlj4/OR +#usr/share/groff/1.22.3/font/devlj4/S +#usr/share/groff/1.22.3/font/devlj4/SYMBOL +#usr/share/groff/1.22.3/font/devlj4/TB +#usr/share/groff/1.22.3/font/devlj4/TBI +#usr/share/groff/1.22.3/font/devlj4/TI +#usr/share/groff/1.22.3/font/devlj4/TNRB +#usr/share/groff/1.22.3/font/devlj4/TNRBI +#usr/share/groff/1.22.3/font/devlj4/TNRI +#usr/share/groff/1.22.3/font/devlj4/TNRR +#usr/share/groff/1.22.3/font/devlj4/TR +#usr/share/groff/1.22.3/font/devlj4/UB +#usr/share/groff/1.22.3/font/devlj4/UBI +#usr/share/groff/1.22.3/font/devlj4/UCB +#usr/share/groff/1.22.3/font/devlj4/UCBI +#usr/share/groff/1.22.3/font/devlj4/UCI +#usr/share/groff/1.22.3/font/devlj4/UCR +#usr/share/groff/1.22.3/font/devlj4/UI +#usr/share/groff/1.22.3/font/devlj4/UR +#usr/share/groff/1.22.3/font/devlj4/WINGDINGS +#usr/share/groff/1.22.3/font/devlj4/generate +#usr/share/groff/1.22.3/font/devlj4/generate/Makefile +#usr/share/groff/1.22.3/font/devlj4/generate/special.awk +#usr/share/groff/1.22.3/font/devlj4/generate/special.map +#usr/share/groff/1.22.3/font/devlj4/generate/symbol.map +#usr/share/groff/1.22.3/font/devlj4/generate/text.map +#usr/share/groff/1.22.3/font/devlj4/generate/wingdings.map +#usr/share/groff/1.22.3/font/devpdf +#usr/share/groff/1.22.3/font/devpdf/CB +#usr/share/groff/1.22.3/font/devpdf/CBI +#usr/share/groff/1.22.3/font/devpdf/CI +#usr/share/groff/1.22.3/font/devpdf/CR +#usr/share/groff/1.22.3/font/devpdf/DESC +#usr/share/groff/1.22.3/font/devpdf/EURO +#usr/share/groff/1.22.3/font/devpdf/Foundry +#usr/share/groff/1.22.3/font/devpdf/HB +#usr/share/groff/1.22.3/font/devpdf/HBI +#usr/share/groff/1.22.3/font/devpdf/HI +#usr/share/groff/1.22.3/font/devpdf/HR +#usr/share/groff/1.22.3/font/devpdf/S +#usr/share/groff/1.22.3/font/devpdf/TB +#usr/share/groff/1.22.3/font/devpdf/TBI +#usr/share/groff/1.22.3/font/devpdf/TI +#usr/share/groff/1.22.3/font/devpdf/TR +#usr/share/groff/1.22.3/font/devpdf/ZD +#usr/share/groff/1.22.3/font/devpdf/download +#usr/share/groff/1.22.3/font/devpdf/enc +#usr/share/groff/1.22.3/font/devpdf/enc/text.enc +#usr/share/groff/1.22.3/font/devpdf/map +#usr/share/groff/1.22.3/font/devpdf/map/dingbats.map +#usr/share/groff/1.22.3/font/devpdf/map/symbolchars +#usr/share/groff/1.22.3/font/devpdf/map/symbolmap +#usr/share/groff/1.22.3/font/devpdf/map/textmap +#usr/share/groff/1.22.3/font/devpdf/util +#usr/share/groff/1.22.3/font/devpdf/util/BuildFoundries +#usr/share/groff/1.22.3/font/devps +#usr/share/groff/1.22.3/font/devps/AB +#usr/share/groff/1.22.3/font/devps/ABI +#usr/share/groff/1.22.3/font/devps/AI +#usr/share/groff/1.22.3/font/devps/AR +#usr/share/groff/1.22.3/font/devps/BMB +#usr/share/groff/1.22.3/font/devps/BMBI +#usr/share/groff/1.22.3/font/devps/BMI +#usr/share/groff/1.22.3/font/devps/BMR +#usr/share/groff/1.22.3/font/devps/CB +#usr/share/groff/1.22.3/font/devps/CBI +#usr/share/groff/1.22.3/font/devps/CI +#usr/share/groff/1.22.3/font/devps/CR +#usr/share/groff/1.22.3/font/devps/DESC +#usr/share/groff/1.22.3/font/devps/EURO +#usr/share/groff/1.22.3/font/devps/HB +#usr/share/groff/1.22.3/font/devps/HBI +#usr/share/groff/1.22.3/font/devps/HI +#usr/share/groff/1.22.3/font/devps/HNB +#usr/share/groff/1.22.3/font/devps/HNBI +#usr/share/groff/1.22.3/font/devps/HNI +#usr/share/groff/1.22.3/font/devps/HNR +#usr/share/groff/1.22.3/font/devps/HR +#usr/share/groff/1.22.3/font/devps/NB +#usr/share/groff/1.22.3/font/devps/NBI +#usr/share/groff/1.22.3/font/devps/NI +#usr/share/groff/1.22.3/font/devps/NR +#usr/share/groff/1.22.3/font/devps/PB +#usr/share/groff/1.22.3/font/devps/PBI +#usr/share/groff/1.22.3/font/devps/PI +#usr/share/groff/1.22.3/font/devps/PR +#usr/share/groff/1.22.3/font/devps/S +#usr/share/groff/1.22.3/font/devps/SS +#usr/share/groff/1.22.3/font/devps/TB +#usr/share/groff/1.22.3/font/devps/TBI +#usr/share/groff/1.22.3/font/devps/TI +#usr/share/groff/1.22.3/font/devps/TR +#usr/share/groff/1.22.3/font/devps/ZCMI +#usr/share/groff/1.22.3/font/devps/ZD +#usr/share/groff/1.22.3/font/devps/ZDR +#usr/share/groff/1.22.3/font/devps/download +#usr/share/groff/1.22.3/font/devps/freeeuro.afm +#usr/share/groff/1.22.3/font/devps/freeeuro.pfa +#usr/share/groff/1.22.3/font/devps/generate +#usr/share/groff/1.22.3/font/devps/generate/Makefile +#usr/share/groff/1.22.3/font/devps/generate/afmname +#usr/share/groff/1.22.3/font/devps/generate/dingbats.map +#usr/share/groff/1.22.3/font/devps/generate/dingbats.rmap +#usr/share/groff/1.22.3/font/devps/generate/lgreekmap +#usr/share/groff/1.22.3/font/devps/generate/symbol.sed +#usr/share/groff/1.22.3/font/devps/generate/symbolchars +#usr/share/groff/1.22.3/font/devps/generate/symbolsl.afm +#usr/share/groff/1.22.3/font/devps/generate/textmap +#usr/share/groff/1.22.3/font/devps/prologue +#usr/share/groff/1.22.3/font/devps/symbolsl.pfa +#usr/share/groff/1.22.3/font/devps/text.enc +#usr/share/groff/1.22.3/font/devps/zapfdr.pfa +#usr/share/groff/1.22.3/font/devutf8 +#usr/share/groff/1.22.3/font/devutf8/B +#usr/share/groff/1.22.3/font/devutf8/BI +#usr/share/groff/1.22.3/font/devutf8/DESC +#usr/share/groff/1.22.3/font/devutf8/I +#usr/share/groff/1.22.3/font/devutf8/R +#usr/share/groff/1.22.3/oldfont +#usr/share/groff/1.22.3/oldfont/devps +#usr/share/groff/1.22.3/oldfont/devps/CB +#usr/share/groff/1.22.3/oldfont/devps/CBI +#usr/share/groff/1.22.3/oldfont/devps/CI +#usr/share/groff/1.22.3/oldfont/devps/CR +#usr/share/groff/1.22.3/oldfont/devps/HB +#usr/share/groff/1.22.3/oldfont/devps/HBI +#usr/share/groff/1.22.3/oldfont/devps/HI +#usr/share/groff/1.22.3/oldfont/devps/HNB +#usr/share/groff/1.22.3/oldfont/devps/HNBI +#usr/share/groff/1.22.3/oldfont/devps/HNI +#usr/share/groff/1.22.3/oldfont/devps/HNR +#usr/share/groff/1.22.3/oldfont/devps/HR +#usr/share/groff/1.22.3/oldfont/devps/NB +#usr/share/groff/1.22.3/oldfont/devps/NBI +#usr/share/groff/1.22.3/oldfont/devps/NI +#usr/share/groff/1.22.3/oldfont/devps/NR +#usr/share/groff/1.22.3/oldfont/devps/PB +#usr/share/groff/1.22.3/oldfont/devps/PBI +#usr/share/groff/1.22.3/oldfont/devps/PI +#usr/share/groff/1.22.3/oldfont/devps/PR +#usr/share/groff/1.22.3/oldfont/devps/S +#usr/share/groff/1.22.3/oldfont/devps/SS +#usr/share/groff/1.22.3/oldfont/devps/TB +#usr/share/groff/1.22.3/oldfont/devps/TBI +#usr/share/groff/1.22.3/oldfont/devps/TI +#usr/share/groff/1.22.3/oldfont/devps/TR +#usr/share/groff/1.22.3/oldfont/devps/symbol.afm +#usr/share/groff/1.22.3/oldfont/devps/symbolsl.afm +#usr/share/groff/1.22.3/oldfont/devps/zapfdr.afm +#usr/share/groff/1.22.3/oldfont/devps/zapfdr.ps +#usr/share/groff/1.22.3/pic +#usr/share/groff/1.22.3/pic/chem.pic +#usr/share/groff/1.22.3/tmac +#usr/share/groff/1.22.3/tmac/62bit.tmac +#usr/share/groff/1.22.3/tmac/X.tmac +#usr/share/groff/1.22.3/tmac/Xps.tmac +#usr/share/groff/1.22.3/tmac/a4.tmac +#usr/share/groff/1.22.3/tmac/an-ext.tmac +#usr/share/groff/1.22.3/tmac/an-old.tmac +#usr/share/groff/1.22.3/tmac/an.tmac +#usr/share/groff/1.22.3/tmac/andoc.tmac +#usr/share/groff/1.22.3/tmac/composite.tmac +#usr/share/groff/1.22.3/tmac/cp1047.tmac +#usr/share/groff/1.22.3/tmac/cs.tmac +#usr/share/groff/1.22.3/tmac/de.tmac +#usr/share/groff/1.22.3/tmac/den.tmac +#usr/share/groff/1.22.3/tmac/devtag.tmac +#usr/share/groff/1.22.3/tmac/doc-old.tmac +#usr/share/groff/1.22.3/tmac/doc.tmac +#usr/share/groff/1.22.3/tmac/dvi.tmac +#usr/share/groff/1.22.3/tmac/e.tmac +#usr/share/groff/1.22.3/tmac/ec.tmac +#usr/share/groff/1.22.3/tmac/eqnrc +#usr/share/groff/1.22.3/tmac/europs.tmac +#usr/share/groff/1.22.3/tmac/fallbacks.tmac +#usr/share/groff/1.22.3/tmac/fr.tmac +#usr/share/groff/1.22.3/tmac/hdmisc.tmac +#usr/share/groff/1.22.3/tmac/hdtbl.tmac +#usr/share/groff/1.22.3/tmac/html-end.tmac +#usr/share/groff/1.22.3/tmac/html.tmac +#usr/share/groff/1.22.3/tmac/hyphen.cs +#usr/share/groff/1.22.3/tmac/hyphen.den +#usr/share/groff/1.22.3/tmac/hyphen.det +#usr/share/groff/1.22.3/tmac/hyphen.fr +#usr/share/groff/1.22.3/tmac/hyphen.sv +#usr/share/groff/1.22.3/tmac/hyphen.us +#usr/share/groff/1.22.3/tmac/hyphenex.cs +#usr/share/groff/1.22.3/tmac/hyphenex.det +#usr/share/groff/1.22.3/tmac/hyphenex.us +#usr/share/groff/1.22.3/tmac/ja.tmac +#usr/share/groff/1.22.3/tmac/latin1.tmac +#usr/share/groff/1.22.3/tmac/latin2.tmac +#usr/share/groff/1.22.3/tmac/latin5.tmac +#usr/share/groff/1.22.3/tmac/latin9.tmac +#usr/share/groff/1.22.3/tmac/lbp.tmac +#usr/share/groff/1.22.3/tmac/lj4.tmac +#usr/share/groff/1.22.3/tmac/m.tmac +#usr/share/groff/1.22.3/tmac/man.tmac +#usr/share/groff/1.22.3/tmac/mandoc.tmac +#usr/share/groff/1.22.3/tmac/mdoc +#usr/share/groff/1.22.3/tmac/mdoc.tmac +#usr/share/groff/1.22.3/tmac/mdoc/doc-common +#usr/share/groff/1.22.3/tmac/mdoc/doc-ditroff +#usr/share/groff/1.22.3/tmac/mdoc/doc-nroff +#usr/share/groff/1.22.3/tmac/mdoc/doc-syms +#usr/share/groff/1.22.3/tmac/me.tmac +#usr/share/groff/1.22.3/tmac/mm +#usr/share/groff/1.22.3/tmac/mm.tmac +#usr/share/groff/1.22.3/tmac/mm/0.MT +#usr/share/groff/1.22.3/tmac/mm/4.MT +#usr/share/groff/1.22.3/tmac/mm/5.MT +#usr/share/groff/1.22.3/tmac/mm/locale +#usr/share/groff/1.22.3/tmac/mm/ms.cov +#usr/share/groff/1.22.3/tmac/mm/se_locale +#usr/share/groff/1.22.3/tmac/mm/se_ms.cov +#usr/share/groff/1.22.3/tmac/mmse.tmac +#usr/share/groff/1.22.3/tmac/mom.tmac +#usr/share/groff/1.22.3/tmac/ms.tmac +#usr/share/groff/1.22.3/tmac/mse.tmac +#usr/share/groff/1.22.3/tmac/om.tmac +#usr/share/groff/1.22.3/tmac/papersize.tmac +#usr/share/groff/1.22.3/tmac/pdf.tmac +#usr/share/groff/1.22.3/tmac/pdfmark.tmac +#usr/share/groff/1.22.3/tmac/pic.tmac +#usr/share/groff/1.22.3/tmac/ps.tmac +#usr/share/groff/1.22.3/tmac/psatk.tmac +#usr/share/groff/1.22.3/tmac/psold.tmac +#usr/share/groff/1.22.3/tmac/pspic.tmac +#usr/share/groff/1.22.3/tmac/refer-me.tmac +#usr/share/groff/1.22.3/tmac/refer-mm.tmac +#usr/share/groff/1.22.3/tmac/refer-ms.tmac +#usr/share/groff/1.22.3/tmac/refer.tmac +#usr/share/groff/1.22.3/tmac/s.tmac +#usr/share/groff/1.22.3/tmac/safer.tmac +#usr/share/groff/1.22.3/tmac/spdf.tmac +#usr/share/groff/1.22.3/tmac/sv.tmac +#usr/share/groff/1.22.3/tmac/trace.tmac +#usr/share/groff/1.22.3/tmac/trans.tmac +#usr/share/groff/1.22.3/tmac/troffrc +#usr/share/groff/1.22.3/tmac/troffrc-end +#usr/share/groff/1.22.3/tmac/tty-char.tmac +#usr/share/groff/1.22.3/tmac/tty.tmac +#usr/share/groff/1.22.3/tmac/unicode.tmac +#usr/share/groff/1.22.3/tmac/www.tmac #usr/share/groff/current #usr/share/groff/site-font #usr/share/groff/site-tmac @@ -526,13 +579,15 @@ #usr/share/info/groff.info #usr/share/info/groff.info-1 #usr/share/info/groff.info-2 -#usr/share/info/groff.info-3 #usr/share/man/man1/addftinfo.1 #usr/share/man/man1/afmtodit.1 #usr/share/man/man1/chem.1 #usr/share/man/man1/eqn.1 #usr/share/man/man1/eqn2graph.1 #usr/share/man/man1/gdiffmk.1 +#usr/share/man/man1/glilypond.1 +#usr/share/man/man1/gperl.1 +#usr/share/man/man1/gpinyin.1 #usr/share/man/man1/grap2graph.1 #usr/share/man/man1/grn.1 #usr/share/man/man1/grodvi.1 @@ -542,6 +597,7 @@ #usr/share/man/man1/grohtml.1 #usr/share/man/man1/grolbp.1 #usr/share/man/man1/grolj4.1 +#usr/share/man/man1/gropdf.1 #usr/share/man/man1/grops.1 #usr/share/man/man1/grotty.1 #usr/share/man/man1/hpftodit.1 @@ -551,6 +607,7 @@ #usr/share/man/man1/mmroff.1 #usr/share/man/man1/neqn.1 #usr/share/man/man1/nroff.1 +#usr/share/man/man1/pdfmom.1 #usr/share/man/man1/pdfroff.1 #usr/share/man/man1/pfbtops.1 #usr/share/man/man1/pic.1 @@ -575,6 +632,7 @@ #usr/share/man/man7/groff.7 #usr/share/man/man7/groff_char.7 #usr/share/man/man7/groff_diff.7 +#usr/share/man/man7/groff_filenames.7 #usr/share/man/man7/groff_hdtbl.7 #usr/share/man/man7/groff_man.7 #usr/share/man/man7/groff_mdoc.7 diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 845ae50..878ba66 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -63,6 +63,7 @@ etc/rc.d/init.d/mounttmpfs #etc/rc.d/init.d/mysql #etc/rc.d/init.d/netsnmpd etc/rc.d/init.d/network +etc/rc.d/init.d/network-trigger etc/rc.d/init.d/network-vlans #etc/rc.d/init.d/networking etc/rc.d/init.d/networking/any @@ -93,6 +94,7 @@ etc/rc.d/init.d/networking/red.up/50-ipsec etc/rc.d/init.d/networking/red.up/50-ovpn etc/rc.d/init.d/networking/red.up/98-leds etc/rc.d/init.d/networking/red.up/99-fireinfo +etc/rc.d/init.d/networking/red.up/99-geoip-database etc/rc.d/init.d/networking/red.up/99-pakfire-update etc/rc.d/init.d/networking/wpa_supplicant.exe #etc/rc.d/init.d/nfs-server @@ -234,6 +236,7 @@ etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S75firstsetup etc/rc.d/rcsysinit.d/S80localnet etc/rc.d/rcsysinit.d/S85firewall +etc/rc.d/rcsysinit.d/S90network-trigger etc/rc.d/rcsysinit.d/S91network-vlans etc/rc.d/rcsysinit.d/S92rngd etc/rc.d/rc3.d/S15fireinfo diff --git a/config/rootfiles/common/i586/openssl-sse2 b/config/rootfiles/common/i586/openssl-sse2 new file mode 100644 index 0000000..7f6ddd6 --- /dev/null +++ b/config/rootfiles/common/i586/openssl-sse2 @@ -0,0 +1 @@ +usr/lib/sse2/libcrypto.so.10 diff --git a/config/rootfiles/common/logrotate b/config/rootfiles/common/logrotate index 7f3e709..8ef728c 100644 --- a/config/rootfiles/common/logrotate +++ b/config/rootfiles/common/logrotate @@ -1,5 +1,6 @@ #etc/logrotate.d etc/logrotate.d/.empty +#usr/man/man5/logrotate.conf.5 #usr/man/man8/logrotate.8 usr/sbin/logrotate var/lib/logrotate.status diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch index 59d3a7a..998ab8a 100644 --- a/config/rootfiles/common/logwatch +++ b/config/rootfiles/common/logwatch @@ -1,6 +1,6 @@ #etc/logwatch etc/logwatch/conf -#etc/logwatch/conf/html +#etc/logwatch/logwatch.cron #etc/logwatch/conf/ignore.conf #etc/logwatch/conf/logfiles #etc/logwatch/conf/logwatch.conf @@ -18,13 +18,17 @@ usr/sbin/logwatch #usr/share/logwatch/default.conf/html/header.html usr/share/logwatch/default.conf/ignore.conf #usr/share/logwatch/default.conf/logfiles +#usr/share/logwatch/default.conf/logfiles/audit_log.conf #usr/share/logwatch/default.conf/logfiles/autorpm.conf #usr/share/logwatch/default.conf/logfiles/bfd.conf #usr/share/logwatch/default.conf/logfiles/cisco.conf +#usr/share/logwatch/default.conf/logfiles/citadel.conf usr/share/logwatch/default.conf/logfiles/clam-update.conf +#usr/share/logwatch/default.conf/logfiles/clamav.conf usr/share/logwatch/default.conf/logfiles/cron.conf #usr/share/logwatch/default.conf/logfiles/daemon.conf #usr/share/logwatch/default.conf/logfiles/denyhosts.conf +#usr/share/logwatch/default.conf/logfiles/dirsrv.conf #usr/share/logwatch/default.conf/logfiles/dnssec.conf #usr/share/logwatch/default.conf/logfiles/dpkg.conf #usr/share/logwatch/default.conf/logfiles/emerge.conf @@ -32,15 +36,20 @@ usr/share/logwatch/default.conf/logfiles/cron.conf #usr/share/logwatch/default.conf/logfiles/exim.conf #usr/share/logwatch/default.conf/logfiles/extreme-networks.conf #usr/share/logwatch/default.conf/logfiles/fail2ban.conf +#usr/share/logwatch/default.conf/logfiles/freeradius.conf +#usr/share/logwatch/default.conf/logfiles/http-error.conf usr/share/logwatch/default.conf/logfiles/http.conf usr/share/logwatch/default.conf/logfiles/iptables.conf usr/share/logwatch/default.conf/logfiles/kernel.conf usr/share/logwatch/default.conf/logfiles/maillog.conf usr/share/logwatch/default.conf/logfiles/messages.conf +#usr/share/logwatch/default.conf/logfiles/mysql-mmm.conf +#usr/share/logwatch/default.conf/logfiles/mysql.conf #usr/share/logwatch/default.conf/logfiles/netopia.conf #usr/share/logwatch/default.conf/logfiles/netscreen.conf usr/share/logwatch/default.conf/logfiles/php.conf #usr/share/logwatch/default.conf/logfiles/pix.conf +#usr/share/logwatch/default.conf/logfiles/postgresql.conf #usr/share/logwatch/default.conf/logfiles/pureftp.conf #usr/share/logwatch/default.conf/logfiles/qmail-pop3d-current.conf #usr/share/logwatch/default.conf/logfiles/qmail-pop3ds-current.conf @@ -51,13 +60,17 @@ usr/share/logwatch/default.conf/logfiles/resolver.conf usr/share/logwatch/default.conf/logfiles/samba.conf #usr/share/logwatch/default.conf/logfiles/secure.conf #usr/share/logwatch/default.conf/logfiles/sonicwall.conf +#usr/share/logwatch/default.conf/logfiles/spamassassin.conf usr/share/logwatch/default.conf/logfiles/syslog.conf #usr/share/logwatch/default.conf/logfiles/tac_acc.conf +#usr/share/logwatch/default.conf/logfiles/tivoli-smc.conf #usr/share/logwatch/default.conf/logfiles/up2date.conf +#usr/share/logwatch/default.conf/logfiles/vdr.conf usr/share/logwatch/default.conf/logfiles/vsftpd.conf usr/share/logwatch/default.conf/logfiles/windows.conf usr/share/logwatch/default.conf/logfiles/xferlog.conf #usr/share/logwatch/default.conf/logfiles/yum.conf +#usr/share/logwatch/default.conf/logfiles/zypp.conf usr/share/logwatch/default.conf/logwatch.conf usr/share/logwatch/default.conf/services #usr/share/logwatch/default.conf/services/afpd.conf @@ -66,8 +79,10 @@ usr/share/logwatch/default.conf/services/amavis.conf #usr/share/logwatch/default.conf/services/audit.conf #usr/share/logwatch/default.conf/services/automount.conf #usr/share/logwatch/default.conf/services/autorpm.conf +#usr/share/logwatch/default.conf/services/barracuda.conf #usr/share/logwatch/default.conf/services/bfd.conf #usr/share/logwatch/default.conf/services/cisco.conf +#usr/share/logwatch/default.conf/services/citadel.conf usr/share/logwatch/default.conf/services/clam-update.conf #usr/share/logwatch/default.conf/services/clamav-milter.conf usr/share/logwatch/default.conf/services/clamav.conf @@ -75,6 +90,7 @@ usr/share/logwatch/default.conf/services/clamav.conf usr/share/logwatch/default.conf/services/cron.conf #usr/share/logwatch/default.conf/services/denyhosts.conf usr/share/logwatch/default.conf/services/dhcpd.conf +#usr/share/logwatch/default.conf/services/dirsrv.conf #usr/share/logwatch/default.conf/services/dnssec.conf #usr/share/logwatch/default.conf/services/dovecot.conf #usr/share/logwatch/default.conf/services/dpkg.conf @@ -86,8 +102,11 @@ usr/share/logwatch/default.conf/services/dhcpd.conf #usr/share/logwatch/default.conf/services/eximstats.conf #usr/share/logwatch/default.conf/services/extreme-networks.conf #usr/share/logwatch/default.conf/services/fail2ban.conf +#usr/share/logwatch/default.conf/services/fetchmail.conf +#usr/share/logwatch/default.conf/services/freeradius.conf #usr/share/logwatch/default.conf/services/ftpd-messages.conf #usr/share/logwatch/default.conf/services/ftpd-xferlog.conf +#usr/share/logwatch/default.conf/services/http-error.conf usr/share/logwatch/default.conf/services/http.conf #usr/share/logwatch/default.conf/services/identd.conf usr/share/logwatch/default.conf/services/imapd.conf @@ -96,13 +115,20 @@ usr/share/logwatch/default.conf/services/init.conf usr/share/logwatch/default.conf/services/ipop3d.conf usr/share/logwatch/default.conf/services/iptables.conf usr/share/logwatch/default.conf/services/kernel.conf +#usr/share/logwatch/default.conf/services/knockd.conf +#usr/share/logwatch/default.conf/services/lvm.conf #usr/share/logwatch/default.conf/services/mailscanner.conf +#usr/share/logwatch/default.conf/services/mdadm.conf +#usr/share/logwatch/default.conf/services/mod_security2.conf usr/share/logwatch/default.conf/services/modprobe.conf #usr/share/logwatch/default.conf/services/mountd.conf +#usr/share/logwatch/default.conf/services/mysql-mmm.conf +#usr/share/logwatch/default.conf/services/mysql.conf #usr/share/logwatch/default.conf/services/named.conf #usr/share/logwatch/default.conf/services/netopia.conf #usr/share/logwatch/default.conf/services/netscreen.conf #usr/share/logwatch/default.conf/services/oidentd.conf +#usr/share/logwatch/default.conf/services/omsa.conf usr/share/logwatch/default.conf/services/openvpn.conf usr/share/logwatch/default.conf/services/pam.conf usr/share/logwatch/default.conf/services/pam_pwdb.conf @@ -113,8 +139,10 @@ usr/share/logwatch/default.conf/services/pluto.conf usr/share/logwatch/default.conf/services/pop3.conf #usr/share/logwatch/default.conf/services/portsentry.conf usr/share/logwatch/default.conf/services/postfix.conf +#usr/share/logwatch/default.conf/services/postgresql.conf #usr/share/logwatch/default.conf/services/pound.conf #usr/share/logwatch/default.conf/services/proftpd-messages.conf +#usr/share/logwatch/default.conf/services/puppet.conf #usr/share/logwatch/default.conf/services/pureftpd.conf #usr/share/logwatch/default.conf/services/qmail-pop3d.conf #usr/share/logwatch/default.conf/services/qmail-pop3ds.conf @@ -123,6 +151,7 @@ usr/share/logwatch/default.conf/services/postfix.conf #usr/share/logwatch/default.conf/services/qmail.conf #usr/share/logwatch/default.conf/services/raid.conf usr/share/logwatch/default.conf/services/resolver.conf +#usr/share/logwatch/default.conf/services/rsyslogd.conf #usr/share/logwatch/default.conf/services/rt314.conf usr/share/logwatch/default.conf/services/samba.conf usr/share/logwatch/default.conf/services/saslauthd.conf @@ -134,23 +163,30 @@ usr/share/logwatch/default.conf/services/scsi.conf #usr/share/logwatch/default.conf/services/slon.conf #usr/share/logwatch/default.conf/services/smartd.conf #usr/share/logwatch/default.conf/services/sonicwall.conf +#usr/share/logwatch/default.conf/services/spamassassin.conf usr/share/logwatch/default.conf/services/sshd.conf usr/share/logwatch/default.conf/services/sshd2.conf #usr/share/logwatch/default.conf/services/stunnel.conf usr/share/logwatch/default.conf/services/sudo.conf +#usr/share/logwatch/default.conf/services/syslog-ng.conf usr/share/logwatch/default.conf/services/syslogd.conf #usr/share/logwatch/default.conf/services/tac_acc.conf +#usr/share/logwatch/default.conf/services/tivoli-smc.conf #usr/share/logwatch/default.conf/services/up2date.conf +#usr/share/logwatch/default.conf/services/vdr.conf #usr/share/logwatch/default.conf/services/vpopmail.conf usr/share/logwatch/default.conf/services/vsftpd.conf usr/share/logwatch/default.conf/services/windows.conf #usr/share/logwatch/default.conf/services/xntpd.conf #usr/share/logwatch/default.conf/services/yum.conf +#usr/share/logwatch/default.conf/services/zypp.conf usr/share/logwatch/default.conf/services/zz-disk_space.conf #usr/share/logwatch/default.conf/services/zz-fortune.conf +#usr/share/logwatch/default.conf/services/zz-lm_sensors.conf usr/share/logwatch/default.conf/services/zz-network.conf usr/share/logwatch/default.conf/services/zz-runtime.conf #usr/share/logwatch/default.conf/services/zz-sys.conf +#usr/share/logwatch/default.conf/services/zz-zfs.conf #usr/share/logwatch/dist.conf usr/share/logwatch/dist.conf/logfiles usr/share/logwatch/dist.conf/services @@ -184,8 +220,10 @@ usr/share/logwatch/scripts/services/amavis #usr/share/logwatch/scripts/services/audit #usr/share/logwatch/scripts/services/automount #usr/share/logwatch/scripts/services/autorpm +#usr/share/logwatch/scripts/services/barracuda #usr/share/logwatch/scripts/services/bfd #usr/share/logwatch/scripts/services/cisco +#usr/share/logwatch/scripts/services/citadel usr/share/logwatch/scripts/services/clam-update usr/share/logwatch/scripts/services/clamav #usr/share/logwatch/scripts/services/clamav-milter @@ -194,6 +232,7 @@ usr/share/logwatch/scripts/services/cron #usr/share/logwatch/scripts/services/denyhosts usr/share/logwatch/scripts/services/dhcpd usr/share/logwatch/scripts/services/dialup +#usr/share/logwatch/scripts/services/dirsrv #usr/share/logwatch/scripts/services/dnssec #usr/share/logwatch/scripts/services/dovecot #usr/share/logwatch/scripts/services/dpkg @@ -205,9 +244,12 @@ usr/share/logwatch/scripts/services/dialup #usr/share/logwatch/scripts/services/eximstats #usr/share/logwatch/scripts/services/extreme-networks #usr/share/logwatch/scripts/services/fail2ban +#usr/share/logwatch/scripts/services/fetchmail +#usr/share/logwatch/scripts/services/freeradius #usr/share/logwatch/scripts/services/ftpd-messages #usr/share/logwatch/scripts/services/ftpd-xferlog usr/share/logwatch/scripts/services/http +#usr/share/logwatch/scripts/services/http-error #usr/share/logwatch/scripts/services/identd usr/share/logwatch/scripts/services/imapd #usr/share/logwatch/scripts/services/in.qpopper @@ -215,13 +257,20 @@ usr/share/logwatch/scripts/services/init usr/share/logwatch/scripts/services/ipop3d usr/share/logwatch/scripts/services/iptables usr/share/logwatch/scripts/services/kernel +#usr/share/logwatch/scripts/services/knockd +#usr/share/logwatch/scripts/services/lvm #usr/share/logwatch/scripts/services/mailscanner +#usr/share/logwatch/scripts/services/mdadm +#usr/share/logwatch/scripts/services/mod_security2 usr/share/logwatch/scripts/services/modprobe #usr/share/logwatch/scripts/services/mountd +#usr/share/logwatch/scripts/services/mysql +#usr/share/logwatch/scripts/services/mysql-mmm #usr/share/logwatch/scripts/services/named #usr/share/logwatch/scripts/services/netopia #usr/share/logwatch/scripts/services/netscreen #usr/share/logwatch/scripts/services/oidentd +#usr/share/logwatch/scripts/services/omsa usr/share/logwatch/scripts/services/openvpn usr/share/logwatch/scripts/services/pam usr/share/logwatch/scripts/services/pam_pwdb @@ -232,8 +281,10 @@ usr/share/logwatch/scripts/services/pluto usr/share/logwatch/scripts/services/pop3 #usr/share/logwatch/scripts/services/portsentry usr/share/logwatch/scripts/services/postfix +#usr/share/logwatch/scripts/services/postgresql #usr/share/logwatch/scripts/services/pound #usr/share/logwatch/scripts/services/proftpd-messages +#usr/share/logwatch/scripts/services/puppet #usr/share/logwatch/scripts/services/pureftpd #usr/share/logwatch/scripts/services/qmail #usr/share/logwatch/scripts/services/qmail-pop3d @@ -242,6 +293,7 @@ usr/share/logwatch/scripts/services/postfix #usr/share/logwatch/scripts/services/qmail-smtpd #usr/share/logwatch/scripts/services/raid #usr/share/logwatch/scripts/services/resolver +#usr/share/logwatch/scripts/services/rsyslogd #usr/share/logwatch/scripts/services/rt314 usr/share/logwatch/scripts/services/samba usr/share/logwatch/scripts/services/saslauthd @@ -253,23 +305,30 @@ usr/share/logwatch/scripts/services/scsi #usr/share/logwatch/scripts/services/slon #usr/share/logwatch/scripts/services/smartd #usr/share/logwatch/scripts/services/sonicwall +#usr/share/logwatch/scripts/services/spamassassin usr/share/logwatch/scripts/services/sshd usr/share/logwatch/scripts/services/sshd2 #usr/share/logwatch/scripts/services/stunnel usr/share/logwatch/scripts/services/sudo +#usr/share/logwatch/scripts/services/syslog-ng usr/share/logwatch/scripts/services/syslogd #usr/share/logwatch/scripts/services/tac_acc +#usr/share/logwatch/scripts/services/tivoli-smc #usr/share/logwatch/scripts/services/up2date +#usr/share/logwatch/scripts/services/vdr #usr/share/logwatch/scripts/services/vpopmail usr/share/logwatch/scripts/services/vsftpd usr/share/logwatch/scripts/services/windows #usr/share/logwatch/scripts/services/xntpd #usr/share/logwatch/scripts/services/yum +#usr/share/logwatch/scripts/services/zypp usr/share/logwatch/scripts/services/zz-disk_space #usr/share/logwatch/scripts/services/zz-fortune +#usr/share/logwatch/scripts/services/zz-lm_sensors usr/share/logwatch/scripts/services/zz-network usr/share/logwatch/scripts/services/zz-runtime #usr/share/logwatch/scripts/services/zz-sys +#usr/share/logwatch/scripts/services/zz-zfs #usr/share/logwatch/scripts/shared usr/share/logwatch/scripts/shared/applybinddate usr/share/logwatch/scripts/shared/applyeurodate @@ -289,6 +348,11 @@ usr/share/logwatch/scripts/shared/onlyservice usr/share/logwatch/scripts/shared/remove usr/share/logwatch/scripts/shared/removeheaders usr/share/logwatch/scripts/shared/removeservice +#usr/share/man/man1/amavis-logwatch.1 +#usr/share/man/man1/postfix-logwatch.1 +#usr/share/man/man5/ignore.conf.5 +#usr/share/man/man5/logwatch.conf.5 +#usr/share/man/man5/override.conf.5 #usr/share/man/man8/logwatch.8 var/cache/logwatch var/log/logwatch diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index f33d08c..349aac7 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -3,6 +3,7 @@ usr/local/bin/addonctrl usr/local/bin/backupctrl #usr/local/bin/clamavctrl usr/local/bin/collectdctrl +usr/local/bin/ddnsctrl usr/local/bin/dhcpctrl usr/local/bin/dnsmasqctrl usr/local/bin/extrahdctrl diff --git a/config/rootfiles/common/openssl-compat b/config/rootfiles/common/openssl-compat deleted file mode 100644 index ccf89d0..0000000 --- a/config/rootfiles/common/openssl-compat +++ /dev/null @@ -1,2 +0,0 @@ -usr/lib/libcrypto.so.0.9.8 -usr/lib/libssl.so.0.9.8 diff --git a/config/rootfiles/common/perl-Text-CSV_XS b/config/rootfiles/common/perl-Text-CSV_XS new file mode 100644 index 0000000..bbc7d9b --- /dev/null +++ b/config/rootfiles/common/perl-Text-CSV_XS @@ -0,0 +1,8 @@ +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Text +usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Text/CSV_XS.pm +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS/.packlist +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS/CSV_XS.bs +usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Text/CSV_XS/CSV_XS.so +#usr/share/man/man3/Text::CSV_XS.3 diff --git a/config/rootfiles/common/squid b/config/rootfiles/common/squid index 76abbe8..1b78c8e 100644 --- a/config/rootfiles/common/squid +++ b/config/rootfiles/common/squid @@ -34,7 +34,6 @@ usr/lib/squid/basic_smb_auth usr/lib/squid/basic_smb_auth.sh #usr/lib/squid/cachemgr.cgi usr/lib/squid/cert_tool -usr/lib/squid/cert_valid.pl usr/lib/squid/digest_file_auth usr/lib/squid/digest_ldap_auth usr/lib/squid/diskd diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index f506daf..90e28d9 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -101,6 +101,8 @@ usr/local/bin/timecheck usr/local/bin/timezone-transition usr/local/bin/update-bootloader usr/local/bin/update-lang-cache +usr/local/bin/xt_geoip_build +usr/local/bin/xt_geoip_update #usr/local/include #usr/local/lib #usr/local/lib/sse2 @@ -120,6 +122,7 @@ usr/local/bin/update-lang-cache #usr/local/share/man/man8 #usr/local/share/misc #usr/local/share/terminfo +#usr/local/share/xt_geoip #usr/local/share/zoneinfo #usr/local/src #usr/sbin @@ -142,6 +145,7 @@ usr/share/doc/licenses/GPLv3 #usr/share/man/man8 #usr/share/misc #usr/share/terminfo +#usr/share/xt_geoip #usr/share/zoneinfo #var #var/cache diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index e55c43c..7564d38 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -16,8 +16,10 @@ etc/strongswan.d/charon-logging.conf etc/strongswan.d/charon.conf etc/strongswan.d/charon/aes.conf etc/strongswan.d/charon/attr.conf +etc/strongswan.d/charon/ccm.conf etc/strongswan.d/charon/cmac.conf etc/strongswan.d/charon/constraints.conf +etc/strongswan.d/charon/ctr.conf etc/strongswan.d/charon/curl.conf etc/strongswan.d/charon/des.conf etc/strongswan.d/charon/dhcp.conf @@ -30,6 +32,7 @@ etc/strongswan.d/charon/eap-tls.conf etc/strongswan.d/charon/eap-ttls.conf etc/strongswan.d/charon/farp.conf etc/strongswan.d/charon/fips-prf.conf +etc/strongswan.d/charon/gcm.conf etc/strongswan.d/charon/gcrypt.conf etc/strongswan.d/charon/gmp.conf etc/strongswan.d/charon/hmac.conf @@ -93,8 +96,10 @@ usr/lib/ipsec/libtls.so.0.0.0 #usr/lib/ipsec/plugins usr/lib/ipsec/plugins/libstrongswan-aes.so usr/lib/ipsec/plugins/libstrongswan-attr.so +usr/lib/ipsec/plugins/libstrongswan-ccm.so usr/lib/ipsec/plugins/libstrongswan-cmac.so usr/lib/ipsec/plugins/libstrongswan-constraints.so +usr/lib/ipsec/plugins/libstrongswan-ctr.so usr/lib/ipsec/plugins/libstrongswan-curl.so usr/lib/ipsec/plugins/libstrongswan-dhcp.so usr/lib/ipsec/plugins/libstrongswan-des.so @@ -107,6 +112,7 @@ usr/lib/ipsec/plugins/libstrongswan-eap-tls.so usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so usr/lib/ipsec/plugins/libstrongswan-farp.so usr/lib/ipsec/plugins/libstrongswan-fips-prf.so +usr/lib/ipsec/plugins/libstrongswan-gcm.so usr/lib/ipsec/plugins/libstrongswan-gcrypt.so usr/lib/ipsec/plugins/libstrongswan-gmp.so usr/lib/ipsec/plugins/libstrongswan-hmac.so @@ -141,7 +147,6 @@ usr/lib/ipsec/plugins/libstrongswan-xcbc.so #usr/libexec/ipsec usr/libexec/ipsec/_copyright usr/libexec/ipsec/_updown -usr/libexec/ipsec/_updown_espmark usr/libexec/ipsec/charon usr/libexec/ipsec/scepclient usr/libexec/ipsec/starter @@ -163,7 +168,6 @@ usr/sbin/ipsec #usr/share/man/man5/ipsec.secrets.5 #usr/share/man/man5/strongswan.conf.5 #usr/share/man/man8/_updown.8 -#usr/share/man/man8/_updown_espmark.8 #usr/share/man/man8/ipsec.8 #usr/share/man/man8/openac.8 #usr/share/man/man8/scepclient.8 @@ -173,8 +177,10 @@ usr/sbin/ipsec #usr/share/strongswan/templates/config/plugins #usr/share/strongswan/templates/config/plugins/aes.conf #usr/share/strongswan/templates/config/plugins/attr.conf +#usr/share/strongswan/templates/config/plugins/ccm.conf #usr/share/strongswan/templates/config/plugins/cmac.conf #usr/share/strongswan/templates/config/plugins/constraints.conf +#usr/share/strongswan/templates/config/plugins/ctr.conf #usr/share/strongswan/templates/config/plugins/curl.conf #usr/share/strongswan/templates/config/plugins/des.conf #usr/share/strongswan/templates/config/plugins/dhcp.conf @@ -187,6 +193,7 @@ usr/sbin/ipsec #usr/share/strongswan/templates/config/plugins/eap-ttls.conf #usr/share/strongswan/templates/config/plugins/farp.conf #usr/share/strongswan/templates/config/plugins/fips-prf.conf +#usr/share/strongswan/templates/config/plugins/gcm.conf #usr/share/strongswan/templates/config/plugins/gcrypt.conf #usr/share/strongswan/templates/config/plugins/gmp.conf #usr/share/strongswan/templates/config/plugins/hmac.conf diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev index bc1cdaa..d01c461 100644 --- a/config/rootfiles/common/udev +++ b/config/rootfiles/common/udev @@ -2,7 +2,6 @@ bin/udevadm etc/modprobe.d/blacklist.conf etc/udev #etc/udev/rules.d -#etc/udev/rules.d/30-persistent-network.rules #etc/udev/rules.d/55-lfs.rules #etc/udev/rules.d/81-cdrom.rules #etc/udev/rules.d/83-cdrom-symlinks.rules @@ -29,6 +28,7 @@ lib/udev #lib/udev/hwdb.d/60-keyboard.hwdb #lib/udev/init-net-rules.sh #lib/udev/mtd_probe +#lib/udev/network-hotplug-rename #lib/udev/rule_generator.functions #lib/udev/rules.d #lib/udev/rules.d/25-alsa.rules @@ -37,6 +37,7 @@ lib/udev #lib/udev/rules.d/50-udev-default.rules #lib/udev/rules.d/60-cdrom_id.rules #lib/udev/rules.d/60-keyboard.rules +#lib/udev/rules.d/60-net.rules #lib/udev/rules.d/60-persistent-alsa.rules #lib/udev/rules.d/60-persistent-input.rules #lib/udev/rules.d/60-persistent-serial.rules diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface new file mode 100644 index 0000000..5da892b --- /dev/null +++ b/config/rootfiles/common/web-user-interface @@ -0,0 +1,358 @@ +srv/web/ipfire/cgi-bin/aliases.cgi +#srv/web/ipfire/cgi-bin/asterisk +#srv/web/ipfire/cgi-bin/asterisk/calls.cgi +#srv/web/ipfire/cgi-bin/asterisk/conf +#srv/web/ipfire/cgi-bin/asterisk/conf.cgi +#srv/web/ipfire/cgi-bin/asterisk/conf/telbook.conf +#srv/web/ipfire/cgi-bin/asterisk/status.cgi +srv/web/ipfire/cgi-bin/atm-status.cgi +srv/web/ipfire/cgi-bin/backup.cgi +srv/web/ipfire/cgi-bin/bluetooth.cgi +srv/web/ipfire/cgi-bin/chpasswd.cgi +srv/web/ipfire/cgi-bin/connections.cgi +srv/web/ipfire/cgi-bin/connscheduler.cgi +srv/web/ipfire/cgi-bin/country.cgi +srv/web/ipfire/cgi-bin/credits.cgi +srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/dhcp.cgi +srv/web/ipfire/cgi-bin/dns.cgi +srv/web/ipfire/cgi-bin/dnsforward.cgi +srv/web/ipfire/cgi-bin/entropy.cgi +srv/web/ipfire/cgi-bin/extrahd.cgi +srv/web/ipfire/cgi-bin/fireinfo.cgi +srv/web/ipfire/cgi-bin/firewall.cgi +srv/web/ipfire/cgi-bin/fwhosts.cgi +srv/web/ipfire/cgi-bin/geoip-block.cgi +srv/web/ipfire/cgi-bin/gpl.cgi +srv/web/ipfire/cgi-bin/gui.cgi +srv/web/ipfire/cgi-bin/hardwaregraphs.cgi +srv/web/ipfire/cgi-bin/hosts.cgi +srv/web/ipfire/cgi-bin/ids.cgi +#srv/web/ipfire/cgi-bin/imspector.cgi +srv/web/ipfire/cgi-bin/index.cgi +srv/web/ipfire/cgi-bin/ipinfo.cgi +srv/web/ipfire/cgi-bin/iptables.cgi +srv/web/ipfire/cgi-bin/logs.cgi +srv/web/ipfire/cgi-bin/logs.cgi/calamaris.dat +srv/web/ipfire/cgi-bin/logs.cgi/config.dat +srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat +srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat +srv/web/ipfire/cgi-bin/logs.cgi/firewalllogip.dat +srv/web/ipfire/cgi-bin/logs.cgi/firewalllogport.dat +srv/web/ipfire/cgi-bin/logs.cgi/ids.dat +srv/web/ipfire/cgi-bin/logs.cgi/log.dat +srv/web/ipfire/cgi-bin/logs.cgi/proxylog.dat +srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromcountry.dat +srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromip.dat +srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromport.dat +srv/web/ipfire/cgi-bin/logs.cgi/summary.dat +srv/web/ipfire/cgi-bin/logs.cgi/urlfilter.dat +srv/web/ipfire/cgi-bin/mac.cgi +srv/web/ipfire/cgi-bin/mdstat.cgi +srv/web/ipfire/cgi-bin/media.cgi +srv/web/ipfire/cgi-bin/memory.cgi +srv/web/ipfire/cgi-bin/modem-status.cgi +srv/web/ipfire/cgi-bin/modem.cgi +#srv/web/ipfire/cgi-bin/mpfire.cgi +srv/web/ipfire/cgi-bin/netexternal.cgi +srv/web/ipfire/cgi-bin/netinternal.cgi +srv/web/ipfire/cgi-bin/netother.cgi +srv/web/ipfire/cgi-bin/netovpnrw.cgi +srv/web/ipfire/cgi-bin/netovpnsrv.cgi +srv/web/ipfire/cgi-bin/optionsfw.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/p2p-block.cgi +srv/web/ipfire/cgi-bin/pakfire.cgi +srv/web/ipfire/cgi-bin/pppsetup.cgi +srv/web/ipfire/cgi-bin/proxy.cgi +srv/web/ipfire/cgi-bin/qos.cgi +srv/web/ipfire/cgi-bin/remote.cgi +srv/web/ipfire/cgi-bin/routing.cgi +#srv/web/ipfire/cgi-bin/samba.cgi +#srv/web/ipfire/cgi-bin/sambahlp.cgi +srv/web/ipfire/cgi-bin/services.cgi +srv/web/ipfire/cgi-bin/shutdown.cgi +srv/web/ipfire/cgi-bin/speed.cgi +srv/web/ipfire/cgi-bin/system.cgi +srv/web/ipfire/cgi-bin/time.cgi +#srv/web/ipfire/cgi-bin/tor.cgi +srv/web/ipfire/cgi-bin/traffic.cgi +#srv/web/ipfire/cgi-bin/tripwire.cgi +srv/web/ipfire/cgi-bin/updatexlrator.cgi +#srv/web/ipfire/cgi-bin/upnp.cgi +srv/web/ipfire/cgi-bin/urlfilter.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +srv/web/ipfire/cgi-bin/wakeonlan.cgi +srv/web/ipfire/cgi-bin/webaccess.cgi +srv/web/ipfire/cgi-bin/wireless.cgi +srv/web/ipfire/cgi-bin/wirelessclient.cgi +srv/web/ipfire/cgi-bin/wlanap.cgi +#srv/web/ipfire/html +srv/web/ipfire/html/blob.gif +srv/web/ipfire/html/clwarn.cgi +srv/web/ipfire/html/dial.cgi +srv/web/ipfire/html/favicon.ico +#srv/web/ipfire/html/images +srv/web/ipfire/html/images/IPFire.png +srv/web/ipfire/html/images/add.gif +srv/web/ipfire/html/images/addblue.gif +srv/web/ipfire/html/images/addgreen.gif +srv/web/ipfire/html/images/address-book-new.png +srv/web/ipfire/html/images/application-certificate.png +srv/web/ipfire/html/images/application-x-executable.png +srv/web/ipfire/html/images/applications-accessories.png +srv/web/ipfire/html/images/applications-development.png +srv/web/ipfire/html/images/applications-games.png +srv/web/ipfire/html/images/applications-graphics.png +srv/web/ipfire/html/images/applications-internet.png +srv/web/ipfire/html/images/applications-multimedia.png +srv/web/ipfire/html/images/applications-office.png +srv/web/ipfire/html/images/applications-other.png +srv/web/ipfire/html/images/applications-system.png +srv/web/ipfire/html/images/appointment-new.png +srv/web/ipfire/html/images/audio-volume-high-red.png +srv/web/ipfire/html/images/audio-volume-high.png +srv/web/ipfire/html/images/audio-volume-low-red.png +srv/web/ipfire/html/images/audio-volume-low.png +srv/web/ipfire/html/images/audio-x-generic-red.png +srv/web/ipfire/html/images/audio-x-generic.png +srv/web/ipfire/html/images/background.gif +srv/web/ipfire/html/images/bookmark-new.png +srv/web/ipfire/html/images/clock.gif +srv/web/ipfire/html/images/computer.png +srv/web/ipfire/html/images/delete.gif +srv/web/ipfire/html/images/dialog-error.png +srv/web/ipfire/html/images/dialog-information.png +srv/web/ipfire/html/images/dialog-warning.png +srv/web/ipfire/html/images/dns_link.png +srv/web/ipfire/html/images/document-new.png +srv/web/ipfire/html/images/document-open.png +srv/web/ipfire/html/images/document-print-preview.png +srv/web/ipfire/html/images/document-print.png +srv/web/ipfire/html/images/document-properties.png +srv/web/ipfire/html/images/document-save-as.png +srv/web/ipfire/html/images/document-save.png +srv/web/ipfire/html/images/down.gif +srv/web/ipfire/html/images/drive-harddisk.png +srv/web/ipfire/html/images/drive-optical.png +srv/web/ipfire/html/images/drive-removable-media.png +srv/web/ipfire/html/images/edit-find.png +srv/web/ipfire/html/images/edit-redo.png +srv/web/ipfire/html/images/edit.gif +srv/web/ipfire/html/images/floppy.gif +srv/web/ipfire/html/images/folder-drag-accept.png +srv/web/ipfire/html/images/folder-new.png +srv/web/ipfire/html/images/folder-open.png +srv/web/ipfire/html/images/folder-remote.png +srv/web/ipfire/html/images/folder-saved-search.png +srv/web/ipfire/html/images/folder-visiting.png +srv/web/ipfire/html/images/folder.png +srv/web/ipfire/html/images/format-indent-less.png +srv/web/ipfire/html/images/format-indent-more.png +srv/web/ipfire/html/images/format-justify-center.png +srv/web/ipfire/html/images/format-justify-fill.png +srv/web/ipfire/html/images/format-justify-left.png +srv/web/ipfire/html/images/format-justify-right.png +srv/web/ipfire/html/images/forward.gif +srv/web/ipfire/html/images/go-bottom.png +srv/web/ipfire/html/images/go-down.png +srv/web/ipfire/html/images/go-first.png +srv/web/ipfire/html/images/go-home.png +srv/web/ipfire/html/images/go-jump.png +srv/web/ipfire/html/images/go-last.png +srv/web/ipfire/html/images/go-next.png +srv/web/ipfire/html/images/go-previous.png +srv/web/ipfire/html/images/go-top.png +srv/web/ipfire/html/images/go-up.png +srv/web/ipfire/html/images/help-browser.png +srv/web/ipfire/html/images/help.gif +srv/web/ipfire/html/images/image-loading.png +srv/web/ipfire/html/images/image-missing.png +srv/web/ipfire/html/images/image-x-generic.png +srv/web/ipfire/html/images/indicator.gif +srv/web/ipfire/html/images/info.gif +srv/web/ipfire/html/images/input-gaming.png +srv/web/ipfire/html/images/input-keyboard.png +srv/web/ipfire/html/images/input-mouse.png +srv/web/ipfire/html/images/internet-group-chat.png +srv/web/ipfire/html/images/internet-mail.png +srv/web/ipfire/html/images/internet-news-reader.png +srv/web/ipfire/html/images/internet-web-browser.png +srv/web/ipfire/html/images/list-add.png +srv/web/ipfire/html/images/list-remove.png +srv/web/ipfire/html/images/mail-attachment.png +srv/web/ipfire/html/images/mail-forward.png +srv/web/ipfire/html/images/mail-mark-junk.png +srv/web/ipfire/html/images/mail-mark-not-junk.png +srv/web/ipfire/html/images/mail-message-new.png +srv/web/ipfire/html/images/mail-reply-all.png +srv/web/ipfire/html/images/mail-reply-sender.png +srv/web/ipfire/html/images/mail-send-receive.png +srv/web/ipfire/html/images/media-flash.png +srv/web/ipfire/html/images/media-floppy.png +srv/web/ipfire/html/images/media-optical.png +srv/web/ipfire/html/images/media-playback-start-all.png +srv/web/ipfire/html/images/media-playback-start.png +srv/web/ipfire/html/images/media-playback-stop.png +srv/web/ipfire/html/images/media-repeat.png +srv/web/ipfire/html/images/media-resume.png +srv/web/ipfire/html/images/media-shuffle.png +srv/web/ipfire/html/images/media-skip-backward.png +srv/web/ipfire/html/images/media-skip-forward.png +srv/web/ipfire/html/images/mpfire +srv/web/ipfire/html/images/mpfire/box.png +srv/web/ipfire/html/images/network-error.png +srv/web/ipfire/html/images/network-idle.png +srv/web/ipfire/html/images/network-offline.png +srv/web/ipfire/html/images/network-receive.png +srv/web/ipfire/html/images/network-server.png +srv/web/ipfire/html/images/network-transmit-receive.png +srv/web/ipfire/html/images/network-transmit.png +srv/web/ipfire/html/images/network-wired.png +srv/web/ipfire/html/images/network-wireless-encrypted.png +srv/web/ipfire/html/images/network-wireless.png +srv/web/ipfire/html/images/network-workgroup.png +srv/web/ipfire/html/images/network.png +srv/web/ipfire/html/images/null.gif +srv/web/ipfire/html/images/off.gif +srv/web/ipfire/html/images/on.gif +srv/web/ipfire/html/images/openvpn.gif +srv/web/ipfire/html/images/openvpn.png +srv/web/ipfire/html/images/package-x-generic.png +srv/web/ipfire/html/images/printer-error.png +srv/web/ipfire/html/images/printer.png +srv/web/ipfire/html/images/process-stop.png +srv/web/ipfire/html/images/process-working.png +srv/web/ipfire/html/images/reload.gif +srv/web/ipfire/html/images/start-here.png +srv/web/ipfire/html/images/stock_down-16.png +srv/web/ipfire/html/images/stock_ok.png +srv/web/ipfire/html/images/stock_stop.png +srv/web/ipfire/html/images/stock_up-16.png +srv/web/ipfire/html/images/system-file-manager.png +srv/web/ipfire/html/images/system-installer.png +srv/web/ipfire/html/images/system-lock-screen.png +srv/web/ipfire/html/images/system-log-out.png +srv/web/ipfire/html/images/system-search.png +srv/web/ipfire/html/images/system-shutdown.png +srv/web/ipfire/html/images/system-software-update.png +srv/web/ipfire/html/images/system-users.png +srv/web/ipfire/html/images/tab-new.png +srv/web/ipfire/html/images/table-header.gif +srv/web/ipfire/html/images/text-html.png +srv/web/ipfire/html/images/text-x-generic-template.png +srv/web/ipfire/html/images/text-x-generic.png +srv/web/ipfire/html/images/text-x-script.png +srv/web/ipfire/html/images/tux.png +srv/web/ipfire/html/images/up.gif +srv/web/ipfire/html/images/updbooster +srv/web/ipfire/html/images/updbooster/updxl-globe.gif +srv/web/ipfire/html/images/updbooster/updxl-gr.gif +srv/web/ipfire/html/images/updbooster/updxl-led-blue.gif +srv/web/ipfire/html/images/updbooster/updxl-led-gray.gif +srv/web/ipfire/html/images/updbooster/updxl-led-green.gif +srv/web/ipfire/html/images/updbooster/updxl-led-red.gif +srv/web/ipfire/html/images/updbooster/updxl-led-yellow.gif +srv/web/ipfire/html/images/updbooster/updxl-rd.gif +srv/web/ipfire/html/images/updbooster/updxl-src-adobe.gif +srv/web/ipfire/html/images/updbooster/updxl-src-apple.gif +srv/web/ipfire/html/images/updbooster/updxl-src-avast.gif +srv/web/ipfire/html/images/updbooster/updxl-src-avg.gif +srv/web/ipfire/html/images/updbooster/updxl-src-avira.gif +srv/web/ipfire/html/images/updbooster/updxl-src-kaspersky.gif +srv/web/ipfire/html/images/updbooster/updxl-src-linux.gif +srv/web/ipfire/html/images/updbooster/updxl-src-microsoft.gif +srv/web/ipfire/html/images/updbooster/updxl-src-symantec.gif +srv/web/ipfire/html/images/updbooster/updxl-src-trendmicro.gif +srv/web/ipfire/html/images/updbooster/updxl-src-unknown.gif +srv/web/ipfire/html/images/updbooster/updxl-src-windows.gif +srv/web/ipfire/html/images/updbooster/updxl-yl.gif +srv/web/ipfire/html/images/urlfilter +srv/web/ipfire/html/images/urlfilter/1x1.gif +srv/web/ipfire/html/images/urlfilter/bg_cool_tux.jpg +srv/web/ipfire/html/images/urlfilter/bgcool.gif +srv/web/ipfire/html/images/urlfilter/copy.gif +srv/web/ipfire/html/images/urlfilter/gmg_tux_ip_fire.gif +srv/web/ipfire/html/images/urlfilter/led-green.gif +srv/web/ipfire/html/images/urlfilter/led-red.gif +srv/web/ipfire/html/images/user-home.png +srv/web/ipfire/html/images/user-multiple.png +srv/web/ipfire/html/images/user-option-add.png +srv/web/ipfire/html/images/user-option-remove.png +srv/web/ipfire/html/images/user-trash-full.png +srv/web/ipfire/html/images/user-trash.png +srv/web/ipfire/html/images/utilities-system-monitor.png +srv/web/ipfire/html/images/utilities-terminal.png +srv/web/ipfire/html/images/view-fullscreen.png +srv/web/ipfire/html/images/view-refresh.png +srv/web/ipfire/html/images/wakeup.gif +srv/web/ipfire/html/images/window-new.png +srv/web/ipfire/html/include +srv/web/ipfire/html/include/snortupdateutility.js +srv/web/ipfire/html/index.cgi +srv/web/ipfire/html/redirect-templates +srv/web/ipfire/html/redirect-templates/legacy +srv/web/ipfire/html/redirect-templates/legacy/template.html +srv/web/ipfire/html/redirect.cgi +srv/web/ipfire/html/themes +srv/web/ipfire/html/themes/darkdos +srv/web/ipfire/html/themes/darkdos/images +srv/web/ipfire/html/themes/darkdos/images/IPFire.png +srv/web/ipfire/html/themes/darkdos/images/b1.gif +srv/web/ipfire/html/themes/darkdos/images/b2.gif +srv/web/ipfire/html/themes/darkdos/images/b3.gif +srv/web/ipfire/html/themes/darkdos/images/b4.gif +srv/web/ipfire/html/themes/darkdos/images/b5.gif +srv/web/ipfire/html/themes/darkdos/images/b6.gif +srv/web/ipfire/html/themes/darkdos/images/spacer.gif +srv/web/ipfire/html/themes/darkdos/include +srv/web/ipfire/html/themes/darkdos/include/colors.txt +srv/web/ipfire/html/themes/darkdos/include/functions.pl +srv/web/ipfire/html/themes/darkdos/include/style.css +srv/web/ipfire/html/themes/ipfire +srv/web/ipfire/html/themes/ipfire-legacy +srv/web/ipfire/html/themes/ipfire-legacy/images +srv/web/ipfire/html/themes/ipfire-legacy/images/n1.gif +srv/web/ipfire/html/themes/ipfire-legacy/images/n2.gif +srv/web/ipfire/html/themes/ipfire-legacy/images/n3.gif +srv/web/ipfire/html/themes/ipfire-legacy/images/n4.gif +srv/web/ipfire/html/themes/ipfire-legacy/images/n5.gif +srv/web/ipfire/html/themes/ipfire-legacy/images/n6.gif +srv/web/ipfire/html/themes/ipfire-legacy/images/spacer.gif +srv/web/ipfire/html/themes/ipfire-legacy/include +srv/web/ipfire/html/themes/ipfire-legacy/include/colors.txt +srv/web/ipfire/html/themes/ipfire-legacy/include/functions.pl +srv/web/ipfire/html/themes/ipfire-legacy/include/style.css +srv/web/ipfire/html/themes/ipfire-rounded +srv/web/ipfire/html/themes/ipfire/images +srv/web/ipfire/html/themes/ipfire/images/n2.gif +srv/web/ipfire/html/themes/ipfire/images/n3.gif +srv/web/ipfire/html/themes/ipfire/images/n5.gif +srv/web/ipfire/html/themes/ipfire/images/n6.gif +srv/web/ipfire/html/themes/ipfire/images/tux2.png +srv/web/ipfire/html/themes/ipfire/include +srv/web/ipfire/html/themes/ipfire/include/colors.txt +srv/web/ipfire/html/themes/ipfire/include/css +srv/web/ipfire/html/themes/ipfire/include/css/style-rounded.css +srv/web/ipfire/html/themes/ipfire/include/css/style.css +srv/web/ipfire/html/themes/ipfire/include/functions.pl +srv/web/ipfire/html/themes/ipfire/include/js +srv/web/ipfire/html/themes/ipfire/include/js/refreshInetInfo.js +srv/web/ipfire/html/themes/maniac +srv/web/ipfire/html/themes/maniac/images +srv/web/ipfire/html/themes/maniac/images/IPFire.png +srv/web/ipfire/html/themes/maniac/images/Thumbs.db +srv/web/ipfire/html/themes/maniac/images/b1.gif +srv/web/ipfire/html/themes/maniac/images/b2.gif +srv/web/ipfire/html/themes/maniac/images/b3.gif +srv/web/ipfire/html/themes/maniac/images/b4.gif +srv/web/ipfire/html/themes/maniac/images/b5.gif +srv/web/ipfire/html/themes/maniac/images/b6.gif +srv/web/ipfire/html/themes/maniac/images/spacer.gif +srv/web/ipfire/html/themes/maniac/include +srv/web/ipfire/html/themes/maniac/include/colors.txt +srv/web/ipfire/html/themes/maniac/include/functions.pl +srv/web/ipfire/html/themes/maniac/include/style.css +var/updatecache +var/updatecache/download +var/updatecache/metadata diff --git a/config/rootfiles/common/xtables-addons b/config/rootfiles/common/xtables-addons new file mode 100644 index 0000000..f6e85ae --- /dev/null +++ b/config/rootfiles/common/xtables-addons @@ -0,0 +1,33 @@ +lib/xtables/libxt_ACCOUNT.so +lib/xtables/libxt_CHAOS.so +lib/xtables/libxt_DELUDE.so +lib/xtables/libxt_DHCPMAC.so +lib/xtables/libxt_DNETMAP.so +lib/xtables/libxt_ECHO.so +lib/xtables/libxt_IPMARK.so +lib/xtables/libxt_LOGMARK.so +lib/xtables/libxt_TARPIT.so +lib/xtables/libxt_condition.so +lib/xtables/libxt_dhcpmac.so +lib/xtables/libxt_fuzzy.so +lib/xtables/libxt_geoip.so +lib/xtables/libxt_iface.so +lib/xtables/libxt_ipp2p.so +lib/xtables/libxt_ipv4options.so +lib/xtables/libxt_length2.so +lib/xtables/libxt_lscan.so +lib/xtables/libxt_pknock.so +lib/xtables/libxt_psd.so +lib/xtables/libxt_quota2.so +#usr/lib/libxt_ACCOUNT_cl.la +#usr/lib/libxt_ACCOUNT_cl.so +usr/lib/libxt_ACCOUNT_cl.so.0 +usr/lib/libxt_ACCOUNT_cl.so.0.0.0 +#usr/libexec/xtables-addons +usr/libexec/xtables-addons/xt_geoip_build +usr/libexec/xtables-addons/xt_geoip_dl +usr/sbin/iptaccount +#usr/share/man/man1/xt_geoip_build.1 +#usr/share/man/man1/xt_geoip_dl.1 +#usr/share/man/man8/iptaccount.8 +#usr/share/man/man8/xtables-addons.8 diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index 7c83de7..b4053d9 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -33,7 +33,7 @@ usr/bin/xzmore #usr/include/lzma/hardware.h #usr/include/lzma/index.h #usr/include/lzma/index_hash.h -#usr/include/lzma/lzma.h +#usr/include/lzma/lzma12.h #usr/include/lzma/stream_flags.h #usr/include/lzma/version.h #usr/include/lzma/vli.h @@ -41,7 +41,7 @@ usr/bin/xzmore #usr/lib/liblzma.la usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.0.5 +usr/lib/liblzma.so.5.2.1 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS @@ -56,6 +56,7 @@ usr/lib/liblzma.so.5.0.5 #usr/share/doc/xz/examples/01_compress_easy.c #usr/share/doc/xz/examples/02_decompress.c #usr/share/doc/xz/examples/03_compress_custom.c +#usr/share/doc/xz/examples/04_compress_easy_mt.c #usr/share/doc/xz/examples/Makefile #usr/share/doc/xz/examples_old #usr/share/doc/xz/examples_old/xz_pipe_comp.c @@ -69,6 +70,7 @@ usr/lib/liblzma.so.5.0.5 #usr/share/locale/fr/LC_MESSAGES/xz.mo #usr/share/locale/it/LC_MESSAGES/xz.mo #usr/share/locale/pl/LC_MESSAGES/xz.mo +#usr/share/locale/vi/LC_MESSAGES/xz.mo #usr/share/man/man1/lzcat.1 #usr/share/man/man1/lzcmp.1 #usr/share/man/man1/lzdiff.1 diff --git a/config/rootfiles/core/90/exclude b/config/rootfiles/core/90/exclude new file mode 100644 index 0000000..56e840d --- /dev/null +++ b/config/rootfiles/core/90/exclude @@ -0,0 +1,28 @@ +boot/config.txt +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/rc.d/rcsysinit.d/S19checkfstab +etc/rc.d/rcsysinit.d/S70console +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/modules +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/firewall/geoipblock +var/ipfire/fwhosts/custmgeoipgrp +var/ipfire/ovpn/ccd.conf +var/ipfire/ovpn/ccdroute +var/ipfire/ovpn/ccdroute2 +var/ipfire/time +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/90/filelists/Locale-Country b/config/rootfiles/core/90/filelists/Locale-Country new file mode 120000 index 0000000..025c278 --- /dev/null +++ b/config/rootfiles/core/90/filelists/Locale-Country @@ -0,0 +1 @@ +../../../common/Locale-Country \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/apache2 b/config/rootfiles/core/90/filelists/apache2 new file mode 120000 index 0000000..eef95ef --- /dev/null +++ b/config/rootfiles/core/90/filelists/apache2 @@ -0,0 +1 @@ +../../../common/apache2 \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/armv5tel/glibc b/config/rootfiles/core/90/filelists/armv5tel/glibc new file mode 120000 index 0000000..4c70d72 --- /dev/null +++ b/config/rootfiles/core/90/filelists/armv5tel/glibc @@ -0,0 +1 @@ +../../../../common/armv5tel/glibc \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/90/filelists/armv5tel/linux-kirkwood new file mode 120000 index 0000000..7217107 --- /dev/null +++ b/config/rootfiles/core/90/filelists/armv5tel/linux-kirkwood @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-kirkwood \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/armv5tel/linux-multi b/config/rootfiles/core/90/filelists/armv5tel/linux-multi new file mode 120000 index 0000000..204eb4c --- /dev/null +++ b/config/rootfiles/core/90/filelists/armv5tel/linux-multi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-multi \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/armv5tel/linux-rpi b/config/rootfiles/core/90/filelists/armv5tel/linux-rpi new file mode 120000 index 0000000..a651a49 --- /dev/null +++ b/config/rootfiles/core/90/filelists/armv5tel/linux-rpi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-rpi \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/curl b/config/rootfiles/core/90/filelists/curl new file mode 120000 index 0000000..4b84bef --- /dev/null +++ b/config/rootfiles/core/90/filelists/curl @@ -0,0 +1 @@ +../../../common/curl \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/cyrus-sasl b/config/rootfiles/core/90/filelists/cyrus-sasl new file mode 120000 index 0000000..bb51b4c --- /dev/null +++ b/config/rootfiles/core/90/filelists/cyrus-sasl @@ -0,0 +1 @@ +../../../common/cyrus-sasl \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/ddns b/config/rootfiles/core/90/filelists/ddns new file mode 120000 index 0000000..7395164 --- /dev/null +++ b/config/rootfiles/core/90/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/dhcp b/config/rootfiles/core/90/filelists/dhcp new file mode 120000 index 0000000..32d8da4 --- /dev/null +++ b/config/rootfiles/core/90/filelists/dhcp @@ -0,0 +1 @@ +../../../common/dhcp \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/dhcpcd b/config/rootfiles/core/90/filelists/dhcpcd new file mode 120000 index 0000000..1e799da --- /dev/null +++ b/config/rootfiles/core/90/filelists/dhcpcd @@ -0,0 +1 @@ +../../../common/dhcpcd \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/dnsmasq b/config/rootfiles/core/90/filelists/dnsmasq new file mode 120000 index 0000000..d469c74 --- /dev/null +++ b/config/rootfiles/core/90/filelists/dnsmasq @@ -0,0 +1 @@ +../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/dracut b/config/rootfiles/core/90/filelists/dracut new file mode 120000 index 0000000..1608699 --- /dev/null +++ b/config/rootfiles/core/90/filelists/dracut @@ -0,0 +1 @@ +../../../common/dracut \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/expat b/config/rootfiles/core/90/filelists/expat new file mode 120000 index 0000000..e1923cf --- /dev/null +++ b/config/rootfiles/core/90/filelists/expat @@ -0,0 +1 @@ +../../../common/expat \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/files b/config/rootfiles/core/90/filelists/files new file mode 100644 index 0000000..431dcd6 --- /dev/null +++ b/config/rootfiles/core/90/filelists/files @@ -0,0 +1,36 @@ +etc/system-release +etc/issue +etc/rc.d/init.d/firewall +etc/rc.d/init.d/network-trigger +etc/rc.d/init.d/networking/functions.network +etc/rc.d/init.d/networking/red.up/99-geoip-database +etc/rc.d/rcsysinit.d/S90network-trigger +srv/web/ipfire/cgi-bin/country.cgi +srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/firewall.cgi +srv/web/ipfire/cgi-bin/fwhosts.cgi +srv/web/ipfire/cgi-bin/geoip-block.cgi +srv/web/ipfire/cgi-bin/index.cgi +srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat +srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat +srv/web/ipfire/cgi-bin/logs.cgi/firewalllogip.dat +srv/web/ipfire/cgi-bin/netovpnsrv.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +srv/web/ipfire/html/themes/darkdos/include/style.css +srv/web/ipfire/html/themes/ipfire-legacy/include/style.css +srv/web/ipfire/html/themes/ipfire/include/css/style.css +srv/web/ipfire/html/themes/maniac/include/style.css +usr/lib/firewall/firewall-lib.pl +usr/lib/firewall/rules.pl +usr/local/bin/backupiso +usr/local/bin/ddnsctrl +usr/local/bin/ipsecctrl +usr/local/bin/xt_geoip_build +usr/local/bin/xt_geoip_update +var/ipfire/general-functions.pl +var/ipfire/geoip-functions.pl +var/ipfire/header.pl +var/ipfire/backup/include +var/ipfire/langs +var/ipfire/menu.d/50-firewall.menu diff --git a/config/rootfiles/core/90/filelists/fireinfo b/config/rootfiles/core/90/filelists/fireinfo new file mode 120000 index 0000000..c461155 --- /dev/null +++ b/config/rootfiles/core/90/filelists/fireinfo @@ -0,0 +1 @@ +../../../common/fireinfo \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/flag-icons b/config/rootfiles/core/90/filelists/flag-icons new file mode 120000 index 0000000..8776b6b --- /dev/null +++ b/config/rootfiles/core/90/filelists/flag-icons @@ -0,0 +1 @@ +../../../common/flag-icons \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/groff b/config/rootfiles/core/90/filelists/groff new file mode 120000 index 0000000..232291e --- /dev/null +++ b/config/rootfiles/core/90/filelists/groff @@ -0,0 +1 @@ +../../../common/groff \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/i586/acpid b/config/rootfiles/core/90/filelists/i586/acpid new file mode 120000 index 0000000..21d36ee --- /dev/null +++ b/config/rootfiles/core/90/filelists/i586/acpid @@ -0,0 +1 @@ +../../../../common/i586/acpid \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/i586/glibc b/config/rootfiles/core/90/filelists/i586/glibc new file mode 120000 index 0000000..943021f --- /dev/null +++ b/config/rootfiles/core/90/filelists/i586/glibc @@ -0,0 +1 @@ +../../../../common/i586/glibc \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/i586/linux b/config/rootfiles/core/90/filelists/i586/linux new file mode 120000 index 0000000..693ec4b --- /dev/null +++ b/config/rootfiles/core/90/filelists/i586/linux @@ -0,0 +1 @@ +../../../../common/i586/linux \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/i586/linux-initrd b/config/rootfiles/core/90/filelists/i586/linux-initrd new file mode 120000 index 0000000..32a03e6 --- /dev/null +++ b/config/rootfiles/core/90/filelists/i586/linux-initrd @@ -0,0 +1 @@ +../../../../common/i586/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/i586/openssl-sse2 b/config/rootfiles/core/90/filelists/i586/openssl-sse2 new file mode 120000 index 0000000..f424713 --- /dev/null +++ b/config/rootfiles/core/90/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/iptables b/config/rootfiles/core/90/filelists/iptables new file mode 120000 index 0000000..8caf12b --- /dev/null +++ b/config/rootfiles/core/90/filelists/iptables @@ -0,0 +1 @@ +../../../common/iptables \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/iputils b/config/rootfiles/core/90/filelists/iputils new file mode 120000 index 0000000..361c28f --- /dev/null +++ b/config/rootfiles/core/90/filelists/iputils @@ -0,0 +1 @@ +../../../common/iputils \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/libjpeg b/config/rootfiles/core/90/filelists/libjpeg new file mode 120000 index 0000000..3b1a782 --- /dev/null +++ b/config/rootfiles/core/90/filelists/libjpeg @@ -0,0 +1 @@ +../../../common/libjpeg \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/logrotate b/config/rootfiles/core/90/filelists/logrotate new file mode 120000 index 0000000..bc192c0 --- /dev/null +++ b/config/rootfiles/core/90/filelists/logrotate @@ -0,0 +1 @@ +../../../common/logrotate \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/logwatch b/config/rootfiles/core/90/filelists/logwatch new file mode 120000 index 0000000..f14eabd --- /dev/null +++ b/config/rootfiles/core/90/filelists/logwatch @@ -0,0 +1 @@ +../../../common/logwatch \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/openssl b/config/rootfiles/core/90/filelists/openssl new file mode 120000 index 0000000..e011a92 --- /dev/null +++ b/config/rootfiles/core/90/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/openssl-0.9.8-files b/config/rootfiles/core/90/filelists/openssl-0.9.8-files new file mode 100644 index 0000000..e80a57d --- /dev/null +++ b/config/rootfiles/core/90/filelists/openssl-0.9.8-files @@ -0,0 +1,19 @@ +lib/security/pam_mysql.so +usr/lib/gnupg/gpgkeys_ldap +usr/lib/gnupg/gpgkeys_hkp +usr/lib/gnupg/gpgkeys_curl +usr/lib/apache/libphp5.so +usr/lib/squid/digest_ldap_auth +usr/lib/squid/basic_ldap_auth +usr/lib/squid/ext_kerberos_ldap_group_acl +usr/lib/squid/ext_edirectory_userip_acl +usr/lib/squid/ext_ldap_group_acl +usr/lib/python2.7/lib-dynload/_ssl.so +usr/lib/python2.7/lib-dynload/_hashlib.so +usr/lib/collectd/write_http.so +usr/lib/collectd/ascent.so +usr/lib/collectd/curl_xml.so +usr/lib/collectd/apache.so +usr/lib/collectd/bind.so +usr/lib/collectd/curl.so +usr/bin/php diff --git a/config/rootfiles/core/90/filelists/perl-Text-CSV_XS b/config/rootfiles/core/90/filelists/perl-Text-CSV_XS new file mode 120000 index 0000000..ec1202f --- /dev/null +++ b/config/rootfiles/core/90/filelists/perl-Text-CSV_XS @@ -0,0 +1 @@ +../../../common/perl-Text-CSV_XS \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/squid b/config/rootfiles/core/90/filelists/squid new file mode 120000 index 0000000..2dc8372 --- /dev/null +++ b/config/rootfiles/core/90/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/strongswan b/config/rootfiles/core/90/filelists/strongswan new file mode 120000 index 0000000..90c727e --- /dev/null +++ b/config/rootfiles/core/90/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/tzdata b/config/rootfiles/core/90/filelists/tzdata new file mode 120000 index 0000000..5a6e325 --- /dev/null +++ b/config/rootfiles/core/90/filelists/tzdata @@ -0,0 +1 @@ +../../../common/tzdata \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/udev b/config/rootfiles/core/90/filelists/udev new file mode 120000 index 0000000..e967a1c --- /dev/null +++ b/config/rootfiles/core/90/filelists/udev @@ -0,0 +1 @@ +../../../common/udev \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/wpa_supplicant b/config/rootfiles/core/90/filelists/wpa_supplicant new file mode 120000 index 0000000..1d04c03 --- /dev/null +++ b/config/rootfiles/core/90/filelists/wpa_supplicant @@ -0,0 +1 @@ +../../../common/wpa_supplicant \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/xtables-addons b/config/rootfiles/core/90/filelists/xtables-addons new file mode 120000 index 0000000..2e24c42 --- /dev/null +++ b/config/rootfiles/core/90/filelists/xtables-addons @@ -0,0 +1 @@ +../../../common/xtables-addons \ No newline at end of file diff --git a/config/rootfiles/core/90/filelists/xz b/config/rootfiles/core/90/filelists/xz new file mode 120000 index 0000000..734e926 --- /dev/null +++ b/config/rootfiles/core/90/filelists/xz @@ -0,0 +1 @@ +../../../common/xz \ No newline at end of file diff --git a/config/rootfiles/core/90/meta b/config/rootfiles/core/90/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/90/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/90/update.sh b/config/rootfiles/core/90/update.sh new file mode 100644 index 0000000..4835c5a --- /dev/null +++ b/config/rootfiles/core/90/update.sh @@ -0,0 +1,305 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2014 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + + +function find_device() { + local mountpoint="${1}" + + local root + local dev mp fs flags rest + while read -r dev mp fs flags rest; do + # Skip unwanted entries + [ "${dev}" = "rootfs" ] && continue + + if [ "${mp}" = "${mountpoint}" ] && [ -b "${dev}" ]; then + root="$(basename "${dev}")" + break + fi + done < /proc/mounts + + # Get the actual device from the partition that holds / + while [ -n "${root}" ]; do + if [ -e "/sys/block/${root}" ]; then + echo "${root}" + return 0 + fi + + # Remove last character + root="${root::-1}" + done + + return 1 +} + + +# +# Remove old core updates from pakfire cache to save space... +core=90 +for (( i=1; i<=${core}; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# +# Do some sanity checks. +case $(uname -r) in + *-ipfire-versatile ) + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: ERROR cannot update. versatile support is dropped." + # Report no error to pakfire. So it does not try to install it again. + exit 0 + ;; + *-ipfire* ) + # Ok. + ;; + * ) + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: ERROR cannot update. No IPFire Kernel." + exit 1 + ;; +esac + + +# +# +KVER="xxxKVERxxx" + +# Check diskspace on root +ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $ROOTSPACE -lt 100000 ]; then + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: ERROR cannot update because not enough free space on root." + exit 2 +fi + + +echo +echo Update Kernel to $KVER ... +# +# Remove old kernel, configs, initrd, modules, dtb's ... +# +rm -rf /boot/System.map-* +rm -rf /boot/config-* +rm -rf /boot/ipfirerd-* +rm -rf /boot/initramfs-* +rm -rf /boot/vmlinuz-* +rm -rf /boot/uImage-ipfire-* +rm -rf /boot/uInit-ipfire-* +rm -rf /boot/dtb-*-ipfire-* +rm -rf /lib/modules + +case "$(uname -m)" in + armv*) + # Backup uEnv.txt if exist + if [ -e /boot/uEnv.txt ]; then + cp -vf /boot/uEnv.txt /boot/uEnv.txt.org + fi + + # work around the u-boot folder detection bug + mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood + mkdir -pv /boot/dtb-$KVER-ipfire-multi + ;; +esac + +# +#Stop services +/etc/init.d/snort stop +/etc/init.d/squid stop +/etc/init.d/ipsec stop +/etc/init.d/apache stop + +# Drop old flag icons, before extracting the new ones. +rm /srv/web/ipfire/html/images/flags/* + +# +#Extract files +tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / + +# +# restart init because glibc was updated. +telinit u + +# Remove old openssl libraries +rm -vf /usr/lib/libcrypto.so.0.9.8 /usr/lib/libssl.so.0.9.8 + +# Check diskspace on boot +BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $BOOTSPACE -lt 1000 ]; then + case $(uname -r) in + *-ipfire-kirkwood ) + # Special handling for old kirkwood images. + # (install only kirkwood kernel) + rm -rf /boot/* + # work around the u-boot folder detection bug + mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood + tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \ + --numeric-owner -C / --wildcards 'boot/*-kirkwood*' + ;; + * ) + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: FATAL-ERROR space run out on boot. System is not bootable..." + /etc/init.d/apache start + exit 4 + ;; + esac +fi + +# Create GeoIP related files if they do not exist yet. +if [ ! -e "/var/ipfire/firewall/geoipblock" ]; then + touch /var/ipfire/firewall/geoipblock + chown nobody:nobody /var/ipfire/firewall/geoipblock + + # Insert default value into file. + echo "GEOIPBLOCK_ENABLED=off" >> /var/ipfire/firewall/geoipblock +fi +if [ ! -e "/var/ipfire/fwhosts/customgeoipgrp" ]; then + touch /var/ipfire/fwhosts/customgeoipgrp + chown nobody:nobody /var/ipfire/fwhosts/customgeoipgrp +fi + +#Fix BUG10812 (openvpn server.conf has wrong collectd logfile path) +if grep -q "status /var/log/ovpnserver.log 30" /var/ipfire/ovpn/server.conf; then + sed -i "s//var/log/ovpnserver.log 30//var/run/ovpnserver.log 30/" /var/ipfire/ovpn/server.conf +fi + +# Download/Update GeoIP databases. +/usr/local/bin/xt_geoip_update + +# Update crontab +grep -q /usr/local/bin/xt_geoip_update /var/spool/cron/root.orig || cat <<EOF >> /var/spool/cron/root.orig + +# Update GeoIP database once a month. +%monthly,random * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/xt_geoip_update >/dev/null 2>&1 +EOF + +fcrontab -z &>/dev/null + +# Generate ddns configuration file +sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi + +# Regenerate IPsec configuration +sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi + +# Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +# +# Start services +# +/etc/init.d/apache start +/etc/init.d/squid start +/etc/init.d/snort start +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi + +case "$(uname -m)" in + i?86) + case "$(find_device "/")" in + xvd* ) + echo Skip remove grub2 files, because pygrub fail. + rm -f /boot/grub/* + echo config will recreated by linux-pae install. + ;; + * ) + # + # Update to GRUB2 config + # + grub-mkconfig > /boot/grub/grub.cfg + ;; + esac +esac + +# Upadate Kernel version uEnv.txt +if [ -e /boot/uEnv.txt ]; then + sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt +fi + +# call user update script (needed for some arm boards) +if [ -e /boot/pakfire-kernel-update ]; then + /boot/pakfire-kernel-update ${KVER} +fi + + +# Force (re)install pae kernel if pae is supported +rm -rf /opt/pakfire/db/*/meta-linux-pae +if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then + ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: WARNING not enough space for pae kernel." + else + echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae + echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae + echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae + echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae + echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae + echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-pae + fi +fi + +# +# After pakfire has ended run it again and update the lists and do upgrade +# +echo '#!/bin/bash' > /tmp/pak_update +echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update +echo ' sleep 1' >> /tmp/pak_update +echo 'done' >> /tmp/pak_update +echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update +echo ' sleep 1' >> /tmp/pak_update +echo 'done' >> /tmp/pak_update +echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub/uboot config"' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update +echo 'touch /var/run/need_reboot ' >> /tmp/pak_update +# +killall -KILL pak_update +chmod +x /tmp/pak_update +/tmp/pak_update & + +sync + +# +#Finish +( + /etc/init.d/fireinfo start + sendprofile +) >/dev/null 2>&1 & + +echo +echo Please wait until pakfire has ended... +echo + +# Don't report the exitcode last command +exit 0 + diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index 7353313..d79f6e6 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -11,15 +11,15 @@ usr/bin/sigtool #usr/lib/libclamav.la usr/lib/libclamav.so usr/lib/libclamav.so.6 -usr/lib/libclamav.so.6.1.25 +usr/lib/libclamav.so.6.1.26 #usr/lib/libclamunrar.la usr/lib/libclamunrar.so usr/lib/libclamunrar.so.6 -usr/lib/libclamunrar.so.6.1.25 +usr/lib/libclamunrar.so.6.1.26 #usr/lib/libclamunrar_iface.la usr/lib/libclamunrar_iface.so usr/lib/libclamunrar_iface.so.6 -usr/lib/libclamunrar_iface.so.6.1.25 +usr/lib/libclamunrar_iface.so.6.1.26 #usr/lib/pkgconfig/libclamav.pc usr/sbin/clamd usr/share/clamav diff --git a/config/rootfiles/packages/libsrtp b/config/rootfiles/packages/libsrtp index 105f3f0..3ee2e3b 100644 --- a/config/rootfiles/packages/libsrtp +++ b/config/rootfiles/packages/libsrtp @@ -37,4 +37,5 @@ #usr/include/srtp/ut_sim.h #usr/include/srtp/xfm.h usr/lib/libsrtp.so +usr/lib/libsrtp.so.1 #usr/lib/pkgconfig/libsrtp.pc diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu index 5062066..9896139 100644 --- a/config/rootfiles/packages/qemu +++ b/config/rootfiles/packages/qemu @@ -7,19 +7,33 @@ usr/bin/qemu-img usr/bin/qemu-io usr/bin/qemu-nbd usr/bin/qemu-system-arm +usr/bin/qemu-system-i386 +usr/libexec/qemu-bridge-helper #usr/share/doc/qemu #usr/share/doc/qemu/qemu-doc.html #usr/share/doc/qemu/qemu-tech.html +#usr/share/doc/qemu/qmp-commands.txt #usr/share/man/man1/qemu-img.1 #usr/share/man/man1/qemu.1 #usr/share/man/man8/qemu-nbd.8 -usr/share/qemu +#usr/share/qemu +usr/share/qemu/QEMU,cgthree.bin +usr/share/qemu/QEMU,tcx.bin +usr/share/qemu/acpi-dsdt.aml usr/share/qemu/bamboo.dtb +usr/share/qemu/bios-256k.bin usr/share/qemu/bios.bin -usr/share/qemu/extboot.bin +usr/share/qemu/efi-e1000.rom +usr/share/qemu/efi-eepro100.rom +usr/share/qemu/efi-ne2k_pci.rom +usr/share/qemu/efi-pcnet.rom +usr/share/qemu/efi-rtl8139.rom +usr/share/qemu/efi-virtio.rom usr/share/qemu/keymaps usr/share/qemu/keymaps/ar +usr/share/qemu/keymaps/bepo usr/share/qemu/keymaps/common +usr/share/qemu/keymaps/cz usr/share/qemu/keymaps/da usr/share/qemu/keymaps/de usr/share/qemu/keymaps/de-ch @@ -53,12 +67,13 @@ usr/share/qemu/keymaps/sl usr/share/qemu/keymaps/sv usr/share/qemu/keymaps/th usr/share/qemu/keymaps/tr +usr/share/qemu/kvmvapic.bin usr/share/qemu/linuxboot.bin -usr/share/qemu/mpc8544ds.dtb usr/share/qemu/multiboot.bin usr/share/qemu/openbios-ppc usr/share/qemu/openbios-sparc32 usr/share/qemu/openbios-sparc64 +usr/share/qemu/palcode-clipper usr/share/qemu/petalogix-ml605.dtb usr/share/qemu/petalogix-s3adsp1800.dtb usr/share/qemu/ppc_rom.bin @@ -68,12 +83,19 @@ usr/share/qemu/pxe-ne2k_pci.rom usr/share/qemu/pxe-pcnet.rom usr/share/qemu/pxe-rtl8139.rom usr/share/qemu/pxe-virtio.rom +usr/share/qemu/q35-acpi-dsdt.aml +usr/share/qemu/qemu-icon.bmp +usr/share/qemu/qemu_logo_no_text.svg +usr/share/qemu/s390-ccw.img usr/share/qemu/s390-zipl.rom +usr/share/qemu/sgabios.bin usr/share/qemu/slof.bin usr/share/qemu/spapr-rtas.bin -usr/share/qemu/vapic.bin +usr/share/qemu/trace-events +usr/share/qemu/u-boot.e500 usr/share/qemu/vgabios-cirrus.bin usr/share/qemu/vgabios-qxl.bin usr/share/qemu/vgabios-stdvga.bin usr/share/qemu/vgabios-vmware.bin usr/share/qemu/vgabios.bin +#usr/var/run diff --git a/config/rootfiles/packages/tor b/config/rootfiles/packages/tor index f9c657c..972b207 100644 --- a/config/rootfiles/packages/tor +++ b/config/rootfiles/packages/tor @@ -1,11 +1,9 @@ -#etc/logrotate.d etc/logrotate.d/tor etc/rc.d/init.d/tor etc/rc.d/rc0.d/K40tor etc/rc.d/rc3.d/S60tor etc/rc.d/rc6.d/K40tor #etc/tor -#etc/tor/tor-tsocks.conf etc/tor/torrc srv/web/ipfire/cgi-bin/tor.cgi usr/bin/tor diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf index f0906e5..9d1e6e1 100644 --- a/config/ssl/openssl.cnf +++ b/config/ssl/openssl.cnf @@ -21,7 +21,7 @@ RANDFILE = $dir/tmp/.rand x509_extensions = usr_cert default_days = 999999 default_crl_days= 30 -default_md = md5 +default_md = sha256 preserve = no policy = policy_match email_in_dn = no @@ -35,7 +35,7 @@ commonName = supplied emailAddress = optional
[ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes diff --git a/config/syslinux/syslinux.cfg b/config/syslinux/syslinux.cfg index cfb8113..3952167 100644 --- a/config/syslinux/syslinux.cfg +++ b/config/syslinux/syslinux.cfg @@ -50,6 +50,7 @@ Run the installer in text mode. ENDTEXT KERNEL vmlinuz INITRD instroot + APPEND novga
LABEL unattended MENU LABEL Unattended installation diff --git a/config/udev/60-net.rules b/config/udev/60-net.rules new file mode 100644 index 0000000..4f22a1e --- /dev/null +++ b/config/udev/60-net.rules @@ -0,0 +1,3 @@ +# Call a script that checks for the right name of the new device. +# If it matches the configuration it will be renamed accordingly. +ACTION=="add", SUBSYSTEM=="net", PROGRAM="/lib/udev/network-hotplug-rename", RESULT=="?*", NAME="$result" diff --git a/config/udev/network-hotplug-rename b/config/udev/network-hotplug-rename new file mode 100644 index 0000000..331b788 --- /dev/null +++ b/config/udev/network-hotplug-rename @@ -0,0 +1,75 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2015 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +# Check if all appropriate variables are set +[ -n "${INTERFACE}" ] || exit 2 + +# Ignore virtual interfaces, etc. +case "${INTERFACE}" in + lo) + exit 0 + ;; + tun*) + exit 0 + ;; + ppp*) + exit 0 + ;; +esac + +# Check if INTERFACE actually exists +[ -d "/sys/class/net/${INTERFACE}" ] || exit 1 + +# If the network configuration is not readable, +# we cannot go on. +if [ ! -r "/var/ipfire/ethernet/settings" ]; then + exit 1 +fi + +# Read network settings +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) + +# Standard zones +ZONES="RED GREEN ORANGE BLUE" + +# Determine the address of INTERFACE +ADDRESS="$(</sys/class/net/${INTERFACE}/address)" + +# Walk through all zones and find the matching interface +for zone in ${ZONES}; do + address="${zone}_MACADDR" + device="${zone}_DEV" + + # Skip if address or device is unset + [ -n "${!address}" -a -n "${!device}" ] || continue + + # If a matching interface has been found we will + # print the name to which udev will rename it. + if [ "${ADDRESS}" = "${!address}" ]; then + echo "${!device}" + exit 0 + fi +done + +# If we get here we have not found a matching device, +# but we won't return an error any way. The new device +# will remain with the previous name. +exit 0 diff --git a/config/xtables-addons/mconfig b/config/xtables-addons/mconfig new file mode 100644 index 0000000..933d717 --- /dev/null +++ b/config/xtables-addons/mconfig @@ -0,0 +1,24 @@ +# -*- Makefile -*- +# +build_ACCOUNT=m +build_CHAOS=m +build_DELUDE=m +build_DHCPMAC=m +build_DNETMAP=m +build_ECHO=m +build_IPMARK=m +build_LOGMARK=m +build_SYSRQ=n +build_TARPIT=m +build_condition=m +build_fuzzy=m +build_geoip=m +build_gradm=n +build_iface=m +build_ipp2p=m +build_ipv4options=m +build_length2=m +build_lscan=m +build_pknock=m +build_psd=m +build_quota2=m diff --git a/doc/language_issues.de b/doc/language_issues.de index 8274818..1ccc654 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -75,6 +75,7 @@ WARNING: translation string unused: bad characters in WARNING: translation string unused: behind a proxy WARNING: translation string unused: bitrate WARNING: translation string unused: bleeding rules +WARNING: translation string unused: block WARNING: translation string unused: blue access use hint WARNING: translation string unused: blue interface WARNING: translation string unused: cache management @@ -243,6 +244,7 @@ WARNING: translation string unused: fwhost Standard Network WARNING: translation string unused: fwhost attention WARNING: translation string unused: fwhost blue WARNING: translation string unused: fwhost changeremark +WARNING: translation string unused: fwhost cust geoip WARNING: translation string unused: fwhost err addrgrp WARNING: translation string unused: fwhost err hostorip WARNING: translation string unused: fwhost err mac @@ -258,6 +260,9 @@ WARNING: translation string unused: fwhost wo subnet WARNING: translation string unused: gen static key WARNING: translation string unused: generate WARNING: translation string unused: genkey +WARNING: translation string unused: geoipblock country code +WARNING: translation string unused: geoipblock country name +WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface WARNING: translation string unused: gz with key WARNING: translation string unused: hint @@ -275,6 +280,7 @@ WARNING: translation string unused: ike encryption WARNING: translation string unused: ike grouptype WARNING: translation string unused: ike integrity WARNING: translation string unused: ike lifetime +WARNING: translation string unused: ike lifetime should be between 1 and 24 hours WARNING: translation string unused: import WARNING: translation string unused: importkey WARNING: translation string unused: in @@ -575,6 +581,8 @@ WARNING: translation string unused: transfer limits WARNING: translation string unused: transparent on WARNING: translation string unused: umount WARNING: translation string unused: umount removable media before to unplug +WARNING: translation string unused: unblock +WARNING: translation string unused: unblock all WARNING: translation string unused: unencrypted WARNING: translation string unused: update transcript WARNING: translation string unused: updates @@ -631,7 +639,9 @@ WARNING: untranslated string: bytes WARNING: untranslated string: community rules WARNING: untranslated string: dead peer detection WARNING: untranslated string: emerging rules +WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: no data WARNING: untranslated string: qos add subclass WARNING: untranslated string: route config changed diff --git a/doc/language_issues.en b/doc/language_issues.en index dc03328..b7be862 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -93,6 +93,7 @@ WARNING: translation string unused: bewan adsl pci st WARNING: translation string unused: bewan adsl usb WARNING: translation string unused: bitrate WARNING: translation string unused: bleeding rules +WARNING: translation string unused: block WARNING: translation string unused: blue access use hint WARNING: translation string unused: blue interface WARNING: translation string unused: cache management @@ -266,6 +267,7 @@ WARNING: translation string unused: fwhost Standard Network WARNING: translation string unused: fwhost attention WARNING: translation string unused: fwhost blue WARNING: translation string unused: fwhost changeremark +WARNING: translation string unused: fwhost cust geoip WARNING: translation string unused: fwhost err addrgrp WARNING: translation string unused: fwhost err hostorip WARNING: translation string unused: fwhost err mac @@ -283,6 +285,9 @@ WARNING: translation string unused: g.lite WARNING: translation string unused: gen static key WARNING: translation string unused: generate WARNING: translation string unused: genkey +WARNING: translation string unused: geoipblock country code +WARNING: translation string unused: geoipblock country name +WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface WARNING: translation string unused: gz with key WARNING: translation string unused: hint @@ -300,6 +305,7 @@ WARNING: translation string unused: ike encryption WARNING: translation string unused: ike grouptype WARNING: translation string unused: ike integrity WARNING: translation string unused: ike lifetime +WARNING: translation string unused: ike lifetime should be between 1 and 24 hours WARNING: translation string unused: import WARNING: translation string unused: importkey WARNING: translation string unused: in @@ -608,6 +614,8 @@ WARNING: translation string unused: transfer limits WARNING: translation string unused: transparent on WARNING: translation string unused: umount WARNING: translation string unused: umount removable media before to unplug +WARNING: translation string unused: unblock +WARNING: translation string unused: unblock all WARNING: translation string unused: unencrypted WARNING: translation string unused: update transcript WARNING: translation string unused: updates @@ -663,7 +671,9 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes +WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: no data WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added diff --git a/doc/language_issues.es b/doc/language_issues.es index d44ab4c..086dfbd 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -233,6 +233,9 @@ WARNING: translation string unused: g.lite WARNING: translation string unused: gen static key WARNING: translation string unused: generate WARNING: translation string unused: genkey +WARNING: translation string unused: geoipblock country code +WARNING: translation string unused: geoipblock country name +WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface WARNING: translation string unused: gz with key WARNING: translation string unused: hint @@ -250,6 +253,7 @@ WARNING: translation string unused: ike encryption WARNING: translation string unused: ike grouptype WARNING: translation string unused: ike integrity WARNING: translation string unused: ike lifetime +WARNING: translation string unused: ike lifetime should be between 1 and 24 hours WARNING: translation string unused: import WARNING: translation string unused: importkey WARNING: translation string unused: in @@ -649,6 +653,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: check all WARNING: untranslated string: count WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags @@ -793,6 +798,7 @@ WARNING: untranslated string: fwdfw wd_thu WARNING: untranslated string: fwdfw wd_tue WARNING: untranslated string: fwdfw wd_wed WARNING: untranslated string: fwhost OpenVPN N-2-N +WARNING: untranslated string: fwhost addgeoipgrp WARNING: untranslated string: fwhost addgrp WARNING: untranslated string: fwhost addgrpname WARNING: untranslated string: fwhost addhost @@ -805,6 +811,9 @@ WARNING: untranslated string: fwhost ccdhost WARNING: untranslated string: fwhost ccdnet WARNING: untranslated string: fwhost change WARNING: untranslated string: fwhost cust addr +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost cust grp WARNING: untranslated string: fwhost cust net WARNING: untranslated string: fwhost cust service @@ -844,6 +853,7 @@ WARNING: untranslated string: fwhost ip_mac WARNING: untranslated string: fwhost ipsec net WARNING: untranslated string: fwhost menu WARNING: untranslated string: fwhost netaddress +WARNING: untranslated string: fwhost newgeoipgrp WARNING: untranslated string: fwhost newgrp WARNING: untranslated string: fwhost newhost WARNING: untranslated string: fwhost newnet @@ -862,6 +872,7 @@ WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support +WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei WARNING: untranslated string: imsi WARNING: untranslated string: incoming compression in bytes per second @@ -1023,6 +1034,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 0bf0f86..47ee3fb 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -250,6 +250,7 @@ WARNING: translation string unused: ike encryption WARNING: translation string unused: ike grouptype WARNING: translation string unused: ike integrity WARNING: translation string unused: ike lifetime +WARNING: translation string unused: ike lifetime should be between 1 and 24 hours WARNING: translation string unused: import WARNING: translation string unused: importkey WARNING: translation string unused: in @@ -659,6 +660,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: check all WARNING: untranslated string: count WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags @@ -804,6 +806,7 @@ WARNING: untranslated string: fwdfw wd_thu WARNING: untranslated string: fwdfw wd_tue WARNING: untranslated string: fwdfw wd_wed WARNING: untranslated string: fwhost OpenVPN N-2-N +WARNING: untranslated string: fwhost addgeoipgrp WARNING: untranslated string: fwhost addgrp WARNING: untranslated string: fwhost addgrpname WARNING: untranslated string: fwhost addhost @@ -816,6 +819,9 @@ WARNING: untranslated string: fwhost ccdhost WARNING: untranslated string: fwhost ccdnet WARNING: untranslated string: fwhost change WARNING: untranslated string: fwhost cust addr +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost cust grp WARNING: untranslated string: fwhost cust net WARNING: untranslated string: fwhost cust service @@ -855,6 +861,7 @@ WARNING: untranslated string: fwhost ip_mac WARNING: untranslated string: fwhost ipsec net WARNING: untranslated string: fwhost menu WARNING: untranslated string: fwhost netaddress +WARNING: untranslated string: fwhost newgeoipgrp WARNING: untranslated string: fwhost newgrp WARNING: untranslated string: fwhost newhost WARNING: untranslated string: fwhost newnet @@ -871,8 +878,16 @@ WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key +WARNING: untranslated string: geoip +WARNING: untranslated string: geoipblock +WARNING: untranslated string: geoipblock block countries +WARNING: untranslated string: geoipblock configuration +WARNING: untranslated string: geoipblock country is allowed +WARNING: untranslated string: geoipblock country is blocked +WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support +WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei WARNING: untranslated string: imsi WARNING: untranslated string: incoming compression in bytes per second @@ -1031,6 +1046,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key WARNING: untranslated string: upload new ruleset diff --git a/doc/language_issues.it b/doc/language_issues.it new file mode 100644 index 0000000..098f440 --- /dev/null +++ b/doc/language_issues.it @@ -0,0 +1,719 @@ +WARNING: translation string unused: Client status and controlc +WARNING: translation string unused: ConnSched scheduler +WARNING: translation string unused: ConnSched select profile +WARNING: translation string unused: HDD temperature +WARNING: translation string unused: Level7 rule +WARNING: translation string unused: Local VPN IP +WARNING: translation string unused: Ping +WARNING: translation string unused: Queuelenght +WARNING: translation string unused: Remote IP +WARNING: translation string unused: Remote VPN IP +WARNING: translation string unused: Resolv +WARNING: translation string unused: TOS Bits +WARNING: translation string unused: Verbose +WARNING: translation string unused: access allowed +WARNING: translation string unused: access refused with this oinkcode +WARNING: translation string unused: add a new rule +WARNING: translation string unused: add network +WARNING: translation string unused: add new ovpn +WARNING: translation string unused: add service +WARNING: translation string unused: add xtaccess +WARNING: translation string unused: add-route +WARNING: translation string unused: admin user password has been changed +WARNING: translation string unused: administrator user password +WARNING: translation string unused: advproxy LDAP auth +WARNING: translation string unused: advproxy NTLM auth +WARNING: translation string unused: advproxy advanced proxy +WARNING: translation string unused: advproxy chgwebpwd ERROR +WARNING: translation string unused: advproxy chgwebpwd SUCCESS +WARNING: translation string unused: advproxy chgwebpwd change password +WARNING: translation string unused: advproxy chgwebpwd change web password +WARNING: translation string unused: advproxy chgwebpwd new password +WARNING: translation string unused: advproxy chgwebpwd new password confirm +WARNING: translation string unused: advproxy chgwebpwd old password +WARNING: translation string unused: advproxy chgwebpwd username +WARNING: translation string unused: advproxy cre disabled +WARNING: translation string unused: advproxy errmsg change fail +WARNING: translation string unused: advproxy errmsg change success +WARNING: translation string unused: advproxy errmsg invalid user +WARNING: translation string unused: advproxy errmsg no password +WARNING: translation string unused: advproxy errmsg password incorrect +WARNING: translation string unused: advproxy no cre groups +WARNING: translation string unused: advproxy ssadvanced proxy +WARNING: translation string unused: advproxy update information +WARNING: translation string unused: advproxy update notification +WARNING: translation string unused: again +WARNING: translation string unused: age seconds +WARNING: translation string unused: age shour +WARNING: translation string unused: age sminute +WARNING: translation string unused: age ssecond +WARNING: translation string unused: alcatelusb help +WARNING: translation string unused: alcatelusb upload +WARNING: translation string unused: all interfaces +WARNING: translation string unused: all updates installed +WARNING: translation string unused: allmsg +WARNING: translation string unused: alt information +WARNING: translation string unused: alt ovpn +WARNING: translation string unused: alt vpn +WARNING: translation string unused: and +WARNING: translation string unused: ansi t1.483 +WARNING: translation string unused: apply +WARNING: translation string unused: archive not exist +WARNING: translation string unused: attemps +WARNING: translation string unused: available updates +WARNING: translation string unused: avoid dod +WARNING: translation string unused: backup archive +WARNING: translation string unused: backup clear archive +WARNING: translation string unused: backup config floppy +WARNING: translation string unused: backup configuration +WARNING: translation string unused: backup erase key +WARNING: translation string unused: backup explain key +WARNING: translation string unused: backup explain key li1 +WARNING: translation string unused: backup explain key li2 +WARNING: translation string unused: backup explain key li3 +WARNING: translation string unused: backup explain key no1 +WARNING: translation string unused: backup explain key no2 +WARNING: translation string unused: backup export key +WARNING: translation string unused: backup extract key +WARNING: translation string unused: backup generate key +WARNING: translation string unused: backup import dat file +WARNING: translation string unused: backup import key +WARNING: translation string unused: backup key +WARNING: translation string unused: backup key file +WARNING: translation string unused: backup key info +WARNING: translation string unused: backup media info +WARNING: translation string unused: backup missing key +WARNING: translation string unused: backup password +WARNING: translation string unused: backup protect key password +WARNING: translation string unused: backup sets +WARNING: translation string unused: backup to floppy +WARNING: translation string unused: bad characters in +WARNING: translation string unused: behind a proxy +WARNING: translation string unused: bewan adsl pci st +WARNING: translation string unused: bewan adsl usb +WARNING: translation string unused: bitrate +WARNING: translation string unused: bleeding rules +WARNING: translation string unused: blue access use hint +WARNING: translation string unused: blue interface +WARNING: translation string unused: cache management +WARNING: translation string unused: cache size +WARNING: translation string unused: calamaris report interval (in minutes) +WARNING: translation string unused: calc traffic all x minutes +WARNING: translation string unused: cant enable xtaccess +WARNING: translation string unused: capsinactive +WARNING: translation string unused: ccd err iroute +WARNING: translation string unused: ccd err netadr +WARNING: translation string unused: cfg restart +WARNING: translation string unused: check for net traffic update +WARNING: translation string unused: choose config +WARNING: translation string unused: choose media +WARNING: translation string unused: clear cache +WARNING: translation string unused: compression +WARNING: translation string unused: connect +WARNING: translation string unused: connect the modem +WARNING: translation string unused: core notice 1 +WARNING: translation string unused: core notice 2 +WARNING: translation string unused: core notice 3 +WARNING: translation string unused: could not connect to +WARNING: translation string unused: could not connect to www ipcop org +WARNING: translation string unused: could not connect to www ipfire org +WARNING: translation string unused: could not create directory +WARNING: translation string unused: could not download latest patch list +WARNING: translation string unused: could not download the available updates list +WARNING: translation string unused: could not open available updates file +WARNING: translation string unused: could not open installed updates file +WARNING: translation string unused: could not open update information file +WARNING: translation string unused: create +WARNING: translation string unused: create new backup +WARNING: translation string unused: current dynamic leases +WARNING: translation string unused: current media +WARNING: translation string unused: current ovpn +WARNING: translation string unused: current profile +WARNING: translation string unused: custom networks +WARNING: translation string unused: custom services +WARNING: translation string unused: daily firewallhits +WARNING: translation string unused: dat without key +WARNING: translation string unused: day-graph +WARNING: translation string unused: dbfile +WARNING: translation string unused: ddns help dnsmadeeasy +WARNING: translation string unused: ddns help freedns +WARNING: translation string unused: ddns help plus +WARNING: translation string unused: ddns minimize updates +WARNING: translation string unused: ddns noip prefix +WARNING: translation string unused: debugme +WARNING: translation string unused: deep scan directories +WARNING: translation string unused: default ip +WARNING: translation string unused: default networks +WARNING: translation string unused: default services +WARNING: translation string unused: description +WARNING: translation string unused: destination ip bad +WARNING: translation string unused: destination ip or net +WARNING: translation string unused: destination net +WARNING: translation string unused: destination port overlaps +WARNING: translation string unused: dh name is invalid +WARNING: translation string unused: dhcp base ip fixed lease +WARNING: translation string unused: dhcp create fixed leases +WARNING: translation string unused: dhcp fixed lease err1 +WARNING: translation string unused: dhcp fixed lease help1 +WARNING: translation string unused: dhcp mode +WARNING: translation string unused: dhcp server disabled on blue interface +WARNING: translation string unused: dhcp server enabled on blue interface +WARNING: translation string unused: dial user password +WARNING: translation string unused: dial user password has been changed +WARNING: translation string unused: dialup settings +WARNING: translation string unused: disconnect +WARNING: translation string unused: disconnects +WARNING: translation string unused: display traffic at home +WARNING: translation string unused: display webinterface effects +WARNING: translation string unused: dmz pinhole configuration +WARNING: translation string unused: dmz pinhole rule added +WARNING: translation string unused: dmz pinhole rule removed +WARNING: translation string unused: dmzpinholes for same net not necessary +WARNING: translation string unused: dns server +WARNING: translation string unused: do not log this port list +WARNING: translation string unused: domain not set +WARNING: translation string unused: donation-link +WARNING: translation string unused: done +WARNING: translation string unused: download dh parameter +WARNING: translation string unused: driver +WARNING: translation string unused: dstprt range overlaps +WARNING: translation string unused: dstprt within existing +WARNING: translation string unused: dynamic dns client +WARNING: translation string unused: eciadsl help +WARNING: translation string unused: eciadsl upload +WARNING: translation string unused: edit a rule +WARNING: translation string unused: edit network +WARNING: translation string unused: edit service +WARNING: translation string unused: editor +WARNING: translation string unused: eg +WARNING: translation string unused: email server can not be empty +WARNING: translation string unused: enable javascript +WARNING: translation string unused: enable wildcards +WARNING: translation string unused: enabled on +WARNING: translation string unused: enabledtitle +WARNING: translation string unused: encrypted +WARNING: translation string unused: err bk 1 +WARNING: translation string unused: err bk 10 password +WARNING: translation string unused: err bk 2 key +WARNING: translation string unused: err bk 3 tar +WARNING: translation string unused: err bk 4 gz +WARNING: translation string unused: err bk 5 encrypt +WARNING: translation string unused: err rs 1 +WARNING: translation string unused: err rs 6 decrypt +WARNING: translation string unused: err rs 7 untartst +WARNING: translation string unused: err rs 8 untar +WARNING: translation string unused: error config +WARNING: translation string unused: error external access +WARNING: translation string unused: esp encryption +WARNING: translation string unused: esp grouptype +WARNING: translation string unused: esp integrity +WARNING: translation string unused: esp keylife +WARNING: translation string unused: expected +WARNING: translation string unused: expertoptions +WARNING: translation string unused: exportkey +WARNING: translation string unused: external access +WARNING: translation string unused: external access configuration +WARNING: translation string unused: external access rule added +WARNING: translation string unused: external access rule changed +WARNING: translation string unused: external access rule removed +WARNING: translation string unused: extrahd +WARNING: translation string unused: extrahd unable to read +WARNING: translation string unused: extrahd unable to write +WARNING: translation string unused: filename +WARNING: translation string unused: firewall graphs +WARNING: translation string unused: firewall log viewer +WARNING: translation string unused: firmware +WARNING: translation string unused: firmware upload +WARNING: translation string unused: force update +WARNING: translation string unused: forward firewall +WARNING: translation string unused: forwarding rule added +WARNING: translation string unused: forwarding rule removed +WARNING: translation string unused: forwarding rule updated +WARNING: translation string unused: frequency +WARNING: translation string unused: fritzdsl help +WARNING: translation string unused: fritzdsl upload +WARNING: translation string unused: from email adr +WARNING: translation string unused: from email pw +WARNING: translation string unused: from email server +WARNING: translation string unused: from email user +WARNING: translation string unused: from warn email bad +WARNING: translation string unused: fwdfw MODE1 +WARNING: translation string unused: fwdfw MODE2 +WARNING: translation string unused: fwdfw addrule +WARNING: translation string unused: fwdfw err nosrcip +WARNING: translation string unused: fwdfw err notgtip +WARNING: translation string unused: fwdfw err prot_port1 +WARNING: translation string unused: fwdfw final_rule +WARNING: translation string unused: fwdfw from +WARNING: translation string unused: fwdfw ipsec network +WARNING: translation string unused: fwdfw man port +WARNING: translation string unused: fwdfw menu +WARNING: translation string unused: fwdfw natport used +WARNING: translation string unused: fwdfw p2p txt +WARNING: translation string unused: fwdfw rule action +WARNING: translation string unused: fwdfw rules +WARNING: translation string unused: fwdfw std network +WARNING: translation string unused: fwdfw till +WARNING: translation string unused: fwdfw time +WARNING: translation string unused: fwdfw xt access +WARNING: translation string unused: fwhost Custom Host +WARNING: translation string unused: fwhost Custom Network +WARNING: translation string unused: fwhost IpSec Host +WARNING: translation string unused: fwhost IpSec Network +WARNING: translation string unused: fwhost OpenVPN static host +WARNING: translation string unused: fwhost OpenVPN static network +WARNING: translation string unused: fwhost Standard Network +WARNING: translation string unused: fwhost attention +WARNING: translation string unused: fwhost blue +WARNING: translation string unused: fwhost changeremark +WARNING: translation string unused: fwhost err addrgrp +WARNING: translation string unused: fwhost err hostorip +WARNING: translation string unused: fwhost err mac +WARNING: translation string unused: fwhost err partofnet +WARNING: translation string unused: fwhost green +WARNING: translation string unused: fwhost hosts +WARNING: translation string unused: fwhost ipadr +WARNING: translation string unused: fwhost ipsec host +WARNING: translation string unused: fwhost orange +WARNING: translation string unused: fwhost reread +WARNING: translation string unused: fwhost reset +WARNING: translation string unused: fwhost wo subnet +WARNING: translation string unused: g.dtm +WARNING: translation string unused: g.lite +WARNING: translation string unused: gen static key +WARNING: translation string unused: generate +WARNING: translation string unused: genkey +WARNING: translation string unused: green interface +WARNING: translation string unused: gz with key +WARNING: translation string unused: hint +WARNING: translation string unused: host +WARNING: translation string unused: host configuration +WARNING: translation string unused: hostname and domain already in use +WARNING: translation string unused: hour-graph +WARNING: translation string unused: hours2 +WARNING: translation string unused: ibod for dual isdn only +WARNING: translation string unused: icmp selected but no type +WARNING: translation string unused: icmp type +WARNING: translation string unused: id +WARNING: translation string unused: ids preprocessor +WARNING: translation string unused: ike encryption +WARNING: translation string unused: ike grouptype +WARNING: translation string unused: ike integrity +WARNING: translation string unused: ike lifetime +WARNING: translation string unused: ike lifetime should be between 1 and 24 hours +WARNING: translation string unused: import +WARNING: translation string unused: importkey +WARNING: translation string unused: in +WARNING: translation string unused: incorrect password +WARNING: translation string unused: insert floppy +WARNING: translation string unused: insert removable device +WARNING: translation string unused: install new update +WARNING: translation string unused: installed +WARNING: translation string unused: installed updates +WARNING: translation string unused: intrusion detection system log viewer +WARNING: translation string unused: intrusion detection system2 +WARNING: translation string unused: invalid cache size +WARNING: translation string unused: invalid date entered +WARNING: translation string unused: invalid downlink speed +WARNING: translation string unused: invalid loaded file +WARNING: translation string unused: invalid md5sum +WARNING: translation string unused: invalid port list +WARNING: translation string unused: invalid time entered +WARNING: translation string unused: invalid uplink speed +WARNING: translation string unused: invalid upstream proxy username or password setting +WARNING: translation string unused: invert +WARNING: translation string unused: ip address in use +WARNING: translation string unused: ipfire side +WARNING: translation string unused: ipsec no connections +WARNING: translation string unused: iptable rules +WARNING: translation string unused: isdn +WARNING: translation string unused: isdn settings +WARNING: translation string unused: isdn1 +WARNING: translation string unused: isdn2 +WARNING: translation string unused: javascript menu error1 +WARNING: translation string unused: javascript menu error2 +WARNING: translation string unused: kernel version +WARNING: translation string unused: key stuff +WARNING: translation string unused: lateprompting +WARNING: translation string unused: length +WARNING: translation string unused: line +WARNING: translation string unused: loaded modules +WARNING: translation string unused: local hard disk +WARNING: translation string unused: localkeyfile +WARNING: translation string unused: log enabled +WARNING: translation string unused: log viewer +WARNING: translation string unused: logging +WARNING: translation string unused: loosedirectorychecking +WARNING: translation string unused: ls_dhcpd +WARNING: translation string unused: ls_disk space +WARNING: translation string unused: ls_free/swan +WARNING: translation string unused: ls_httpd +WARNING: translation string unused: ls_init +WARNING: translation string unused: ls_kernel +WARNING: translation string unused: ls_modprobe +WARNING: translation string unused: ls_pam_unix +WARNING: translation string unused: ls_sshd +WARNING: translation string unused: ls_syslogd +WARNING: translation string unused: mac address error not 00 +WARNING: translation string unused: manage ovpn +WARNING: translation string unused: manual control and status +WARNING: translation string unused: marked +WARNING: translation string unused: max incoming size +WARNING: translation string unused: max outgoing size +WARNING: translation string unused: max size +WARNING: translation string unused: mbmon fan in +WARNING: translation string unused: mbmon graphs +WARNING: translation string unused: mbmon temp in +WARNING: translation string unused: mbmon value +WARNING: translation string unused: min size +WARNING: translation string unused: missing dat +WARNING: translation string unused: missing gz +WARNING: translation string unused: mode +WARNING: translation string unused: modem on com1 +WARNING: translation string unused: modem on com2 +WARNING: translation string unused: modem on com3 +WARNING: translation string unused: modem on com4 +WARNING: translation string unused: modem on com5 +WARNING: translation string unused: modulation +WARNING: translation string unused: month-graph +WARNING: translation string unused: monthly firewallhits +WARNING: translation string unused: monthly start day bad +WARNING: translation string unused: monthly traffic bad +WARNING: translation string unused: monthly volume +WARNING: translation string unused: monthly volume start day +WARNING: translation string unused: monthly volume start day short +WARNING: translation string unused: mount +WARNING: translation string unused: mtu QoS +WARNING: translation string unused: nat-traversal +WARNING: translation string unused: net +WARNING: translation string unused: net address +WARNING: translation string unused: net config type +WARNING: translation string unused: net config type help +WARNING: translation string unused: net-traffic configuration +WARNING: translation string unused: network added +WARNING: translation string unused: network configuration +WARNING: translation string unused: network removed +WARNING: translation string unused: network status information +WARNING: translation string unused: network time +WARNING: translation string unused: network traffic graphs +WARNING: translation string unused: network updated +WARNING: translation string unused: networks settings +WARNING: translation string unused: never +WARNING: translation string unused: new optionsfw must boot +WARNING: translation string unused: no alcatelusb firmware +WARNING: translation string unused: no cfg upload +WARNING: translation string unused: no eciadsl synch.bin file +WARNING: translation string unused: no fritzdsl driver +WARNING: translation string unused: no information available +WARNING: translation string unused: no modem selected +WARNING: translation string unused: no set selected +WARNING: translation string unused: nonetworkname +WARNING: translation string unused: noservicename +WARNING: translation string unused: notes +WARNING: translation string unused: o-no +WARNING: translation string unused: o-yes +WARNING: translation string unused: online help en +WARNING: translation string unused: only red +WARNING: translation string unused: open to all +WARNING: translation string unused: openvpn disabled +WARNING: translation string unused: openvpn enabled +WARNING: translation string unused: optional data +WARNING: translation string unused: optionsfw portlist hint +WARNING: translation string unused: optionsfw warning +WARNING: translation string unused: or +WARNING: translation string unused: original +WARNING: translation string unused: our donors +WARNING: translation string unused: out +WARNING: translation string unused: outgoing firewall +WARNING: translation string unused: outgoing firewall add ip group +WARNING: translation string unused: outgoing firewall add mac group +WARNING: translation string unused: outgoing firewall edit ip group +WARNING: translation string unused: outgoing firewall edit mac group +WARNING: translation string unused: outgoing firewall group error +WARNING: translation string unused: outgoing firewall groups +WARNING: translation string unused: outgoing firewall ip groups +WARNING: translation string unused: outgoing firewall mac groups +WARNING: translation string unused: outgoing firewall mode0 +WARNING: translation string unused: outgoing firewall mode1 +WARNING: translation string unused: outgoing firewall mode2 +WARNING: translation string unused: outgoing firewall outgoing firewall reserved groupname +WARNING: translation string unused: outgoing firewall p2p description 1 +WARNING: translation string unused: outgoing firewall p2p description 2 +WARNING: translation string unused: outgoing firewall p2p description 3 +WARNING: translation string unused: outgoing firewall reset +WARNING: translation string unused: outgoing firewall view group +WARNING: translation string unused: outgoing firewall warning +WARNING: translation string unused: override mtu +WARNING: translation string unused: ovpn config +WARNING: translation string unused: ovpn dl +WARNING: translation string unused: ovpn engines +WARNING: translation string unused: ovpn log +WARNING: translation string unused: ovpn reneg sec +WARNING: translation string unused: ovpn_fastio +WARNING: translation string unused: ovpn_mssfix +WARNING: translation string unused: ovpn_mtudisc +WARNING: translation string unused: ovpn_processprio +WARNING: translation string unused: ovpn_processprioD +WARNING: translation string unused: ovpn_processprioED +WARNING: translation string unused: ovpn_processprioEH +WARNING: translation string unused: ovpn_processprioEN +WARNING: translation string unused: ovpn_processprioH +WARNING: translation string unused: ovpn_processprioLN +WARNING: translation string unused: ovpn_processprioN +WARNING: translation string unused: ovpn_processprioVD +WARNING: translation string unused: ovpn_processprioVH +WARNING: translation string unused: ovpnstatus log +WARNING: translation string unused: ovpnsys log +WARNING: translation string unused: package failed to install +WARNING: translation string unused: pakfire core update auto +WARNING: translation string unused: pakfire updates +WARNING: translation string unused: password contains illegal characters +WARNING: translation string unused: password crypting key +WARNING: translation string unused: passwords must be at least 6 characters in length +WARNING: translation string unused: phase1 group +WARNING: translation string unused: phonebook entry +WARNING: translation string unused: ping disabled +WARNING: translation string unused: polfile +WARNING: translation string unused: port forwarding configuration +WARNING: translation string unused: ports +WARNING: translation string unused: pots +WARNING: translation string unused: pppoe +WARNING: translation string unused: present +WARNING: translation string unused: profiles +WARNING: translation string unused: proxy +WARNING: translation string unused: proxy access graphs +WARNING: translation string unused: proxy no proxy extend +WARNING: translation string unused: proxy no proxy local +WARNING: translation string unused: proxy port +WARNING: translation string unused: psk +WARNING: translation string unused: quick control +WARNING: translation string unused: reboot ask +WARNING: translation string unused: reboot question +WARNING: translation string unused: reboot schedule +WARNING: translation string unused: reboot sure +WARNING: translation string unused: refresh update list +WARNING: translation string unused: released +WARNING: translation string unused: removable device advice +WARNING: translation string unused: reportfile +WARNING: translation string unused: requested data +WARNING: translation string unused: reserved dst port +WARNING: translation string unused: reserved src port +WARNING: translation string unused: restore hardware settings +WARNING: translation string unused: root +WARNING: translation string unused: root path +WARNING: translation string unused: root user password +WARNING: translation string unused: route subnet is invalid +WARNING: translation string unused: router ip +WARNING: translation string unused: rsvd dst port overlap +WARNING: translation string unused: rsvd src port overlap +WARNING: translation string unused: rules already up to date +WARNING: translation string unused: safe removal of umounted device +WARNING: translation string unused: save error +WARNING: translation string unused: select dest net +WARNING: translation string unused: select media +WARNING: translation string unused: select source net +WARNING: translation string unused: selecttraffic +WARNING: translation string unused: send email notification +WARNING: translation string unused: send test mail +WARNING: translation string unused: server reserved +WARNING: translation string unused: service added +WARNING: translation string unused: service removed +WARNING: translation string unused: service updated +WARNING: translation string unused: servicename +WARNING: translation string unused: services settings +WARNING: translation string unused: shaping add options +WARNING: translation string unused: shaping list options +WARNING: translation string unused: show areas +WARNING: translation string unused: show lines +WARNING: translation string unused: shutdown ask +WARNING: translation string unused: shutdown sure +WARNING: translation string unused: shutdown2 +WARNING: translation string unused: sitekeyfile +WARNING: translation string unused: smbreload +WARNING: translation string unused: source ip bad +WARNING: translation string unused: source ip in use +WARNING: translation string unused: source ip or net +WARNING: translation string unused: source net +WARNING: translation string unused: source network +WARNING: translation string unused: source port in use +WARNING: translation string unused: source port overlaps +WARNING: translation string unused: squid extension methods +WARNING: translation string unused: squid extension methods invalid +WARNING: translation string unused: squid fix cache +WARNING: translation string unused: srcprt range overlaps +WARNING: translation string unused: srcprt within existing +WARNING: translation string unused: ssdmz pinholes +WARNING: translation string unused: ssh access tip +WARNING: translation string unused: ssh1 disabled +WARNING: translation string unused: ssh1 enabled +WARNING: translation string unused: ssh1 support +WARNING: translation string unused: ssnetwork status +WARNING: translation string unused: sspasswords +WARNING: translation string unused: ssport forwarding +WARNING: translation string unused: ssproxy graphs +WARNING: translation string unused: sssystem status +WARNING: translation string unused: sstraffic graphs +WARNING: translation string unused: subject test +WARNING: translation string unused: subject warn +WARNING: translation string unused: subnet +WARNING: translation string unused: subnet is invalid +WARNING: translation string unused: successfully refreshed updates list +WARNING: translation string unused: system graphs +WARNING: translation string unused: system log viewer +WARNING: translation string unused: system status information +WARNING: translation string unused: teovpn_fragment +WARNING: translation string unused: test +WARNING: translation string unused: test email could not be sent +WARNING: translation string unused: test email was sent +WARNING: translation string unused: the following update was successfully installed +WARNING: translation string unused: there are updates +WARNING: translation string unused: there are updates available +WARNING: translation string unused: this feature has been sponsored by +WARNING: translation string unused: this is not a valid archive +WARNING: translation string unused: this is not an authorised update +WARNING: translation string unused: this months volume +WARNING: translation string unused: this update is already installed +WARNING: translation string unused: this weeks volume +WARNING: translation string unused: time date manually reset +WARNING: translation string unused: to email adr +WARNING: translation string unused: to install an update +WARNING: translation string unused: to warn email bad +WARNING: translation string unused: too long 80 char max +WARNING: translation string unused: tor 0 = disabled +WARNING: translation string unused: tor accounting period daily +WARNING: translation string unused: tor accounting period monthly +WARNING: translation string unused: tor accounting period weekly +WARNING: translation string unused: tor bridge enabled +WARNING: translation string unused: tor errmsg invalid node id +WARNING: translation string unused: tor exit country +WARNING: translation string unused: total connection time +WARNING: translation string unused: traffic back +WARNING: translation string unused: traffic calc time +WARNING: translation string unused: traffic calc time bad +WARNING: translation string unused: traffic info messages +WARNING: translation string unused: traffic monitor +WARNING: translation string unused: traffic shaping +WARNING: translation string unused: traffic shaping settings +WARNING: translation string unused: traffic warn level bad +WARNING: translation string unused: trafficblue +WARNING: translation string unused: trafficdate +WARNING: translation string unused: trafficfrom +WARNING: translation string unused: trafficgreen +WARNING: translation string unused: trafficin +WARNING: translation string unused: trafficorange +WARNING: translation string unused: trafficout +WARNING: translation string unused: trafficred +WARNING: translation string unused: trafficsum +WARNING: translation string unused: trafficto +WARNING: translation string unused: transfer limits +WARNING: translation string unused: transparent on +WARNING: translation string unused: umount +WARNING: translation string unused: umount removable media before to unplug +WARNING: translation string unused: unencrypted +WARNING: translation string unused: update transcript +WARNING: translation string unused: updates +WARNING: translation string unused: updates is old1 +WARNING: translation string unused: updates is old2 +WARNING: translation string unused: updxlrtr children +WARNING: translation string unused: updxlrtr invalid num of children +WARNING: translation string unused: updxlrtr sources +WARNING: translation string unused: updxlrtr standard view +WARNING: translation string unused: updxlrtr unknown +WARNING: translation string unused: updxlrtr update information +WARNING: translation string unused: updxlrtr update notification +WARNING: translation string unused: updxlrtr used by +WARNING: translation string unused: upload fcdsl.o +WARNING: translation string unused: upload file +WARNING: translation string unused: upload static key +WARNING: translation string unused: upload successful +WARNING: translation string unused: upload synch.bin +WARNING: translation string unused: upload update file +WARNING: translation string unused: upstream password +WARNING: translation string unused: upstream proxy host:port +WARNING: translation string unused: upstream username +WARNING: translation string unused: uptime +WARNING: translation string unused: uptime and users +WARNING: translation string unused: urlfilter background image +WARNING: translation string unused: urlfilter background text +WARNING: translation string unused: urlfilter enable jpeg +WARNING: translation string unused: urlfilter update information +WARNING: translation string unused: urlfilter update notification +WARNING: translation string unused: urlfilter update results +WARNING: translation string unused: urlfilter upload background +WARNING: translation string unused: use +WARNING: translation string unused: use dov +WARNING: translation string unused: use ibod +WARNING: translation string unused: view log +WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main +WARNING: translation string unused: vpn incompatible use of defaultroute +WARNING: translation string unused: vpn mtu invalid +WARNING: translation string unused: vpn on blue +WARNING: translation string unused: vpn on green +WARNING: translation string unused: vpn on orange +WARNING: translation string unused: vpn watch +WARNING: translation string unused: warn when traffic reaches +WARNING: translation string unused: web proxy configuration +WARNING: translation string unused: week-graph +WARNING: translation string unused: weekly firewallhits +WARNING: translation string unused: wildcards +WARNING: translation string unused: wlanap wlan services +WARNING: translation string unused: xtaccess all error +WARNING: translation string unused: xtaccess bad transfert +WARNING: translation string unused: year-graph +WARNING: translation string unused: yearly firewallhits +WARNING: untranslated string: MTU settings +WARNING: untranslated string: Number of Countries for the pie chart +WARNING: untranslated string: Scan for Songs +WARNING: untranslated string: administrator password +WARNING: untranslated string: administrator username +WARNING: untranslated string: advproxy AUTH method ntlm auth +WARNING: untranslated string: advproxy basic authentication +WARNING: untranslated string: advproxy group access control +WARNING: untranslated string: advproxy group required +WARNING: untranslated string: bytes +WARNING: untranslated string: check all +WARNING: untranslated string: fwdfw err concon +WARNING: untranslated string: fwdfw err ratecon +WARNING: untranslated string: fwdfw limitconcon +WARNING: untranslated string: fwdfw maxconcon +WARNING: untranslated string: fwdfw numcon +WARNING: untranslated string: fwdfw ratelimit +WARNING: untranslated string: fwhost addgeoipgrp +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation +WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: fwhost newgeoipgrp +WARNING: untranslated string: geoip +WARNING: untranslated string: geoipblock +WARNING: untranslated string: geoipblock block countries +WARNING: untranslated string: geoipblock configuration +WARNING: untranslated string: geoipblock country is allowed +WARNING: untranslated string: geoipblock country is blocked +WARNING: untranslated string: geoipblock enable feature +WARNING: untranslated string: ike lifetime should be between 1 and 8 hours +WARNING: untranslated string: incoming compression in bytes per second +WARNING: untranslated string: incoming overhead in bytes per second +WARNING: untranslated string: invalid input for valid till days +WARNING: untranslated string: masquerade blue +WARNING: untranslated string: masquerade green +WARNING: untranslated string: masquerade orange +WARNING: untranslated string: masquerading +WARNING: untranslated string: masquerading disabled +WARNING: untranslated string: masquerading enabled +WARNING: untranslated string: messages +WARNING: untranslated string: no data +WARNING: untranslated string: outgoing compression in bytes per second +WARNING: untranslated string: outgoing overhead in bytes per second +WARNING: untranslated string: ovpn add conf +WARNING: untranslated string: route config changed +WARNING: untranslated string: routing config added +WARNING: untranslated string: routing config changed +WARNING: untranslated string: routing table +WARNING: untranslated string: samba join a domain +WARNING: untranslated string: samba join domain +WARNING: untranslated string: uncheck all +WARNING: untranslated string: vpn statistic n2n +WARNING: untranslated string: vpn statistic rw +WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 3d84788..602441d 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -299,6 +299,7 @@ WARNING: translation string unused: ike encryption WARNING: translation string unused: ike grouptype WARNING: translation string unused: ike integrity WARNING: translation string unused: ike lifetime +WARNING: translation string unused: ike lifetime should be between 1 and 24 hours WARNING: translation string unused: import WARNING: translation string unused: importkey WARNING: translation string unused: in @@ -670,6 +671,7 @@ WARNING: untranslated string: advproxy group required WARNING: untranslated string: atm device WARNING: untranslated string: bytes WARNING: untranslated string: capabilities +WARNING: untranslated string: check all WARNING: untranslated string: default WARNING: untranslated string: dh WARNING: untranslated string: dh key move failed @@ -690,9 +692,22 @@ WARNING: untranslated string: fwdfw limitconcon WARNING: untranslated string: fwdfw maxconcon WARNING: untranslated string: fwdfw numcon WARNING: untranslated string: fwdfw ratelimit +WARNING: untranslated string: fwhost addgeoipgrp +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: fwhost newgeoipgrp WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key +WARNING: untranslated string: geoip +WARNING: untranslated string: geoipblock +WARNING: untranslated string: geoipblock block countries +WARNING: untranslated string: geoipblock configuration +WARNING: untranslated string: geoipblock country is allowed +WARNING: untranslated string: geoipblock country is blocked +WARNING: untranslated string: geoipblock enable feature +WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei WARNING: untranslated string: imsi WARNING: untranslated string: incoming compression in bytes per second @@ -745,6 +760,7 @@ WARNING: untranslated string: show tls-auth key WARNING: untranslated string: software version WARNING: untranslated string: source ip country WARNING: untranslated string: ta key +WARNING: untranslated string: uncheck all WARNING: untranslated string: upload dh key WARNING: untranslated string: vendor WARNING: untranslated string: vpn statistic n2n diff --git a/doc/language_issues.pl b/doc/language_issues.pl index d44ab4c..086dfbd 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -233,6 +233,9 @@ WARNING: translation string unused: g.lite WARNING: translation string unused: gen static key WARNING: translation string unused: generate WARNING: translation string unused: genkey +WARNING: translation string unused: geoipblock country code +WARNING: translation string unused: geoipblock country name +WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface WARNING: translation string unused: gz with key WARNING: translation string unused: hint @@ -250,6 +253,7 @@ WARNING: translation string unused: ike encryption WARNING: translation string unused: ike grouptype WARNING: translation string unused: ike integrity WARNING: translation string unused: ike lifetime +WARNING: translation string unused: ike lifetime should be between 1 and 24 hours WARNING: translation string unused: import WARNING: translation string unused: importkey WARNING: translation string unused: in @@ -649,6 +653,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: check all WARNING: untranslated string: count WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags @@ -793,6 +798,7 @@ WARNING: untranslated string: fwdfw wd_thu WARNING: untranslated string: fwdfw wd_tue WARNING: untranslated string: fwdfw wd_wed WARNING: untranslated string: fwhost OpenVPN N-2-N +WARNING: untranslated string: fwhost addgeoipgrp WARNING: untranslated string: fwhost addgrp WARNING: untranslated string: fwhost addgrpname WARNING: untranslated string: fwhost addhost @@ -805,6 +811,9 @@ WARNING: untranslated string: fwhost ccdhost WARNING: untranslated string: fwhost ccdnet WARNING: untranslated string: fwhost change WARNING: untranslated string: fwhost cust addr +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost cust grp WARNING: untranslated string: fwhost cust net WARNING: untranslated string: fwhost cust service @@ -844,6 +853,7 @@ WARNING: untranslated string: fwhost ip_mac WARNING: untranslated string: fwhost ipsec net WARNING: untranslated string: fwhost menu WARNING: untranslated string: fwhost netaddress +WARNING: untranslated string: fwhost newgeoipgrp WARNING: untranslated string: fwhost newgrp WARNING: untranslated string: fwhost newhost WARNING: untranslated string: fwhost newnet @@ -862,6 +872,7 @@ WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support +WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei WARNING: untranslated string: imsi WARNING: untranslated string: incoming compression in bytes per second @@ -1023,6 +1034,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average diff --git a/doc/language_issues.ru b/doc/language_issues.ru index c9b47c1..94724d4 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -245,6 +245,7 @@ WARNING: translation string unused: ike encryption WARNING: translation string unused: ike grouptype WARNING: translation string unused: ike integrity WARNING: translation string unused: ike lifetime +WARNING: translation string unused: ike lifetime should be between 1 and 24 hours WARNING: translation string unused: import WARNING: translation string unused: importkey WARNING: translation string unused: in @@ -652,6 +653,7 @@ WARNING: untranslated string: ccd none WARNING: untranslated string: ccd routes WARNING: untranslated string: ccd subnet WARNING: untranslated string: ccd used +WARNING: untranslated string: check all WARNING: untranslated string: community rules WARNING: untranslated string: count WARNING: untranslated string: countries @@ -788,6 +790,7 @@ WARNING: untranslated string: fwdfw wd_thu WARNING: untranslated string: fwdfw wd_tue WARNING: untranslated string: fwdfw wd_wed WARNING: untranslated string: fwhost OpenVPN N-2-N +WARNING: untranslated string: fwhost addgeoipgrp WARNING: untranslated string: fwhost addgrp WARNING: untranslated string: fwhost addgrpname WARNING: untranslated string: fwhost addhost @@ -800,6 +803,9 @@ WARNING: untranslated string: fwhost ccdhost WARNING: untranslated string: fwhost ccdnet WARNING: untranslated string: fwhost change WARNING: untranslated string: fwhost cust addr +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost cust grp WARNING: untranslated string: fwhost cust net WARNING: untranslated string: fwhost cust service @@ -839,6 +845,7 @@ WARNING: untranslated string: fwhost ip_mac WARNING: untranslated string: fwhost ipsec net WARNING: untranslated string: fwhost menu WARNING: untranslated string: fwhost netaddress +WARNING: untranslated string: fwhost newgeoipgrp WARNING: untranslated string: fwhost newgrp WARNING: untranslated string: fwhost newhost WARNING: untranslated string: fwhost newnet @@ -855,8 +862,16 @@ WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key +WARNING: untranslated string: geoip +WARNING: untranslated string: geoipblock +WARNING: untranslated string: geoipblock block countries +WARNING: untranslated string: geoipblock configuration +WARNING: untranslated string: geoipblock country is allowed +WARNING: untranslated string: geoipblock country is blocked +WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support +WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei WARNING: untranslated string: imsi WARNING: untranslated string: incoming compression in bytes per second @@ -1012,6 +1027,7 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 5eff2dd..6f846c7 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -300,6 +300,7 @@ WARNING: translation string unused: ike encryption WARNING: translation string unused: ike grouptype WARNING: translation string unused: ike integrity WARNING: translation string unused: ike lifetime +WARNING: translation string unused: ike lifetime should be between 1 and 24 hours WARNING: translation string unused: import WARNING: translation string unused: importkey WARNING: translation string unused: in @@ -663,7 +664,21 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes +WARNING: untranslated string: check all +WARNING: untranslated string: fwhost addgeoipgrp +WARNING: untranslated string: fwhost cust geoipgroup +WARNING: untranslated string: fwhost cust geoipgrp +WARNING: untranslated string: fwhost cust geoiplocation WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: fwhost newgeoipgrp +WARNING: untranslated string: geoip +WARNING: untranslated string: geoipblock +WARNING: untranslated string: geoipblock block countries +WARNING: untranslated string: geoipblock configuration +WARNING: untranslated string: geoipblock country is allowed +WARNING: untranslated string: geoipblock country is blocked +WARNING: untranslated string: geoipblock enable feature +WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming overhead in bytes per second WARNING: untranslated string: invalid input for valid till days @@ -675,6 +690,7 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: uncheck all WARNING: untranslated string: vpn statistic n2n WARNING: untranslated string: vpn statistic rw WARNING: untranslated string: vpn statistics n2n diff --git a/doc/language_missings b/doc/language_missings index 0d73d2a..9fdc0d2 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -29,6 +29,7 @@ < atm device < attention < bit +< block < capabilities < ccd add < ccd choose net @@ -70,6 +71,7 @@ < ccd routes < ccd subnet < ccd used +< check all < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -233,6 +235,7 @@ < fwdfw wd_tue < fwdfw wd_wed < fwdfw xt access +< fwhost addgeoipgrp < fwhost addgrp < fwhost addgrpname < fwhost addhost @@ -248,6 +251,9 @@ < fwhost change < fwhost changeremark < fwhost cust addr +< fwhost cust geoip +< fwhost cust geoipgroup +< fwhost cust geoiplocation < fwhost cust grp < fwhost cust net < fwhost Custom Host @@ -298,6 +304,7 @@ < fwhost IpSec Network < fwhost menu < fwhost netaddress +< fwhost newgeoipgrp < fwhost newgrp < fwhost newhost < fwhost newnet @@ -327,6 +334,16 @@ < fw settings ruletable < gen dh < generate dh key +< geoip +< geoipblock +< geoipblock block countries +< geoipblock configuration +< geoipblock country code +< geoipblock country is allowed +< geoipblock country is blocked +< geoipblock country name +< geoipblock enable feature +< geoipblock flag < grouptype < hardware support < imei @@ -496,6 +513,9 @@ < tor traffic limit soft < tor traffic read written < tor use exit nodes +< unblock +< unblock all +< uncheck all < updxlrtr sources < updxlrtr standard view < uplink @@ -589,6 +609,7 @@ < atm device < attention < bit +< block < capabilities < ccd add < ccd choose net @@ -630,6 +651,7 @@ < ccd routes < ccd subnet < ccd used +< check all < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -792,6 +814,7 @@ < fwdfw wd_tue < fwdfw wd_wed < fwdfw xt access +< fwhost addgeoipgrp < fwhost addgrp < fwhost addgrpname < fwhost addhost @@ -807,6 +830,9 @@ < fwhost change < fwhost changeremark < fwhost cust addr +< fwhost cust geoip +< fwhost cust geoipgroup +< fwhost cust geoiplocation < fwhost cust grp < fwhost cust net < fwhost Custom Host @@ -857,6 +883,7 @@ < fwhost IpSec Network < fwhost menu < fwhost netaddress +< fwhost newgeoipgrp < fwhost newgrp < fwhost newhost < fwhost newnet @@ -1071,6 +1098,9 @@ < tor traffic limit soft < tor traffic read written < tor use exit nodes +< unblock +< unblock all +< uncheck all < updxlrtr sources < updxlrtr standard view < uplink @@ -1140,6 +1170,7 @@ < atm device < attention < bit +< block < capabilities < ccd add < ccd choose net @@ -1181,6 +1212,7 @@ < ccd routes < ccd subnet < ccd used +< check all < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -1335,6 +1367,7 @@ < fwdfw wd_tue < fwdfw wd_wed < fwdfw xt access +< fwhost addgeoipgrp < fwhost addgrp < fwhost addgrpname < fwhost addhost @@ -1350,6 +1383,9 @@ < fwhost change < fwhost changeremark < fwhost cust addr +< fwhost cust geoip +< fwhost cust geoipgroup +< fwhost cust geoiplocation < fwhost cust grp < fwhost cust net < fwhost Custom Host @@ -1400,6 +1436,7 @@ < fwhost IpSec Network < fwhost menu < fwhost netaddress +< fwhost newgeoipgrp < fwhost newgrp < fwhost newhost < fwhost newnet @@ -1429,6 +1466,16 @@ < fw settings ruletable < gen dh < generate dh key +< geoip +< geoipblock +< geoipblock block countries +< geoipblock configuration +< geoipblock country code +< geoipblock country is allowed +< geoipblock country is blocked +< geoipblock country name +< geoipblock enable feature +< geoipblock flag < grouptype < hardware support < imei @@ -1598,6 +1645,9 @@ < tor traffic limit soft < tor traffic read written < tor use exit nodes +< unblock +< unblock all +< uncheck all < updxlrtr sources < updxlrtr standard view < uplink @@ -1668,6 +1718,7 @@ < atm device < attention < bit +< block < capabilities < ccd add < ccd choose net @@ -1709,6 +1760,7 @@ < ccd routes < ccd subnet < ccd used +< check all < ConnSched dial < ConnSched hangup < ConnSched reboot @@ -1867,6 +1919,7 @@ < fwdfw wd_tue < fwdfw wd_wed < fwdfw xt access +< fwhost addgeoipgrp < fwhost addgrp < fwhost addgrpname < fwhost addhost @@ -1882,6 +1935,9 @@ < fwhost change < fwhost changeremark < fwhost cust addr +< fwhost cust geoip +< fwhost cust geoipgroup +< fwhost cust geoiplocation < fwhost cust grp < fwhost cust net < fwhost Custom Host @@ -1932,6 +1988,7 @@ < fwhost IpSec Network < fwhost menu < fwhost netaddress +< fwhost newgeoipgrp < fwhost newgrp < fwhost newhost < fwhost newnet @@ -1961,6 +2018,16 @@ < fw settings ruletable < gen dh < generate dh key +< geoip +< geoipblock +< geoipblock block countries +< geoipblock configuration +< geoipblock country code +< geoipblock country is allowed +< geoipblock country is blocked +< geoipblock country name +< geoipblock enable feature +< geoipblock flag < grouptype < hardware support < hour-graph @@ -2130,6 +2197,9 @@ < tor traffic limit soft < tor traffic read written < tor use exit nodes +< unblock +< unblock all +< uncheck all < updxlrtr sources < updxlrtr standard view < uplink diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index f1ed212..5c17d33 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -520,7 +520,8 @@ foreach my $line (@conntrack) { }
my $sip_colour = ipcolour($sip); - my $dip_colour = ipcolour($dip); + # use colour of destination network for DNAT + my $dip_colour = $dip ne $dip_ret ? ipcolour($dip_ret) : ipcolour($dip);
my $sserv = ''; if ($sport < 1024) { diff --git a/html/cgi-bin/country.cgi b/html/cgi-bin/country.cgi index 76035fb..60c2e58 100644 --- a/html/cgi-bin/country.cgi +++ b/html/cgi-bin/country.cgi @@ -21,7 +21,7 @@
use strict;
-use Locale::Country; +use Locale::Codes::Country;
my $flagdir = '/srv/web/ipfire/html/images/flags'; my $lines = '1'; @@ -31,6 +31,7 @@ my @flaglistfiles=(); my $flag = '';
require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/geoip-functions.pl"; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl";
@@ -64,12 +65,16 @@ foreach $flag (@flaglistfiles)
my $flagcode = uc(substr($flag, 0, 2)); my $fcode = lc($flagcode); + + # Get flag icon for of the country. + my $flag_icon = &GeoIP::get_flag_icon($fcode); + my $country = Locale::Country::code2country($fcode); if($fcode eq 'eu') { $country = 'Europe'; } if($fcode eq 'tp') { $country = 'East Timor'; } if($fcode eq 'yu') { $country = 'Yugoslavia'; } if ($lines % 2) { - print "<td $col><a id='$fcode'><img src='/images/flags/$fcode.png' alt='$flagcode' title='$flagcode'/></a></td>"; + print "<td $col><a id='$fcode'><img src='$flag_icon' alt='$flagcode' title='$flagcode'/></a></td>"; print "<td $col>$flagcode</td>"; print "<td $col>$country</td></tr>\n"; } @@ -81,7 +86,7 @@ foreach $flag (@flaglistfiles) $col="style='background-color:${Header::table1colour};'"; } print "<tr>"; - print "<td $col><a id='$fcode'><img src='/images/flags/$fcode.png' alt='$flagcode' title='$flagcode'/></a></td>"; + print "<td $col><a id='$fcode'><img src='$flag_icon' alt='$flagcode' title='$flagcode'/></a></td>"; print "<td $col>$flagcode</td>"; print "<td $col>$country</td>"; print "<td $col> </td>"; diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 044aa97..73a41d9 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -44,10 +44,8 @@ my $settingsfile = "${General::swroot}/ddns/settings"; # Config file to store the configured ddns providers. my $datafile = "${General::swroot}/ddns/config";
-# Dynamic ddns programm call. -my @ddnsprog = ("/usr/bin/ddns", "--config", - "/var/ipfire/ddns/ddns.conf", - "update-all"); +# Call the ddnsctrl helper binary to perform the update. +my @ddnsprog = ("/usr/local/bin/ddnsctrl", "update-all");
my %settings=(); my $errormessage = ''; @@ -700,11 +698,6 @@ sub GenerateDDNSConfigFile { print FILE "password = $password\n"; }
- # These providers need to be set to only use IPv4. - if ($provider ~~ ["freedns.afraid.org", "nsupdate.info", "opendns.com", "variomedia.de", "zoneedit.com"]) { - print FILE "proto = ipv4\n"; - } - print FILE "\n"; }
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index 39b732c..c207ec7 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -33,6 +33,7 @@ no warnings 'uninitialized'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +require "${General::swroot}/geoip-functions.pl"; require "/usr/lib/firewall/firewall-lib.pl";
unless (-d "${General::swroot}/firewall") { system("mkdir ${General::swroot}/firewall"); } @@ -47,6 +48,7 @@ my %defaultNetworks=(); my %netsettings=(); my %customhost=(); my %customgrp=(); +my %customgeoipgrp=(); my %customnetworks=(); my %customservice=(); my %customservicegrp=(); @@ -74,6 +76,7 @@ my $color; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; +my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp"; my $configsrv = "${General::swroot}/fwhosts/customservices"; my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; my $configccdnet = "${General::swroot}/ovpn/ccd.conf"; @@ -154,6 +157,19 @@ print<<END; $("#actions").toggle(); });
+ // Hide SNAT items when DNAT is selected and vice versa. + if ($('input[name=nat]:checked').val() == 'dnat') { + $('.snat').hide(); + } else { + $('.dnat').hide(); + } + + // Show/Hide elements when SNAT/DNAT get changed. + $('input[name=nat]').change(function() { + $('.snat').toggle(); + $('.dnat').toggle(); + }); + // Time constraints if(!$("#USE_TIME_CONSTRAINTS").attr("checked")) { $("#TIME_CONSTRAINTS").hide(); @@ -1060,6 +1076,54 @@ END } print"</select></td>"; } + # geoip locations / groups. + my @geoip_locations = &fwlib::get_geoip_locations(); + + print "<tr>\n"; + print "<td valign='top'><input type='radio' name='$grp' id='cust_geoip_$srctgt' value='cust_geoip_$srctgt' $checked{$grp}{'cust_geoip_'.$srctgt}></td>\n"; + print "<td>$Lang::tr{'geoip'}</td>\n"; + print "<td align='right'><select name='cust_geoip_$srctgt' style='width:200px;'>\n"; + + # Add GeoIP groups to dropdown. + if (!-z $configgeoipgrp) { + print "<optgroup label='$Lang::tr{'fwhost cust geoipgroup'}'>\n"; + foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) } keys %customgeoipgrp) { + my $selected; + + # Generate stored value for select detection. + my $stored = join(':', "group",$customgeoipgrp{$key}[0]); + + # Only show a group once and group with elements. + if($helper ne $customgeoipgrp{$key}[0] && $customgeoipgrp{$key}[2] ne 'none') { + # Mark current entry as selected. + if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $stored) { + $selected = "selected='selected'"; + } + print"<option $selected value='group:$customgeoipgrp{$key}[0]'>$customgeoipgrp{$key}[0]</option>\n"; + } + $helper=$customgeoipgrp{$key}[0]; + } + print "</optgroup>\n"; + } + + # Add locations. + print "<optgroup label='$Lang::tr{'fwhost cust geoiplocation'}'>\n"; + foreach my $location (@geoip_locations) { + # Get country name. + my $country_name = &GeoIP::get_full_country_name($location); + + # Mark current entry as selected. + my $selected; + if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $location) { + $selected = "selected='selected'"; + } + print "<option $selected value='$location'>$location - $country_name</option>\n"; + } + print "</optgroup>\n"; + + # Close GeoIP dropdown. + print "</select></td>\n"; + #End left table. start right table (vpn) print"</tr></table></td><td valign='top'><table width='95%' border='0' align='right'><tr>"; # CCD networks @@ -1397,6 +1461,7 @@ sub newrule &General::readhasharray("$confighost", %customhost); &General::readhasharray("$configccdhost", %ccdhost); &General::readhasharray("$configgrp", %customgrp); + &General::readhasharray("$configgeoipgrp", %customgeoipgrp); &General::readhasharray("$configipsec", %ipsecconf); &General::get_aliases(%aliases); my %checked=(); @@ -1591,7 +1656,7 @@ END $Lang::tr{'fwdfw use nat'} </label> <div class="NAT"> - <table width='100%' border='0'> + <table class='fw-nat' width='100%' border='0'> <tr> <td width='5%'></td> <td width='40%'> @@ -1603,9 +1668,9 @@ END END
print <<END; - <td width='25%' align='right'>$Lang::tr{'dnat address'}:</td> + <td width='25%' align='right'><span class='dnat'>$Lang::tr{'dnat address'}:</span></td> <td width='30%'> - <select name='dnat' style='width: 100%;'> + <select name='dnat' class='dnat' style='width: 100%;'> <option value='AUTO' $selected{'dnat'}{'AUTO'}>- $Lang::tr{'automatic'} -</option> <option value='Default IP' $selected{'dnat'}{'Default IP'}>$Lang::tr{'red1'} ($redip)</option> END @@ -1636,9 +1701,9 @@ END $Lang::tr{'fwdfw snat'} </label> </td> - <td width='25%' align='right'>$Lang::tr{'snat new source ip address'}:</td> + <td width='25%' align='right'><span class='snat'>$Lang::tr{'snat new source ip address'}:</span></td> <td width='30%'> - <select name='snat' style='width: 100%;'> + <select name='snat' class='snat' style='width: 100%;'> END
foreach my $alias (sort keys %aliases) { @@ -2525,6 +2590,13 @@ END }else{ print $$hash{$key}[4]; } + }elsif ($$hash{$key}[3] eq 'cust_geoip_src') { + my ($split1,$split2) = split(":", $$hash{$key}[4]); + if ($split2) { + print "$split2\n"; + }else{ + print "$Lang::tr{'geoip'}: $$hash{$key}[4]\n"; + } }elsif ($$hash{$key}[4] eq 'RED1'){ print "$ipfireiface $Lang::tr{'fwdfw red'}"; }elsif ($$hash{$key}[4] eq 'ALL'){ @@ -2601,6 +2673,13 @@ END }else{ print $$hash{$key}[6]; } + }elsif ($$hash{$key}[5] eq 'cust_geoip_tgt') { + my ($split1,$split2) = split(":", $$hash{$key}[6]); + if ($split2) { + print "$split2\n"; + }else{ + print "$Lang::tr{'geoip'}: $$hash{$key}[6]\n"; + } }elsif ($$hash{$key}[5] eq 'tgt_addr'){ my ($split1,$split2) = split("/",$$hash{$key}[6]); if ($split2 eq '32'){ @@ -2618,7 +2697,6 @@ END #RULE ACTIVE if($$hash{$key}[2] eq 'ON'){ $gif="/images/on.gif" - }else{ $gif="/images/off.gif" } diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index f42947e..994a50a 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -27,6 +27,8 @@ use Sort::Naturally; use CGI::Carp 'fatalsToBrowser'; no warnings 'uninitialized'; require '/var/ipfire/general-functions.pl'; +require "/var/ipfire/geoip-functions.pl"; +require "/usr/lib/firewall/firewall-lib.pl"; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl";
@@ -36,6 +38,7 @@ my %customhost=(); my %customgrp=(); my %customservice=(); my %customservicegrp=(); +my %customgeoipgrp=(); my %ccdnet=(); my %ccdhost=(); my %ipsecconf=(); @@ -62,6 +65,7 @@ my $configccdhost = "${General::swroot}/ovpn/ovpnconfig"; my $configipsec = "${General::swroot}/vpn/config"; my $configsrv = "${General::swroot}/fwhosts/customservices"; my $configsrvgrp = "${General::swroot}/fwhosts/customservicegrp"; +my $configgeoipgrp = "${General::swroot}/fwhosts/customgeoipgrp"; my $fwconfigfwd = "${General::swroot}/firewall/config"; my $fwconfiginp = "${General::swroot}/firewall/input"; my $fwconfigout = "${General::swroot}/firewall/outgoing"; @@ -73,6 +77,7 @@ unless (-e $confighost) { system("touch $confighost"); } unless (-e $configgrp) { system("touch $configgrp"); } unless (-e $configsrv) { system("touch $configsrv"); } unless (-e $configsrvgrp) { system("touch $configsrvgrp"); } +unless (-e $configgeoipgrp) { system("touch $configgeoipgrp"); }
&General::readhash("${General::swroot}/main/settings", %mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color); @@ -671,6 +676,87 @@ if ($fwhostsettings{'ACTION'} eq 'savegrp') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'savegeoipgrp') +{ + my $grp=$fwhostsettings{'grp_name'}; + my $rem=$fwhostsettings{'remark'}; + my $count; + my $type; + my @target; + my @newgrp; + &General::readhasharray("$configgeoipgrp", %customgeoipgrp); + &General::readhasharray("$fwconfigfwd", %fwfwd); + &General::readhasharray("$fwconfiginp", %fwinp); + &General::readhasharray("$fwconfigout", %fwout); + + # Check for existing group name. + if (!&checkgroup($grp) && $fwhostsettings{'update'} ne 'on'){ + $errormessage = $Lang::tr{'fwhost err grpexist'}; + } + + # Check remark. + if ($rem ne '' && !&validremark($rem) && $fwhostsettings{'update'} ne 'on'){ + $errormessage = $Lang::tr{'fwhost err remark'}; + } + + if ($fwhostsettings{'update'} eq 'on'){ + @target=$fwhostsettings{'COUNTRY_CODE'}; + $type='GeoIP Group'; + + #check if host/net exists in grp + my $test="$grp,$fwhostsettings{'oldremark'},@target"; + foreach my $key (keys %customgeoipgrp) { + my $test1="$customgeoipgrp{$key}[0],$customgeoipgrp{$key}[1],$customgeoipgrp{$key}[2]"; + if ($test1 eq $test){ + $errormessage=$Lang::tr{'fwhost err isingrp'}; + $fwhostsettings{'update'} = 'on'; + } + } + } + + if (!$errormessage){ + #on first save, we have an empty @target, so fill it with nothing + my $targetvalues=@target; + if ($targetvalues == '0'){ + @target="none"; + } + #on update, we have to delete the dummy entry + foreach my $key (keys %customgeoipgrp){ + if ($customgeoipgrp{$key}[0] eq $grp && $customgeoipgrp{$key}[2] eq "none"){ + delete $customgeoipgrp{$key}; + last; + } + } + &General::writehasharray("$configgeoipgrp", %customgeoipgrp); + &General::readhasharray("$configgeoipgrp", %customgeoipgrp); + #create array with new lines + foreach my $line (@target){ + push (@newgrp,"$grp,$rem,$line"); + } + #append new entries + my $key = &General::findhasharraykey (%customgeoipgrp); + foreach my $line (@newgrp){ + foreach my $i (0 .. 3) { $customgeoipgrp{$key}[$i] = "";} + my ($a,$b,$c,$d) = split (",",$line); + $customgeoipgrp{$key}[0] = $a; + $customgeoipgrp{$key}[1] = $b; + $customgeoipgrp{$key}[2] = $c; + $customgeoipgrp{$key}[3] = $type; + } + &General::writehasharray("$configgeoipgrp", %customgeoipgrp); + #update counter in Host/Net + $fwhostsettings{'update'}='on'; + } + #check if ruleupdate is needed + my $geoipgrpcount=0; + $geoipgrpcount=&getgeoipcount($grp); + if($geoipgrpcount > 0 ) + { + &General::firewall_config_changed(); + } + &addgeoipgrp; + &viewtablegeoipgrp; +} if ($fwhostsettings{'ACTION'} eq 'saveservice') { my $ICMP; @@ -798,6 +884,12 @@ if ($fwhostsettings{'ACTION'} eq 'editgrp') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'editgeoipgrp') +{ + $fwhostsettings{'update'}='on'; + &addgeoipgrp; + &viewtablegeoipgrp; +} if ($fwhostsettings{'ACTION'} eq 'editservice') { $fwhostsettings{'updatesrv'}='on'; @@ -830,6 +922,12 @@ if ($fwhostsettings{'ACTION'} eq 'resetgrp') $fwhostsettings{'remark'} =""; &showmenu; } +if ($fwhostsettings{'ACTION'} eq 'resetgeoipgrp') +{ + $fwhostsettings{'grp_name'} =""; + $fwhostsettings{'remark'} =""; + &showmenu; +} # delete if ($fwhostsettings{'ACTION'} eq 'delnet') { @@ -887,6 +985,37 @@ if ($fwhostsettings{'ACTION'} eq 'deletegrphost') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'deletegeoipgrpentry') +{ + my $grpremark; + my $grpname; + &General::readhasharray("$configgeoipgrp", %customgeoipgrp); + foreach my $key (keys %customgeoipgrp){ + if($customgeoipgrp{$key}[0].",".$customgeoipgrp{$key}[1].",".$customgeoipgrp{$key}[2].",".$customgeoipgrp{$key}[3] eq $fwhostsettings{'delentry'}){ + $grpname=$customgeoipgrp{$key}[0]; + $grpremark=$customgeoipgrp{$key}[1]; + #check if we delete the last entry, then generate dummy + if ($fwhostsettings{'last'} eq 'on'){ + $customgeoipgrp{$key}[1] = ''; + $customgeoipgrp{$key}[2] = 'none'; + $customgeoipgrp{$key}[3] = ''; + $fwhostsettings{'last'}=''; + last; + }else{ + delete $customgeoipgrp{$key}; + } + } + } + &General::writehasharray("$configgeoipgrp", %customgeoipgrp); + &General::firewall_config_changed(); + if ($fwhostsettings{'update'} eq 'on'){ + $fwhostsettings{'remark'}= $grpremark; + $fwhostsettings{'grp_name'}=$grpname; + } + &addgeoipgrp; + &viewtablegeoipgrp; +} + if ($fwhostsettings{'ACTION'} eq 'delgrp') { &General::readhasharray("$configgrp", %customgrp); @@ -903,6 +1032,22 @@ if ($fwhostsettings{'ACTION'} eq 'delgrp') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'delgeoipgrp') +{ + &General::readhasharray("$configgeoipgrp", %customgeoipgrp); + &decrease($fwhostsettings{'grp_name'}); + foreach my $key (sort keys %customgeoipgrp) + { + if($customgeoipgrp{$key}[0] eq $fwhostsettings{'grp_name'}) + { + delete $customgeoipgrp{$key}; + } + } + &General::writehasharray("$configgeoipgrp", %customgeoipgrp); + $fwhostsettings{'grp_name'}=''; + &addgeoipgrp; + &viewtablegeoipgrp; +} if ($fwhostsettings{'ACTION'} eq 'delservice') { &General::readhasharray("$configsrv", %customservice); @@ -977,6 +1122,11 @@ if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgrp'}) &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newgeoipgrp'}) +{ + &addgeoipgrp; + &viewtablegeoipgrp; +} if ($fwhostsettings{'ACTION'} eq $Lang::tr{'fwhost newservice'}) { &addservice; @@ -1011,6 +1161,31 @@ if ($fwhostsettings{'ACTION'} eq 'changegrpremark') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'changegeoipgrpremark') +{ + &General::readhasharray("$configgeoipgrp", %customgeoipgrp); + if ($fwhostsettings{'oldrem'} ne $fwhostsettings{'newrem'} && (&validremark($fwhostsettings{'newrem'}) || $fwhostsettings{'newrem'} eq '')){ + foreach my $key (sort keys %customgeoipgrp) + { + if($customgeoipgrp{$key}[0] eq $fwhostsettings{'grp'} && $customgeoipgrp{$key}[1] eq $fwhostsettings{'oldrem'}) + { + $customgeoipgrp{$key}[1]=''; + $customgeoipgrp{$key}[1]=$fwhostsettings{'newrem'}; + } + } + &General::writehasharray("$configgeoipgrp", %customgeoipgrp); + $fwhostsettings{'update'}='on'; + $fwhostsettings{'remark'}=$fwhostsettings{'newrem'}; + }else{ + $errormessage=$Lang::tr{'fwhost err remark'}; + $fwhostsettings{'remark'}=$fwhostsettings{'oldrem'}; + $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'}; + $fwhostsettings{'update'} = 'on'; + } + $fwhostsettings{'grp_name'}=$fwhostsettings{'grp'}; + &addgeoipgrp; + &viewtablegeoipgrp; +} if ($fwhostsettings{'ACTION'} eq 'changesrvgrpremark') { &General::readhasharray("$configsrvgrp", %customservicegrp ); @@ -1085,6 +1260,29 @@ if ($fwhostsettings{'ACTION'} eq 'changegrpname') &addgrp; &viewtablegrp; } +if ($fwhostsettings{'ACTION'} eq 'changegeoipgrpname') +{ + &General::readhasharray("$configgeoipgrp", %customgeoipgrp ); + if ($fwhostsettings{'oldgrpname'} ne $fwhostsettings{'grp'}){ + #Check new groupname + if (!&validhostname($fwhostsettings{'grp'})){ + $errormessage.=$Lang::tr{'fwhost err name'}."<br>"; + } + if (!$errormessage){ + # Rename group. + foreach my $key (keys %customgeoipgrp) { + if($customgeoipgrp{$key}[0] eq $fwhostsettings{'oldgrpname'}){ + $customgeoipgrp{$key}[0]=$fwhostsettings{'grp'}; + } + } + &General::writehasharray("$configgeoipgrp", %customgeoipgrp ); + #change name in FW Rules + &changenameinfw($fwhostsettings{'oldgrpname'},$fwhostsettings{'grp'},6); + } + } + &addgeoipgrp; + &viewtablegeoipgrp; +} ### VIEW ### if($fwhostsettings{'ACTION'} eq '') { @@ -1096,7 +1294,7 @@ sub showmenu { print "$Lang::tr{'fwhost welcome'}"; print<<END; <br><br><table border='0' width='100%'> - <tr><td><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' ></form></td> + <tr><td><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newnet'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newhost'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgrp'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newgeoipgrp'}' ></form></td> <td align='right'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservice'}' ><input type='submit' name='ACTION' value='$Lang::tr{'fwhost newservicegrp'}' ></form></td></tr> <tr><td colspan='6'></td></tr></table> END @@ -1381,6 +1579,113 @@ END print"<tr><td style='text-align:right;'><input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /><input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'><input type='hidden' name='update' value="$fwhostsettings{'update'}"><input type='hidden' name='ACTION' value='savegrp' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value='resetgrp'></form></td></table>"; &Header::closebox(); } +sub addgeoipgrp +{ + &hint; + &error; + &showmenu; + &Header::openbox('100%', 'left', $Lang::tr{'fwhost addgeoipgrp'}); + + my %checked=(); + my $show=''; + $checked{'check1'}{'off'} = ''; + $checked{'check1'}{'on'} = ''; + $checked{'grp2'}{$fwhostsettings{'grp2'}} = 'CHECKED'; + $fwhostsettings{'oldremark'}=$fwhostsettings{'remark'}; + $fwhostsettings{'oldgrpname'}=$fwhostsettings{'grp_name'}; + my $grp=$fwhostsettings{'grp_name'}; + my $rem=$fwhostsettings{'remark'}; + if ($fwhostsettings{'update'} eq ''){ + print<<END; + <table width='100%' border='0'> + <tr> + <td style='width:15%;'>$Lang::tr{'fwhost addgrpname'}</td> + <td><form method='post'><input type='TEXT' name='grp_name' value='$fwhostsettings{'grp_name'}' size='30'></td> + </tr> + <tr> + <td>$Lang::tr{'remark'}:</td> + <td ><input type='TEXT' name='remark' value='$fwhostsettings{'remark'}' style='width: 99%;'></td> + </tr> + <tr> + <td colspan='2'><br></td> + </tr> + </table> +END + } else { + print<<END; + <table width='100%' border='0'> + <form method='post'><tr> + <td style='width:15%;'>$Lang::tr{'fwhost addgrpname'}</td> + <td style='width:30%;'><input type='TEXT' name='grp' value='$fwhostsettings{'grp_name'}' size='30'></td> + <td> + <input type='submit' value='$Lang::tr{'fwhost change'}'> + <input type='hidden' name='oldgrpname' value='$fwhostsettings{'oldgrpname'}'> + <input type='hidden' name='ACTION' value='changegeoipgrpname'> + </td> + <td></td> + </tr></form> + <tr><form method='post' style='display:inline'> + <td>$Lang::tr{'remark'}:</td> + <td colspan='2' style='width:98%;'> + <input type='TEXT' name='newrem' value='$fwhostsettings{'remark'}' style='width:98%;'> + </td> + <td align='right'> + <input type='submit' value='$Lang::tr{'fwhost change'}'> + <input type='hidden' name='grp' value='$fwhostsettings{'grp_name'}'> + <input type='hidden' name='oldrem' value='$fwhostsettings{'oldremark'}'> + <input type='hidden' name='ACTION' value='changegeoipgrpremark'> + </td> + </tr></form> + </table> + <br><br> +END + } + if ($fwhostsettings{'update'} eq 'on') { + my @geoip_locations = &fwlib::get_geoip_locations(); + + print<<END; + <form method='post'> + <input type='hidden' name='remark' value='$rem'> + <input type='hidden' name='grp_name' value='$grp'> + + <table width='100%' border='0'> + <tr> + <td style='text-align:left;'> + <select name='COUNTRY_CODE' style='width:16em;'>"; +END + foreach my $location (@geoip_locations) { + # Get full country name. + my $fullname = &GeoIP::get_full_country_name($location); + + print"<option value='$location'>$location - $fullname</option>\n"; + } + print <<END; + </select> + </td> + </tr> + </table> + <br><br> +END + } + print <<END; + <table width='100%'> + <tr><td style='text-align:right;'> + <input type='submit' value='$Lang::tr{'add'}' style='min-width:100px;' /> + <input type='hidden' name='oldremark' value='$fwhostsettings{'oldremark'}'> + <input type='hidden' name='update' value="$fwhostsettings{'update'}"> + <input type='hidden' name='ACTION' value='savegeoipgrp' > + </form> + + <form method='post' style='display:inline'> + + <input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'> + <input type='hidden' name='ACTION' value='resetgeoipgrp'> + + </form> + </td></tr></table> +END + &Header::closebox(); +} sub addservice { &error; @@ -1839,6 +2144,195 @@ sub viewtablegrp }
} +sub viewtablegeoipgrp +{ + # If our filesize is "zero" there is nothing to read-in. + if (-z "$configgeoipgrp") { + return; + } + + &Header::openbox('100%', 'left', $Lang::tr{'fwhost cust geoipgrp'}); + &General::readhasharray("$configgeoipgrp", %customgeoipgrp); + &General::readhasharray("$fwconfigfwd", %fwfwd); + &General::readhasharray("$fwconfiginp", %fwinp); + &General::readhasharray("$fwconfigout", %fwout); + my @grp=(); + my $helper=''; + my $count=1; + my $country_code; + my $grpname; + my $remark; + my $number; + my $delflag; + my @counter; + my %hash; + + # If there are no groups we are finished here. + if (!keys %customgeoipgrp) { + print "<center><b>$Lang::tr{'fwhost err emptytable'}</b>"; + return; + } + + # Put all groups in a hash. + foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) } + sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) { + push (@counter,$customgeoipgrp{$key}[0]); + } + + # Increase current used key. + foreach my $key1 (@counter) { + $hash{$key1}++ ; + } + + # Sort hash. + foreach my $key (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) } + sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) { + $count++; + if ($helper ne $customgeoipgrp{$key}[0]) { + $delflag='0'; + + foreach my $key1 (sort { ncmp($customgeoipgrp{$a}[0],$customgeoipgrp{$b}[0]) } + sort { ncmp($customgeoipgrp{$a}[2],$customgeoipgrp{$b}[2]) } keys %customgeoipgrp) { + + if ($customgeoipgrp{$key}[0] eq $customgeoipgrp{$key1}[0]) + { + $delflag++; + } + if($delflag > 1){ + last; + } + } + + $number=1; + + # Groupname. + $grpname=$customgeoipgrp{$key}[0]; + + # Group remark. + $remark="$customgeoipgrp{$key}[1]"; + + # Country code. + $country_code="$customgeoipgrp{$key}[2]"; + + if ($count gt 1){ + print"</table>"; + $count=1; + } + + # Display groups header. + print "<br><b><u>$grpname</u></b> \n"; + print "<b>$Lang::tr{'remark'}:</b>  $remark  \n" if ($remark ne ''); + + # Get group count. + my $geoipgrpcount=&getgeoipcount($grpname); + print "<b>$Lang::tr{'used'}:</b> $geoipgrpcount x"; + + # Only display delete icon, if the group is not used by a firewall rule. + if($geoipgrpcount == '0') { + print"<form method='post' style='display:inline'>\n"; + print"<input type='image' src='/images/delete.gif' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' align='right' />\n"; + print"<input type='hidden' name='grp_name' value='$grpname' >\n"; + print"<input type='hidden' name='ACTION' value='delgeoipgrp'>\n"; + print"</form>"; + } + + # Icon for group editing. +print <<END; + <form method='post' style='display:inline'> + <input type='image' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' align='right'/> + <input type='hidden' name='grp_name' value='$grpname' > + <input type='hidden' name='remark' value='$remark' > + <input type='hidden' name='ACTION' value='editgeoipgrp'> + </form> + + <table width='100%' cellspacing='0' class='tbl'> +END + # Display headlines if the group contains any entries. + if ($country_code ne "none") { +print <<END; + <tr> + <td width='10%' align='center'> + <b>$Lang::tr{'flag'}</b> + </td> + + <td width='10%'align='center'> + <b>$Lang::tr{'countrycode'}</b> + </td> + + <td width='70%'align='left'> + <b>$Lang::tr{'country'}</b> + </td> + + <td width='10%' align='right'></td> + </tr> +END + } + } + + # Check if our group contains any entries. + if ($country_code eq "none") { + print "<tr><td>$Lang::tr{'fwhost err emptytable'}</td></tr>\n"; + } else { + # Check if we are currently editing a group and assign column backgound colors. + my $col=''; + if ( ($fwhostsettings{'ACTION'} eq 'editgeoipgrp' || $fwhostsettings{'update'} ne '') + && $fwhostsettings{'grp_name'} eq $customgeoipgrp{$key}[0]) { + $col="bgcolor='${Header::colouryellow}'"; + } elsif ($count %2 == 0){ + $col="bgcolor='$color{'color20'}'"; + } else { + $col="bgcolor='$color{'color22'}'"; + } + + # Get country flag. + my $icon = &GeoIP::get_flag_icon($customgeoipgrp{$key}[2]); + + # Print column with flag icon. + my $col_content; + if ($icon) { + $col_content = "<img src='$icon' alt='$customgeoipgrp{$key}[2]' title='$customgeoipgrp{$key}[2]'>"; + } else { + $col_content = "<b>N/A</b>"; + } + + print "<td align='center' $col>$col_content</td>\n"; + + # Print column with country code. + print "<td align='center' $col>$customgeoipgrp{$key}[2]</td>\n"; + + # Print column with full country name. + my $country_name = &GeoIP::get_full_country_name($customgeoipgrp{$key}[2]); + print "<td align='left' $col>$country_name</td>\n"; + + # Generate from for removing entries from a group. + print "<td align='right' width='1%' $col><form method='post'>\n"; + + if ($delflag > 0){ + print"<input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}'/>\n"; + + # Check if this group only has a single entry. + foreach my $key2 (keys %hash) { + if ($hash{$key2}<2 && $key2 eq $customgeoipgrp{$key}[0]){ + print "<input type='hidden' name='last' value='on'>" ; + } + } + } + + print "<input type='hidden' name='ACTION' value='deletegeoipgrpentry'>\n"; + print "<input type='hidden' name='update' value='$fwhostsettings{'update'}'>\n"; + print "<input type='hidden' name='delentry' value='$grpname,$remark,$customgeoipgrp{$key}[2],$customgeoipgrp{$key}[3]'>\n"; + print "</form>\n"; + print "</td>\n"; + print "</tr>\n"; + } + + $helper=$customgeoipgrp{$key}[0]; + $number++; + } + + print"</table>\n"; + &Header::closebox(); +} sub viewtableservice { my $count=0; @@ -2196,6 +2690,44 @@ sub gethostcount } return $srvcounter; } +sub getgeoipcount +{ + my $groupname=shift; + my $counter=0; + + # GeoIP groups are stored as "group:groupname" in the + # firewall settings files. + my $searchstring = join(':', "group",$groupname); + + # Count services used in firewall - forward + foreach my $key1 (keys %fwfwd) { + if($fwfwd{$key1}[4] eq $searchstring){ + $counter++; + } + if($fwfwd{$key1}[6] eq $searchstring){ + $counter++; + } + } + #Count services used in firewall - input + foreach my $key2 (keys %fwinp) { + if($fwinp{$key2}[4] eq $searchstring){ + $counter++; + } + if($fwinp{$key2}[6] eq $searchstring){ + $counter++; + } + } + #Count services used in firewall - outgoing + foreach my $key3 (keys %fwout) { + if($fwout{$key3}[4] eq $searchstring){ + $counter++; + } + if($fwout{$key3}[6] eq $searchstring){ + $counter++; + } + } + return $counter; +} sub getnetcount { my $searchstring=shift; diff --git a/html/cgi-bin/geoip-block.cgi b/html/cgi-bin/geoip-block.cgi new file mode 100644 index 0000000..ccbfa92 --- /dev/null +++ b/html/cgi-bin/geoip-block.cgi @@ -0,0 +1,263 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2014 IPFire Developemnt Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +use strict; +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/geoip-functions.pl"; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; +require "/usr/lib/firewall/firewall-lib.pl"; + +my $notice; +my $settingsfile = "${General::swroot}/firewall/geoipblock"; + +my %color = (); +my %mainsettings = (); +my %settings = (); +my %cgiparams = (); + +# Read configuration file. +&General::readhash("$settingsfile", %settings); + +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color); + +&Header::showhttpheaders(); + +#Get GUI values +&Header::getcgihash(%cgiparams); + +# Call subfunction to get all available locations. +my @locations = &fwlib::get_geoip_locations(); + +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { + # Check if we want to disable geoipblock. + if (exists $cgiparams{'GEOIPBLOCK_ENABLED'}) { + $settings{'GEOIPBLOCK_ENABLED'} = "on"; + } else { + $settings{'GEOIPBLOCK_ENABLED'} = "off"; + } + + # Loop through our locations array to prevent from + # non existing countries or code. + foreach my $cn (@locations) { + # Check if blocking for this country should be enabled/disabled. + if (exists $cgiparams{$cn}) { + $settings{$cn} = "on"; + } else { + $settings{$cn} = "off"; + } + } + + &General::writehash("$settingsfile", %settings); + + # Mark the firewall config as changed. + &General::firewall_config_changed(); + + # Assign reload notice. We directly can use + # the notice from p2p block. + $notice = $Lang::tr{'p2p block save notice'}; +} + +&Header::openpage($Lang::tr{'geoipblock configuration'}, 1, ''); + +# Print notice that a firewall reload is required. +if ($notice) { + &Header::openbox('100%', 'left', $Lang::tr{'notice'}); + print "<font class='base'>$notice</font>"; + &Header::closebox(); +} + +# Checkbox pre-selection. +my $checked; +if ($settings{'GEOIPBLOCK_ENABLED'} eq "on") { + $checked = "checked='checked'"; +} + +# Print box to enable/disable geoipblock. +print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n"; + +&Header::openbox('100%', 'center', $Lang::tr{'geoipblock'}); +print <<END; + <table width='95%'> + <tr> + <td width='25%' class='base'>$Lang::tr{'geoipblock enable feature'} + <td><input type='checkbox' name='GEOIPBLOCK_ENABLED' $checked></td> + </tr> + <tr> + <td colspan='2'><br></td> + </tr> + </table> + + <hr> + + <table width='95%'> + <tr> + <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td> + </tr> + </table> +END + +&Header::closebox(); + +&Header::openbox('100%', 'center', $Lang::tr{'geoipblock block countries'}); +### JAVA SCRIPT ### +print <<END; +<script> + // Function to allow checking all checkboxes at once. + function check_all() { + $("#countries").find(":checkbox").prop("checked", true); + } + + function uncheck_all() { + $("#countries").find(":checkbox").prop("checked", false); + } +</script> + +<table width='95%' class='tbl' id="countries"> + <tr> + <td width='5%' align='center' bgcolor='$color{'color20'}'></td> + <td width='5%' align='center' bgcolor='$color{'color20'}'> + <b>$Lang::tr{'flag'}</b> + </td> + <td width='5%' align='center' bgcolor='$color{'color20'}'> + <b>$Lang::tr{'countrycode'}</b> + </td> + <td with='35%' align='left' bgcolor='$color{'color20'}'> + <b>$Lang::tr{'country'}</b> + </td> + + <td width='5%' bgcolor='$color{'color20'}'> </td> + + <td width='5%' align='center' bgcolor='$color{'color20'}'></td> + <td width='5%' align='center' bgcolor='$color{'color20'}'> + <b>$Lang::tr{'flag'}</b> + </td> + <td width='5%' align='center' bgcolor='$color{'color20'}'> + <b>$Lang::tr{'countrycode'}</b> + </td> + <td with='35%' align='left' bgcolor='$color{'color20'}'> + <b>$Lang::tr{'country'}</b> + </td> + </tr> +END + +my $lines; +my $lines2; +my $col; +foreach my $location (@locations) { + # Country code in upper case. (DE) + my $ccode_uc = $location; + + # County code in lower case. (de) + my $ccode_lc = lc($location); + + # Full name of the country based on the country code. + my $cname = &GeoIP::get_full_country_name($ccode_lc); + + # Get flag icon for of the country. + my $flag_icon = &GeoIP::get_flag_icon($ccode_uc); + + my $flag; + # Check if a flag for the country is available. + if ($flag_icon) { + $flag="<img src='$flag_icon' alt='$ccode_uc' title='$ccode_uc'>"; + } else { + $flag="<b>N/A</b>"; + } + + # Checkbox pre-selection. + my $checked; + if ($settings{$ccode_uc} eq "on") { + $checked = "checked='checked'"; + } + + # Colour lines. + if ($lines % 2) { + $col="bgcolor='$color{'color20'}'"; + } else { + $col="bgcolor='$color{'color22'}'"; + } + + # Grouping elements. + my $line_start; + my $line_end; + if ($lines2 % 2) { + # Increase lines (background color by once. + $lines++; + + # Add empty column in front. + $line_start="<td $col> </td>"; + + # When the line number can be diveded by "2", + # we are going to close the line. + $line_end="</tr>"; + } else { + # When the line number is not divideable by "2", + # we are starting a new line. + $line_start="<tr>"; + $line_end; + } + + print "$line_start<td align='center' $col><input type='checkbox' name='$ccode_uc' $checked></td>\n"; + print "<td align='center' $col>$flag</td>\n"; + print "<td align='center' $col>$ccode_uc</td>\n"; + print "<td align='left' $col>$cname</td>$line_end\n"; + +$lines2++; +} + +print <<END; +</table> + +<table width='95%'> + <tr> + <td align='right'> + <a href="javascript:check_all()">$Lang::tr{'check all'}</a> / + <a href="javascript:uncheck_all()">$Lang::tr{'uncheck all'}</a> + </td> + </tr> + <tr> + <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}'></td> + </tr> +</table> + +<hr> + +<table width='70%'> + <tr> + <td width='5%'><img src='/images/on.gif'></td> + <td>$Lang::tr{'geoipblock country is blocked'}</td> + <td width='5%'><img src='/images/off.gif'></td> + <td>$Lang::tr{'geoipblock country is allowed'}</td> + </tr> +</table> +END + +&Header::closebox(); +print"</form>\n"; + +&Header::closebigbox(); +&Header::closepage(); diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index 53adeac..eafbdb1 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -301,7 +301,7 @@ END print '</td>'; print '</tr>'; } -if ( $netsettings{'BLUE_DEV'} ) { +if (&Header::blue_used()) { my $sub=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'}); print <<END; <tr> @@ -318,7 +318,7 @@ END print '</td>'; print '</tr>'; } -if ( $netsettings{'ORANGE_DEV'} ) { +if (&Header::orange_used()) { my $sub=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'}); print <<END; <tr> diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat index 8bb4900..5a584d6 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -21,6 +21,7 @@ use Getopt::Std; #use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/geoip-functions.pl"; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl";
@@ -334,13 +335,14 @@ foreach $_ (@log) my $comment = $3; my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} - $packet =~ /SRC=([\d.]+)/; my $srcaddr=$1; - $packet =~ /DST=([\d.]+)/; my $dstaddr=$1; - $packet =~ /MAC=([\w+:]+)/; my $macaddr=$1; - $packet =~ /PROTO=(\w+)/; my $proto=$1; - $packet =~ /SPT=(\d+)/; my $srcport=$1; - $packet =~ /DPT=(\d+)/; my $dstport=$1; + my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport); + $iface=$1 if $packet =~ /IN=(\w+)/; + $srcaddr=$1 if $packet =~ /SRC=([\d.]+)/; + $dstaddr=$1 if $packet =~ /DST=([\d.]+)/; + $macaddr=$1 if $packet =~ /MAC=([\w+:]+)/; + $proto=$1 if $packet =~ /PROTO=(\w+)/; + $srcport=$1 if $packet =~ /SPT=(\d+)/; + $dstport=$1 if $packet =~ /DPT=(\d+)/;
my $gi = Geo::IP::PurePerl->new(); my $ccode = $gi->country_code_by_name($srcaddr); @@ -371,10 +373,15 @@ foreach $_ (@log) <td align='center' $col>$srcport<br/>$dstport</td> END ; - if ( $fcode ne "" ){ - print "<td align='center' $col><a href='../country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$ccode'></a></td>";} - else { - print "<td align='center' $col></td>";} + # Get flag icon for of the country. + my $flag_icon = &GeoIP::get_flag_icon($fcode); + + if ( $flag_icon) { + print "<td align='center' $col><a href='../country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode'></a></td>"; + } else { + print "<td align='center' $col></td>"; + } + print <<END <td align='center' $col>$macaddr</td> </tr> diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat index 3a774f9..29c0842 100644 --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat @@ -19,6 +19,7 @@ use Getopt::Std; #use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/geoip-functions.pl"; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl";
@@ -460,11 +461,15 @@ for($s=0;$s<$lines;$s++) print "<td align='center' $col>$key[$s]</td>"; } else { - if($key[$s] ne 'unknown' ) { - my $fcode = lc($key[$s]); - print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$key[$s]' title='$key[$s]'></a></td>";} - else { - print "<td align='center' $col>$key[$s]</td>"; + my $fcode = lc($key[$s]); + + # Get flag icon for of the country. + my $flag_icon = &GeoIP::get_flag_icon($fcode); + + if($flag_icon) { + print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$key[$s]' title='$key[$s]'></a></td>"; + } else { + print "<td align='center' $col>$key[$s]</td>"; } } print "<td align='center' $col>$value[$s]</td>"; diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi-bin/logs.cgi/firewalllogip.dat index 07bcc77..7d82d20 100644 --- a/html/cgi-bin/logs.cgi/firewalllogip.dat +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat @@ -19,6 +19,7 @@ use Getopt::Std; #use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/geoip-functions.pl"; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl";
@@ -441,13 +442,19 @@ for($s=0;$s<$lines;$s++) $color++; print "<td align='center' $col><form method='post' action='showrequestfromip.dat'><input type='hidden' name='MONTH' value='$cgiparams{'MONTH'}'> <input type='hidden' name='DAY' value='$cgiparams{'DAY'}'> <input type='hidden' name='ip' value='$key[$s]'> <input type='submit' value='$Lang::tr{'details'}'></form></td>"; print "<td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$key[$s]'>$key[$s]</a></td>"; - if ( $fcode ne "" ){ - print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$ccode' title='$ccode'></a></td>";} - else { - print "<td align='center' $col></td>";} - print "<td align='center' $col>$value[$s]</td>"; - print "<td align='center' $col>$percent</td>"; - print "</tr>"; + + # Get flag icon for of the country. + my $flag_icon = &GeoIP::get_flag_icon($ccode); + + if ( $flag_icon ) { + print "<td align='center' $col><a href='/cgi-bin/country.cgi#$fcode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode'></a></td>"; + } else { + print "<td align='center' $col></td>"; + } + + print "<td align='center' $col>$value[$s]</td>"; + print "<td align='center' $col>$percent</td>"; + print "</tr>"; }
if($cgiparams{'otherspie'} == 2 ){} diff --git a/html/cgi-bin/netovpnsrv.cgi b/html/cgi-bin/netovpnsrv.cgi index ddf4177..15a95b6 100755 --- a/html/cgi-bin/netovpnsrv.cgi +++ b/html/cgi-bin/netovpnsrv.cgi @@ -59,7 +59,7 @@ if ( $querry[0] ne ""){ if (@vpns){ foreach (@vpns) { &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}"); - &Graphs::makegraphbox("netovpnsrv.cgi",$_, "day"); + &Graphs::makegraphbox("netovpnsrv.cgi",$_, "day",320); &Header::closebox(); } }else{ diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index ece528a..fb52e68 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2346,7 +2346,9 @@ else &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
if ($confighash{$cgiparams{'KEY'}}) { + # Revoke certificate if certificate was deleted and rewrite the CRL my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; + my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
### # m.a.d net2net @@ -5547,42 +5549,49 @@ END }
print <<END - <hr size='1'> + + <br><hr><br> + <form method='post' enctype='multipart/form-data'> - <table width='100%' border='0'cellspacing='1' cellpadding='0'> - <tr> - <td class'base'><b>$Lang::tr{'upload ca certificate'}</b></td> - </tr> - <tr> - <td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td> - <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td> - <td nowrap='nowrap'><input type='file' name='FH' size='25' /> - <td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td> - </tr> + <table border='0' width='100%'> + <tr> + <td colspan='4'><b>$Lang::tr{'upload ca certificate'}</b></td> + </tr>
- <tr align='right'> - <td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td> - </tr> + <tr> + <td width='10%'>$Lang::tr{'ca name'}:</td> + <td width='30%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'></td> + <td width='30%'><input type='file' name='FH' size='25'> + <td width='30%'align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}'></td> + </tr>
- <tr><td colspan=4><hr /></td></tr><tr> - <tr> - <td class'base'><b>$Lang::tr{'ovpn dh parameters'}</b></td> - </tr> + <tr> + <td colspan='3'> </td> + <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td> + </tr> + </table>
- <tr> - <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh upload'}:</td> - <td nowrap='nowrap'><size='15' align='left'/></td> - <td nowrap='nowrap'><input type='file' name='FH' size='25' /> - <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td> - </tr> - <tr> - <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh new key'}:</td> - <td nowrap='nowrap'><size='15' align='left'/></td> - <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td> - </tr> - </table> + <br> + + <table border='0' width='100%'> + <tr> + <td colspan='4'><b>$Lang::tr{'ovpn dh parameters'}</b></td> + </tr> + + <tr> + <td width='40%'>$Lang::tr{'ovpn dh upload'}:</td> + <td width='30%'><input type='file' name='FH' size='25'> + <td width='30%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}'></td> + </tr> + + <tr> + <td width='40%'>$Lang::tr{'ovpn dh new key'}:</td> + <td colspan='2' width='60%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td> + </tr> + </table> + </form> - <tr><td colspan=4><hr /></td></tr><tr> + <br><hr> END ;
diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi index 2a7ca84..143f123 100644 --- a/html/cgi-bin/pakfire.cgi +++ b/html/cgi-bin/pakfire.cgi @@ -191,14 +191,14 @@ if ($return) { <form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' /> </form> - <tr><td colspan='2' align='left'><pre> + <tr><td colspan='2' align='left'><code> END my @output = `grep pakfire /var/log/messages | tail -20`; foreach (@output) { - print "$_"; + print "$_<br>"; } print <<END; - </pre> + </code> </table> END &Header::closebox(); diff --git a/html/cgi-bin/services.cgi b/html/cgi-bin/services.cgi index 6bfa5bb..76bd9ed 100644 --- a/html/cgi-bin/services.cgi +++ b/html/cgi-bin/services.cgi @@ -188,6 +188,9 @@ END # mdadm should not stopped with webif because this could crash the system # chomp($_); + if ( $_ eq 'squid' ) { + next; + } if ( ($_ ne "alsa") && ($_ ne "mdadm") ) { $lines++; if ($lines % 2){ diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi index 228b5d4..e00bc5f 100644 --- a/html/cgi-bin/tor.cgi +++ b/html/cgi-bin/tor.cgi @@ -20,7 +20,7 @@ ###############################################################################
use strict; -use Locale::Country; +use Locale::Codes::Country;
# enable only the following on debugging purpose use warnings; @@ -323,9 +323,9 @@ END <option value=''>- $Lang::tr{'tor exit country any'} -</option> END
- my @country_names = Locale::Country::all_country_names(); + my @country_names = Locale::Codes::Country::all_country_names(); foreach my $country_name (sort @country_names) { - my $country_code = Locale::Country::country2code($country_name); + my $country_code = Locale::Codes::Country::country2code($country_name); $country_code = uc($country_code); print "<option value='$country_code'";
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index a6d7056..2a020ea 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -310,67 +310,33 @@ sub writeipsecfiles {
# Algorithms if ($lconfighash{$key}[18] && $lconfighash{$key}[19] && $lconfighash{$key}[20]) { - print CONF "\tike="; - my @encs = split('|', $lconfighash{$key}[18]); - my @ints = split('|', $lconfighash{$key}[19]); - my @groups = split('|', $lconfighash{$key}[20]); - my $comma = 0; - foreach my $i (@encs) { - foreach my $j (@ints) { - foreach my $k (@groups) { - if ($comma != 0) { print CONF ","; } else { $comma = 1; } - - my @l = split("", $k); - if ($l[0] eq "e") { - shift @l; - print CONF "$i-$j-ecp".join("", @l); - } else { - print CONF "$i-$j-modp$k"; - } - } - } - } - if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms? - print CONF "!\n"; - } else { - print CONF "\n"; - } + my @encs = split('|', $lconfighash{$key}[18]); + my @ints = split('|', $lconfighash{$key}[19]); + my @groups = split('|', $lconfighash{$key}[20]); + + my @algos = &make_algos("ike", @encs, @ints, @groups, 1); + print CONF "\tike=" . join(",", @algos); + + if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms? + print CONF "!\n"; + } else { + print CONF "\n"; + } } + if ($lconfighash{$key}[21] && $lconfighash{$key}[22]) { - print CONF "\tesp="; - my @encs = split('|', $lconfighash{$key}[21]); - my @ints = split('|', $lconfighash{$key}[22]); - my @groups = split('|', $lconfighash{$key}[20]); - my $comma = 0; - foreach my $i (@encs) { - foreach my $j (@ints) { - my $modp = ""; - if ($pfs eq "on") { - foreach my $k (@groups) { - if ($comma != 0) { print CONF ","; } else { $comma = 1; } - if ($pfs eq "on") { - my @l = split("", $k); - if ($l[0] eq "e") { - $modp = ""; - } else { - $modp = "-modp$k"; - } - } else { - $modp = ""; - } - print CONF "$i-$j$modp"; - } - } else { - if ($comma != 0) { print CONF ","; } else { $comma = 1; } - print CONF "$i-$j"; - } + my @encs = split('|', $lconfighash{$key}[21]); + my @ints = split('|', $lconfighash{$key}[22]); + my @groups = split('|', $lconfighash{$key}[20]); + + my @algos = &make_algos("esp", @encs, @ints, @groups, ($pfs eq "on")); + print CONF "\tesp=" . join(",", @algos); + + if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms? + print CONF "!\n"; + } else { + print CONF "\n"; } - } - if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms? - print CONF "!\n"; - } else { - print CONF "\n"; - } }
# IKE V1 or V2 @@ -397,12 +363,12 @@ sub writeipsecfiles { print CONF "\tdpddelay=0\n"; } } else { - my $dpddelay = $lconfighash{$key}[30]; + my $dpddelay = $lconfighash{$key}[31]; if (!$dpddelay) { $dpddelay = 30; } print CONF "\tdpddelay=$dpddelay\n"; - my $dpdtimeout = $lconfighash{$key}[31]; + my $dpdtimeout = $lconfighash{$key}[30]; if (!$dpdtimeout) { $dpdtimeout = 120; } @@ -435,16 +401,12 @@ sub writeipsecfiles { } else { print CONF "\tauto=start\n"; } - print CONF "\n"; - }#foreach key
- # Add post user includes to config file - # After the GUI-connections allows to patch connections. - if (-e "/etc/ipsec.user-post.conf") { - print CONF "include /etc/ipsec.user-post.conf\n"; - print CONF "\n"; - } + # Fragmentation + print CONF "\tfragmentation=yes\n";
+ print CONF "\n"; + }#foreach key print SECRETS $last_secrets if ($last_secrets); close(CONF); close(SECRETS); @@ -969,9 +931,9 @@ END if (!$errormessage) { &General::log("ipsec", "Creating cacert..."); if (open(STDIN, "-|")) { - my $opt = " req -x509 -nodes -rand /proc/interrupts:/proc/net/rt_cache"; + my $opt = " req -x509 -sha256 -nodes"; $opt .= " -days 999999"; - $opt .= " -newkey rsa:2048"; + $opt .= " -newkey rsa:4096"; $opt .= " -keyout ${General::swroot}/private/cakey.pem"; $opt .= " -out ${General::swroot}/ca/cacert.pem";
@@ -992,8 +954,8 @@ END if (!$errormessage) { &General::log("ipsec", "Creating host cert..."); if (open(STDIN, "-|")) { - my $opt = " req -nodes -rand /proc/interrupts:/proc/net/rt_cache"; - $opt .= " -newkey rsa:1024"; + my $opt = " req -sha256 -nodes"; + $opt .= " -newkey rsa:2048"; $opt .= " -keyout ${General::swroot}/certs/hostkey.pem"; $opt .= " -out ${General::swroot}/certs/hostreq.pem"; $errormessage = &callssl ($opt); @@ -1028,7 +990,7 @@ END print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'}); close ($fh); - my $opt = " ca -days 999999"; + my $opt = " ca -md sha256 -days 999999"; $opt .= " -batch -notext"; $opt .= " -in ${General::swroot}/certs/hostreq.pem"; $opt .= " -out ${General::swroot}/certs/hostcert.pem"; @@ -1451,7 +1413,7 @@ END
# Sign the certificate request &General::log("ipsec", "Signing your cert $cgiparams{'NAME'}..."); - my $opt = " ca -days 999999"; + my $opt = " ca -md sha256 -days 999999"; $opt .= " -batch -notext"; $opt .= " -in $filename"; $opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem"; @@ -1681,12 +1643,12 @@ END (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/./; (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/./;
- # Create the Host certificate request + # Create the Client certificate request &General::log("ipsec", "Creating a cert...");
if (open(STDIN, "-|")) { my $opt = " req -nodes -rand /proc/interrupts:/proc/net/rt_cache"; - $opt .= " -newkey rsa:1024"; + $opt .= " -newkey rsa:2048"; $opt .= " -keyout ${General::swroot}/certs/$cgiparams{'NAME'}key.pem"; $opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}req.pem";
@@ -1708,7 +1670,7 @@ END exit (0); } - # Sign the host certificate request + # Sign the client certificate request &General::log("ipsec", "Signing the cert $cgiparams{'NAME'}...");
#No easy way for specifying the contain of subjectAltName without writing a config file... @@ -1717,13 +1679,14 @@ END basicConstraints=CA:FALSE nsComment="OpenSSL Generated Certificate" subjectKeyIdentifier=hash + extendedKeyUsage=clientAuth authorityKeyIdentifier=keyid,issuer:always END ; print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'}); close ($fh);
- my $opt = " ca -days 999999 -batch -notext"; + my $opt = " ca -md sha256 -days 999999 -batch -notext"; $opt .= " -in ${General::swroot}/certs/$cgiparams{'NAME'}req.pem"; $opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem"; $opt .= " -extfile $v3extname"; @@ -1886,12 +1849,12 @@ END $cgiparams{'REMOTE_ID'} = '';
#use default advanced value - $cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[18]; - $cgiparams{'IKE_INTEGRITY'} = 'sha2_256|sha|md5'; #[19]; + $cgiparams{'IKE_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18]; + $cgiparams{'IKE_INTEGRITY'} = 'sha2_512|sha2_256|sha'; #[19]; $cgiparams{'IKE_GROUPTYPE'} = '4096|3072|2048|1536|1024'; #[20]; $cgiparams{'IKE_LIFETIME'} = '3'; #[16]; - $cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[21]; - $cgiparams{'ESP_INTEGRITY'} = 'sha2_256|sha1|md5'; #[22]; + $cgiparams{'ESP_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21]; + $cgiparams{'ESP_INTEGRITY'} = 'sha2_512|sha2_256|sha1'; #[22]; $cgiparams{'ESP_GROUPTYPE'} = ''; #[23]; $cgiparams{'ESP_KEYLIFE'} = '1'; #[17]; $cgiparams{'COMPRESSION'} = 'on'; #[13]; @@ -2145,7 +2108,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) { + if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|128))$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2156,7 +2119,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha|md5|aesxcbc)$/) { + if ($val !~ /^(sha2_(512|384|256)|sha|md5|aesxcbc)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2176,8 +2139,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $errormessage = $Lang::tr{'invalid input for ike lifetime'}; goto ADVANCED_ERROR; } - if ($cgiparams{'IKE_LIFETIME'} < 1 || $cgiparams{'IKE_LIFETIME'} > 24) { - $errormessage = $Lang::tr{'ike lifetime should be between 1 and 24 hours'}; + if ($cgiparams{'IKE_LIFETIME'} < 1 || $cgiparams{'IKE_LIFETIME'} > 8) { + $errormessage = $Lang::tr{'ike lifetime should be between 1 and 8 hours'}; goto ADVANCED_ERROR; } @temp = split('|', $cgiparams{'ESP_ENCRYPTION'}); @@ -2186,7 +2149,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(aes256|aes192|aes128|3des|camellia256|camellia192|camellia128)$/) { + if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|128))$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2197,7 +2160,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha1|md5|aesxcbc)$/) { + if ($val !~ /^(sha2_(512|384|256)|sha1|md5|aesxcbc)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2297,6 +2260,15 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'IKE_ENCRYPTION'}{'aes256'} = ''; $checked{'IKE_ENCRYPTION'}{'aes192'} = ''; $checked{'IKE_ENCRYPTION'}{'aes128'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes256gcm128'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes192gcm128'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes128gcm128'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes256gcm96'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes192gcm96'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes128gcm96'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes256gcm64'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes192gcm64'} = ''; + $checked{'IKE_ENCRYPTION'}{'aes128gcm64'} = ''; $checked{'IKE_ENCRYPTION'}{'3des'} = ''; $checked{'IKE_ENCRYPTION'}{'camellia256'} = ''; $checked{'IKE_ENCRYPTION'}{'camellia192'} = ''; @@ -2328,6 +2300,15 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'ESP_ENCRYPTION'}{'aes256'} = ''; $checked{'ESP_ENCRYPTION'}{'aes192'} = ''; $checked{'ESP_ENCRYPTION'}{'aes128'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes256gcm128'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes192gcm128'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes128gcm128'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes256gcm96'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes192gcm96'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes128gcm96'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes256gcm64'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes192gcm64'} = ''; + $checked{'ESP_ENCRYPTION'}{'aes128gcm64'} = ''; $checked{'ESP_ENCRYPTION'}{'3des'} = ''; $checked{'ESP_ENCRYPTION'}{'camellia256'} = ''; $checked{'ESP_ENCRYPTION'}{'camellia192'} = ''; @@ -2406,24 +2387,42 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || <td class='boldbase' width="15%">$Lang::tr{'encryption'}</td> <td class='boldbase'> <select name='IKE_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'> - <option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>AES (256 bit)</option> - <option value='aes192' $checked{'IKE_ENCRYPTION'}{'aes192'}>AES (192 bit)</option> - <option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>AES (128 bit)</option> - <option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>3DES</option> - <option value='camellia256' $checked{'IKE_ENCRYPTION'}{'camellia256'}>Camellia (256 bit)</option> - <option value='camellia192' $checked{'IKE_ENCRYPTION'}{'camellia192'}>Camellia (192 bit)</option> - <option value='camellia128' $checked{'IKE_ENCRYPTION'}{'camellia128'}>Camellia (128 bit)</option> + <option value='aes256gcm128' $checked{'IKE_ENCRYPTION'}{'aes256gcm128'}>256 bit AES-GCM/128 bit ICV</option> + <option value='aes256gcm96' $checked{'IKE_ENCRYPTION'}{'aes256gcm96'}>256 bit AES-GCM/96 bit ICV</option> + <option value='aes256gcm64' $checked{'IKE_ENCRYPTION'}{'aes256gcm64'}>256 bit AES-GCM/64 bit ICV</option> + <option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>256 bit AES-CBC</option> + <option value='camellia256' $checked{'IKE_ENCRYPTION'}{'camellia256'}>256 bit Camellia-CBC</option> + <option value='aes192gcm128' $checked{'IKE_ENCRYPTION'}{'aes192gcm128'}>192 bit AES-GCM/128 bit ICV</option> + <option value='aes192gcm96' $checked{'IKE_ENCRYPTION'}{'aes192gcm96'}>192 bit AES-GCM/96 bit ICV</option> + <option value='aes192gcm64' $checked{'IKE_ENCRYPTION'}{'aes192gcm64'}>192 bit AES-GCM/64 bit ICV</option> + <option value='aes192' $checked{'IKE_ENCRYPTION'}{'aes192'}>192 bit AES-CBC</option> + <option value='camellia192' $checked{'IKE_ENCRYPTION'}{'camellia192'}>192 bit Camellia-CBC</option> + <option value='aes128gcm128' $checked{'IKE_ENCRYPTION'}{'aes128gcm128'}>128 bit AES-GCM/128 bit ICV</option> + <option value='aes128gcm96' $checked{'IKE_ENCRYPTION'}{'aes128gcm96'}>128 bit AES-GCM/96 bit ICV</option> + <option value='aes128gcm64' $checked{'IKE_ENCRYPTION'}{'aes128gcm64'}>128 bit AES-GCM/64 bit ICV</option> + <option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>128 bit AES-CBC</option> + <option value='camellia128' $checked{'IKE_ENCRYPTION'}{'camellia128'}>128 bit Camellia-CBC</option> + <option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC</option> </select> </td> <td class='boldbase'> <select name='ESP_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'> - <option value='aes256' $checked{'ESP_ENCRYPTION'}{'aes256'}>AES (256 bit)</option> - <option value='aes192' $checked{'ESP_ENCRYPTION'}{'aes192'}>AES (192 bit)</option> - <option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>AES (128 bit)</option> - <option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>3DES</option> - <option value='camellia256' $checked{'ESP_ENCRYPTION'}{'camellia256'}>Camellia (256 bit)</option> - <option value='camellia192' $checked{'ESP_ENCRYPTION'}{'camellia192'}>Camellia (192 bit)</option> - <option value='camellia128' $checked{'ESP_ENCRYPTION'}{'camellia128'}>Camellia (128 bit)</option> + <option value='aes256gcm128' $checked{'ESP_ENCRYPTION'}{'aes256gcm128'}>256 bit AES-GCM/128 bit ICV</option> + <option value='aes256gcm96' $checked{'ESP_ENCRYPTION'}{'aes256gcm96'}>256 bit AES-GCM/96 bit ICV</option> + <option value='aes256gcm64' $checked{'ESP_ENCRYPTION'}{'aes256gcm64'}>256 bit AES-GCM/64 bit ICV</option> + <option value='aes256' $checked{'ESP_ENCRYPTION'}{'aes256'}>256 bit AES-CBC</option> + <option value='camellia256' $checked{'ESP_ENCRYPTION'}{'camellia256'}>256 bit Camellia-CBC</option> + <option value='aes192gcm128' $checked{'ESP_ENCRYPTION'}{'aes192gcm128'}>192 bit AES-GCM/128 bit ICV</option> + <option value='aes192gcm96' $checked{'ESP_ENCRYPTION'}{'aes192gcm96'}>192 bit AES-GCM/96 bit ICV</option> + <option value='aes192gcm64' $checked{'ESP_ENCRYPTION'}{'aes192gcm64'}>192 bit AES-GCM/64 bit ICV</option> + <option value='aes192' $checked{'ESP_ENCRYPTION'}{'aes192'}>192 bit AES-CBC</option> + <option value='camellia192' $checked{'ESP_ENCRYPTION'}{'camellia192'}>192 bit Camellia-CBC</option> + <option value='aes128gcm128' $checked{'ESP_ENCRYPTION'}{'aes128gcm128'}>128 bit AES-GCM/128 bit ICV</option> + <option value='aes128gcm96' $checked{'ESP_ENCRYPTION'}{'aes128gcm96'}>128 bit AES-GCM/96 bit ICV</option> + <option value='aes128gcm64' $checked{'ESP_ENCRYPTION'}{'aes128gcm64'}>128 bit AES-GCM/64 bit ICV</option> + <option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>128 bit AES-CBC</option> + <option value='camellia128' $checked{'ESP_ENCRYPTION'}{'camellia128'}>128 bit Camellia-CBC</option> + <option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>168 bit 3DES-EDE-CBC</option> </select> </td> </tr> @@ -2435,9 +2434,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || <option value='sha2_512' $checked{'IKE_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option> <option value='sha2_384' $checked{'IKE_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option> <option value='sha2_256' $checked{'IKE_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option> + <option value='aesxcbc' $checked{'IKE_INTEGRITY'}{'aesxcbc'}>AES XCBC</option> <option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA1</option> <option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5</option> - <option value='aesxcbc' $checked{'IKE_INTEGRITY'}{'aesxcbc'}>AES XCBC</option> </select> </td> <td class='boldbase'> @@ -2445,9 +2444,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || <option value='sha2_512' $checked{'ESP_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option> <option value='sha2_384' $checked{'ESP_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option> <option value='sha2_256' $checked{'ESP_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option> + <option value='aesxcbc' $checked{'ESP_INTEGRITY'}{'aesxcbc'}>AES XCBC</option> <option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1</option> <option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option> - <option value='aesxcbc' $checked{'ESP_INTEGRITY'}{'aesxcbc'}>AES XCBC</option> </select> </td> </tr> @@ -2465,14 +2464,14 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || <td class='boldbase'> <select name='IKE_GROUPTYPE' multiple='multiple' size='6' style='width: 100%'> <option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521 (NIST)</option> - <option value='e384' $checked{'IKE_GROUPTYPE'}{'e384'}>ECP-384 (NIST)</option> - <option value='e256' $checked{'IKE_GROUPTYPE'}{'e256'}>ECP-256 (NIST)</option> - <option value='e224' $checked{'IKE_GROUPTYPE'}{'e224'}>ECP-224 (NIST)</option> - <option value='e192' $checked{'IKE_GROUPTYPE'}{'e192'}>ECP-192 (NIST)</option> <option value='e512bp' $checked{'IKE_GROUPTYPE'}{'e512bp'}>ECP-512 (Brainpool)</option> + <option value='e384' $checked{'IKE_GROUPTYPE'}{'e384'}>ECP-384 (NIST)</option> <option value='e384bp' $checked{'IKE_GROUPTYPE'}{'e384bp'}>ECP-384 (Brainpool)</option> + <option value='e256' $checked{'IKE_GROUPTYPE'}{'e256'}>ECP-256 (NIST)</option> <option value='e256bp' $checked{'IKE_GROUPTYPE'}{'e256bp'}>ECP-256 (Brainpool)</option> + <option value='e224' $checked{'IKE_GROUPTYPE'}{'e224'}>ECP-224 (NIST)</option> <option value='e224bp' $checked{'IKE_GROUPTYPE'}{'e224bp'}>ECP-224 (Brainpool)</option> + <option value='e192' $checked{'IKE_GROUPTYPE'}{'e192'}>ECP-192 (NIST)</option> <option value='8192' $checked{'IKE_GROUPTYPE'}{'8192'}>MODP-8192</option> <option value='6144' $checked{'IKE_GROUPTYPE'}{'6144'}>MODP-6144</option> <option value='4096' $checked{'IKE_GROUPTYPE'}{'4096'}>MODP-4096</option> @@ -2992,3 +2991,56 @@ END &Header::closebox(); &Header::closebigbox(); &Header::closepage(); + +sub array_unique($) { + my $array = shift; + my @unique = (); + + my %seen = (); + foreach my $e (@$array) { + next if $seen{$e}++; + push(@unique, $e); + } + + return @unique; +} + +sub make_algos($$$$$) { + my ($mode, $encs, $ints, $grps, $pfs) = @_; + my @algos = (); + + foreach my $enc (@$encs) { + foreach my $int (@$ints) { + foreach my $grp (@$grps) { + my @algo = ($enc); + + if ($mode eq "ike") { + push(@algo, $int); + + if ($grp =~ m/^e(.*)$/) { + push(@algo, "ecp$1"); + } else { + push(@algo, "modp$grp"); + } + + } elsif ($mode eq "esp" && $pfs) { + my $is_aead = ($enc =~ m/[cg]cm/); + + if (!$is_aead) { + push(@algo, $int); + } + + if ($grp =~ m/^e(.*)$/) { + push(@algo, "ecp$1"); + } else { + push(@algo, "modp$grp"); + } + } + + push(@algos, join("-", @algo)); + } + } + } + + return &array_unique(@algos); +} diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi index ec9022d..844c395 100644 --- a/html/cgi-bin/wlanap.cgi +++ b/html/cgi-bin/wlanap.cgi @@ -71,7 +71,7 @@ $wlanapsettings{'HW_MODE'} = 'g'; $wlanapsettings{'PWD'} = 'IPFire-2.x'; $wlanapsettings{'SYSLOGLEVEL'} = '0'; $wlanapsettings{'DEBUG'} = '4'; -$wlanapsettings{'DRIVER'} = 'MADWIFI'; +$wlanapsettings{'DRIVER'} = 'NL80211'; $wlanapsettings{'HTCAPS'} = '';
&General::readhash("/var/ipfire/wlanap/settings", %wlanapsettings); @@ -265,7 +265,7 @@ if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){ my $wiphy = `iw dev $wlanapsettings{'INTERFACE'} info | grep wiphy | cut -d" " -f2`; chomp $wiphy;
-@channellist_cmd = `iw phy phy$wiphy info | grep " MHz \[" | grep -v "(disabled)" | grep -v "no IBSS" | grep -v "passive scanning" 2>/dev/null`; +@channellist_cmd = `iw phy phy$wiphy info | grep " MHz \[" | grep -v "(disabled)" | grep -v "no IBSS" | grep -v "no IR" | grep -v "passive scanning" 2>/dev/null`; # get available channels
my @temp; @@ -306,15 +306,6 @@ if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){ } # get available power
-my @temp; -foreach (@txpower_cmd){ -$_ =~ /(\s)(\d+)(\s)dBm(\s)(.*)(\W)(\d+)(.*)/; -$txpower = $7;chomp $txpower; -if ( $txpower =~ /\d+/ ){push(@temp,$txpower."mW");} -} -my @txpower = @temp; -push(@txpower,"auto"); - $selected{'SYSLOGLEVEL'}{$wlanapsettings{'SYSLOGLEVEL'}} = "selected='selected'"; $selected{'DEBUG'}{$wlanapsettings{'DEBUG'}} = "selected='selected'";
@@ -437,20 +428,7 @@ END ; print <<END <tr><td width='25%' class='base'>HT Caps: </td><td class='base' colspan='3'><input type='text' name='HTCAPS' size='30' value='$wlanapsettings{'HTCAPS'}' /></td></tr> -<tr><td width='25%' class='base'>Tx Power: </td><td class='base' colspan='3'> -END -; - -if ( $wlanapsettings{'DRIVER'} eq 'MADWIFI' ){ - print "<select name='TXPOWER'>"; - foreach $txpower (@txpower){ - print "<option $selected{'TXPOWER'}{$txpower}>$txpower</option> dBm"; - } - print " </select></td></tr>"; -} else { - print "<input type='text' name='TXPOWER' size='10' value='$wlanapsettings{'TXPOWER'}' /></td></tr>" -} -print <<END +<tr><td width='25%' class='base'>Tx Power: </td><td class='base' colspan='3'><input type='text' name='TXPOWER' size='10' value='$wlanapsettings{'TXPOWER'}' /></td></tr> <tr><td width='25%' class='base'>Loglevel (hostapd): </td><td class='base' width='25%'> <select name='SYSLOGLEVEL'> <option value='0' $selected{'SYSLOGLEVEL'}{'0'}>0 ($Lang::tr{'wlanap verbose'})</option> @@ -508,9 +486,6 @@ print <<END END ; my @status; -if ( $wlanapsettings{'DRIVER'} eq 'MADWIFI' ){ - @status = `wlanconfig $wlanapsettings{'INTERFACE'} list`; -} if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){ @status = `iw dev $wlanapsettings{'INTERFACE'} info && iw dev $wlanapsettings{'INTERFACE'} station dump && echo ""`; } diff --git a/html/html/images/flags/ad.png b/html/html/images/flags/ad.png deleted file mode 100644 index ffbe26a..0000000 Binary files a/html/html/images/flags/ad.png and /dev/null differ diff --git a/html/html/images/flags/ae.png b/html/html/images/flags/ae.png deleted file mode 100644 index 0ee169b..0000000 Binary files a/html/html/images/flags/ae.png and /dev/null differ diff --git a/html/html/images/flags/af.png b/html/html/images/flags/af.png deleted file mode 100644 index f6d8f25..0000000 Binary files a/html/html/images/flags/af.png and /dev/null differ diff --git a/html/html/images/flags/ag.png b/html/html/images/flags/ag.png deleted file mode 100644 index 1c731ba..0000000 Binary files a/html/html/images/flags/ag.png and /dev/null differ diff --git a/html/html/images/flags/ai.png b/html/html/images/flags/ai.png deleted file mode 100644 index afc38d9..0000000 Binary files a/html/html/images/flags/ai.png and /dev/null differ diff --git a/html/html/images/flags/al.png b/html/html/images/flags/al.png deleted file mode 100644 index 79d6bac..0000000 Binary files a/html/html/images/flags/al.png and /dev/null differ diff --git a/html/html/images/flags/am.png b/html/html/images/flags/am.png deleted file mode 100644 index 7d57f50..0000000 Binary files a/html/html/images/flags/am.png and /dev/null differ diff --git a/html/html/images/flags/an.png b/html/html/images/flags/an.png deleted file mode 100644 index bf9d233..0000000 Binary files a/html/html/images/flags/an.png and /dev/null differ diff --git a/html/html/images/flags/ao.png b/html/html/images/flags/ao.png deleted file mode 100644 index c971840..0000000 Binary files a/html/html/images/flags/ao.png and /dev/null differ diff --git a/html/html/images/flags/aq.png b/html/html/images/flags/aq.png deleted file mode 100644 index a4f9700..0000000 Binary files a/html/html/images/flags/aq.png and /dev/null differ diff --git a/html/html/images/flags/ar.png b/html/html/images/flags/ar.png deleted file mode 100644 index d3a0d9d..0000000 Binary files a/html/html/images/flags/ar.png and /dev/null differ diff --git a/html/html/images/flags/as.png b/html/html/images/flags/as.png deleted file mode 100644 index d881283..0000000 Binary files a/html/html/images/flags/as.png and /dev/null differ diff --git a/html/html/images/flags/at.png b/html/html/images/flags/at.png deleted file mode 100644 index bd0cbe1..0000000 Binary files a/html/html/images/flags/at.png and /dev/null differ diff --git a/html/html/images/flags/au.png b/html/html/images/flags/au.png deleted file mode 100644 index 65fd911..0000000 Binary files a/html/html/images/flags/au.png and /dev/null differ diff --git a/html/html/images/flags/aw.png b/html/html/images/flags/aw.png deleted file mode 100644 index 1e5aff9..0000000 Binary files a/html/html/images/flags/aw.png and /dev/null differ diff --git a/html/html/images/flags/az.png b/html/html/images/flags/az.png deleted file mode 100644 index f2137c2..0000000 Binary files a/html/html/images/flags/az.png and /dev/null differ diff --git a/html/html/images/flags/ba.png b/html/html/images/flags/ba.png deleted file mode 100644 index 39dbca8..0000000 Binary files a/html/html/images/flags/ba.png and /dev/null differ diff --git a/html/html/images/flags/bb.png b/html/html/images/flags/bb.png deleted file mode 100644 index 726ab5a..0000000 Binary files a/html/html/images/flags/bb.png and /dev/null differ diff --git a/html/html/images/flags/bd.png b/html/html/images/flags/bd.png deleted file mode 100644 index e68816f..0000000 Binary files a/html/html/images/flags/bd.png and /dev/null differ diff --git a/html/html/images/flags/be.png b/html/html/images/flags/be.png deleted file mode 100644 index 2f92d5f..0000000 Binary files a/html/html/images/flags/be.png and /dev/null differ diff --git a/html/html/images/flags/bf.png b/html/html/images/flags/bf.png deleted file mode 100644 index 618fd04..0000000 Binary files a/html/html/images/flags/bf.png and /dev/null differ diff --git a/html/html/images/flags/bg.png b/html/html/images/flags/bg.png deleted file mode 100644 index 70d4b20..0000000 Binary files a/html/html/images/flags/bg.png and /dev/null differ diff --git a/html/html/images/flags/bh.png b/html/html/images/flags/bh.png deleted file mode 100644 index e92bd20..0000000 Binary files a/html/html/images/flags/bh.png and /dev/null differ diff --git a/html/html/images/flags/bi.png b/html/html/images/flags/bi.png deleted file mode 100644 index 3b4ebca..0000000 Binary files a/html/html/images/flags/bi.png and /dev/null differ diff --git a/html/html/images/flags/bj.png b/html/html/images/flags/bj.png deleted file mode 100644 index f6b89d9..0000000 Binary files a/html/html/images/flags/bj.png and /dev/null differ diff --git a/html/html/images/flags/bm.png b/html/html/images/flags/bm.png deleted file mode 100644 index 092852d..0000000 Binary files a/html/html/images/flags/bm.png and /dev/null differ diff --git a/html/html/images/flags/bn.png b/html/html/images/flags/bn.png deleted file mode 100644 index 2cf8b8e..0000000 Binary files a/html/html/images/flags/bn.png and /dev/null differ diff --git a/html/html/images/flags/bo.png b/html/html/images/flags/bo.png deleted file mode 100644 index bcf7986..0000000 Binary files a/html/html/images/flags/bo.png and /dev/null differ diff --git a/html/html/images/flags/br.png b/html/html/images/flags/br.png deleted file mode 100644 index 73e9370..0000000 Binary files a/html/html/images/flags/br.png and /dev/null differ diff --git a/html/html/images/flags/bs.png b/html/html/images/flags/bs.png deleted file mode 100644 index 799df4d..0000000 Binary files a/html/html/images/flags/bs.png and /dev/null differ diff --git a/html/html/images/flags/bt.png b/html/html/images/flags/bt.png deleted file mode 100644 index 796a073..0000000 Binary files a/html/html/images/flags/bt.png and /dev/null differ diff --git a/html/html/images/flags/bv.png b/html/html/images/flags/bv.png deleted file mode 100644 index 90661b4..0000000 Binary files a/html/html/images/flags/bv.png and /dev/null differ diff --git a/html/html/images/flags/bw.png b/html/html/images/flags/bw.png deleted file mode 100644 index 913580d..0000000 Binary files a/html/html/images/flags/bw.png and /dev/null differ diff --git a/html/html/images/flags/by.png b/html/html/images/flags/by.png deleted file mode 100644 index 80cd890..0000000 Binary files a/html/html/images/flags/by.png and /dev/null differ diff --git a/html/html/images/flags/bz.png b/html/html/images/flags/bz.png deleted file mode 100644 index bcfd37e..0000000 Binary files a/html/html/images/flags/bz.png and /dev/null differ diff --git a/html/html/images/flags/ca.png b/html/html/images/flags/ca.png deleted file mode 100644 index 0a50034..0000000 Binary files a/html/html/images/flags/ca.png and /dev/null differ diff --git a/html/html/images/flags/cc.png b/html/html/images/flags/cc.png deleted file mode 100644 index 6e29f45..0000000 Binary files a/html/html/images/flags/cc.png and /dev/null differ diff --git a/html/html/images/flags/cd.png b/html/html/images/flags/cd.png deleted file mode 100644 index daa30a3..0000000 Binary files a/html/html/images/flags/cd.png and /dev/null differ diff --git a/html/html/images/flags/cf.png b/html/html/images/flags/cf.png deleted file mode 100644 index d31de15..0000000 Binary files a/html/html/images/flags/cf.png and /dev/null differ diff --git a/html/html/images/flags/cg.png b/html/html/images/flags/cg.png deleted file mode 100644 index 1d712ff..0000000 Binary files a/html/html/images/flags/cg.png and /dev/null differ diff --git a/html/html/images/flags/ch.png b/html/html/images/flags/ch.png deleted file mode 100644 index b5b5902..0000000 Binary files a/html/html/images/flags/ch.png and /dev/null differ diff --git a/html/html/images/flags/ci.png b/html/html/images/flags/ci.png deleted file mode 100644 index 3f34f51..0000000 Binary files a/html/html/images/flags/ci.png and /dev/null differ diff --git a/html/html/images/flags/ck.png b/html/html/images/flags/ck.png deleted file mode 100644 index c86af2c..0000000 Binary files a/html/html/images/flags/ck.png and /dev/null differ diff --git a/html/html/images/flags/cl.png b/html/html/images/flags/cl.png deleted file mode 100644 index 194fd91..0000000 Binary files a/html/html/images/flags/cl.png and /dev/null differ diff --git a/html/html/images/flags/cm.png b/html/html/images/flags/cm.png deleted file mode 100644 index 00fc991..0000000 Binary files a/html/html/images/flags/cm.png and /dev/null differ diff --git a/html/html/images/flags/cn.png b/html/html/images/flags/cn.png deleted file mode 100644 index e9e8261..0000000 Binary files a/html/html/images/flags/cn.png and /dev/null differ diff --git a/html/html/images/flags/co.png b/html/html/images/flags/co.png deleted file mode 100644 index cba9e49..0000000 Binary files a/html/html/images/flags/co.png and /dev/null differ diff --git a/html/html/images/flags/cr.png b/html/html/images/flags/cr.png deleted file mode 100644 index 9088a35..0000000 Binary files a/html/html/images/flags/cr.png and /dev/null differ diff --git a/html/html/images/flags/cs.png b/html/html/images/flags/cs.png deleted file mode 100644 index bbd5aca..0000000 Binary files a/html/html/images/flags/cs.png and /dev/null differ diff --git a/html/html/images/flags/cu.png b/html/html/images/flags/cu.png deleted file mode 100644 index ff1b7ea..0000000 Binary files a/html/html/images/flags/cu.png and /dev/null differ diff --git a/html/html/images/flags/cv.png b/html/html/images/flags/cv.png deleted file mode 100644 index 49e7738..0000000 Binary files a/html/html/images/flags/cv.png and /dev/null differ diff --git a/html/html/images/flags/cx.png b/html/html/images/flags/cx.png deleted file mode 100644 index a64c13f..0000000 Binary files a/html/html/images/flags/cx.png and /dev/null differ diff --git a/html/html/images/flags/cy.png b/html/html/images/flags/cy.png deleted file mode 100644 index c3a559c..0000000 Binary files a/html/html/images/flags/cy.png and /dev/null differ diff --git a/html/html/images/flags/cz.png b/html/html/images/flags/cz.png deleted file mode 100644 index 5caf0ec..0000000 Binary files a/html/html/images/flags/cz.png and /dev/null differ diff --git a/html/html/images/flags/de.png b/html/html/images/flags/de.png deleted file mode 100644 index b142f7b..0000000 Binary files a/html/html/images/flags/de.png and /dev/null differ diff --git a/html/html/images/flags/dj.png b/html/html/images/flags/dj.png deleted file mode 100644 index c71b38f..0000000 Binary files a/html/html/images/flags/dj.png and /dev/null differ diff --git a/html/html/images/flags/dk.png b/html/html/images/flags/dk.png deleted file mode 100644 index b2b9b12..0000000 Binary files a/html/html/images/flags/dk.png and /dev/null differ diff --git a/html/html/images/flags/dm.png b/html/html/images/flags/dm.png deleted file mode 100644 index 0b1aab6..0000000 Binary files a/html/html/images/flags/dm.png and /dev/null differ diff --git a/html/html/images/flags/do.png b/html/html/images/flags/do.png deleted file mode 100644 index 5afc6d0..0000000 Binary files a/html/html/images/flags/do.png and /dev/null differ diff --git a/html/html/images/flags/dz.png b/html/html/images/flags/dz.png deleted file mode 100644 index 9132046..0000000 Binary files a/html/html/images/flags/dz.png and /dev/null differ diff --git a/html/html/images/flags/ec.png b/html/html/images/flags/ec.png deleted file mode 100644 index bdae8d2..0000000 Binary files a/html/html/images/flags/ec.png and /dev/null differ diff --git a/html/html/images/flags/ee.png b/html/html/images/flags/ee.png deleted file mode 100644 index 516e5a3..0000000 Binary files a/html/html/images/flags/ee.png and /dev/null differ diff --git a/html/html/images/flags/eg.png b/html/html/images/flags/eg.png deleted file mode 100644 index 0f47afc..0000000 Binary files a/html/html/images/flags/eg.png and /dev/null differ diff --git a/html/html/images/flags/eh.png b/html/html/images/flags/eh.png deleted file mode 100644 index 927b3cb..0000000 Binary files a/html/html/images/flags/eh.png and /dev/null differ diff --git a/html/html/images/flags/er.png b/html/html/images/flags/er.png deleted file mode 100644 index 10ded53..0000000 Binary files a/html/html/images/flags/er.png and /dev/null differ diff --git a/html/html/images/flags/es.png b/html/html/images/flags/es.png deleted file mode 100644 index 40cbfa6..0000000 Binary files a/html/html/images/flags/es.png and /dev/null differ diff --git a/html/html/images/flags/et.png b/html/html/images/flags/et.png deleted file mode 100644 index 17a252e..0000000 Binary files a/html/html/images/flags/et.png and /dev/null differ diff --git a/html/html/images/flags/eu.png b/html/html/images/flags/eu.png deleted file mode 100644 index 4c09a5a..0000000 Binary files a/html/html/images/flags/eu.png and /dev/null differ diff --git a/html/html/images/flags/fi.png b/html/html/images/flags/fi.png deleted file mode 100644 index 78b9ab6..0000000 Binary files a/html/html/images/flags/fi.png and /dev/null differ diff --git a/html/html/images/flags/fj.png b/html/html/images/flags/fj.png deleted file mode 100644 index a02aaa3..0000000 Binary files a/html/html/images/flags/fj.png and /dev/null differ diff --git a/html/html/images/flags/fk.png b/html/html/images/flags/fk.png deleted file mode 100644 index b6189f9..0000000 Binary files a/html/html/images/flags/fk.png and /dev/null differ diff --git a/html/html/images/flags/fm.png b/html/html/images/flags/fm.png deleted file mode 100644 index 7302d22..0000000 Binary files a/html/html/images/flags/fm.png and /dev/null differ diff --git a/html/html/images/flags/fo.png b/html/html/images/flags/fo.png deleted file mode 100644 index 6bb5557..0000000 Binary files a/html/html/images/flags/fo.png and /dev/null differ diff --git a/html/html/images/flags/fr.png b/html/html/images/flags/fr.png deleted file mode 100644 index bfd4a21..0000000 Binary files a/html/html/images/flags/fr.png and /dev/null differ diff --git a/html/html/images/flags/ga.png b/html/html/images/flags/ga.png deleted file mode 100644 index 18eed1a..0000000 Binary files a/html/html/images/flags/ga.png and /dev/null differ diff --git a/html/html/images/flags/gb.png b/html/html/images/flags/gb.png deleted file mode 100644 index db134f1..0000000 Binary files a/html/html/images/flags/gb.png and /dev/null differ diff --git a/html/html/images/flags/gd.png b/html/html/images/flags/gd.png deleted file mode 100644 index bde8e2e..0000000 Binary files a/html/html/images/flags/gd.png and /dev/null differ diff --git a/html/html/images/flags/ge.png b/html/html/images/flags/ge.png deleted file mode 100644 index cf5a612..0000000 Binary files a/html/html/images/flags/ge.png and /dev/null differ diff --git a/html/html/images/flags/gf.png b/html/html/images/flags/gf.png deleted file mode 100644 index df12fb4..0000000 Binary files a/html/html/images/flags/gf.png and /dev/null differ diff --git a/html/html/images/flags/gh.png b/html/html/images/flags/gh.png deleted file mode 100644 index e47b266..0000000 Binary files a/html/html/images/flags/gh.png and /dev/null differ diff --git a/html/html/images/flags/gi.png b/html/html/images/flags/gi.png deleted file mode 100644 index d3f23b3..0000000 Binary files a/html/html/images/flags/gi.png and /dev/null differ diff --git a/html/html/images/flags/gl.png b/html/html/images/flags/gl.png deleted file mode 100644 index 565c7a1..0000000 Binary files a/html/html/images/flags/gl.png and /dev/null differ diff --git a/html/html/images/flags/gm.png b/html/html/images/flags/gm.png deleted file mode 100644 index cdecab3..0000000 Binary files a/html/html/images/flags/gm.png and /dev/null differ diff --git a/html/html/images/flags/gn.png b/html/html/images/flags/gn.png deleted file mode 100644 index 56db38e..0000000 Binary files a/html/html/images/flags/gn.png and /dev/null differ diff --git a/html/html/images/flags/gp.png b/html/html/images/flags/gp.png deleted file mode 100644 index d7fbdfc..0000000 Binary files a/html/html/images/flags/gp.png and /dev/null differ diff --git a/html/html/images/flags/gq.png b/html/html/images/flags/gq.png deleted file mode 100644 index 71496cd..0000000 Binary files a/html/html/images/flags/gq.png and /dev/null differ diff --git a/html/html/images/flags/gr.png b/html/html/images/flags/gr.png deleted file mode 100644 index cf10a25..0000000 Binary files a/html/html/images/flags/gr.png and /dev/null differ diff --git a/html/html/images/flags/gs.png b/html/html/images/flags/gs.png deleted file mode 100644 index 6fd7edf..0000000 Binary files a/html/html/images/flags/gs.png and /dev/null differ diff --git a/html/html/images/flags/gt.png b/html/html/images/flags/gt.png deleted file mode 100644 index 2be4460..0000000 Binary files a/html/html/images/flags/gt.png and /dev/null differ diff --git a/html/html/images/flags/gu.png b/html/html/images/flags/gu.png deleted file mode 100644 index 2e6f0e0..0000000 Binary files a/html/html/images/flags/gu.png and /dev/null differ diff --git a/html/html/images/flags/gw.png b/html/html/images/flags/gw.png deleted file mode 100644 index ae52ec3..0000000 Binary files a/html/html/images/flags/gw.png and /dev/null differ diff --git a/html/html/images/flags/gy.png b/html/html/images/flags/gy.png deleted file mode 100644 index 1b20de4..0000000 Binary files a/html/html/images/flags/gy.png and /dev/null differ diff --git a/html/html/images/flags/hk.png b/html/html/images/flags/hk.png deleted file mode 100644 index d5435b6..0000000 Binary files a/html/html/images/flags/hk.png and /dev/null differ diff --git a/html/html/images/flags/hm.png b/html/html/images/flags/hm.png deleted file mode 100644 index ec0d223..0000000 Binary files a/html/html/images/flags/hm.png and /dev/null differ diff --git a/html/html/images/flags/hn.png b/html/html/images/flags/hn.png deleted file mode 100644 index 56e0b02..0000000 Binary files a/html/html/images/flags/hn.png and /dev/null differ diff --git a/html/html/images/flags/hr.png b/html/html/images/flags/hr.png deleted file mode 100644 index bd133ba..0000000 Binary files a/html/html/images/flags/hr.png and /dev/null differ diff --git a/html/html/images/flags/ht.png b/html/html/images/flags/ht.png deleted file mode 100644 index a982940..0000000 Binary files a/html/html/images/flags/ht.png and /dev/null differ diff --git a/html/html/images/flags/hu.png b/html/html/images/flags/hu.png deleted file mode 100644 index fd76de3..0000000 Binary files a/html/html/images/flags/hu.png and /dev/null differ diff --git a/html/html/images/flags/id.png b/html/html/images/flags/id.png deleted file mode 100644 index cf72330..0000000 Binary files a/html/html/images/flags/id.png and /dev/null differ diff --git a/html/html/images/flags/ie.png b/html/html/images/flags/ie.png deleted file mode 100644 index ddbbc74..0000000 Binary files a/html/html/images/flags/ie.png and /dev/null differ diff --git a/html/html/images/flags/il.png b/html/html/images/flags/il.png deleted file mode 100644 index 52dc8d3..0000000 Binary files a/html/html/images/flags/il.png and /dev/null differ diff --git a/html/html/images/flags/in.png b/html/html/images/flags/in.png deleted file mode 100644 index 771f217..0000000 Binary files a/html/html/images/flags/in.png and /dev/null differ diff --git a/html/html/images/flags/io.png b/html/html/images/flags/io.png deleted file mode 100644 index 96bc118..0000000 Binary files a/html/html/images/flags/io.png and /dev/null differ diff --git a/html/html/images/flags/iq.png b/html/html/images/flags/iq.png deleted file mode 100644 index 3097303..0000000 Binary files a/html/html/images/flags/iq.png and /dev/null differ diff --git a/html/html/images/flags/ir.png b/html/html/images/flags/ir.png deleted file mode 100644 index 395b28a..0000000 Binary files a/html/html/images/flags/ir.png and /dev/null differ diff --git a/html/html/images/flags/is.png b/html/html/images/flags/is.png deleted file mode 100644 index ea1c493..0000000 Binary files a/html/html/images/flags/is.png and /dev/null differ diff --git a/html/html/images/flags/it.png b/html/html/images/flags/it.png deleted file mode 100644 index de7427b..0000000 Binary files a/html/html/images/flags/it.png and /dev/null differ diff --git a/html/html/images/flags/jm.png b/html/html/images/flags/jm.png deleted file mode 100644 index 2a8a899..0000000 Binary files a/html/html/images/flags/jm.png and /dev/null differ diff --git a/html/html/images/flags/jo.png b/html/html/images/flags/jo.png deleted file mode 100644 index dbdca50..0000000 Binary files a/html/html/images/flags/jo.png and /dev/null differ diff --git a/html/html/images/flags/jp.png b/html/html/images/flags/jp.png deleted file mode 100644 index 5e342fd..0000000 Binary files a/html/html/images/flags/jp.png and /dev/null differ diff --git a/html/html/images/flags/ke.png b/html/html/images/flags/ke.png deleted file mode 100644 index d55331a..0000000 Binary files a/html/html/images/flags/ke.png and /dev/null differ diff --git a/html/html/images/flags/kg.png b/html/html/images/flags/kg.png deleted file mode 100644 index 230b1f6..0000000 Binary files a/html/html/images/flags/kg.png and /dev/null differ diff --git a/html/html/images/flags/kh.png b/html/html/images/flags/kh.png deleted file mode 100644 index 2ad8e35..0000000 Binary files a/html/html/images/flags/kh.png and /dev/null differ diff --git a/html/html/images/flags/ki.png b/html/html/images/flags/ki.png deleted file mode 100644 index 244104a..0000000 Binary files a/html/html/images/flags/ki.png and /dev/null differ diff --git a/html/html/images/flags/km.png b/html/html/images/flags/km.png deleted file mode 100644 index eb69544..0000000 Binary files a/html/html/images/flags/km.png and /dev/null differ diff --git a/html/html/images/flags/kn.png b/html/html/images/flags/kn.png deleted file mode 100644 index 3ce4018..0000000 Binary files a/html/html/images/flags/kn.png and /dev/null differ diff --git a/html/html/images/flags/kp.png b/html/html/images/flags/kp.png deleted file mode 100644 index f53c71a..0000000 Binary files a/html/html/images/flags/kp.png and /dev/null differ diff --git a/html/html/images/flags/kr.png b/html/html/images/flags/kr.png deleted file mode 100644 index 2b4e7b9..0000000 Binary files a/html/html/images/flags/kr.png and /dev/null differ diff --git a/html/html/images/flags/kw.png b/html/html/images/flags/kw.png deleted file mode 100644 index 19c8dc2..0000000 Binary files a/html/html/images/flags/kw.png and /dev/null differ diff --git a/html/html/images/flags/ky.png b/html/html/images/flags/ky.png deleted file mode 100644 index fa5ba07..0000000 Binary files a/html/html/images/flags/ky.png and /dev/null differ diff --git a/html/html/images/flags/kz.png b/html/html/images/flags/kz.png deleted file mode 100644 index f90f0ef..0000000 Binary files a/html/html/images/flags/kz.png and /dev/null differ diff --git a/html/html/images/flags/la.png b/html/html/images/flags/la.png deleted file mode 100644 index c3e9154..0000000 Binary files a/html/html/images/flags/la.png and /dev/null differ diff --git a/html/html/images/flags/lb.png b/html/html/images/flags/lb.png deleted file mode 100644 index e18a577..0000000 Binary files a/html/html/images/flags/lb.png and /dev/null differ diff --git a/html/html/images/flags/lc.png b/html/html/images/flags/lc.png deleted file mode 100644 index 78c606f..0000000 Binary files a/html/html/images/flags/lc.png and /dev/null differ diff --git a/html/html/images/flags/li.png b/html/html/images/flags/li.png deleted file mode 100644 index e991d1f..0000000 Binary files a/html/html/images/flags/li.png and /dev/null differ diff --git a/html/html/images/flags/lk.png b/html/html/images/flags/lk.png deleted file mode 100644 index f9e227f..0000000 Binary files a/html/html/images/flags/lk.png and /dev/null differ diff --git a/html/html/images/flags/lr.png b/html/html/images/flags/lr.png deleted file mode 100644 index 1c826c8..0000000 Binary files a/html/html/images/flags/lr.png and /dev/null differ diff --git a/html/html/images/flags/ls.png b/html/html/images/flags/ls.png deleted file mode 100644 index bd78c5b..0000000 Binary files a/html/html/images/flags/ls.png and /dev/null differ diff --git a/html/html/images/flags/lt.png b/html/html/images/flags/lt.png deleted file mode 100644 index 212d16b..0000000 Binary files a/html/html/images/flags/lt.png and /dev/null differ diff --git a/html/html/images/flags/lu.png b/html/html/images/flags/lu.png deleted file mode 100644 index 7182373..0000000 Binary files a/html/html/images/flags/lu.png and /dev/null differ diff --git a/html/html/images/flags/lv.png b/html/html/images/flags/lv.png deleted file mode 100644 index fa94bb2..0000000 Binary files a/html/html/images/flags/lv.png and /dev/null differ diff --git a/html/html/images/flags/ly.png b/html/html/images/flags/ly.png deleted file mode 100644 index 7afd8a6..0000000 Binary files a/html/html/images/flags/ly.png and /dev/null differ diff --git a/html/html/images/flags/ma.png b/html/html/images/flags/ma.png deleted file mode 100644 index 05448bf..0000000 Binary files a/html/html/images/flags/ma.png and /dev/null differ diff --git a/html/html/images/flags/mc.png b/html/html/images/flags/mc.png deleted file mode 100644 index c6f5809..0000000 Binary files a/html/html/images/flags/mc.png and /dev/null differ diff --git a/html/html/images/flags/md.png b/html/html/images/flags/md.png deleted file mode 100644 index e100650..0000000 Binary files a/html/html/images/flags/md.png and /dev/null differ diff --git a/html/html/images/flags/mg.png b/html/html/images/flags/mg.png deleted file mode 100644 index 080b0d4..0000000 Binary files a/html/html/images/flags/mg.png and /dev/null differ diff --git a/html/html/images/flags/mh.png b/html/html/images/flags/mh.png deleted file mode 100644 index 132ad60..0000000 Binary files a/html/html/images/flags/mh.png and /dev/null differ diff --git a/html/html/images/flags/mk.png b/html/html/images/flags/mk.png deleted file mode 100644 index acf5e44..0000000 Binary files a/html/html/images/flags/mk.png and /dev/null differ diff --git a/html/html/images/flags/ml.png b/html/html/images/flags/ml.png deleted file mode 100644 index cf0412f..0000000 Binary files a/html/html/images/flags/ml.png and /dev/null differ diff --git a/html/html/images/flags/mm.png b/html/html/images/flags/mm.png deleted file mode 100644 index 6467831..0000000 Binary files a/html/html/images/flags/mm.png and /dev/null differ diff --git a/html/html/images/flags/mn.png b/html/html/images/flags/mn.png deleted file mode 100644 index 81f355b..0000000 Binary files a/html/html/images/flags/mn.png and /dev/null differ diff --git a/html/html/images/flags/mo.png b/html/html/images/flags/mo.png deleted file mode 100644 index 8a033f3..0000000 Binary files a/html/html/images/flags/mo.png and /dev/null differ diff --git a/html/html/images/flags/mp.png b/html/html/images/flags/mp.png deleted file mode 100644 index 1bf8975..0000000 Binary files a/html/html/images/flags/mp.png and /dev/null differ diff --git a/html/html/images/flags/mq.png b/html/html/images/flags/mq.png deleted file mode 100644 index 00a8cc4..0000000 Binary files a/html/html/images/flags/mq.png and /dev/null differ diff --git a/html/html/images/flags/mr.png b/html/html/images/flags/mr.png deleted file mode 100644 index 5c40c89..0000000 Binary files a/html/html/images/flags/mr.png and /dev/null differ diff --git a/html/html/images/flags/ms.png b/html/html/images/flags/ms.png deleted file mode 100644 index 82dfd87..0000000 Binary files a/html/html/images/flags/ms.png and /dev/null differ diff --git a/html/html/images/flags/mt.png b/html/html/images/flags/mt.png deleted file mode 100644 index df86154..0000000 Binary files a/html/html/images/flags/mt.png and /dev/null differ diff --git a/html/html/images/flags/mu.png b/html/html/images/flags/mu.png deleted file mode 100644 index b146f38..0000000 Binary files a/html/html/images/flags/mu.png and /dev/null differ diff --git a/html/html/images/flags/mv.png b/html/html/images/flags/mv.png deleted file mode 100644 index 9d8704b..0000000 Binary files a/html/html/images/flags/mv.png and /dev/null differ diff --git a/html/html/images/flags/mw.png b/html/html/images/flags/mw.png deleted file mode 100644 index ddbe257..0000000 Binary files a/html/html/images/flags/mw.png and /dev/null differ diff --git a/html/html/images/flags/mx.png b/html/html/images/flags/mx.png deleted file mode 100644 index d69e87f..0000000 Binary files a/html/html/images/flags/mx.png and /dev/null differ diff --git a/html/html/images/flags/my.png b/html/html/images/flags/my.png deleted file mode 100644 index 54534e9..0000000 Binary files a/html/html/images/flags/my.png and /dev/null differ diff --git a/html/html/images/flags/mz.png b/html/html/images/flags/mz.png deleted file mode 100644 index bc3cf9b..0000000 Binary files a/html/html/images/flags/mz.png and /dev/null differ diff --git a/html/html/images/flags/na.png b/html/html/images/flags/na.png deleted file mode 100644 index f44ed28..0000000 Binary files a/html/html/images/flags/na.png and /dev/null differ diff --git a/html/html/images/flags/nc.png b/html/html/images/flags/nc.png deleted file mode 100644 index ee025d7..0000000 Binary files a/html/html/images/flags/nc.png and /dev/null differ diff --git a/html/html/images/flags/ne.png b/html/html/images/flags/ne.png deleted file mode 100644 index aeb771d..0000000 Binary files a/html/html/images/flags/ne.png and /dev/null differ diff --git a/html/html/images/flags/nf.png b/html/html/images/flags/nf.png deleted file mode 100644 index 2f9ae94..0000000 Binary files a/html/html/images/flags/nf.png and /dev/null differ diff --git a/html/html/images/flags/ng.png b/html/html/images/flags/ng.png deleted file mode 100644 index cc4dcd1..0000000 Binary files a/html/html/images/flags/ng.png and /dev/null differ diff --git a/html/html/images/flags/ni.png b/html/html/images/flags/ni.png deleted file mode 100644 index f679bf2..0000000 Binary files a/html/html/images/flags/ni.png and /dev/null differ diff --git a/html/html/images/flags/nl.png b/html/html/images/flags/nl.png deleted file mode 100644 index b0e12c2..0000000 Binary files a/html/html/images/flags/nl.png and /dev/null differ diff --git a/html/html/images/flags/no.png b/html/html/images/flags/no.png deleted file mode 100644 index de11ab7..0000000 Binary files a/html/html/images/flags/no.png and /dev/null differ diff --git a/html/html/images/flags/np.png b/html/html/images/flags/np.png deleted file mode 100644 index eb365c9..0000000 Binary files a/html/html/images/flags/np.png and /dev/null differ diff --git a/html/html/images/flags/nr.png b/html/html/images/flags/nr.png deleted file mode 100644 index 12f0cfe..0000000 Binary files a/html/html/images/flags/nr.png and /dev/null differ diff --git a/html/html/images/flags/nu.png b/html/html/images/flags/nu.png deleted file mode 100644 index 99ce198..0000000 Binary files a/html/html/images/flags/nu.png and /dev/null differ diff --git a/html/html/images/flags/nz.png b/html/html/images/flags/nz.png deleted file mode 100644 index c50ae5f..0000000 Binary files a/html/html/images/flags/nz.png and /dev/null differ diff --git a/html/html/images/flags/om.png b/html/html/images/flags/om.png deleted file mode 100644 index 0076b11..0000000 Binary files a/html/html/images/flags/om.png and /dev/null differ diff --git a/html/html/images/flags/pa.png b/html/html/images/flags/pa.png deleted file mode 100644 index ea4adb2..0000000 Binary files a/html/html/images/flags/pa.png and /dev/null differ diff --git a/html/html/images/flags/pe.png b/html/html/images/flags/pe.png deleted file mode 100644 index 38563b8..0000000 Binary files a/html/html/images/flags/pe.png and /dev/null differ diff --git a/html/html/images/flags/pf.png b/html/html/images/flags/pf.png deleted file mode 100644 index 832a5da..0000000 Binary files a/html/html/images/flags/pf.png and /dev/null differ diff --git a/html/html/images/flags/pg.png b/html/html/images/flags/pg.png deleted file mode 100644 index 96da94f..0000000 Binary files a/html/html/images/flags/pg.png and /dev/null differ diff --git a/html/html/images/flags/ph.png b/html/html/images/flags/ph.png deleted file mode 100644 index c8868b6..0000000 Binary files a/html/html/images/flags/ph.png and /dev/null differ diff --git a/html/html/images/flags/pk.png b/html/html/images/flags/pk.png deleted file mode 100644 index d86edf1..0000000 Binary files a/html/html/images/flags/pk.png and /dev/null differ diff --git a/html/html/images/flags/pl.png b/html/html/images/flags/pl.png deleted file mode 100644 index 251ee0a..0000000 Binary files a/html/html/images/flags/pl.png and /dev/null differ diff --git a/html/html/images/flags/pm.png b/html/html/images/flags/pm.png deleted file mode 100644 index 3d23d0e..0000000 Binary files a/html/html/images/flags/pm.png and /dev/null differ diff --git a/html/html/images/flags/pn.png b/html/html/images/flags/pn.png deleted file mode 100644 index b39911c..0000000 Binary files a/html/html/images/flags/pn.png and /dev/null differ diff --git a/html/html/images/flags/pr.png b/html/html/images/flags/pr.png deleted file mode 100644 index 2877e34..0000000 Binary files a/html/html/images/flags/pr.png and /dev/null differ diff --git a/html/html/images/flags/ps.png b/html/html/images/flags/ps.png deleted file mode 100644 index 7080b85..0000000 Binary files a/html/html/images/flags/ps.png and /dev/null differ diff --git a/html/html/images/flags/pt.png b/html/html/images/flags/pt.png deleted file mode 100644 index c61d7ca..0000000 Binary files a/html/html/images/flags/pt.png and /dev/null differ diff --git a/html/html/images/flags/pw.png b/html/html/images/flags/pw.png deleted file mode 100644 index 063d17f..0000000 Binary files a/html/html/images/flags/pw.png and /dev/null differ diff --git a/html/html/images/flags/py.png b/html/html/images/flags/py.png deleted file mode 100644 index 7bc1c87..0000000 Binary files a/html/html/images/flags/py.png and /dev/null differ diff --git a/html/html/images/flags/qa.png b/html/html/images/flags/qa.png deleted file mode 100644 index 9619da6..0000000 Binary files a/html/html/images/flags/qa.png and /dev/null differ diff --git a/html/html/images/flags/re.png b/html/html/images/flags/re.png deleted file mode 100644 index 422ee9d..0000000 Binary files a/html/html/images/flags/re.png and /dev/null differ diff --git a/html/html/images/flags/ro.png b/html/html/images/flags/ro.png deleted file mode 100644 index 7f72dd8..0000000 Binary files a/html/html/images/flags/ro.png and /dev/null differ diff --git a/html/html/images/flags/ru.png b/html/html/images/flags/ru.png deleted file mode 100644 index c76f646..0000000 Binary files a/html/html/images/flags/ru.png and /dev/null differ diff --git a/html/html/images/flags/rw.png b/html/html/images/flags/rw.png deleted file mode 100644 index b05833b..0000000 Binary files a/html/html/images/flags/rw.png and /dev/null differ diff --git a/html/html/images/flags/sa.png b/html/html/images/flags/sa.png deleted file mode 100644 index 1771430..0000000 Binary files a/html/html/images/flags/sa.png and /dev/null differ diff --git a/html/html/images/flags/sb.png b/html/html/images/flags/sb.png deleted file mode 100644 index e1ca39b..0000000 Binary files a/html/html/images/flags/sb.png and /dev/null differ diff --git a/html/html/images/flags/sc.png b/html/html/images/flags/sc.png deleted file mode 100644 index 0d42691..0000000 Binary files a/html/html/images/flags/sc.png and /dev/null differ diff --git a/html/html/images/flags/sd.png b/html/html/images/flags/sd.png deleted file mode 100644 index d9a8e94..0000000 Binary files a/html/html/images/flags/sd.png and /dev/null differ diff --git a/html/html/images/flags/se.png b/html/html/images/flags/se.png deleted file mode 100644 index 56f8579..0000000 Binary files a/html/html/images/flags/se.png and /dev/null differ diff --git a/html/html/images/flags/sg.png b/html/html/images/flags/sg.png deleted file mode 100644 index debeda7..0000000 Binary files a/html/html/images/flags/sg.png and /dev/null differ diff --git a/html/html/images/flags/sh.png b/html/html/images/flags/sh.png deleted file mode 100644 index 070cd3b..0000000 Binary files a/html/html/images/flags/sh.png and /dev/null differ diff --git a/html/html/images/flags/si.png b/html/html/images/flags/si.png deleted file mode 100644 index a8525d4..0000000 Binary files a/html/html/images/flags/si.png and /dev/null differ diff --git a/html/html/images/flags/sj.png b/html/html/images/flags/sj.png deleted file mode 100644 index 2b44b90..0000000 Binary files a/html/html/images/flags/sj.png and /dev/null differ diff --git a/html/html/images/flags/sk.png b/html/html/images/flags/sk.png deleted file mode 100644 index 9477a58..0000000 Binary files a/html/html/images/flags/sk.png and /dev/null differ diff --git a/html/html/images/flags/sl.png b/html/html/images/flags/sl.png deleted file mode 100644 index 9178f63..0000000 Binary files a/html/html/images/flags/sl.png and /dev/null differ diff --git a/html/html/images/flags/sm.png b/html/html/images/flags/sm.png deleted file mode 100644 index 9dc99fa..0000000 Binary files a/html/html/images/flags/sm.png and /dev/null differ diff --git a/html/html/images/flags/sn.png b/html/html/images/flags/sn.png deleted file mode 100644 index 0f0e66c..0000000 Binary files a/html/html/images/flags/sn.png and /dev/null differ diff --git a/html/html/images/flags/so.png b/html/html/images/flags/so.png deleted file mode 100644 index 680bfc2..0000000 Binary files a/html/html/images/flags/so.png and /dev/null differ diff --git a/html/html/images/flags/sr.png b/html/html/images/flags/sr.png deleted file mode 100644 index 339bbb6..0000000 Binary files a/html/html/images/flags/sr.png and /dev/null differ diff --git a/html/html/images/flags/st.png b/html/html/images/flags/st.png deleted file mode 100644 index 3b6db16..0000000 Binary files a/html/html/images/flags/st.png and /dev/null differ diff --git a/html/html/images/flags/sv.png b/html/html/images/flags/sv.png deleted file mode 100644 index d71be3e..0000000 Binary files a/html/html/images/flags/sv.png and /dev/null differ diff --git a/html/html/images/flags/sy.png b/html/html/images/flags/sy.png deleted file mode 100644 index 5b350b7..0000000 Binary files a/html/html/images/flags/sy.png and /dev/null differ diff --git a/html/html/images/flags/sz.png b/html/html/images/flags/sz.png deleted file mode 100644 index 48deaaf..0000000 Binary files a/html/html/images/flags/sz.png and /dev/null differ diff --git a/html/html/images/flags/tc.png b/html/html/images/flags/tc.png deleted file mode 100644 index 6e164c3..0000000 Binary files a/html/html/images/flags/tc.png and /dev/null differ diff --git a/html/html/images/flags/td.png b/html/html/images/flags/td.png deleted file mode 100644 index 0fb0e32..0000000 Binary files a/html/html/images/flags/td.png and /dev/null differ diff --git a/html/html/images/flags/tf.png b/html/html/images/flags/tf.png deleted file mode 100644 index d986c06..0000000 Binary files a/html/html/images/flags/tf.png and /dev/null differ diff --git a/html/html/images/flags/tg.png b/html/html/images/flags/tg.png deleted file mode 100644 index 354772f..0000000 Binary files a/html/html/images/flags/tg.png and /dev/null differ diff --git a/html/html/images/flags/th.png b/html/html/images/flags/th.png deleted file mode 100644 index 88e94a0..0000000 Binary files a/html/html/images/flags/th.png and /dev/null differ diff --git a/html/html/images/flags/tj.png b/html/html/images/flags/tj.png deleted file mode 100644 index dd802f0..0000000 Binary files a/html/html/images/flags/tj.png and /dev/null differ diff --git a/html/html/images/flags/tk.png b/html/html/images/flags/tk.png deleted file mode 100644 index 233a7af..0000000 Binary files a/html/html/images/flags/tk.png and /dev/null differ diff --git a/html/html/images/flags/tl.png b/html/html/images/flags/tl.png deleted file mode 100644 index 2216921..0000000 Binary files a/html/html/images/flags/tl.png and /dev/null differ diff --git a/html/html/images/flags/tm.png b/html/html/images/flags/tm.png deleted file mode 100644 index efc4867..0000000 Binary files a/html/html/images/flags/tm.png and /dev/null differ diff --git a/html/html/images/flags/tn.png b/html/html/images/flags/tn.png deleted file mode 100644 index 7dc6df9..0000000 Binary files a/html/html/images/flags/tn.png and /dev/null differ diff --git a/html/html/images/flags/to.png b/html/html/images/flags/to.png deleted file mode 100644 index 27df6fd..0000000 Binary files a/html/html/images/flags/to.png and /dev/null differ diff --git a/html/html/images/flags/tp.png b/html/html/images/flags/tp.png deleted file mode 100644 index f612ed8..0000000 Binary files a/html/html/images/flags/tp.png and /dev/null differ diff --git a/html/html/images/flags/tr.png b/html/html/images/flags/tr.png deleted file mode 100644 index ca88f97..0000000 Binary files a/html/html/images/flags/tr.png and /dev/null differ diff --git a/html/html/images/flags/tt.png b/html/html/images/flags/tt.png deleted file mode 100644 index 37d38fe..0000000 Binary files a/html/html/images/flags/tt.png and /dev/null differ diff --git a/html/html/images/flags/tv.png b/html/html/images/flags/tv.png deleted file mode 100644 index b86f1bc..0000000 Binary files a/html/html/images/flags/tv.png and /dev/null differ diff --git a/html/html/images/flags/tw.png b/html/html/images/flags/tw.png deleted file mode 100644 index 85eb1ff..0000000 Binary files a/html/html/images/flags/tw.png and /dev/null differ diff --git a/html/html/images/flags/tz.png b/html/html/images/flags/tz.png deleted file mode 100644 index 2b0880a..0000000 Binary files a/html/html/images/flags/tz.png and /dev/null differ diff --git a/html/html/images/flags/ua.png b/html/html/images/flags/ua.png deleted file mode 100644 index 46b0aaf..0000000 Binary files a/html/html/images/flags/ua.png and /dev/null differ diff --git a/html/html/images/flags/ug.png b/html/html/images/flags/ug.png deleted file mode 100644 index 22dd07f..0000000 Binary files a/html/html/images/flags/ug.png and /dev/null differ diff --git a/html/html/images/flags/um.png b/html/html/images/flags/um.png deleted file mode 100644 index e959d31..0000000 Binary files a/html/html/images/flags/um.png and /dev/null differ diff --git a/html/html/images/flags/us.png b/html/html/images/flags/us.png deleted file mode 100644 index cebf562..0000000 Binary files a/html/html/images/flags/us.png and /dev/null differ diff --git a/html/html/images/flags/uy.png b/html/html/images/flags/uy.png deleted file mode 100644 index 3aed8f7..0000000 Binary files a/html/html/images/flags/uy.png and /dev/null differ diff --git a/html/html/images/flags/uz.png b/html/html/images/flags/uz.png deleted file mode 100644 index 1c9ca15..0000000 Binary files a/html/html/images/flags/uz.png and /dev/null differ diff --git a/html/html/images/flags/va.png b/html/html/images/flags/va.png deleted file mode 100644 index fd3984b..0000000 Binary files a/html/html/images/flags/va.png and /dev/null differ diff --git a/html/html/images/flags/vc.png b/html/html/images/flags/vc.png deleted file mode 100644 index 230ef4c..0000000 Binary files a/html/html/images/flags/vc.png and /dev/null differ diff --git a/html/html/images/flags/ve.png b/html/html/images/flags/ve.png deleted file mode 100644 index 292db90..0000000 Binary files a/html/html/images/flags/ve.png and /dev/null differ diff --git a/html/html/images/flags/vg.png b/html/html/images/flags/vg.png deleted file mode 100644 index 5c0acd3..0000000 Binary files a/html/html/images/flags/vg.png and /dev/null differ diff --git a/html/html/images/flags/vi.png b/html/html/images/flags/vi.png deleted file mode 100644 index a9a9c6b..0000000 Binary files a/html/html/images/flags/vi.png and /dev/null differ diff --git a/html/html/images/flags/vn.png b/html/html/images/flags/vn.png deleted file mode 100644 index 20ef1c2..0000000 Binary files a/html/html/images/flags/vn.png and /dev/null differ diff --git a/html/html/images/flags/vu.png b/html/html/images/flags/vu.png deleted file mode 100644 index 0ce47d0..0000000 Binary files a/html/html/images/flags/vu.png and /dev/null differ diff --git a/html/html/images/flags/wf.png b/html/html/images/flags/wf.png deleted file mode 100644 index 98cf4f5..0000000 Binary files a/html/html/images/flags/wf.png and /dev/null differ diff --git a/html/html/images/flags/ws.png b/html/html/images/flags/ws.png deleted file mode 100644 index 9d8cc2c..0000000 Binary files a/html/html/images/flags/ws.png and /dev/null differ diff --git a/html/html/images/flags/ye.png b/html/html/images/flags/ye.png deleted file mode 100644 index 09199ca..0000000 Binary files a/html/html/images/flags/ye.png and /dev/null differ diff --git a/html/html/images/flags/yt.png b/html/html/images/flags/yt.png deleted file mode 100644 index 2fdd8d4..0000000 Binary files a/html/html/images/flags/yt.png and /dev/null differ diff --git a/html/html/images/flags/yu.png b/html/html/images/flags/yu.png deleted file mode 100644 index 0560483..0000000 Binary files a/html/html/images/flags/yu.png and /dev/null differ diff --git a/html/html/images/flags/za.png b/html/html/images/flags/za.png deleted file mode 100644 index 77f4aa5..0000000 Binary files a/html/html/images/flags/za.png and /dev/null differ diff --git a/html/html/images/flags/zm.png b/html/html/images/flags/zm.png deleted file mode 100644 index b053a8d..0000000 Binary files a/html/html/images/flags/zm.png and /dev/null differ diff --git a/html/html/images/flags/zw.png b/html/html/images/flags/zw.png deleted file mode 100644 index 98095df..0000000 Binary files a/html/html/images/flags/zw.png and /dev/null differ diff --git a/html/html/themes/darkdos/include/style.css b/html/html/themes/darkdos/include/style.css index e7140cd..cc4b3c9 100644 --- a/html/html/themes/darkdos/include/style.css +++ b/html/html/themes/darkdos/include/style.css @@ -366,6 +366,10 @@ min-width: 2.0em; max-width: 2.5em; }
+table.fw-nat tbody tr td { + height: 2.25em; +} + /* LAYOUT - 3 COLUMNS */
/* Primary content */ diff --git a/html/html/themes/ipfire-legacy/include/style.css b/html/html/themes/ipfire-legacy/include/style.css index d2c458e..288a0fe 100644 --- a/html/html/themes/ipfire-legacy/include/style.css +++ b/html/html/themes/ipfire-legacy/include/style.css @@ -343,6 +343,10 @@ min-width: 2.0em; max-width: 2.5em; }
+table.fw-nat tbody tr td { + height: 2.25em; +} + /* LAYOUT - 3 COLUMNS */
/* Primary content */ diff --git a/html/html/themes/ipfire/include/css/style.css b/html/html/themes/ipfire/include/css/style.css index 0e990d6..e0ac3cd 100644 --- a/html/html/themes/ipfire/include/css/style.css +++ b/html/html/themes/ipfire/include/css/style.css @@ -324,3 +324,7 @@ table { .tbl tr:last-child td { border-bottom: 1px solid lightgrey; } + +table.fw-nat tbody tr td { + height: 2.25em; +} diff --git a/html/html/themes/maniac/include/style.css b/html/html/themes/maniac/include/style.css index eca34cb..3cb2741 100644 --- a/html/html/themes/maniac/include/style.css +++ b/html/html/themes/maniac/include/style.css @@ -372,6 +372,10 @@ min-width: 2.0em; max-width: 2.5em; }
+table.fw-nat tbody tr td { + height: 2.25em; +} + /* LAYOUT - 3 COLUMNS */
/* Primary content */ diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index fe4a200..e295412 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -416,6 +416,7 @@ 'bit' => 'Bit', 'bitrate' => 'Bitrate', 'bleeding rules' => 'Bleeding Edge Snort Rules', +'block' => 'Blocken', 'blue' => 'BLAU', 'blue access' => 'Zugriff auf Blau', 'blue access use hint' => 'Sie müssen mindestens die MAC- oder die IP-Adresse für ein Gerät angeben. Optional können Sie sowohl MAC- als auch IP-Adresse angeben.', @@ -532,6 +533,7 @@ 'chain' => 'Verknüpfung', 'change passwords' => 'Passwörter ändern', 'change share' => 'Freigabeeinstellungen ändern', +'check all' => 'Alle auswählen', 'check for net traffic update' => 'Prüfe auf Net-Traffic-Updates', 'check vpn lr' => 'Überprüfen', 'choose config' => 'Konfiguration auswählen', @@ -1067,6 +1069,7 @@ 'fwhost OpenVPN static host' => 'OpenVPN statischer Host', 'fwhost OpenVPN static network' => 'OpenVPN statisches Netzwerk', 'fwhost Standard Network' => 'Standard-Netzwerk', +'fwhost addgeoipgrp' => 'Neue GeoIP-Gruppe hinzufügen', 'fwhost addgrp' => 'Neue Gruppe hinzufügen', 'fwhost addgrpname' => 'Gruppenname:', 'fwhost addhost' => 'Neuen Host hinzufügen', @@ -1082,6 +1085,9 @@ 'fwhost change' => 'Ändern', 'fwhost changeremark' => 'Es wurde nur die Bemerkung angepasst.', 'fwhost cust addr' => 'Hosts', +'fwhost cust geoip' => 'GeoIP-Gruppen', +'fwhost cust geoipgroup' => 'GeoIP-Gruppen', +'fwhost cust geoiplocation' => 'GeoIP Ländercodes', 'fwhost cust grp' => 'Gruppen', 'fwhost cust net' => 'Netzwerke', 'fwhost cust service' => 'Dienste', @@ -1128,6 +1134,7 @@ 'fwhost ipsec net' => 'IPsec-Netzwerke:', 'fwhost menu' => 'Firewallgruppen', 'fwhost netaddress' => 'Netzwerkadresse', +'fwhost newgeoipgrp' => 'GeoIP-Gruppen', 'fwhost newgrp' => 'Netzwerk-/Hostgruppen', 'fwhost newhost' => 'Hosts', 'fwhost newnet' => 'Netzwerke', @@ -1162,6 +1169,16 @@ 'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Die Erzeugung der Root- und Host-Zertifikate kann lange Zeit dauern. Auf älterer Hardware kann es mehrere Minuten lang dauern. Bitte haben Sie etwas Geduld.', 'genkey' => 'PSK erzeugen', 'genre' => 'Genre', +'geoip' => 'GeoIP', +'geoipblock' => 'GeoIP Block', +'geoipblock block countries' => 'Länderfilter', +'geoipblock configuration' => 'GeoIP Konfiguration', +'geoipblock country code' => 'Ländercode', +'geoipblock country is allowed' => 'Eingehende Verbindungen aus diesem Land sind erlaubt.', +'geoipblock country is blocked' => 'Eingehende Verbindungen aus diesem Land werden blockiert.', +'geoipblock country name' => 'Ländername', +'geoipblock enable feature' => 'GeoIP basierte Filterung aktivieren:', +'geoipblock flag' => 'Flagge', 'global settings' => 'Globale Einstellungen', 'gpl i accept these terms and conditions' => 'Ich akzeptiere diese Bedingungen und Konditionen', 'gpl license agreement' => 'Lizenz-Vereinbarung', @@ -2216,6 +2233,9 @@ 'umount removable media before to unplug' => 'Wechselmedien vor dem Entfernen unbedingt abmelden', 'unable to alter profiles while red is active' => 'Profile können nicht geändert werden, solange ROT aktiv ist.', 'unable to contact' => 'Kann nicht erreicht werden', +'unblock' => 'Entblocken', +'unblock all' => 'Alle entblocken', +'uncheck all' => 'Alle abwählen', 'unencrypted' => 'Nicht verschlüsselt', 'uninstall' => 'Deinstallieren', 'unix charset' => 'UNIX-Charset', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 174300e..80c0552 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -435,6 +435,7 @@ 'bit' => 'bit', 'bitrate' => 'Bitrate', 'bleeding rules' => 'Bleeding Edge Snort Rules', +'block' => 'Block', 'blue' => 'BLUE', 'blue access' => 'Blue Access', 'blue access use hint' => 'You have to enter the MAC or the IP Address for a device. To enter both is also possible', @@ -550,6 +551,7 @@ 'chain' => 'Chain', 'change passwords' => 'Change passwords', 'change share' => 'edit share options', +'check all' => 'Check all', 'check for net traffic update' => 'Check for Net-Traffic updates', 'check vpn lr' => 'Check', 'choose config' => 'Choose config', @@ -1094,6 +1096,7 @@ 'fwhost OpenVPN static host' => 'OpenVPN static host', 'fwhost OpenVPN static network' => 'OpenVPN static network', 'fwhost Standard Network' => 'Standard network', +'fwhost addgeoipgrp' => 'Add new GeoIP group', 'fwhost addgrp' => 'Add new network/host group', 'fwhost addgrpname' => 'Group name:', 'fwhost addhost' => 'Add new host', @@ -1109,6 +1112,9 @@ 'fwhost change' => 'Modify', 'fwhost changeremark' => 'You modified just the remark', 'fwhost cust addr' => 'Hosts', +'fwhost cust geoip' => 'GeoIP Groups', +'fwhost cust geoipgroup' => 'GeoIP Groups', +'fwhost cust geoiplocation' => 'GeoIP Locations', 'fwhost cust grp' => 'Network/Host Groups', 'fwhost cust net' => 'Networks', 'fwhost cust service' => 'Services', @@ -1155,6 +1161,7 @@ 'fwhost ipsec net' => 'IPsec networks:', 'fwhost menu' => 'Firewall Groups', 'fwhost netaddress' => 'Network address', +'fwhost newgeoipgrp' => 'GeoIP Groups', 'fwhost newgrp' => 'Network/Host Groups', 'fwhost newhost' => 'Hosts', 'fwhost newnet' => 'Networks', @@ -1191,6 +1198,16 @@ 'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Generating the root and host certificates may take a long time. It can take up to several minutes on older hardware. Please be patient.', 'genkey' => 'Generate PSK', 'genre' => 'Genre', +'geoip' => 'GeoIP', +'geoipblock' => 'GeoIP Block', +'geoipblock block countries' => 'Block countries', +'geoipblock configuration' => 'GeoIP Configuration', +'geoipblock country code' => 'Country Code', +'geoipblock country is allowed' => 'Incoming traffic from this country is allowed', +'geoipblock country is blocked' => 'Incoming traffic from this country will be blocked', +'geoipblock country name' => 'Country Name', +'geoipblock enable feature' => 'Enable GeoIP based blocking:', +'geoipblock flag' => 'Flag', 'global settings' => 'Global Settings', 'gpl i accept these terms and conditions' => 'I accept these terms and conditions', 'gpl license agreement' => 'License Agreement', @@ -2255,6 +2272,9 @@ 'umount removable media before to unplug' => 'Umount removable media before unplugging the device', 'unable to alter profiles while red is active' => 'Unable to alter profiles while RED is active.', 'unable to contact' => 'Unable to contact', +'unblock' => 'Unblock', +'unblock all' => 'Unblock all', +'uncheck all' => 'Uncheck all', 'unencrypted' => 'Unencrypted', 'uninstall' => 'Uninstall', 'unix charset' => 'UNIX Charset', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index b7c50ff..90f4237 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -866,6 +866,16 @@ 'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient' => 'Generar los certificador root y host puede tomar mucho tiempo. Puede durar varios minutos en equipos antiguos. Por favor sea paciente.', 'genkey' => 'Generar PSK', 'genre' => 'Género', +'geoip' => 'GeoIP', +'geoipblock' => 'GeoIP Block', +'geoipblock block countries' => 'Países bloqueados', +'geoipblock configuration' => 'Configuración GeoIP', +'geoipblock country code' => 'Código del País', +'geoipblock country is allowed' => 'Se permite el tráfico procedente de este País', +'geoipblock country is blocked' => 'Se deniega el tráfico procedente de este País', +'geoipblock country name' => 'Nombre del País', +'geoipblock enable feature' => 'Habilitar bloqueo basado GeoIP:', +'geoipblock flag' => 'Bandera', 'global settings' => 'Configuraciones globales', 'gpl i accept these terms and conditions' => 'I accept these terms and conditions', 'gpl license agreement' => 'License Agreement', diff --git a/lfs/Locale-Country b/lfs/Locale-Country index b2c1455..02bf7a0 100644 --- a/lfs/Locale-Country +++ b/lfs/Locale-Country @@ -24,7 +24,7 @@
include Config
-VER = 2.07 +VER = 3.33
THISAPP = Locale-Codes-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = af0537cc4a882096d0320612c440df6d +$(DL_FILE)_MD5 = bc7496f97889de8504e80addaa0ee40c
install : $(TARGET)
diff --git a/lfs/acpid b/lfs/acpid index ff85e1c..686fada 100644 --- a/lfs/acpid +++ b/lfs/acpid @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2015 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.0.16 +VER = 2.0.23
THISAPP = acpid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d59fc02c9c34f0d5c137495302e2c074 +$(DL_FILE)_MD5 = d7bcdcdefcd53b03730e50ba842554ea
install : $(TARGET)
diff --git a/lfs/apache2 b/lfs/apache2 index 5e88625..57c3447 100644 --- a/lfs/apache2 +++ b/lfs/apache2 @@ -25,17 +25,14 @@
include Config
-VER = 2.2.27 +VER = 2.2.29
THISAPP = httpd-$(VER) DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) -ifeq "$(PASS)" "C" - TARGET = $(DIR_INFO)/$(THISAPP)-config -else - TARGET = $(DIR_INFO)/$(THISAPP) -endif + +TARGET = $(DIR_INFO)/$(THISAPP)
############################################################################### # Top-level Rules @@ -47,7 +44,7 @@ objects = $(DL_FILE) \ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) httpd-2.2.2-config-1.patch = $(DL_FROM)/httpd-2.2.2-config-1.patch
-$(DL_FILE)_MD5 = 8faef0decf3fa7e69b2568eb2105a3d8 +$(DL_FILE)_MD5 = 579342fdeaa7b8b68d17fee91f8fab6e httpd-2.2.2-config-1.patch_MD5 = e02a3ec5925eb9e111400b9aa229f822
install : $(TARGET) @@ -77,32 +74,6 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) -ifeq "$(PASS)" "C" - # DO THIS IN AN EXTRA STEP BECAUSE PHP AND SUBVERSION WILL FAIL. - - cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf - ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/ - - # Copy all html/cgi-bin files - mkdir -p /srv/web/ipfire/{cgi-bin,html} - mkdir -p /var/updatecache/{download,metadata} - cp -aR $(DIR_SRC)/html/* /srv/web/ipfire - - # Change CONFIG_ROOT in cgi-scripts - for i in /srv/web/ipfire/cgi-bin/{*,logs.cgi/*,vpn.cgi/*}; do \ - if [ -f $$i ]; then \ - sed -i "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" $$i; \ - fi; \ - done - chown -R root:root /srv/web/ipfire - chmod -R 755 /srv/web/ipfire/cgi-bin - chmod -R 644 /srv/web/ipfire/html - chmod 755 /srv/web/ipfire/html /srv/web/ipfire/html/{index.cgi,redirect.cgi,dial.cgi,images,include,themes,themes/*,themes/*/*} - ln -svf ipfire /srv/web/ipfire/html/themes/ipfire-rounded - - # Reset permissions of redirect templates and theme directories - find /srv/web/ipfire/html/{redirect-templates,themes} -type d | xargs chmod -v 755 -else @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 -i $(DIR_DL)/httpd-2.2.2-config-1.patch
@@ -140,6 +111,10 @@ else /usr/share/man/man1/{dbmmanage,ht{dbm,digest,passwd,txt2dbm}}.1 \ /usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \ /usr/share/man/man8/{logresolve,rotatelogs,suexec}.8 + + # Install apache config + cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf + ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/ + @rm -rf $(DIR_APP) -endif @$(POSTBUILD) diff --git a/lfs/asterisk b/lfs/asterisk index f886225..7575246 100755 --- a/lfs/asterisk +++ b/lfs/asterisk @@ -20,7 +20,7 @@
include Config
-VER = 11.15.0 +VER = 11.17.1
THISAPP = asterisk-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -28,7 +28,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = asterisk -PAK_VER = 14 +PAK_VER = 16
DEPS = "libsrtp"
@@ -46,7 +46,7 @@ asterisk-extra-sounds-en-gsm-1.4.15.tar.gz = $(URL_IPFIRE)/asterisk-extra-sounds asterisk-moh-opsound-gsm-2.03.tar.gz = $(URL_IPFIRE)/asterisk-moh-opsound-gsm-2.03.tar.gz asterisk-1.4-de-prompts.tar.gz = $(URL_IPFIRE)/asterisk-1.4-de-prompts.tar.gz
-$(DL_FILE)_MD5 = 71e8c2e207255f7ef12b81b7f0da30ea +$(DL_FILE)_MD5 = 2c6cd0f499152d0d5ff32f36e274fc2e asterisk-extra-sounds-en-gsm-1.4.15.tar.gz_MD5 = 5099fc65f49008e33ba7fb043a4ec995 asterisk-moh-opsound-gsm-2.03.tar.gz_MD5 = 09066f55f1358f298bc1a6e4678a3ddf asterisk-1.4-de-prompts.tar.gz_MD5 = 626a2b95071a5505851e43874dfbfd5c diff --git a/lfs/backports b/lfs/backports index 0eebe81..59baacc 100644 --- a/lfs/backports +++ b/lfs/backports @@ -90,6 +90,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/compat-drivers-3.8.3-ath_ignore_eeprom_regdomain.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.22-iwlwifi-noibss_only_on_radar_chan.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.37-rt2800usb_add_dlink_dwa137_usbid.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports-3.18.1-1_rt2x00usb_suppress_queue_warnings.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports-3.18.1-1_add_libertas_uap.patch
# smsc mac address patch for pandaboard and raspberry pi diff --git a/lfs/clamav b/lfs/clamav index 2e07ed0..5fd8426 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -24,7 +24,7 @@
include Config
-VER = 0.98.6 +VER = 0.98.7
THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 28 +PAK_VER = 29
DEPS = ""
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7f4f7e82a09e42c4ebf153d6d452d9d8 +$(DL_FILE)_MD5 = 157c601161da1c2d5a0e48ea1b49e067
install : $(TARGET)
diff --git a/lfs/configroot b/lfs/configroot index e0bb346..601cdf6 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -64,8 +64,8 @@ $(TARGET) : for i in auth/users backup/include.user backup/exclude.user \ certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \ dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ - ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/input firewall/outgoing \ - fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwlogs/ipsettings fwlogs/portsettings \ + ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/geoipblock firewall/input firewall/outgoing \ + fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings \ isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \ ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \ @@ -78,6 +78,7 @@ $(TARGET) : cp $(DIR_SRC)/config/cfgroot/header.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/network-functions.pl $(CONFIG_ROOT)/ + cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/ cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/ diff --git a/lfs/curl b/lfs/curl index 715d79d..0fd92c1 100644 --- a/lfs/curl +++ b/lfs/curl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2015 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 7.31.0 +VER = 7.40.0
THISAPP = curl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6f26843f7e3a2fb06e02f68a55efe8c7 +$(DL_FILE)_MD5 = 58943642ea0ed050ab0431ea1caf3a6f
install : $(TARGET)
diff --git a/lfs/cyrus-sasl b/lfs/cyrus-sasl index af2b148..84f49d9 100644 --- a/lfs/cyrus-sasl +++ b/lfs/cyrus-sasl @@ -24,7 +24,7 @@
include Config
-VER = 2.1.21 +VER = 2.1.26
THISAPP = cyrus-sasl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dde02db234dea892bee298390890502e +$(DL_FILE)_MD5 = a7f4e5e559a0e37b3ffc438c9456e425
install : $(TARGET)
@@ -82,7 +82,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/cyrus-sasl-2.1.22-bad-elif.patch cd $(DIR_APP) && sed -i '/sasl_global/s/^static //' lib/client.c cd $(DIR_APP) && sed -i 's/cat8/man8/' saslauthd/Makefile.am cd $(DIR_APP) && autoconf @@ -90,7 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) ifeq "$(PASS)" "" cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \ --with-dbpath=/var/lib/sasl/sasldb2 \ - --with-saslauthd=/var/run/saslauthd + --with-saslauthd=/var/run/saslauthd \ + --with-des=no --with-rc4=no cd $(DIR_APP) && make cd $(DIR_APP) && make install install -v -m700 -d /var/lib/sasl diff --git a/lfs/ddns b/lfs/ddns index e736e10..463ae28 100644 --- a/lfs/ddns +++ b/lfs/ddns @@ -71,6 +71,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch + cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh cd $(DIR_APP) && ./configure \ --prefix=/usr \ diff --git a/lfs/dhcp b/lfs/dhcp index 083c31f..9a89d40 100644 --- a/lfs/dhcp +++ b/lfs/dhcp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2012 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2015 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 4.2.2 +VER = 4.3.1
THISAPP = dhcp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = bb0f0434cd796f76aa7cead391d71f31 +$(DL_FILE)_MD5 = b3a42ece3c7f2cd2e74a3e12ca881d20
install : $(TARGET)
@@ -71,38 +71,33 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-remove-bind.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-errwarn-message.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-options.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-release-by-ifup.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-dhclient-decline-backoff.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-unicast-bootp.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-dhclient-usage.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-default-requested-options.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-xen-checksum.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.1-manpages.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-paths.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-CLOEXEC.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-inherit-leases.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-garbage-chars.patch - # ??? - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-missing-ipv6-not-fatal.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-add_timeout_when_NULL.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.1-64_bit_lease_parse.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-capability.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-logpid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-UseMulticast.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.1-sendDecline.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.1-retransmission.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-rfc3442-classless-static-routes.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-honor-expired.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-noprefixavail.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-sharedlib.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.0-PPP.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-lpf-ib.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-improved-xid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.2-gpxe-cid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp-4.2.1-invalid-dhclient-conf.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-remove-bind.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-errwarn-message.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-dhclient-options.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-release-by-ifup.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-unicast-bootp.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-default-requested-options.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-xen-checksum.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-manpages.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-paths.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-CLOEXEC.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-garbage-chars.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-64_bit_lease_parse.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-capability.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-logpid.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-UseMulticast.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-sendDecline.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-honor-expired.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-sharedlib.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-PPP.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-paranoia.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-lpf-ib.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-improved-xid.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-gpxe-cid.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcp/dhcp-stateless-DUID-LLT.patch
# Remove bundled BIND stuff. # (requires newer autoconf) diff --git a/lfs/dhcpcd b/lfs/dhcpcd index f7a8c36..e73d99c 100644 --- a/lfs/dhcpcd +++ b/lfs/dhcpcd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2012 IPFire Team info@ipfire.org # +# Copyright (C) 2015 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 5.2.9 +VER = 6.7.1
THISAPP = dhcpcd-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = aabe4a3c1f23c55f2c99a416c9085de9 +$(DL_FILE)_MD5 = ffb716b0e9327968e7200d519e1d4c0d
install : $(TARGET)
diff --git a/lfs/dnsmasq b/lfs/dnsmasq index 15a86a5..b98e662 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -144,6 +144,22 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0069-Whitespace-fixes.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch cd $(DIR_APP) && sed -i src/config.h \ -e 's|/* #define HAVE_IDN */|#define HAVE_IDN|g' \ diff --git a/lfs/dracut b/lfs/dracut index fef3ad7..97d12f3 100644 --- a/lfs/dracut +++ b/lfs/dracut @@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dracut-038-always-enable-mdraid.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dracut-038_add_sdhci-pci.patch
cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install sbindir=/sbin sysconfdir=/etc diff --git a/lfs/expat b/lfs/expat index 8e4db75..99e458d 100644 --- a/lfs/expat +++ b/lfs/expat @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2014 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.0.0 +VER = 2.1.0
THISAPP = expat-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d945df7f1c0868c5c73cf66ba9596f3f +$(DL_FILE)_MD5 = dd7dab7a5fea97d2a6a43f511449b7cd
install : $(TARGET)
@@ -73,7 +73,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install - cd $(DIR_APP) && install -v -m755 -d /usr/share/doc/expat-2.0.0 - cd $(DIR_APP) && install -v -m644 doc/*.{html,png,css} /usr/share/doc/expat-2.0.0 + cd $(DIR_APP) && install -v -m755 -d /usr/share/doc/expat-2.1.0 + cd $(DIR_APP) && install -v -m644 doc/*.{html,png,css} /usr/share/doc/expat-2.1.0 @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/fireinfo b/lfs/fireinfo index e63bdc8..9d65765 100644 --- a/lfs/fireinfo +++ b/lfs/fireinfo @@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch
cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh cd $(DIR_APP) && ./configure --prefix=/usr diff --git a/lfs/flag-icons b/lfs/flag-icons new file mode 100644 index 0000000..8f3364c --- /dev/null +++ b/lfs/flag-icons @@ -0,0 +1,90 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 2.6 + +THISAPP = flag-icons-$(VER) +DL_FILE = $(THISAPP).zip +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 992db1bc950dfdd436699b7d2ad33c2d + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + # Create DIR_APP and move the source tarball to its location. + @rm -rf $(DIR_APP) && mkdir -pv $(DIR_APP) && cd $(DIR_SRC) && cp -avf $(DIR_DL)/$(DL_FILE) $(DIR_APP) + + # Extract the source tarball. + cd $(DIR_APP) && unzip $(DL_FILE) + + # Create flage image folder. + cd $(DIR_APP) && mkdir -pv /srv/web/ipfire/html/images/flags/ + + # Only copy the country flags. + cd $(DIR_APP) && cp -avf flags-iso/shiny/16/??.png \ + /srv/web/ipfire/html/images/flags/ + + # Copy flag icon for unknown countries. + cd $(DIR_APP) && cp -avf flags-iso/shiny/16/_unknown.png \ + /srv/web/ipfire/html/images/flags/unknown.png + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/flash-images b/lfs/flash-images index 6c88180..530bf33 100644 --- a/lfs/flash-images +++ b/lfs/flash-images @@ -211,6 +211,7 @@ endif -fsck.ext4 -f -y $(PART_ROOT) fsck.ext4 -f -y $(PART_ROOT)
+ sleep 10 #Ubuntu compiling: allow time to automount/dismount kpartx -d -v $(DEVICE) losetup -d $(DEVICE)
diff --git a/lfs/glibc b/lfs/glibc index 11d374e..4ec71a7 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -283,6 +283,8 @@ endif cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1154563.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1170121.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1183533.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1207995.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1209375.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch diff --git a/lfs/groff b/lfs/groff index 1739fee..a0bb0bd 100644 --- a/lfs/groff +++ b/lfs/groff @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2011 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2015 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.21 +VER = 1.22.3
THISAPP = groff-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8b8cd29385b97616a0f0d96d0951c5bf +$(DL_FILE)_MD5 = cc825fa64bc7306a885f2fb2268d3ec5
install : $(TARGET)
diff --git a/lfs/hostapd b/lfs/hostapd index 74c2ae8..e928668 100644 --- a/lfs/hostapd +++ b/lfs/hostapd @@ -24,7 +24,7 @@
include Config
-VER = 2.3 +VER = 2.4
THISAPP = hostapd-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = hostapd -PAK_VER = 33 +PAK_VER = 34
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 40b89c61036add0c2dd1fc10767d3b5f +$(DL_FILE)_MD5 = 04578f3f2c3eb1bec1adf30473813912
install : $(TARGET)
@@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd-2.3_increase_EAPOL-timeouts.patch cd $(DIR_APP)/hostapd && cp $(DIR_SRC)/config/hostapd/config ./.config cd $(DIR_APP)/hostapd && sed -e "s@/usr/local@/usr@g" -i Makefile cd $(DIR_APP)/hostapd && make $(MAKETUNING) $(EXTRA_MAKE) diff --git a/lfs/initscripts b/lfs/initscripts index f656c72..4005941 100755 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -176,6 +176,7 @@ $(TARGET) : ln -sf ../init.d/firstsetup /etc/rc.d/rcsysinit.d/S75firstsetup ln -sf ../init.d/localnet /etc/rc.d/rcsysinit.d/S80localnet ln -sf ../init.d/firewall /etc/rc.d/rcsysinit.d/S85firewall + ln -sf ../init.d/network-trigger /etc/rc.d/rcsysinit.d/S90network-trigger ln -sf ../init.d/network-vlans /etc/rc.d/rcsysinit.d/S91network-vlans ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S92rngd ln -sf ../init.d/wlanclient /etc/rc.d/rc0.d/K82wlanclient diff --git a/lfs/iptables b/lfs/iptables index d3c8402..ec65ae0 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -93,9 +93,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ ./extensions/
- # ipp2p 0.8.2-pomng - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch - # imq cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff
diff --git a/lfs/iputils b/lfs/iputils index 7741c0e..bb08793 100644 --- a/lfs/iputils +++ b/lfs/iputils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2014 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,12 +24,12 @@
include Config
-VER = ss020927 +VER = s20121221
THISAPP = iputils-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/iputils +DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP)
############################################################################### @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b5493f7a2997130a4f86c486c9993b86 +$(DL_FILE)_MD5 = 6072aef64205720dd1893b375e184171
install : $(TARGET)
@@ -69,10 +69,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/iputils-20020927-headers.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/iputils-20020927-rh.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/iputils-glibckernheaders.patch + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && make ping tracepath cd $(DIR_APP) && install -m 4755 ping /usr/bin cd $(DIR_APP) && install -m 0755 tracepath /usr/bin diff --git a/lfs/libjpeg b/lfs/libjpeg index 5e07859..8b4c077 100644 --- a/lfs/libjpeg +++ b/lfs/libjpeg @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2015 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.3.0 +VER = 1.3.1
THISAPP = libjpeg-turbo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = e1e65cc711a1ade1322c06ad4a647741 +$(DL_FILE)_MD5 = 2c3a68129dac443a72815ff5bb374b05
install : $(TARGET)
diff --git a/lfs/libsrtp b/lfs/libsrtp index 6dfef3b..47c0cad 100644 --- a/lfs/libsrtp +++ b/lfs/libsrtp @@ -24,14 +24,14 @@
include Config
-VER = 1.5.0 +VER = 1.5.2 THISAPP = libsrtp-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libsrtp -PAK_VER = 1 +PAK_VER = 2
DEPS = ""
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ec49ba558b4fd056114df2c76935aa8e +$(DL_FILE)_MD5 = 2309aa6027992810a4285b042c71e644
install : $(TARGET)
@@ -78,7 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure --prefix=/usr - cd $(DIR_APP) && make uninstall && make $(MAKETUNING) libsrtp.so + cd $(DIR_APP) && make uninstall && make $(MAKETUNING) shared_library cd $(DIR_APP) && make install @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/linux b/lfs/linux index ef30fa6..b2d2552 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,11 +24,11 @@
include Config
-VER = 3.14.33 +VER = 3.14.41
-RPI_PATCHES = 3.14.33-grsec-ipfire1 -A7M_PATCHES = 3.14.33-grsec-ipfire1 -GRS_PATCHES = grsecurity-3.0-3.14.33-201502180832.patch.xz +RPI_PATCHES = 3.14.41-grsec-ipfire1 +A7M_PATCHES = 3.14.41-grsec-ipfire1 +GRS_PATCHES = grsecurity-3.1-3.14.41-201505072056.patch.xz
THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -37,7 +37,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = CXXFLAGS =
-PAK_VER = 58 +PAK_VER = 59 DEPS = ""
VERSUFIX=ipfire$(KCFG) @@ -77,10 +77,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES). arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = c19feb0646fde7e96602ac313fb7e5d6 -rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = e423c8b3a408f23b9a26f8f0f4384c50 -arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = f147ce7c81889d2c5134304f3a6e60e3 -$(GRS_PATCHES)_MD5 = 119943451628ff5a62437637d60a585d +$(DL_FILE)_MD5 = b28dfc6907c388c2adcc65aee2ad68ff +rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 9c8b20647429a64d656999a3c7af890f +arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = a4a4103255e93bfcb02652212b0ae3fc +$(GRS_PATCHES)_MD5 = 8af3b27954311da581cc6f803f048779
install : $(TARGET)
@@ -118,9 +118,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Linux Intermediate Queueing Device cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.22-imq.patch
- # ipp2p 0.8.2-ipfire - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-ipp2p-0.8.2-ipfire.patch - # Layer7-patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14-layer7-filter.patch
@@ -164,6 +161,9 @@ endif # r8169 L23 patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.32-r8169_disable_L23.patch
+ # HyperV 2008 patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.x-hyperv-2008-fix.patch + ifeq "$(KCFG)" "-kirkwood" cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.10-mv_cesa_disable_failing_hmac_sha1.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.22-kirkwood_legacy_boot.patch @@ -178,8 +178,6 @@ ifeq "$(KCFG)" "-multi" # Install switch api userspace header cd $(DIR_APP) && install -v -m644 include/uapi/linux/switch.h /usr/include/linux/
- # Fix Lamobo-R1 SATA Power - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch endif
ifeq "$(KCFG)" "-rpi" diff --git a/lfs/logrotate b/lfs/logrotate index 8f81b2d..0904074 100644 --- a/lfs/logrotate +++ b/lfs/logrotate @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2014 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.7.1 +VER = 3.8.1
THISAPP = logrotate-$(VER) DL_FILE = logrotate_$(VER).orig.tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 552639142e163745f6bcd4f1f3816d8a +$(DL_FILE)_MD5 = bd2e20d8dc644291b08f9215397d28a5
install : $(TARGET)
diff --git a/lfs/logwatch b/lfs/logwatch index 755557a..7144d07 100644 --- a/lfs/logwatch +++ b/lfs/logwatch @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2015 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 7.3.6 +VER = 7.4.1
THISAPP = logwatch-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 937d982006b2a76a83edfcfd2e5a9d7d +$(DL_FILE)_MD5 = a0c3d8721f877bdcd4a9089eb1b4691b
install : $(TARGET)
@@ -99,7 +99,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -mkdir -p /var/log/logwatch chmod -v 755 /var/log/logwatch -rm -rf /etc/logwatch/conf - ln -vsf /usr/share/logwatch/default.config /etc/logwatch/conf + ln -vsf /usr/share/logwatch/default.conf /etc/logwatch/conf @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/monit b/lfs/monit index 0998d59..92e0760 100644 --- a/lfs/monit +++ b/lfs/monit @@ -24,7 +24,7 @@
include Config
-VER = 5.11 +VER = 5.12.1
THISAPP = monit-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = monit -PAK_VER = 4 +PAK_VER = 6
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ff00f39d248ed7068932ed82211da9e6 +$(DL_FILE)_MD5 = 1ffde79207270925f6f7df787d19100a
install : $(TARGET)
diff --git a/lfs/nasm b/lfs/nasm index f6aeac7..b77e7cb 100644 --- a/lfs/nasm +++ b/lfs/nasm @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2015 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.10.03 +VER = 2.11.06
THISAPP = nasm-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a5d0ed070476a7c5b4f0893dc4a4ea4b +$(DL_FILE)_MD5 = 2b958e9f5d200641e6fc9564977aecc5
install : $(TARGET)
diff --git a/lfs/nfs b/lfs/nfs index d18487b..417f155 100644 --- a/lfs/nfs +++ b/lfs/nfs @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nfs -PAK_VER = 5 +PAK_VER = 6
DEPS = "portmap"
diff --git a/lfs/openssl b/lfs/openssl index 588cf04..455dcf1 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2014 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2015 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,25 +24,56 @@
include Config
-VER = 1.0.1m +VER = 1.0.2a
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) + +TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG) + +ifneq "$(KCFG)" "-sse2" +CFLAGS += -DPURIFY +else +CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC +CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4 +CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse +CFLAGS+= -fomit-frame-pointer -DPURIFY +CXXFLAGS="${CFLAGS}" +endif + +export RPM_OPT_FLAGS = $(CFLAGS) + +CONFIGURE_OPTIONS = \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + --enginesdir=/usr/lib/openssl/engines \ + shared \ + zlib-dynamic \ + enable-camellia \ + enable-md2 \ + enable-seed \ + enable-tlsext \ + enable-rfc3779 \ + no-idea \ + no-mdc2 \ + no-rc5 \ + no-srp \ + -DSSL_FORBID_ENULL
ifeq "$(MACHINE)" "i586" - CONFIGURE_ARGS = linux-elf no-asm 386 + CONFIGURE_OPTIONS += linux-elf + +ifneq "$(KCFG)" "-sse2" + CONFIGURE_OPTIONS += no-sse2 +endif endif
ifeq "$(MACHINE)" "armv5tel" - CONFIGURE_ARGS = linux-generic32 + CONFIGURE_OPTIONS += linux-generic32 endif
-CFLAGS += -DPURIFY -export RPM_OPT_FLAGS = $(CFLAGS) - ############################################################################### # Top-level Rules ############################################################################### @@ -51,7 +82,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d143d1555d842a069cb7cc34ba745a06 +$(DL_FILE)_MD5 = a06c547dac9044161a477211049f60ef
install : $(TARGET)
@@ -82,10 +113,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-rpmbuild.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ # i586 specific patches +ifeq "$(MACHINE)" "i586" + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch +endif + # Apply our CFLAGS cd $(DIR_APP) && sed -i Configure \ -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" @@ -93,27 +130,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && find crypto/ -name Makefile -exec \ sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} ;
- cd $(DIR_APP) && ./Configure \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - --enginesdir=/usr/lib/openssl/engines \ - shared \ - zlib-dynamic \ - enable-camellia \ - enable-md2 \ - enable-seed \ - enable-tlsext \ - enable-rfc3779 \ - no-idea \ - no-mdc2 \ - no-rc5 \ - no-srp \ - $(CONFIGURE_ARGS) \ - -DSSL_FORBID_ENULL + cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS)
cd $(DIR_APP) && make depend cd $(DIR_APP) && make
+ifeq "$(KCFG)" "-sse2" + -mkdir -pv /usr/lib/sse2 + cd $(DIR_APP) && install -m 755 \ + libcrypto.so.10 /usr/lib/sse2 +else # Install everything. cd $(DIR_APP) && make install install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl @@ -125,6 +151,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -mkdir -pv /usr/lib/openssl rm -vfr /usr/lib/openssl/engines mv -v /usr/lib/engines /usr/lib/openssl +endif
@rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/openssl-compat b/lfs/openssl-compat deleted file mode 100644 index ad5d664..0000000 --- a/lfs/openssl-compat +++ /dev/null @@ -1,102 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2014 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 0.9.8zf - -THISAPP = openssl-$(VER) -DL_FILE = $(THISAPP).tar.gz -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = c69a4a679233f7df189e1ad6659511ec - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch - - # Apply our CFLAGS - cd $(DIR_APP) && sed -i Configure \ - -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" - - cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config - cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure - - # Support for engines is disabled, because the shared objects from the - # new version of openssl cannot be loaded by the old one. - - cd $(DIR_APP) && ./Configure \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - shared linux-elf \ - zlib-dynamic \ - no-engines \ - no-asm 386 \ - -DSSL_FORBID_ENULL - - cd $(DIR_APP) && make depend - cd $(DIR_APP) && make - - cd $(DIR_APP) && install -v -m 755 libcrypto.so.0.9.8 /usr/lib - cd $(DIR_APP) && install -v -m 755 libssl.so.0.9.8 /usr/lib - - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/lfs/perl-Text-CSV_XS b/lfs/perl-Text-CSV_XS new file mode 100644 index 0000000..f94593f --- /dev/null +++ b/lfs/perl-Text-CSV_XS @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2014 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + + +############################################################################### +# Definitions +############################################################################### + +include Config +VER = 1.12 + +THISAPP = Text-CSV_XS-$(VER) +DL_FILE = ${THISAPP}.tgz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = b91f2d806054b68c2a29d3da5821fe87 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/pound b/lfs/pound index a0f6f29..3860122 100644 --- a/lfs/pound +++ b/lfs/pound @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = pound -PAK_VER = 7 +PAK_VER = 8
DEPS = ""
@@ -77,7 +77,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc + cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \ + --with-dh=1024 cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install install -v -m 644 $(DIR_SRC)/config/backup/includes/pound \ diff --git a/lfs/qemu b/lfs/qemu index 2fc0476..8512568 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -24,16 +24,16 @@
include Config
-VER = 0.15.0 +VER = 2.3.0
-THISAPP = qemu-kvm-$(VER) -DL_FILE = $(THISAPP).tar.gz +THISAPP = qemu-$(VER) +DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 PROG = qemu -PAK_VER = 14 +PAK_VER = 15
DEPS = "sdl"
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b45b0deebba4ce47dcaaab3807f6ed47 +$(DL_FILE)_MD5 = 2fab3ea4460de9b57192e5b8b311f221
install : $(TARGET)
@@ -77,12 +77,20 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/qemu-0.15.0_missing_definitions_hack.patch + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \ + --enable-kvm --disable-attr \ --target-list="i386-linux-user i386-softmmu arm-softmmu" \ --extra-cflags="$(CFLAGS)" cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install + + # install wrapper for old kvm parameter handling + install -m 755 $(DIR_SRC)/config/qemu/qemu /usr/bin/qemu + + # disable PaX MPROTECT + paxctl -m /usr/bin/qemu-system-arm + paxctl -m /usr/bin/qemu-system-i386 + @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/squid b/lfs/squid index 67e4a7d..d4fc4c5 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 3.4.9 +VER = 3.4.13
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 497e5be7b3430d12667628296760beca +$(DL_FILE)_MD5 = a5f6c978b2d7a99b161c8275e1acb470
install : $(TARGET)
@@ -78,12 +78,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --libexecdir=/usr/lib/squid \ --localstatedir=/var \ --disable-ipv6 \ + --disable-ssl \ --enable-poll \ --disable-icmp \ --disable-wccp \ --enable-ident-lookups \ --enable-storeio="aufs,diskd,ufs" \ - --enable-ssl \ --enable-underscores \ --enable-http-violations \ --enable-removal-policies="heap,lru" \ diff --git a/lfs/squid-accounting b/lfs/squid-accounting index 7eae4fb..af7b281 100644 --- a/lfs/squid-accounting +++ b/lfs/squid-accounting @@ -9,13 +9,13 @@
include Config
-VER = 1.0.2 +VER = 1.0.3
THISAPP = squid-accounting-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = squid-accounting -PAK_VER = 4 +PAK_VER = 5
DEPS = "perl-DBI perl-DBD-SQLite perl-File-ReadBackwards perl-PDF-API2 sendEmail"
diff --git a/lfs/stage2 b/lfs/stage2 index 53f81d1..3203983 100644 --- a/lfs/stage2 +++ b/lfs/stage2 @@ -55,7 +55,7 @@ $(TARGET) : -install -dv -m 1777 /tmp /var/tmp -mkdir -pv /usr/{,local/}{bin,include,lib{,/sse2},sbin,src} -mkdir -pv /usr/{,local/}share/{doc,info,locale,man} - -mkdir -v /usr/{,local/}share/{misc,terminfo,zoneinfo} + -mkdir -v /usr/{,local/}share/{misc,terminfo,xt_geoip,zoneinfo} -mkdir -pv /usr/{,local/}share/man/man{1..8} #-for dir in /usr /usr/local; do \ # ln -sv share/{man,doc,info} $$dir; \ diff --git a/lfs/strongswan b/lfs/strongswan index 43995b5..f227bba 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@
include Config
-VER = 5.2.2 +VER = 5.3.0
THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7ee1a33060b2bde35be0f6d78a1d26d0 +$(DL_FILE)_MD5 = c52d4228231c2025d9c320d0e9990327
install : $(TARGET)
@@ -78,11 +78,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-eb25190.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh cd $(DIR_APP) && ./configure \ @@ -93,6 +90,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-farp \ --enable-openssl \ --enable-gcrypt \ + --enable-ccm \ + --enable-ctr \ + --enable-gcm \ --enable-xauth-eap \ --enable-xauth-noauth \ --enable-eap-radius \ diff --git a/lfs/tor b/lfs/tor index 0cc2957..8eca48d 100644 --- a/lfs/tor +++ b/lfs/tor @@ -24,7 +24,7 @@
include Config
-VER = 0.2.4.23 +VER = 0.2.5.12
THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 8 +PAK_VER = 11
DEPS = "libevent2"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9e39928e310612c3bffee727f554c63f +$(DL_FILE)_MD5 = 89745069a7efb7aafd01ae263bd0fe5c
install : $(TARGET)
diff --git a/lfs/tzdata b/lfs/tzdata index 11dc03f..dfb54e6 100644 --- a/lfs/tzdata +++ b/lfs/tzdata @@ -24,7 +24,7 @@
include Config
-VER = 2015a +VER = 2015d TZDATA_VER = $(VER) TZCODE_VER = $(VER)
@@ -45,8 +45,8 @@ objects = tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz tzdata$(TZDATA_VER).tar.gz = $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz = $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz
-tzdata$(TZDATA_VER).tar.gz_MD5 = 4ed11c894a74a5ea64201b1c6dbb8831 -tzcode$(TZCODE_VER).tar.gz_MD5 = 8f375ede46ae137fbac047ac431bda37 +tzdata$(TZDATA_VER).tar.gz_MD5 = b595bdc4474b8fc1a15cffc67c66025b +tzcode$(TZCODE_VER).tar.gz_MD5 = 4008a3abc025a398697b2587c48258b9
install : $(TARGET)
diff --git a/lfs/udev b/lfs/udev index 15dae81..e58839c 100644 --- a/lfs/udev +++ b/lfs/udev @@ -93,9 +93,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) rm -f /lib/udev/rules.d/75-persistent-net-generator.rules rm -f /lib/udev/rules.d/80-net-name-slot.rules
- # Create rule file for the setup - touch /etc/udev/rules.d/30-persistent-network.rules - # Blacklist some modules cp -vf $(DIR_SRC)/config/udev/blacklist.conf /etc/modprobe.d/blacklist.conf
@@ -107,6 +104,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 644 $(DIR_SRC)/config/udev/25-alsa.rules \ /lib/udev/rules.d
+ # Install network rules. + install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-rename \ + /lib/udev/network-hotplug-rename + install -v -m 644 $(DIR_SRC)/config/udev/60-net.rules \ + /lib/udev/rules.d + # Install hwrng rules. install -v -m 644 $(DIR_SRC)/config/udev/90-hwrng.rules \ /lib/udev/rules.d diff --git a/lfs/web-user-interface b/lfs/web-user-interface new file mode 100644 index 0000000..919acbe --- /dev/null +++ b/lfs/web-user-interface @@ -0,0 +1,72 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2015 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = ipfire + +THISAPP = web-user-interface-$(VER) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +install: $(TARGET) + +check: + +download: + +md5: + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + + # Copy all html/cgi-bin files + mkdir -p /srv/web/ipfire/{cgi-bin,html} + mkdir -p /var/updatecache/{download,metadata} + cp -aR $(DIR_SRC)/html/* /srv/web/ipfire + + # Change CONFIG_ROOT in cgi-scripts + for i in /srv/web/ipfire/cgi-bin/{*,logs.cgi/*,vpn.cgi/*}; do \ + if [ -f $$i ]; then \ + sed -i "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" $$i; \ + fi; \ + done + chown -R root:root /srv/web/ipfire + chmod -R 755 /srv/web/ipfire/cgi-bin + chmod -R 644 /srv/web/ipfire/html + chmod 755 /srv/web/ipfire/html /srv/web/ipfire/html/{index.cgi,redirect.cgi,dial.cgi,images,include,themes,themes/*,themes/*/*} + ln -svf ipfire /srv/web/ipfire/html/themes/ipfire-rounded + + # Reset permissions of redirect templates and theme directories + find /srv/web/ipfire/html/{redirect-templates,themes} -type d | xargs chmod -v 755 + @$(POSTBUILD) diff --git a/lfs/wpa_supplicant b/lfs/wpa_supplicant index 1cebaab..e7f46de 100644 --- a/lfs/wpa_supplicant +++ b/lfs/wpa_supplicant @@ -24,7 +24,7 @@
include Config
-VER = 2.3 +VER = 2.4
THISAPP = wpa_supplicant-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f2ed8fef72cf63d8d446a2d0a6da630a +$(DL_FILE)_MD5 = f0037dbe03897dcaf2ad2722e659095d
install : $(TARGET)
diff --git a/lfs/xtables-addons b/lfs/xtables-addons new file mode 100644 index 0000000..1848dc9 --- /dev/null +++ b/lfs/xtables-addons @@ -0,0 +1,110 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2014 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VERSUFIX = ipfire$(KCFG) +MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/extra/ + +VER = 2.6 + +THISAPP = xtables-addons-$(VER) +DL_FILE = $(THISAPP).tar.xz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) + +ifeq "$(USPACE)" "1" + TARGET = $(DIR_INFO)/$(THISAPP) +else + TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)-$(VERSUFIX) +endif + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 087835ba7e564481b6fd398692268340 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + + # Only build the specified modules. + cp -avf $(DIR_SRC)/config/xtables-addons/mconfig \ + $(DIR_APP)/mconfig + +# Check if we build the modules for a kernel or the userspace parts. +ifeq "$(USPACE)" "1" + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --without-kbuild + + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install +else + cd $(DIR_APP) && ./configure \ + --with-kbuild=/usr/src/linux-$(KVER)/ + + cd $(DIR_APP) && make $(MAKETUNING) + + # Install the built kernel modules. + cd $(DIR_APP) && for f in $$(ls extensions/*.ko); do \ + install -m 644 $$f $(MODPATH); \ + done +endif + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/xz b/lfs/xz index fce7159..c1d3ef7 100644 --- a/lfs/xz +++ b/lfs/xz @@ -24,7 +24,7 @@
include Config
-VER = 5.0.5 +VER = 5.2.1
THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = aa17280f4521dbeebed0fbd11cd7fa30 +$(DL_FILE)_MD5 = b5e2dd95dc8498cea5354377ed89aa65
install : $(TARGET)
diff --git a/make.sh b/make.sh index 4deb3c8..835a3a6 100755 --- a/make.sh +++ b/make.sh @@ -17,7 +17,7 @@ # along with IPFire; if not, write to the Free Software # # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # # -# Copyright (C) 2007-2014 IPFire Team info@ipfire.org. # +# Copyright (C) 2007-2015 IPFire Team info@ipfire.org. # # # ############################################################################ # @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.17" # Version number -CORE="89" # Core Level (Filename) -PAKFIRE_CORE="89" # Core Level (PAKFIRE) +CORE="90" # Core Level (Filename) +PAKFIRE_CORE="90" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir @@ -36,7 +36,7 @@ BUILD_IMAGES=1 # Flash and Xen Downloader KVER=`grep --max-count=1 VER lfs/linux | awk '{ print $3 }'` GIT_TAG=$(git tag | tail -1) # Git Tag GIT_LASTCOMMIT=$(git log | head -n1 | cut -d" " -f2 |head -c8) # Last commit -TOOLCHAINVER=8 +TOOLCHAINVER=9
# New architecture variables BUILD_ARCH="$(uname -m)" @@ -383,6 +383,7 @@ buildipfire() { export LOGFILE ipfiremake configroot ipfiremake backup + ipfiremake pkg-config ipfiremake libusb ipfiremake libusbx ipfiremake libpcap @@ -403,6 +404,8 @@ buildipfire() { ipfiremake multipath-tools ipfiremake freetype ipfiremake grub + ipfiremake libmnl + ipfiremake iptables
case "${TARGET_ARCH}" in i586) @@ -411,8 +414,9 @@ buildipfire() { ipfiremake backports KCFG="-pae" ipfiremake cryptodev KCFG="-pae" ipfiremake e1000e KCFG="-pae" - ipfiremake igb KCFG="-pae" +# ipfiremake igb KCFG="-pae" ipfiremake ixgbe KCFG="-pae" + ipfiremake xtables-addons KCFG="-pae" ipfiremake linux-initrd KCFG="-pae"
# x86 kernel build @@ -420,8 +424,9 @@ buildipfire() { ipfiremake backports KCFG="" ipfiremake cryptodev KCFG="" ipfiremake e1000e KCFG="" - ipfiremake igb KCFG="" +# ipfiremake igb KCFG="" ipfiremake ixgbe KCFG="" + ipfiremake xtables-addons KCFG="" ipfiremake linux-initrd KCFG="" ;;
@@ -430,6 +435,7 @@ buildipfire() { ipfiremake linux KCFG="-rpi" ipfiremake backports KCFG="-rpi" ipfiremake cryptodev KCFG="-rpi" + ipfiremake xtables-addons KCFG="-rpi" ipfiremake linux-initrd KCFG="-rpi"
# arm multi platform (Panda, Wandboard ...) kernel build @@ -437,8 +443,9 @@ buildipfire() { ipfiremake backports KCFG="-multi" ipfiremake cryptodev KCFG="-multi" ipfiremake e1000e KCFG="-multi" - ipfiremake igb KCFG="-multi" +# ipfiremake igb KCFG="-multi" ipfiremake ixgbe KCFG="-multi" + ipfiremake xtables-addons KCFG="-multi" ipfiremake linux-initrd KCFG="-multi"
# arm-kirkwood (Dreamplug, ICY-Box ...) kernel build @@ -446,14 +453,15 @@ buildipfire() { ipfiremake backports KCFG="-kirkwood" ipfiremake cryptodev KCFG="-kirkwood" ipfiremake e1000e KCFG="-kirkwood" - ipfiremake igb KCFG="-kirkwood" +# ipfiremake igb KCFG="-kirkwood" ipfiremake ixgbe KCFG="-kirkwood" + ipfiremake xtables-addons KCFG="-kirkwood" ipfiremake linux-initrd KCFG="-kirkwood" ;; esac - ipfiremake pkg-config + ipfiremake xtables-addons USPACE="1" ipfiremake openssl - ipfiremake openssl-compat + [ "${TARGET_ARCH}" = "i586" ] && ipfiremake openssl KCFG='-sse2' ipfiremake libgpg-error ipfiremake libgcrypt ipfiremake libassuan @@ -499,7 +507,8 @@ buildipfire() { ipfiremake openldap ipfiremake apache2 ipfiremake php - ipfiremake apache2 PASS=C + ipfiremake web-user-interface + ipfiremake flag-icons ipfiremake jquery ipfiremake arping ipfiremake beep @@ -526,8 +535,6 @@ buildipfire() { ipfiremake mtools ipfiremake initscripts ipfiremake whatmask - ipfiremake libmnl - ipfiremake iptables ipfiremake conntrack-tools ipfiremake libupnp ipfiremake ipaddr @@ -810,6 +817,7 @@ buildipfire() { ipfiremake squid-accounting ipfiremake pigz ipfiremake tmux + ipfiremake perl-Text-CSV_XS ipfiremake swconfig ipfiremake haproxy } @@ -971,7 +979,7 @@ build)
cd $BASEDIR tools/checknewlog.pl - tools/checkwronginitlinks + tools/checkrootfiles cd $PWD
beautify build_end diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index c383652..8ca02bc 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -179,6 +179,11 @@ iptables_init() { iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT fi
+ # GeoIP block + iptables -N GEOIPBLOCK + iptables -A INPUT -j GEOIPBLOCK + iptables -A FORWARD -j GEOIPBLOCK + # trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything iptables -N IPSECINPUT iptables -N IPSECFORWARD diff --git a/src/initscripts/init.d/hostapd b/src/initscripts/init.d/hostapd index 1e7cec4..209f969 100644 --- a/src/initscripts/init.d/hostapd +++ b/src/initscripts/init.d/hostapd @@ -2,7 +2,7 @@ . /etc/sysconfig/rc . ${rc_functions}
-CHANNEL="05" +CHANNEL="6" COUNTRY="00" TXPOWER="auto" INTERFACE="blue0" @@ -38,9 +38,6 @@ case "${1}" in if [ -e "/sys/class/net/$INTERFACE/phy80211" ]; then DRIVER="NL80211" driver="nl80211" - elif [ -e "/sys/class/net/$INTERFACE/madwifi_name_type" ]; then - DRIVER="MADWIFI" - driver="madwifi" elif [ "$(/bin/grep hostap /sys/class/net/$INTERFACE/uevent)" != "" ]; then DRIVER="HOSTAP" driver="hostap" @@ -60,14 +57,7 @@ case "${1}" in chmod 644 /var/ipfire/wlanap/settings.tmp mv /var/ipfire/wlanap/settings.tmp /var/ipfire/wlanap/settings
- if [ "$DRIVER" == "MADWIFI" ]; then - if [ "$(/usr/sbin/iwconfig $INTERFACE | /bin/grep "Mode:Master")" == "" ]; then - boot_mesg "Setting MADWIFI wlan $INTERFACE to Master mode... " - # Set Atheros Cards to master mode - /usr/bin/wlanconfig $INTERFACE destroy > /dev/null - /usr/bin/wlanconfig $INTERFACE create wlandev wifi0 wlanmode ap > /dev/null - fi - elif [ "$DRIVER" == "HOSTAP" ]; then + if [ "$DRIVER" == "HOSTAP" ]; then if [ "$(/usr/sbin/iwconfig $INTERFACE | /bin/grep "Mode:Master")" == "" ]; then boot_mesg "Setting HOSTAP wlan $INTERFACE to Master mode... " # Set Prism Cards to master mode @@ -87,23 +77,7 @@ case "${1}" in
/usr/bin/hostapd -P /var/run/hostapd /etc/hostapd.conf >/dev/null 2>&1 &
- sleep 2 - - if [ $DRIVER == "MADWIFI" ]; then - iwpriv $INTERFACE maccmd 3 - if [ $MACMODE != 0 ]; then - FILE="/var/ipfire/wlanap/macfile" - exec < $FILE - while read LINE - do - iwpriv $INTERFACE addmac $LINE - done - - iwpriv $INTERFACE maccmd $MACMODE - fi - fi - - sleep 2 + sleep 3
if [ "$(/usr/sbin/iwconfig $INTERFACE | /bin/grep "Mode:Master")" == "" ]; then killproc /usr/bin/hostapd > /dev/null 2>&1 diff --git a/src/initscripts/init.d/network-trigger b/src/initscripts/init.d/network-trigger new file mode 100644 index 0000000..0d9de45 --- /dev/null +++ b/src/initscripts/init.d/network-trigger @@ -0,0 +1,22 @@ +#!/bin/sh +######################################################################## +# Begin $rc_base/init.d/network-trigger +######################################################################## + +. /etc/sysconfig/rc +. ${rc_functions} + +case "${1}" in + start) + boot_mesg "Triggering network devices..." + udevadm trigger --action="add" --subsystem-match="net" + evaluate_retval + ;; + + *) + echo "Usage: ${0} {start}" + exit 1 + ;; +esac + +# End $rc_base/init.d/network-trigger diff --git a/src/initscripts/init.d/networking/functions.network b/src/initscripts/init.d/networking/functions.network index f459b77..1af3482 100644 --- a/src/initscripts/init.d/networking/functions.network +++ b/src/initscripts/init.d/networking/functions.network @@ -75,7 +75,7 @@ dhcpcd_start() { fi
# Start dhcpcd. - /sbin/dhcpcd "${device}" "${dhcp_start}" >/dev/null 2>&1 + /sbin/dhcpcd ${dhcp_start} ${device} >/dev/null 2>&1 ret="$?"
if [ "${ret}" -eq 0 ]; then @@ -124,7 +124,7 @@ dhcpcd_stop() { fi
# Stop dhcpcd. - /sbin/dhcpcd "${device}" "${dhcp_stop}" &> /dev/null + /sbin/dhcpcd ${dhcp_stop} ${device} &> /dev/null ret="$?"
# Wait until dhcpd has stopped. diff --git a/src/initscripts/init.d/networking/red.up/99-geoip-database b/src/initscripts/init.d/networking/red.up/99-geoip-database new file mode 100644 index 0000000..4bd3ee2 --- /dev/null +++ b/src/initscripts/init.d/networking/red.up/99-geoip-database @@ -0,0 +1,23 @@ +#!/bin/bash + +# Get the GeoIP database if no one exists yet. + +DIR="/usr/share/xt_geoip/*" + +found=false + +# Check if the directory contains any data. +for i in $DIR; do + # Ignore "." and ".." + if [ -d "$i" ]; then + found=true + break + fi +done + +# Download ruleset if none has been found. +if ! ${found}; then + /usr/local/bin/xt_geoip_update >/dev/null 2>&1 +fi + +exit 0 diff --git a/src/initscripts/init.d/nfs-server b/src/initscripts/init.d/nfs-server index 397722c..15284e8 100644 --- a/src/initscripts/init.d/nfs-server +++ b/src/initscripts/init.d/nfs-server @@ -27,13 +27,9 @@ case "$1" in loadproc /usr/sbin/rpc.rquotad fi
- # NFSD support only in 2.6 kernel - /bin/uname -r | /bin/grep "2.6" 2>&1 > /dev/null - if [ $? = 0 ]; then - boot_mesg "Mounting nfsd virtual filesystem..." - /bin/mount -t nfsd none /proc/fs/nfsd 2>&1 > /dev/null - evaluate_retval - fi + boot_mesg "Mounting nfsd virtual filesystem..." + /bin/mount -t nfsd none /proc/fs/nfsd 2>&1 > /dev/null + evaluate_retval
# Make ceratin that the list is refreshed on # a restart. @@ -62,13 +58,9 @@ case "$1" in /usr/sbin/exportfs -au 2>&1 > /dev/null evaluate_retval
- # NFSD support only in 2.6 kernel - /bin/uname -r | /bin/grep "2.6" 2>&1 > /dev/null - if [ $? = 0 ]; then - boot_mesg "Unmounting NFS Virtual Filesystem..." - /bin/umount /proc/fs/nfsd 2>&1 > /dev/null - evaluate_retval - fi + boot_mesg "Unmounting NFS Virtual Filesystem..." + /bin/umount /proc/fs/nfsd 2>&1 > /dev/null + evaluate_retval
# Remove a pid file that isn't done automatically boot_mesg "Removing the rpc.statd pid file if it exists" diff --git a/src/installer/main.c b/src/installer/main.c index 358b2c4..c420de3 100644 --- a/src/installer/main.c +++ b/src/installer/main.c @@ -271,6 +271,7 @@ static struct lang { static struct config { int unattended; int serial_console; + int novga; int require_networking; int perform_download; int disable_swap; @@ -280,6 +281,7 @@ static struct config { } config = { .unattended = 0, .serial_console = 0, + .novga = 0, .require_networking = 0, .perform_download = 0, .disable_swap = 0, @@ -309,6 +311,10 @@ static void parse_command_line(struct config* c) { if ((strcmp(key, "console") == 0) && (strncmp(val, "ttyS", 4) == 0)) c->serial_console = 1;
+ // novga + else if (strcmp(key, "novga") == 0) + c->novga = 1; + // enable networking? else if (strcmp(token, "installer.net") == 0) c->require_networking = 1; @@ -825,6 +831,19 @@ int main(int argc, char *argv[]) { replace("/harddisk/etc/inittab", "#7:2345:respawn:", "7:2345:respawn:"); }
+ /* novga */ + if (config.novga) { + /* grub */ + FILE* f = fopen(DESTINATION_MOUNT_PATH "/etc/default/grub", "a"); + if (!f) { + errorbox(_("Unable to open /etc/default/grub for writing.")); + goto EXIT; + } + + fprintf(f, "GRUB_GFXMODE="none"\n"); + fclose(f); + } + rc = hw_install_bootloader(destination, logfile); if (rc) { errorbox(_("Unable to install the bootloader.")); @@ -833,8 +852,11 @@ int main(int argc, char *argv[]) {
newtPopWindow();
- /* Set marker that the user has already accepted the gpl */ - mysystem(logfile, "/usr/bin/touch /harddisk/var/ipfire/main/gpl_accepted"); + /* Set marker that the user has already accepted the GPL if the license has been shown + * in the installation process. In unatteded mode, the user will be presented the + * license when he or she logs on to the web user interface for the first time. */ + if (!config.unattended) + mysystem(logfile, "/usr/bin/touch /harddisk/var/ipfire/main/gpl_accepted");
/* Copy restore file from cdrom */ char* backup_file = hw_find_backup_file(logfile, SOURCE_MOUNT_PATH); diff --git a/src/installer/po/pt_BR.po b/src/installer/po/pt_BR.po index 4a5d137..e78c1b4 100644 --- a/src/installer/po/pt_BR.po +++ b/src/installer/po/pt_BR.po @@ -6,13 +6,14 @@ # André Felipe Morro andre@andremorro.com, 2014 # Evertton de Lima e.everttonlima@gmail.com, 2015 # Leandro Luquetti Basilio da Silva leandroluquetti@gmail.com, 2014 +# Moisés Bites Borges de Castro moisesbites@gmail.com, 2015 msgid "" msgstr "" "Project-Id-Version: IPFire Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2014-11-05 01:29+0000\n" -"PO-Revision-Date: 2015-02-16 23:04+0000\n" -"Last-Translator: Evertton de Lima e.everttonlima@gmail.com\n" +"PO-Revision-Date: 2015-03-24 21:30+0000\n" +"Last-Translator: Moisés Bites Borges de Castro moisesbites@gmail.com\n" "Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/ipfire/language/pt_BR/)%5Cn" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -76,13 +77,13 @@ msgid "" "No source drive could be found.\n" "\n" "You can try downloading the required installation image." -msgstr "" +msgstr "Nenhum Drive de origem foi encontrado.\n\nVocê pode tentar baixar a imagem da instalação solicitada. "
#: main.c:456 msgid "" "Please make sure to connect your machine to a network and the installer will" " try connect to acquire an IP address." -msgstr "" +msgstr "Por favor certifique que sua máquina está conectada com uma rede e o instalador irá tentar conectar para pegar um endereço IP;"
#: main.c:460 msgid "Download installation image" @@ -110,7 +111,7 @@ msgstr "Baixando imagem de instalação..." #: main.c:510 #, c-format msgid "MD5 checksum mismatch" -msgstr "" +msgstr "Assinatura MD5 incompatível"
#: main.c:513 #, c-format @@ -301,15 +302,15 @@ msgstr "Não"
#: main.c:834 msgid "An error occured when the backup file was restored." -msgstr "Um erro ocorreu enquanto a cópia de segurança foi restaurada." +msgstr "Um erro ocorreu enquanto a cópia de segurança era restaurada."
#: main.c:869 msgid "Running post-install script..." -msgstr "Executando post-install script..." +msgstr "Executando script pós instalação..."
#: main.c:870 msgid "Post-install script failed." -msgstr "Post-install script falhou." +msgstr "Script de pós instalação falhou."
#: main.c:877 #, c-format @@ -317,7 +318,7 @@ msgid "" "%s was successfully installed!\n" "\n" "Please remove any installation mediums from this system and hit the reboot button. Once the system has restarted you will be asked to setup networking and system passwords. After that, you should point your web browser at https://%s:444 (or what ever you name your %s) for the web configuration console." -msgstr "" +msgstr "%s está instalado com sucesso!\n\nPor favor, remova qualquer mídia de instalação desse sistema e o reinicie. Assim que o sistema for reiniciado você será solicitado a configurar a rede e especificar as senhas de sistema. Após isso, você deve apontar seu navegador para https://%s:444 (ou use nome de %s) para a página de configuração web."
#: main.c:882 msgid "Congratulations!" diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index 43e6a90..e4bf049 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -31,7 +31,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \ redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \ smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \ - getconntracktable wirelessclient dnsmasqctrl torctrl + getconntracktable wirelessclient dnsmasqctrl torctrl ddnsctrl SUID_UPDX = updxsetperms
OBJS = $(patsubst %,%.o,$(PROGS) $(SUID_PROGS)) diff --git a/src/misc-progs/ddnsctrl.c b/src/misc-progs/ddnsctrl.c new file mode 100644 index 0000000..7c41033 --- /dev/null +++ b/src/misc-progs/ddnsctrl.c @@ -0,0 +1,37 @@ +/* This file is part of the IPFire Firewall. +* +* This program is distributed under the terms of the GNU General Public +* Licence. See the file COPYING for details. +* +*/ + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> + +#include "setuid.h" + +const char *conffile = "/var/ipfire/ddns/ddns.conf"; + +int main(int argc, char *argv[]) { + char cmd[STRING_SIZE]; + + if (!(initsetuid())) + exit(1); + + if (argc < 2) { + fprintf(stderr, "\nNo argument given.\n\nddnsctrl (update-all)\n\n"); + exit(1); + } + + if (strcmp(argv[1], "update-all") == 0) { + snprintf(cmd, sizeof(cmd), "/usr/bin/ddns --config %s update-all >/dev/null 2>&1", conffile); + safe_system(cmd); + } else { + fprintf(stderr, "\nBad argument given.\n\nddnsctrl (update-all)\n\n"); + exit(1); + } + + return 0; +} diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c index eb3fc49..e99202d 100644 --- a/src/misc-progs/ipsecctrl.c +++ b/src/misc-progs/ipsecctrl.c @@ -58,36 +58,26 @@ static void ipsec_reload() { void open_physical (char *interface, int nat_traversal_port) { char str[STRING_SIZE];
- // GRE ??? -// sprintf(str, "/sbin/iptables -A " phystable " -p 47 -i %s -j ACCEPT", interface); -// safe_system(str); - // ESP -// sprintf(str, "/sbin/iptables -A " phystable " -p 50 -i %s -j ACCEPT", interface); -// safe_system(str); - // AH -// sprintf(str, "/sbin/iptables -A " phystable " -p 51 -i %s -j ACCEPT", interface); -// safe_system(str); // IKE - - sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface); + sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface); safe_system(str); - sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface); + sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface); safe_system(str);
if (! nat_traversal_port) return;
- sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port); + sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port); safe_system(str); - sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port); + sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port); safe_system(str); }
void ipsec_norules() { /* clear input rules */ - safe_system("/sbin/iptables -F IPSECINPUT"); - safe_system("/sbin/iptables -F IPSECFORWARD"); - safe_system("/sbin/iptables -F IPSECOUTPUT"); + safe_system("/sbin/iptables --wait -F IPSECINPUT"); + safe_system("/sbin/iptables --wait -F IPSECFORWARD"); + safe_system("/sbin/iptables --wait -F IPSECOUTPUT"); }
/* diff --git a/src/patches/backports-3.18.1-1_rt2x00usb_suppress_queue_warnings.patch b/src/patches/backports-3.18.1-1_rt2x00usb_suppress_queue_warnings.patch new file mode 100644 index 0000000..3f9308e --- /dev/null +++ b/src/patches/backports-3.18.1-1_rt2x00usb_suppress_queue_warnings.patch @@ -0,0 +1,42 @@ +diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2800usb.c backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2800usb.c +--- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2800usb.c 2014-12-21 22:37:14.000000000 +0100 ++++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2800usb.c 2015-04-07 11:44:16.647963570 +0200 +@@ -444,7 +444,7 @@ + + rt2x00usb_register_read(rt2x00dev, TXRXQ_PCNT, ®); + if (rt2x00_get_field32(reg, TXRXQ_PCNT_TX0Q)) { +- rt2x00_warn(rt2x00dev, "TX HW queue 0 timed out, invoke forced kick\n"); ++ rt2x00_dbg(rt2x00dev, "TX HW queue 0 timed out, invoke forced kick\n"); + + rt2x00usb_register_write(rt2x00dev, PBF_CFG, 0xf40012); + +@@ -459,7 +459,7 @@ + + rt2x00usb_register_read(rt2x00dev, TXRXQ_PCNT, ®); + if (rt2x00_get_field32(reg, TXRXQ_PCNT_TX1Q)) { +- rt2x00_warn(rt2x00dev, "TX HW queue 1 timed out, invoke forced kick\n"); ++ rt2x00_dbg(rt2x00dev, "TX HW queue 1 timed out, invoke forced kick\n"); + + rt2x00usb_register_write(rt2x00dev, PBF_CFG, 0xf4000a); + +@@ -609,7 +609,7 @@ + + if (unlikely(test_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags) || + !test_bit(ENTRY_DATA_STATUS_PENDING, &entry->flags))) { +- rt2x00_warn(rt2x00dev, "Data pending for entry %u in queue %u\n", ++ rt2x00_dbg(rt2x00dev, "Data pending for entry %u in queue %u\n", + entry->entry_idx, qid); + break; + } +diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00usb.c backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00usb.c +--- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00usb.c 2014-12-21 22:37:14.000000000 +0100 ++++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00usb.c 2015-04-07 11:42:41.723492892 +0200 +@@ -524,7 +524,7 @@ + + static void rt2x00usb_watchdog_tx_dma(struct data_queue *queue) + { +- rt2x00_warn(queue->rt2x00dev, "TX queue %d DMA timed out, invoke forced forced reset\n", ++ rt2x00_dbg(queue->rt2x00dev, "TX queue %d DMA timed out, invoke forced reset\n", + queue->qid); + + rt2x00queue_stop_queue(queue); diff --git a/src/patches/cyrus-sasl-2.1.22-bad-elif.patch b/src/patches/cyrus-sasl-2.1.22-bad-elif.patch deleted file mode 100644 index 33550c4..0000000 --- a/src/patches/cyrus-sasl-2.1.22-bad-elif.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cyrus-sasl-2.1.22/plugins/digestmd5.c.elif cyrus-sasl-2.1.22/plugins/digestmd5.c ---- cyrus-sasl-2.1.22/plugins/digestmd5.c.elif 2009-01-23 09:40:31.000000000 +0100 -+++ cyrus-sasl-2.1.22/plugins/digestmd5.c 2009-02-06 15:20:15.000000000 +0100 -@@ -2743,7 +2743,7 @@ static sasl_server_plug_t digestmd5_serv - "DIGEST-MD5", /* mech_name */ - #ifdef WITH_RC4 - 128, /* max_ssf */ --#elif WITH_DES -+#elif defined(WITH_DES) - 112, - #else - 1, -@@ -4071,7 +4071,7 @@ static sasl_client_plug_t digestmd5_clie - "DIGEST-MD5", - #ifdef WITH_RC4 /* mech_name */ - 128, /* max ssf */ --#elif WITH_DES -+#elif defined(WITH_DES) - 112, - #else - 1, diff --git a/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch b/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch new file mode 100644 index 0000000..c9b893e --- /dev/null +++ b/src/patches/ddns/001-ddns-007-perform-lazy-database-init.patch @@ -0,0 +1,89 @@ +commit 63e16feedea3639ef1f21fecbff9ed2ae256728b +Author: Michael Tremer michael.tremer@ipfire.org +Date: Sat Apr 25 13:18:07 2015 +0200 + + Perform lazy initialization of the database + + The database will only be initialized when it is actually + needed. That makes starting up ddns a bit faster and allows + us to execute it as non-root for simple commands like + "list-providers". + + If the database path is not writable at all, the database + feature is disable and an error message is logged. This + will hopefully help us to perform the DNS update even when + there is a local misconfiguration. + +diff --git a/src/ddns/database.py b/src/ddns/database.py +index 5d4ffc9..42c3433 100644 +--- a/src/ddns/database.py ++++ b/src/ddns/database.py +@@ -20,7 +20,7 @@ + ############################################################################### + + import datetime +-import os.path ++import os + import sqlite3 + + # Initialize the logger. +@@ -31,9 +31,11 @@ logger.propagate = 1 + class DDNSDatabase(object): + def __init__(self, core, path): + self.core = core ++ self.path = path + +- # Open the database file +- self._db = self._open_database(path) ++ # We won't open the connection to the database directly ++ # so that we do not do it unnecessarily. ++ self._db = None + + def __del__(self): + self._close_database() +@@ -46,7 +48,7 @@ class DDNSDatabase(object): + conn = sqlite3.connect(path, detect_types=sqlite3.PARSE_DECLTYPES|sqlite3.PARSE_COLNAMES) + conn.isolation_level = None + +- if not exists: ++ if not exists and self.is_writable(): + logger.debug("Initialising database layout") + c = conn.cursor() + c.executescript(""" +@@ -68,12 +70,25 @@ class DDNSDatabase(object): + + return conn + ++ def is_writable(self): ++ # Check if the database file exists and is writable. ++ ret = os.access(self.path, os.W_OK) ++ if ret: ++ return True ++ ++ # If not, we check if we are able to write to the directory. ++ # In that case the database file will be created in _open_database(). ++ return os.access(os.path.dirname(self.path), os.W_OK) ++ + def _close_database(self): + if self._db: + self._db_close() + self._db = None + + def _execute(self, query, *parameters): ++ if self._db is None: ++ self._db = self._open_database(self.path) ++ + c = self._db.cursor() + try: + c.execute(query, parameters) +@@ -81,6 +96,10 @@ class DDNSDatabase(object): + c.close() + + def add_update(self, hostname, status, message=None): ++ if not self.is_writable(): ++ logger.warning("Could not log any updates because the database is not writable") ++ return ++ + self._execute("INSERT INTO updates(hostname, status, message, timestamp) \ + VALUES(?, ?, ?, ?)", hostname, status, message, datetime.datetime.utcnow()) + diff --git a/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch b/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch new file mode 100644 index 0000000..19534f3 --- /dev/null +++ b/src/patches/ddns/002-ddns-007-also-open-database-for-search-operations.patch @@ -0,0 +1,40 @@ +commit f62fa5baffe2d225604460ecd03b8159b987df8f +Author: Michael Tremer michael.tremer@ipfire.org +Date: Sun Apr 26 20:15:33 2015 +0200 + + database: Open database for the search operations, too + +diff --git a/src/ddns/database.py b/src/ddns/database.py +index 42c3433..70a7363 100644 +--- a/src/ddns/database.py ++++ b/src/ddns/database.py +@@ -122,6 +122,9 @@ class DDNSDatabase(object): + """ + Returns the timestamp of the last update (with the given status code). + """ ++ if self._db is None: ++ self._db = self._open_database(self.path) ++ + c = self._db.cursor() + + try: +@@ -141,6 +144,9 @@ class DDNSDatabase(object): + """ + Returns the update status of the last update. + """ ++ if self._db is None: ++ self._db = self._open_database(self.path) ++ + c = self._db.cursor() + + try: +@@ -156,6 +162,9 @@ class DDNSDatabase(object): + """ + Returns the reason string for the last failed update (if any). + """ ++ if self._db is None: ++ self._db = self._open_database(self.path) ++ + c = self._db.cursor() + + try: diff --git a/src/patches/ddns/ddns-005-Add-changeip-com.patch b/src/patches/ddns/ddns-005-Add-changeip-com.patch deleted file mode 100644 index 15bcd46..0000000 --- a/src/patches/ddns/ddns-005-Add-changeip-com.patch +++ /dev/null @@ -1,85 +0,0 @@ -commit 78046ffe2187d91c61d6c2f910249b8a5be71b08 -Author: Stefan Schantl stefan.schantl@ipfire.org -Date: Wed Oct 22 21:39:09 2014 +0200 - - Add changeip.com as new provider. - - Fixes #10639. - -diff --git a/README b/README -index 5944102..6a06f4b 100644 ---- a/README -+++ b/README -@@ -49,6 +49,7 @@ INSTALLATION: - - SUPPORTED PROVIDERS: - all-inkl.com -+ changeip.com - dhs.org - dns.lightningwirelabs.com - dnspark.com -diff --git a/ddns.conf.sample b/ddns.conf.sample -index d3ac53f..0048a46 100644 ---- a/ddns.conf.sample -+++ b/ddns.conf.sample -@@ -30,6 +30,11 @@ - # secret = XYZ - # ttl = 60 - -+# [test.changeip.com] -+# provider = changeip.com -+# username = user -+# password = pass -+ - # [test.dhs.org] - # provider = dhs.org - # username = user -diff --git a/src/ddns/providers.py b/src/ddns/providers.py -index 1e88995..587d5ff 100644 ---- a/src/ddns/providers.py -+++ b/src/ddns/providers.py -@@ -539,6 +539,44 @@ class DDNSProviderBindNsupdate(DDNSProvider): - return "\n".join(scriptlet) - - -+class DDNSProviderChangeIP(DDNSProvider): -+ handle = "changeip.com" -+ name = "ChangeIP.com" -+ website = "https://changeip.com" -+ protocols = ("ipv4",) -+ -+ # Detailed information about the update api can be found here. -+ # http://www.changeip.com/accounts/knowledgebase.php?action=displayarticle&... -+ -+ url = "https://nic.changeip.com/nic/update" -+ can_remove_records = False -+ -+ def update_protocol(self, proto): -+ data = { -+ "hostname" : self.hostname, -+ "myip" : self.get_address(proto), -+ } -+ -+ # Send update to the server. -+ try: -+ response = self.send_request(self.url, username=self.username, password=self.password, -+ data=data) -+ -+ # Handle error codes. -+ except urllib2.HTTPError, e: -+ if e.code == 422: -+ raise DDNSRequestError(_("Domain not found.")) -+ -+ raise -+ -+ # Handle success message. -+ if response.code == 200: -+ return -+ -+ # If we got here, some other update error happened. -+ raise DDNSUpdateError(_("Server response: %s") % output) -+ -+ - class DDNSProviderDHS(DDNSProvider): - handle = "dhs.org" - name = "DHS International" diff --git a/src/patches/ddns/ddns-005-SPDNS-fix-auth.patch b/src/patches/ddns/ddns-005-SPDNS-fix-auth.patch deleted file mode 100644 index 1d91baa..0000000 --- a/src/patches/ddns/ddns-005-SPDNS-fix-auth.patch +++ /dev/null @@ -1,23 +0,0 @@ -commit 25f39b4e437627bd1a49393280271d59ad28b86e -Author: Stefan Schantl stefan.schantl@ipfire.org -Date: Mon Jan 5 21:37:55 2015 +0100 - - spdns.de: Fix authentication. - - There was a simple copy and paste issue which prevents a - correct authentication with username and password against the - providers API. - -diff --git a/src/ddns/providers.py b/src/ddns/providers.py -index 587d5ff..bcfb088 100644 ---- a/src/ddns/providers.py -+++ b/src/ddns/providers.py -@@ -1271,7 +1271,7 @@ class DDNSProviderSPDNS(DDNSProtocolDynDNS2, DDNSProvider): - - @property - def password(self): -- return self.get("username") or self.token -+ return self.get("password") or self.token - - - class DDNSProviderStrato(DDNSProtocolDynDNS2, DDNSProvider): diff --git a/src/patches/dhcp-4.2.0-PPP.patch b/src/patches/dhcp-4.2.0-PPP.patch deleted file mode 100644 index bef2be7..0000000 --- a/src/patches/dhcp-4.2.0-PPP.patch +++ /dev/null @@ -1,150 +0,0 @@ -diff -up dhcp-4.2.0-P1/client/dhc6.c.PPP dhcp-4.2.0-P1/client/dhc6.c ---- dhcp-4.2.0-P1/client/dhc6.c.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/client/dhc6.c 2010-11-09 15:54:12.000000000 +0100 -@@ -129,7 +129,7 @@ extern int stateless; - * is not how it is intended. Upcoming rearchitecting the client should - * address this "one daemon model." - */ --void -+isc_result_t - form_duid(struct data_string *duid, const char *file, int line) - { - struct interface_info *ip; -@@ -141,6 +141,15 @@ form_duid(struct data_string *duid, cons - if (ip == NULL) - log_fatal("Impossible condition at %s:%d.", MDL); - -+ while (ip && ip->hw_address.hbuf[0] == HTYPE_RESERVED) { -+ /* Try the other interfaces */ -+ log_debug("Cannot form default DUID from interface %s.", ip->name); -+ ip = ip->next; -+ } -+ if (ip == NULL) { -+ return ISC_R_UNEXPECTED; -+ } -+ - if ((ip->hw_address.hlen == 0) || - (ip->hw_address.hlen > sizeof(ip->hw_address.hbuf))) - log_fatal("Impossible hardware address length at %s:%d.", MDL); -@@ -176,6 +185,8 @@ form_duid(struct data_string *duid, cons - memcpy(duid->buffer->data + 4, ip->hw_address.hbuf + 1, - ip->hw_address.hlen - 1); - } -+ -+ return ISC_R_SUCCESS; - } - - /* -@@ -5289,7 +5300,8 @@ make_client6_options(struct client_state - */ - if ((oc = lookup_option(&dhcpv6_universe, *op, - D6O_CLIENTID)) == NULL) { -- if (!option_cache(&oc, &default_duid, NULL, clientid_option, -+ if (default_duid.len == 0 || -+ !option_cache(&oc, &default_duid, NULL, clientid_option, - MDL)) - log_fatal("Failure assembling a DUID."); - -diff -up dhcp-4.2.0-P1/client/dhclient.c.PPP dhcp-4.2.0-P1/client/dhclient.c ---- dhcp-4.2.0-P1/client/dhclient.c.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/client/dhclient.c 2010-11-09 15:37:26.000000000 +0100 -@@ -911,8 +911,8 @@ main(int argc, char **argv) { - if (default_duid.buffer != NULL) - data_string_forget(&default_duid, MDL); - -- form_duid(&default_duid, MDL); -- write_duid(&default_duid); -+ if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS) -+ write_duid(&default_duid); - } - - for (ip = interfaces ; ip != NULL ; ip = ip->next) { -diff -up dhcp-4.2.0-P1/common/bpf.c.PPP dhcp-4.2.0-P1/common/bpf.c ---- dhcp-4.2.0-P1/common/bpf.c.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/common/bpf.c 2010-11-09 15:42:42.000000000 +0100 -@@ -599,6 +599,22 @@ get_hw_addr(const char *name, struct har - memcpy(&hw->hbuf[1], LLADDR(sa), sa->sdl_alen); - break; - #endif /* IFT_FDDI */ -+#if defined(IFT_PPP) -+ case IFT_PPP: -+ if (local_family != AF_INET6) -+ log_fatal("Unsupported device type %d for "%s"", -+ sa->sdl_type, name); -+ hw->hlen = 0; -+ hw->hbuf[0] = HTYPE_RESERVED; -+ /* 0xdeadbeef should never occur on the wire, -+ * and is a signature that something went wrong. -+ */ -+ hw->hbuf[1] = 0xde; -+ hw->hbuf[2] = 0xad; -+ hw->hbuf[3] = 0xbe; -+ hw->hbuf[4] = 0xef; -+ break; -+#endif - default: - log_fatal("Unsupported device type %d for "%s"", - sa->sdl_type, name); -diff -up dhcp-4.2.0-P1/common/lpf.c.PPP dhcp-4.2.0-P1/common/lpf.c ---- dhcp-4.2.0-P1/common/lpf.c.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/common/lpf.c 2010-11-09 15:45:40.000000000 +0100 -@@ -502,6 +502,22 @@ get_hw_addr(const char *name, struct har - hw->hbuf[0] = HTYPE_FDDI; - memcpy(&hw->hbuf[1], sa->sa_data, 16); - break; -+#if defined(ARPHRD_PPP) -+ case ARPHRD_PPP: -+ if (local_family != AF_INET6) -+ log_fatal("Unsupported device type %d for "%s"", -+ sa->sa_family, name); -+ hw->hlen = 0; -+ hw->hbuf[0] = HTYPE_RESERVED; -+ /* 0xdeadbeef should never occur on the wire, -+ * and is a signature that something went wrong. -+ */ -+ hw->hbuf[1] = 0xde; -+ hw->hbuf[2] = 0xad; -+ hw->hbuf[3] = 0xbe; -+ hw->hbuf[4] = 0xef; -+ break; -+#endif - default: - log_fatal("Unsupported device type %ld for "%s"", - (long int)sa->sa_family, name); -diff -up dhcp-4.2.0-P1/includes/dhcpd.h.PPP dhcp-4.2.0-P1/includes/dhcpd.h ---- dhcp-4.2.0-P1/includes/dhcpd.h.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/includes/dhcpd.h 2010-11-09 15:46:58.000000000 +0100 -@@ -2733,7 +2733,7 @@ void dhcpv4_client_assignments(void); - void dhcpv6_client_assignments(void); - - /* dhc6.c */ --void form_duid(struct data_string *duid, const char *file, int line); -+isc_result_t form_duid(struct data_string *duid, const char *file, int line); - void dhc6_lease_destroy(struct dhc6_lease **src, const char *file, int line); - void start_init6(struct client_state *client); - void start_info_request6(struct client_state *client); -diff -up dhcp-4.2.0-P1/includes/dhcp.h.PPP dhcp-4.2.0-P1/includes/dhcp.h ---- dhcp-4.2.0-P1/includes/dhcp.h.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/includes/dhcp.h 2010-11-09 15:48:53.000000000 +0100 -@@ -80,6 +80,8 @@ struct dhcp_packet { - #define HTYPE_IEEE802 6 /* IEEE 802.2 Token Ring... */ - #define HTYPE_FDDI 8 /* FDDI... */ - -+#define HTYPE_RESERVED 0 /* RFC 5494 */ -+ - /* Magic cookie validating dhcp options field (and bootp vendor - extensions field). */ - #define DHCP_OPTIONS_COOKIE "\143\202\123\143" -diff -up dhcp-4.2.0-P1/server/dhcpv6.c.PPP dhcp-4.2.0-P1/server/dhcpv6.c ---- dhcp-4.2.0-P1/server/dhcpv6.c.PPP 2010-11-05 10:47:37.000000000 +0100 -+++ dhcp-4.2.0-P1/server/dhcpv6.c 2010-11-09 15:50:17.000000000 +0100 -@@ -300,6 +300,9 @@ generate_new_server_duid(void) { - if (p->hw_address.hlen > 0) { - break; - } -+ if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) { -+ log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!"); -+ } - } - if (p == NULL) { - return ISC_R_UNEXPECTED; diff --git a/src/patches/dhcp-4.2.0-UseMulticast.patch b/src/patches/dhcp-4.2.0-UseMulticast.patch deleted file mode 100644 index 319344a..0000000 --- a/src/patches/dhcp-4.2.0-UseMulticast.patch +++ /dev/null @@ -1,229 +0,0 @@ -diff -up dhcp-4.2.0/server/dhcpv6.c.UseMulticast dhcp-4.2.0/server/dhcpv6.c ---- dhcp-4.2.0/server/dhcpv6.c.UseMulticast 2010-06-01 19:30:00.000000000 +0200 -+++ dhcp-4.2.0/server/dhcpv6.c 2010-07-21 16:17:30.000000000 +0200 -@@ -346,6 +346,48 @@ generate_new_server_duid(void) { - } - - /* -+ * Is the D6O_UNICAST option defined in dhcpd.conf ? -+ */ -+static isc_boolean_t unicast_option_defined; -+ -+/* -+ * Did we already search dhcpd.conf for D6O_UNICAST option ? -+ * We need to store it here to not parse dhcpd.conf repeatedly. -+ */ -+static isc_boolean_t unicast_option_parsed = ISC_FALSE; -+ -+ -+/* -+ * Is the D6O_UNICAST option defined in dhcpd.conf ? -+ */ -+isc_boolean_t -+is_unicast_option_defined(void) { -+ struct option_state *opt_state; -+ struct option_cache *oc; -+ -+ /* -+ * If we are looking for the unicast option for the first time -+ */ -+ if (unicast_option_parsed == ISC_FALSE) { -+ unicast_option_parsed = ISC_TRUE; -+ opt_state = NULL; -+ if (!option_state_allocate(&opt_state, MDL)) { -+ log_fatal("No memory for option state."); -+ } -+ -+ execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, -+ opt_state, &global_scope, root_group, NULL); -+ -+ oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST); -+ unicast_option_defined = (oc != NULL); -+ -+ option_state_dereference(&opt_state, MDL); -+ } -+ -+ return (unicast_option_defined); -+} -+ -+/* - * Get the client identifier from the packet. - */ - isc_result_t -@@ -1405,6 +1447,56 @@ lease_to_client(struct data_string *repl - reply.shared->group); - } - -+ /* reject unicast message, unless we set unicast option */ -+ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) -+ /* -+ * RFC3315 section 18.2.1 (Request): -+ * -+ * When the server receives a Request message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Request message and responds with a Reply message -+ * containing a Status Code option with the value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ * -+ * Section 18.2.3 (Renew): -+ * -+ * When the server receives a Renew message via unicast from a client to -+ * which the server has not sent a unicast option, the server discards -+ * the Renew message and responds with a Reply message containing a -+ * Status Code option with the value UseMulticast, a Server Identifier -+ * option containing the server's DUID, the Client Identifier option -+ * from the client message, and no other options. -+ */ -+ { -+ /* Set the UseMulticast status code. */ -+ if (!set_status_code(STATUS_UseMulticast, -+ "Unicast not allowed by server.", -+ reply.opt_state)) { -+ log_error("lease_to_client: Unable to set " -+ "UseMulticast status code."); -+ goto exit; -+ } -+ -+ /* Rewind the cursor to the start. */ -+ reply.cursor = REPLY_OPTIONS_INDEX; -+ -+ /* -+ * Produce an reply that includes only: -+ * -+ * Status code. -+ * Server DUID. -+ * Client DUID. -+ */ -+ reply.cursor += store_options6((char *)reply.buf.data + -+ reply.cursor, -+ sizeof(reply.buf) - -+ reply.cursor, -+ reply.opt_state, reply.packet, -+ required_opts_NAA, -+ NULL); -+ } else if (no_resources_avail && (reply.ia_count != 0) && -+ (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT)) - /* - * RFC3315 section 17.2.2 (Solicit): - * -@@ -1429,8 +1521,6 @@ lease_to_client(struct data_string *repl - * the server. - * Sends a Renew/Rebind if the IA is not in the Reply message. - */ -- if (no_resources_avail && (reply.ia_count != 0) && -- (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT)) - { - /* Set the NoAddrsAvail status code. */ - if (!set_status_code(STATUS_NoAddrsAvail, -@@ -4128,7 +4218,6 @@ dhcpv6_solicit(struct data_string *reply - * Very similar to Solicit handling, except the server DUID is required. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_request(struct data_string *reply_ret, struct packet *packet) { - struct data_string client_id; -@@ -4443,7 +4532,6 @@ exit: - * except for the error code of when addresses don't match. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_renew(struct data_string *reply, struct packet *packet) { - struct data_string client_id; -@@ -4688,18 +4776,60 @@ iterate_over_ia_na(struct data_string *r - goto exit; - } - -- snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); -- if (!set_status_code(STATUS_Success, status_msg, opt_state)) { -- goto exit; -- } -+ /* reject unicast message, unless we set unicast option */ -+ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) { -+ /* -+ * RFC3315 section 18.2.6 (Release): -+ * -+ * When the server receives a Release message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Release message and responds with a Reply message -+ * containing a Status Code option with value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ * -+ * Section 18.2.7 (Decline): -+ * -+ * When the server receives a Decline message via unicast from a client -+ * to which the server has not sent a unicast option, the server -+ * discards the Decline message and responds with a Reply message -+ * containing a Status Code option with the value UseMulticast, a Server -+ * Identifier option containing the server's DUID, the Client Identifier -+ * option from the client message, and no other options. -+ */ -+ snprintf(status_msg, sizeof(status_msg), -+ "%s received unicast.", packet_type); -+ if (!set_status_code(STATUS_UseMulticast, status_msg, opt_state)) { -+ goto exit; -+ } - -- /* -- * Add our options that are not associated with any IA_NA or IA_TA. -- */ -- reply_ofs += store_options6(reply_data+reply_ofs, -- sizeof(reply_data)-reply_ofs, -+ /* -+ * Produce an reply that includes only: -+ * -+ * Status code. -+ * Server DUID. -+ * Client DUID. -+ */ -+ reply_ofs += store_options6(reply_data+reply_ofs, -+ sizeof(reply_data)-reply_ofs, - opt_state, packet, -- required_opts, NULL); -+ required_opts_NAA, NULL); -+ -+ goto return_reply; -+ } else { -+ snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); -+ if (!set_status_code(STATUS_Success, status_msg, opt_state)) { -+ goto exit; -+ } -+ -+ /* -+ * Add our options that are not associated with any IA_NA or IA_TA. -+ */ -+ reply_ofs += store_options6(reply_data+reply_ofs, -+ sizeof(reply_data)-reply_ofs, -+ opt_state, packet, -+ required_opts, NULL); -+ } - - /* - * Loop through the IA_NA reported by the client, and deal with -@@ -4838,6 +4968,7 @@ iterate_over_ia_na(struct data_string *r - /* - * Return our reply to the caller. - */ -+return_reply: - reply_ret->len = reply_ofs; - reply_ret->buffer = NULL; - if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) { -@@ -4883,7 +5014,6 @@ exit: - * we still need to be aware of this possibility. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - /* TODO: IA_TA */ - static void - dhcpv6_decline(struct data_string *reply, struct packet *packet) { -@@ -5355,7 +5485,6 @@ exit: - * Release means a client is done with the leases. - */ - --/* TODO: reject unicast messages, unless we set unicast option */ - static void - dhcpv6_release(struct data_string *reply, struct packet *packet) { - struct data_string client_id; diff --git a/src/patches/dhcp-4.2.0-add_timeout_when_NULL.patch b/src/patches/dhcp-4.2.0-add_timeout_when_NULL.patch deleted file mode 100644 index 4784d5a..0000000 --- a/src/patches/dhcp-4.2.0-add_timeout_when_NULL.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up dhcp-4.2.0/common/dispatch.c.dracut dhcp-4.2.0/common/dispatch.c ---- dhcp-4.2.0/common/dispatch.c.dracut 2010-06-01 19:29:59.000000000 +0200 -+++ dhcp-4.2.0/common/dispatch.c 2010-07-21 16:10:09.000000000 +0200 -@@ -189,6 +189,10 @@ void add_timeout (when, where, what, ref - isc_interval_t interval; - isc_time_t expires; - -+ if (when == NULL) { -+ return; -+ } -+ - /* See if this timeout supersedes an existing timeout. */ - t = (struct timeout *)0; - for (q = timeouts; q; q = q->next) { diff --git a/src/patches/dhcp-4.2.0-default-requested-options.patch b/src/patches/dhcp-4.2.0-default-requested-options.patch deleted file mode 100644 index fea8a4b..0000000 --- a/src/patches/dhcp-4.2.0-default-requested-options.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff -up dhcp-4.2.0/client/clparse.c.requested dhcp-4.2.0/client/clparse.c ---- dhcp-4.2.0/client/clparse.c.requested 2010-07-21 13:29:05.000000000 +0200 -+++ dhcp-4.2.0/client/clparse.c 2010-07-21 13:50:29.000000000 +0200 -@@ -37,7 +37,7 @@ - - struct client_config top_level_config; - --#define NUM_DEFAULT_REQUESTED_OPTS 9 -+#define NUM_DEFAULT_REQUESTED_OPTS 14 - struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1]; - - static void parse_client_default_duid(struct parse *cfile); -@@ -111,6 +111,31 @@ isc_result_t read_client_conf () - option_code_hash_lookup(&default_requested_options[8], - dhcpv6_universe.code_hash, &code, 0, MDL); - -+ /* 10 */ -+ code = DHO_NIS_DOMAIN; -+ option_code_hash_lookup(&default_requested_options[9], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 11 */ -+ code = DHO_NIS_SERVERS; -+ option_code_hash_lookup(&default_requested_options[10], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 12 */ -+ code = DHO_NTP_SERVERS; -+ option_code_hash_lookup(&default_requested_options[11], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 13 */ -+ code = DHO_INTERFACE_MTU; -+ option_code_hash_lookup(&default_requested_options[12], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 14 */ -+ code = DHO_DOMAIN_SEARCH; -+ option_code_hash_lookup(&default_requested_options[13], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ - for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { - if (default_requested_options[code] == NULL) - log_fatal("Unable to find option definition for " diff --git a/src/patches/dhcp-4.2.0-dhclient-decline-backoff.patch b/src/patches/dhcp-4.2.0-dhclient-decline-backoff.patch deleted file mode 100644 index 81bec7b..0000000 --- a/src/patches/dhcp-4.2.0-dhclient-decline-backoff.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up dhcp-4.2.0/client/dhclient.c.backoff dhcp-4.2.0/client/dhclient.c ---- dhcp-4.2.0/client/dhclient.c.backoff 2010-07-21 13:37:03.000000000 +0200 -+++ dhcp-4.2.0/client/dhclient.c 2010-07-21 13:38:31.000000000 +0200 -@@ -1208,6 +1208,8 @@ void state_init (cpp) - void *cpp; - { - struct client_state *client = cpp; -+ enum dhcp_state init_state = client->state; -+ struct timeval tv; - - ASSERT_STATE(state, S_INIT); - -@@ -1220,9 +1222,18 @@ void state_init (cpp) - client -> first_sending = cur_time; - client -> interval = client -> config -> initial_interval; - -- /* Add an immediate timeout to cause the first DHCPDISCOVER packet -- to go out. */ -- send_discover (client); -+ if (init_state != S_DECLINED) { -+ /* Add an immediate timeout to cause the first DHCPDISCOVER packet -+ to go out. */ -+ send_discover(client); -+ } else { -+ /* We've received an OFFER and it has been DECLINEd by dhclient-script. -+ * wait for a random time between 1 and backoff_cutoff seconds before -+ * trying again. */ -+ tv . tv_sec = cur_time + ((1 + (random() >> 2)) % client->config->backoff_cutoff); -+ tv . tv_usec = 0; -+ add_timeout(&tv, send_discover, client, 0, 0); -+ } - } - - /* -@@ -1501,6 +1512,7 @@ void bind_lease (client) - send_decline (client); - destroy_client_lease (client -> new); - client -> new = (struct client_lease *)0; -+ client -> state = S_DECLINED; - state_init (client); - return; - } -@@ -3711,6 +3723,7 @@ void client_location_changed () - case S_INIT: - case S_REBINDING: - case S_STOPPED: -+ case S_DECLINED: - break; - } - client -> state = S_INIT; -diff -up dhcp-4.2.0/includes/dhcpd.h.backoff dhcp-4.2.0/includes/dhcpd.h ---- dhcp-4.2.0/includes/dhcpd.h.backoff 2010-07-21 13:29:05.000000000 +0200 -+++ dhcp-4.2.0/includes/dhcpd.h 2010-07-21 13:38:31.000000000 +0200 -@@ -1056,7 +1056,8 @@ enum dhcp_state { - S_BOUND = 5, - S_RENEWING = 6, - S_REBINDING = 7, -- S_STOPPED = 8 -+ S_STOPPED = 8, -+ S_DECLINED = 9 - }; - - /* Authentication and BOOTP policy possibilities (not all values work diff --git a/src/patches/dhcp-4.2.0-errwarn-message.patch b/src/patches/dhcp-4.2.0-errwarn-message.patch deleted file mode 100644 index a0f70cd..0000000 --- a/src/patches/dhcp-4.2.0-errwarn-message.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -up dhcp-4.2.0/omapip/errwarn.c.errwarn dhcp-4.2.0/omapip/errwarn.c ---- dhcp-4.2.0/omapip/errwarn.c.errwarn 2009-07-23 20:52:21.000000000 +0200 -+++ dhcp-4.2.0/omapip/errwarn.c 2010-07-21 13:23:47.000000000 +0200 -@@ -76,20 +76,13 @@ void log_fatal (const char * fmt, ... ) - - #if !defined (NOMINUM) - log_error ("%s", ""); -- log_error ("If you did not get this software from ftp.isc.org, please"); -- log_error ("get the latest from ftp.isc.org and install that before"); -- log_error ("requesting help."); -+ log_error ("This version of ISC DHCP is based on the release available"); -+ log_error ("on ftp.isc.org. Features have been added and other changes"); -+ log_error ("have been made to the base software release in order to make"); -+ log_error ("it work better with this distribution."); - log_error ("%s", ""); -- log_error ("If you did get this software from ftp.isc.org and have not"); -- log_error ("yet read the README, please read it before requesting help."); -- log_error ("If you intend to request help from the dhcp-server@isc.org"); -- log_error ("mailing list, please read the section on the README about"); -- log_error ("submitting bug reports and requests for help."); -- log_error ("%s", ""); -- log_error ("Please do not under any circumstances send requests for"); -- log_error ("help directly to the authors of this software - please"); -- log_error ("send them to the appropriate mailing list as described in"); -- log_error ("the README file."); -+ log_error ("Please report for this software via the Red Hat Bugzilla site:"); -+ log_error (" http://bugzilla.redhat.com"); - log_error ("%s", ""); - log_error ("exiting."); - #endif diff --git a/src/patches/dhcp-4.2.0-garbage-chars.patch b/src/patches/dhcp-4.2.0-garbage-chars.patch deleted file mode 100644 index 118ff3f..0000000 --- a/src/patches/dhcp-4.2.0-garbage-chars.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up dhcp-4.2.0/common/tables.c.garbage dhcp-4.2.0/common/tables.c ---- dhcp-4.2.0/common/tables.c.garbage 2009-11-20 02:49:01.000000000 +0100 -+++ dhcp-4.2.0/common/tables.c 2010-07-21 14:40:56.000000000 +0200 -@@ -207,7 +207,7 @@ static struct option dhcp_options[] = { - { "netinfo-server-tag", "t", &dhcp_universe, 113, 1 }, - { "default-url", "t", &dhcp_universe, 114, 1 }, - { "subnet-selection", "I", &dhcp_universe, 118, 1 }, -- { "domain-search", "Dc", &dhcp_universe, 119, 1 }, -+ { "domain-search", "D", &dhcp_universe, 119, 1 }, - { "vivco", "Evendor-class.", &dhcp_universe, 124, 1 }, - { "vivso", "Evendor.", &dhcp_universe, 125, 1 }, - #if 0 diff --git a/src/patches/dhcp-4.2.0-honor-expired.patch b/src/patches/dhcp-4.2.0-honor-expired.patch deleted file mode 100644 index 0ae9128..0000000 --- a/src/patches/dhcp-4.2.0-honor-expired.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -up dhcp-4.2.0/client/dhc6.c.honor-expired dhcp-4.2.0/client/dhc6.c ---- dhcp-4.2.0/client/dhc6.c.honor-expired 2010-10-07 12:55:37.000000000 +0200 -+++ dhcp-4.2.0/client/dhc6.c 2010-10-07 12:56:43.000000000 +0200 -@@ -1405,6 +1405,32 @@ start_info_request6(struct client_state - go_daemon(); - } - -+/* Run through the addresses in lease and return true if there's any unexpired. -+ * Return false otherwise. -+ */ -+isc_boolean_t -+unexpired_address_in_lease(struct dhc6_lease *lease) -+{ -+ struct dhc6_ia *ia; -+ struct dhc6_addr *addr; -+ -+ for (ia = lease->bindings ; ia != NULL ; ia = ia->next) { -+ for (addr = ia->addrs ; addr != NULL ; addr = addr->next) { -+ if (addr->flags & DHC6_ADDR_EXPIRED) -+ continue; -+ -+ if (addr->starts + addr->max_life > cur_time) { -+ return ISC_TRUE; -+ } -+ } -+ } -+ -+ log_info("PRC: Previous lease is devoid of active addresses." -+ " Re-initializing."); -+ -+ return ISC_FALSE; -+} -+ - /* - * start_confirm6() kicks off an "init-reboot" version of the process, at - * startup to find out if old bindings are 'fair' and at runtime whenever -@@ -1417,8 +1446,10 @@ start_confirm6(struct client_state *clie - - /* If there is no active lease, there is nothing to check. */ - if ((client->active_lease == NULL) || -- !active_prefix(client) || -- client->active_lease->released) { -+ !active_prefix(client) || -+ client->active_lease->released || -+ !unexpired_address_in_lease(client->active_lease)) { -+ dhc6_lease_destroy(&client->active_lease, MDL); - start_init6(client); - return; - } diff --git a/src/patches/dhcp-4.2.0-inherit-leases.patch b/src/patches/dhcp-4.2.0-inherit-leases.patch deleted file mode 100644 index 052f642..0000000 --- a/src/patches/dhcp-4.2.0-inherit-leases.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff -up dhcp-4.2.0/client/dhclient.c.inherit dhcp-4.2.0/client/dhclient.c ---- dhcp-4.2.0/client/dhclient.c.inherit 2010-07-21 14:33:44.000000000 +0200 -+++ dhcp-4.2.0/client/dhclient.c 2010-07-21 14:40:05.000000000 +0200 -@@ -2322,6 +2322,7 @@ void send_request (cpp) - { - struct client_state *client = cpp; - -+ int i; - int result; - int interval; - struct sockaddr_in destination; -@@ -2381,6 +2382,22 @@ void send_request (cpp) - /* Now do a preinit on the interface so that we can - discover a new address. */ - script_init (client, "PREINIT", (struct string_list *)0); -+ -+ /* Has an active lease */ -+ if (client -> interface -> addresses != NULL) { -+ for (i = 0; i < client -> interface -> address_count; i++) { -+ if (client -> active && -+ client -> active -> is_bootp && -+ client -> active -> expiry > cur_time && -+ client -> interface -> addresses[i].s_addr != 0 && -+ client -> active -> address.len == 4 && -+ memcpy (client -> active -> address.iabuf, &(client -> interface -> addresses[i]), 4) == 0) { -+ client_envadd (client, "", "keep_old_ip", "%s", "yes"); -+ break; -+ } -+ } -+ } -+ - if (client -> alias) - script_write_params (client, "alias_", - client -> alias); diff --git a/src/patches/dhcp-4.2.0-logpid.patch b/src/patches/dhcp-4.2.0-logpid.patch deleted file mode 100644 index c24adb1..0000000 --- a/src/patches/dhcp-4.2.0-logpid.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up dhcp-4.2.0/client/dhclient.c.logpid dhcp-4.2.0/client/dhclient.c ---- dhcp-4.2.0/client/dhclient.c.logpid 2010-07-21 16:13:52.000000000 +0200 -+++ dhcp-4.2.0/client/dhclient.c 2010-07-21 16:16:51.000000000 +0200 -@@ -154,7 +154,7 @@ main(int argc, char **argv) { - else if (fd != -1) - close(fd); - -- openlog("dhclient", LOG_NDELAY, LOG_DAEMON); -+ openlog("dhclient", LOG_NDELAY | LOG_PID, LOG_DAEMON); - - #if !(defined(DEBUG) || defined(__CYGWIN32__)) - setlogmask(LOG_UPTO(LOG_INFO)); diff --git a/src/patches/dhcp-4.2.0-missing-ipv6-not-fatal.patch b/src/patches/dhcp-4.2.0-missing-ipv6-not-fatal.patch deleted file mode 100644 index b604115..0000000 --- a/src/patches/dhcp-4.2.0-missing-ipv6-not-fatal.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff -up dhcp-4.2.0/common/discover.c.noipv6 dhcp-4.2.0/common/discover.c ---- dhcp-4.2.0/common/discover.c.noipv6 2010-07-21 14:31:13.000000000 +0200 -+++ dhcp-4.2.0/common/discover.c 2010-07-21 16:04:57.000000000 +0200 -@@ -443,7 +443,7 @@ begin_iface_scan(struct iface_conf_list - } - - #ifdef DHCPv6 -- if (local_family == AF_INET6) { -+ if ((local_family == AF_INET6) && !access("/proc/net/if_inet6", R_OK)) { - ifaces->fp6 = fopen("/proc/net/if_inet6", "re"); - if (ifaces->fp6 == NULL) { - log_error("Error opening '/proc/net/if_inet6' to " -@@ -454,6 +454,8 @@ begin_iface_scan(struct iface_conf_list - ifaces->fp = NULL; - return 0; - } -+ } else { -+ ifaces->fp6 = NULL; - } - #endif - -@@ -721,7 +723,7 @@ next_iface(struct iface_info *info, int - return 1; - } - #ifdef DHCPv6 -- if (!(*err)) { -+ if (!(*err) && ifaces->fp6) { - if (local_family == AF_INET6) - return next_iface6(info, err, ifaces); - } -@@ -740,7 +742,8 @@ end_iface_scan(struct iface_conf_list *i - ifaces->sock = -1; - #ifdef DHCPv6 - if (local_family == AF_INET6) { -- fclose(ifaces->fp6); -+ if (ifaces->fp6) -+ fclose(ifaces->fp6); - ifaces->fp6 = NULL; - } - #endif diff --git a/src/patches/dhcp-4.2.0-noprefixavail.patch b/src/patches/dhcp-4.2.0-noprefixavail.patch deleted file mode 100644 index 729a172..0000000 --- a/src/patches/dhcp-4.2.0-noprefixavail.patch +++ /dev/null @@ -1,140 +0,0 @@ -diff -up dhcp-4.2.0/server/dhcpv6.c.noprefixavail dhcp-4.2.0/server/dhcpv6.c ---- dhcp-4.2.0/server/dhcpv6.c.noprefixavail 2010-10-07 13:48:45.000000000 +0200 -+++ dhcp-4.2.0/server/dhcpv6.c 2010-10-13 11:00:25.000000000 +0200 -@@ -1134,7 +1134,7 @@ try_client_v6_prefix(struct iasubopt **p - return DHCP_R_INVALIDARG; - } - tmp_plen = (int) requested_pref->data[0]; -- if ((tmp_plen < 3) || (tmp_plen > 128)) { -+ if ((tmp_plen < 3) || (tmp_plen > 128) ||((int)tmp_plen != pool->units)) { - return ISC_R_FAILURE; - } - memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref)); -@@ -1147,9 +1147,8 @@ try_client_v6_prefix(struct iasubopt **p - return ISC_R_FAILURE; - } - -- if (((int)tmp_plen != pool->units) || -- !ipv6_in_pool(&tmp_pref, pool)) { -- return ISC_R_FAILURE; -+ if (!ipv6_in_pool(&tmp_pref, pool)) { -+ return ISC_R_ADDRNOTAVAIL; - } - - if (prefix6_exists(pool, &tmp_pref, tmp_plen)) { -@@ -1409,13 +1408,6 @@ lease_to_client(struct data_string *repl - if ((status != ISC_R_SUCCESS) && - (status != ISC_R_NORESOURCES)) - goto exit; -- -- /* -- * If any prefix cannot be given to any IA_PD, then -- * set the NoPrefixAvail status code. -- */ -- if (reply.client_resources == 0) -- no_resources_avail = ISC_TRUE; - } - - /* -@@ -1549,36 +1541,6 @@ lease_to_client(struct data_string *repl - reply.opt_state, reply.packet, - required_opts_NAA, - NULL); -- } else if (no_resources_avail && (reply.ia_count == 0) && -- (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT)) -- { -- /* Set the NoPrefixAvail status code. */ -- if (!set_status_code(STATUS_NoPrefixAvail, -- "No prefixes available for this " -- "interface.", reply.opt_state)) { -- log_error("lease_to_client: Unable to set " -- "NoPrefixAvail status code."); -- goto exit; -- } -- -- /* Rewind the cursor to the start. */ -- reply.cursor = REPLY_OPTIONS_INDEX; -- -- /* -- * Produce an advertise that includes only: -- * -- * Status code. -- * Server DUID. -- * Client DUID. -- */ -- reply.buf.reply.msg_type = DHCPV6_ADVERTISE; -- reply.cursor += store_options6((char *)reply.buf.data + -- reply.cursor, -- sizeof(reply.buf) - -- reply.cursor, -- reply.opt_state, reply.packet, -- required_opts_NAA, -- NULL); - } else { - /* - * Having stored the client's IA's, store any options that -@@ -2793,16 +2755,18 @@ find_client_temporaries(struct reply_sta - */ - static isc_result_t - reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) { -- isc_result_t status = ISC_R_NORESOURCES; -+ isc_result_t status = ISC_R_ADDRNOTAVAIL; - struct ipv6_pool *pool; - int i; - struct data_string data_addr; - - if ((reply == NULL) || (reply->shared == NULL) || -- (reply->shared->ipv6_pools == NULL) || (addr == NULL) || -- (reply->lease != NULL)) -+ (addr == NULL) || (reply->lease != NULL)) - return DHCP_R_INVALIDARG; - -+ if (reply->shared->ipv6_pools == NULL) -+ return ISC_R_ADDRNOTAVAIL; -+ - memset(&data_addr, 0, sizeof(data_addr)); - data_addr.len = addr->len; - data_addr.data = addr->iabuf; -@@ -3314,7 +3278,9 @@ reply_process_ia_pd(struct reply_state * - if (status == ISC_R_CANCELED) - break; - -- if ((status != ISC_R_SUCCESS) && (status != ISC_R_ADDRINUSE)) -+ if ((status != ISC_R_SUCCESS) && -+ (status != ISC_R_ADDRINUSE) && -+ (status != ISC_R_ADDRNOTAVAIL)) - goto cleanup; - } - -@@ -3594,7 +3560,8 @@ reply_process_prefix(struct reply_state - - /* Either error out or skip this prefix. */ - if ((status != ISC_R_SUCCESS) && -- (status != ISC_R_ADDRINUSE)) -+ (status != ISC_R_ADDRINUSE) && -+ (status != ISC_R_ADDRNOTAVAIL)) - goto cleanup; - - if (reply->lease == NULL) { -@@ -3773,16 +3740,18 @@ prefix_is_owned(struct reply_state *repl - static isc_result_t - reply_process_try_prefix(struct reply_state *reply, - struct iaddrcidrnet *pref) { -- isc_result_t status = ISC_R_NORESOURCES; -+ isc_result_t status = ISC_R_ADDRNOTAVAIL; - struct ipv6_pool *pool; - int i; - struct data_string data_pref; - - if ((reply == NULL) || (reply->shared == NULL) || -- (reply->shared->ipv6_pools == NULL) || (pref == NULL) || -- (reply->lease != NULL)) -+ (pref == NULL) || (reply->lease != NULL)) - return DHCP_R_INVALIDARG; - -+ if (reply->shared->ipv6_pools == NULL) -+ return ISC_R_ADDRNOTAVAIL; -+ - memset(&data_pref, 0, sizeof(data_pref)); - data_pref.len = 17; - if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) { diff --git a/src/patches/dhcp-4.2.0-paths.patch b/src/patches/dhcp-4.2.0-paths.patch deleted file mode 100644 index 54c7aba..0000000 --- a/src/patches/dhcp-4.2.0-paths.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -up dhcp-4.2.0/includes/dhcpd.h.paths dhcp-4.2.0/includes/dhcpd.h ---- dhcp-4.2.0/includes/dhcpd.h.paths 2010-07-21 13:55:42.000000000 +0200 -+++ dhcp-4.2.0/includes/dhcpd.h 2010-07-21 14:29:57.000000000 +0200 -@@ -1390,15 +1390,15 @@ typedef unsigned char option_mask [16]; - #else /* !DEBUG */ - - #ifndef _PATH_DHCPD_CONF --#define _PATH_DHCPD_CONF "/etc/dhcpd.conf" -+#define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf" - #endif /* DEBUG */ - - #ifndef _PATH_DHCPD_DB --#define _PATH_DHCPD_DB LOCALSTATEDIR"/db/dhcpd.leases" -+#define _PATH_DHCPD_DB LOCALSTATEDIR"/dhcpd/dhcpd.leases" - #endif - - #ifndef _PATH_DHCPD6_DB --#define _PATH_DHCPD6_DB LOCALSTATEDIR"/db/dhcpd6.leases" -+#define _PATH_DHCPD6_DB LOCALSTATEDIR"/dhcpd/dhcpd6.leases" - #endif - - #ifndef _PATH_DHCPD_PID -@@ -1412,7 +1412,7 @@ typedef unsigned char option_mask [16]; - #endif /* DEBUG */ - - #ifndef _PATH_DHCLIENT_CONF --#define _PATH_DHCLIENT_CONF "/etc/dhclient.conf" -+#define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf" - #endif - - #ifndef _PATH_DHCLIENT_SCRIPT -@@ -1428,11 +1428,11 @@ typedef unsigned char option_mask [16]; - #endif - - #ifndef _PATH_DHCLIENT_DB --#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/db/dhclient.leases" -+#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/dhclient/dhclient.leases" - #endif - - #ifndef _PATH_DHCLIENT6_DB --#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/db/dhclient6.leases" -+#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/dhclient/dhclient6.leases" - #endif - - #ifndef _PATH_RESOLV_CONF diff --git a/src/patches/dhcp-4.2.0-release-by-ifup.patch b/src/patches/dhcp-4.2.0-release-by-ifup.patch deleted file mode 100644 index 300c5f3..0000000 --- a/src/patches/dhcp-4.2.0-release-by-ifup.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -up dhcp-4.2.0/client/dhclient.c.ifup dhcp-4.2.0/client/dhclient.c ---- dhcp-4.2.0/client/dhclient.c.ifup 2010-07-21 13:30:10.000000000 +0200 -+++ dhcp-4.2.0/client/dhclient.c 2010-07-21 13:37:03.000000000 +0200 -@@ -497,9 +497,81 @@ main(int argc, char **argv) { - kill(oldpid, SIGTERM); - } - fclose(pidfd); -+ } else { -+ /* handle release for interfaces requested with Red Hat -+ * /sbin/ifup - pidfile will be /var/run/dhclient-$interface.pid -+ */ -+ -+ if ((path_dhclient_pid == NULL) || (*path_dhclient_pid == '\0')) -+ path_dhclient_pid = "/var/run/dhclient.pid"; -+ -+ char *new_path_dhclient_pid; -+ struct interface_info *ip; -+ int pdp_len = strlen(path_dhclient_pid), pfx, dpfx; -+ -+ /* find append point: beginning of any trailing '.pid' -+ * or '-$IF.pid' */ -+ for (pfx=pdp_len; (pfx >= 0) && (path_dhclient_pid[pfx] != '.') && (path_dhclient_pid[pfx] != '/'); pfx--); -+ if (pfx == -1) -+ pfx = pdp_len; -+ -+ if (path_dhclient_pid[pfx] == '/') -+ pfx += 1; -+ -+ for (dpfx=pfx; (dpfx >= 0) && (path_dhclient_pid[dpfx] != '-') && (path_dhclient_pid[dpfx] != '/'); dpfx--); -+ if ((dpfx > -1) && (path_dhclient_pid[dpfx] != '/')) -+ pfx = dpfx; -+ -+ for (ip = interfaces; ip; ip = ip->next) { -+ if (interfaces_requested && (ip->flags & (INTERFACE_REQUESTED))) { -+ int n_len = strlen(ip->name); -+ -+ new_path_dhclient_pid = (char*) malloc(pfx + n_len + 6); -+ strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx); -+ sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); -+ -+ if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { -+ e = fscanf(pidfd, "%ld\n", &temp); -+ oldpid = (pid_t)temp; -+ -+ if (e != 0 && e != EOF) { -+ if (oldpid) { -+ if (kill(oldpid, SIGTERM) == 0) -+ unlink(path_dhclient_pid); -+ } -+ } -+ -+ fclose(pidfd); -+ } -+ -+ free(new_path_dhclient_pid); -+ } -+ } -+ } -+ } else { -+ FILE *pidfp = NULL; -+ long temp = 0; -+ pid_t dhcpid = 0; -+ int dhc_running = 0; -+ char procfn[256] = ""; -+ -+ if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { -+ if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { -+ snprintf(procfn,256,"/proc/%u",dhcpid); -+ dhc_running = (access(procfn, F_OK) == 0); -+ } -+ -+ fclose(pidfp); -+ } -+ -+ if (dhc_running) { -+ log_fatal("dhclient(%u) is already running - exiting. ", dhcpid); -+ return(1); - } - } - -+ write_client_pid_file(); -+ - if (!quiet) { - log_info("%s %s", message, PACKAGE_VERSION); - log_info(copyright); diff --git a/src/patches/dhcp-4.2.0-unicast-bootp.patch b/src/patches/dhcp-4.2.0-unicast-bootp.patch deleted file mode 100644 index 78bc078..0000000 --- a/src/patches/dhcp-4.2.0-unicast-bootp.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff -up dhcp-4.2.0/server/bootp.c.unicast dhcp-4.2.0/server/bootp.c ---- dhcp-4.2.0/server/bootp.c.unicast 2009-11-20 02:49:03.000000000 +0100 -+++ dhcp-4.2.0/server/bootp.c 2010-07-21 13:40:25.000000000 +0200 -@@ -58,6 +58,7 @@ void bootp (packet) - char msgbuf [1024]; - int ignorep; - int peer_has_leases = 0; -+ int norelay = 0; - - if (packet -> raw -> op != BOOTREQUEST) - return; -@@ -73,7 +74,7 @@ void bootp (packet) - ? inet_ntoa (packet -> raw -> giaddr) - : packet -> interface -> name); - -- if (!locate_network (packet)) { -+ if ((norelay = locate_network (packet)) == 0) { - log_info ("%s: network unknown", msgbuf); - return; - } -@@ -390,6 +391,13 @@ void bootp (packet) - from, &to, &hto); - goto out; - } -+ } else if (norelay == 2) { -+ to.sin_addr = raw.ciaddr; -+ to.sin_port = remote_port; -+ if (fallback_interface) { -+ result = send_packet (fallback_interface, (struct packet *)0, &raw, outgoing.packet_length, from, &to, &hto); -+ goto out; -+ } - - /* If it comes from a client that already knows its address - and is not requesting a broadcast response, and we can -diff -up dhcp-4.2.0/server/dhcp.c.unicast dhcp-4.2.0/server/dhcp.c ---- dhcp-4.2.0/server/dhcp.c.unicast 2010-06-01 19:29:59.000000000 +0200 -+++ dhcp-4.2.0/server/dhcp.c 2010-07-21 13:40:25.000000000 +0200 -@@ -4185,6 +4185,7 @@ int locate_network (packet) - struct data_string data; - struct subnet *subnet = (struct subnet *)0; - struct option_cache *oc; -+ int norelay = 0; - - /* See if there's a Relay Agent Link Selection Option, or a - * Subnet Selection Option. The Link-Select and Subnet-Select -@@ -4200,12 +4201,24 @@ int locate_network (packet) - from the interface, if there is one. If not, fail. */ - if (!oc && !packet -> raw -> giaddr.s_addr) { - if (packet -> interface -> shared_network) { -- shared_network_reference -- (&packet -> shared_network, -- packet -> interface -> shared_network, MDL); -- return 1; -+ struct in_addr any_addr; -+ any_addr.s_addr = INADDR_ANY; -+ -+ if (!packet -> packet_type && memcmp(&packet -> raw -> ciaddr, &any_addr, 4)) { -+ struct iaddr cip; -+ memcpy(cip.iabuf, &packet -> raw -> ciaddr, 4); -+ cip.len = 4; -+ if (!find_grouped_subnet(&subnet, packet->interface->shared_network, cip, MDL)) -+ norelay = 2; -+ } -+ -+ if (!norelay) { -+ shared_network_reference(&packet -> shared_network, packet -> interface -> shared_network, MDL); -+ return 1; -+ } -+ } else { -+ return 0; - } -- return 0; - } - - /* If there's an option indicating link connection, and it's valid, -@@ -4228,7 +4241,10 @@ int locate_network (packet) - data_string_forget (&data, MDL); - } else { - ia.len = 4; -- memcpy (ia.iabuf, &packet -> raw -> giaddr, 4); -+ if (norelay) -+ memcpy (ia.iabuf, &packet->raw->ciaddr, 4); -+ else -+ memcpy (ia.iabuf, &packet->raw->giaddr, 4); - } - - /* If we know the subnet on which the IP address lives, use it. */ -@@ -4236,7 +4252,10 @@ int locate_network (packet) - shared_network_reference (&packet -> shared_network, - subnet -> shared_network, MDL); - subnet_dereference (&subnet, MDL); -- return 1; -+ if (norelay) -+ return norelay; -+ else -+ return 1; - } - - /* Otherwise, fail. */ diff --git a/src/patches/dhcp-4.2.1-64_bit_lease_parse.patch b/src/patches/dhcp-4.2.1-64_bit_lease_parse.patch deleted file mode 100644 index a540bc1..0000000 --- a/src/patches/dhcp-4.2.1-64_bit_lease_parse.patch +++ /dev/null @@ -1,94 +0,0 @@ -diff -up dhcp-4.2.1b1/common/dispatch.c.64-bit_lease_parse dhcp-4.2.1b1/common/dispatch.c -diff -up dhcp-4.2.1b1/common/parse.c.64-bit_lease_parse dhcp-4.2.1b1/common/parse.c ---- dhcp-4.2.1b1/common/parse.c.64-bit_lease_parse 2010-12-30 00:01:42.000000000 +0100 -+++ dhcp-4.2.1b1/common/parse.c 2011-01-28 08:01:10.000000000 +0100 -@@ -909,8 +909,8 @@ TIME - parse_date_core(cfile) - struct parse *cfile; - { -- int guess; -- int tzoff, wday, year, mon, mday, hour, min, sec; -+ TIME guess; -+ long int tzoff, wday, year, mon, mday, hour, min, sec; - const char *val; - enum dhcp_token token; - static int months[11] = { 31, 59, 90, 120, 151, 181, -@@ -936,7 +936,7 @@ parse_date_core(cfile) - } - - token = next_token(&val, NULL, cfile); /* consume number */ -- guess = atoi(val); -+ guess = atol(val); - - return((TIME)guess); - } -@@ -948,7 +948,7 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume day of week */ -- wday = atoi(val); -+ wday = atol(val); - - /* Year... */ - token = peek_token(&val, NULL, cfile); -@@ -964,7 +964,7 @@ parse_date_core(cfile) - somebody invents a time machine, I think we can safely disregard - it. This actually works around a stupid Y2K bug that was present - in a very early beta release of dhcpd. */ -- year = atoi(val); -+ year = atol(val); - if (year > 1900) - year -= 1900; - -@@ -988,7 +988,7 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume month */ -- mon = atoi(val) - 1; -+ mon = atol(val) - 1; - - /* Slash separating month from day... */ - token = peek_token(&val, NULL, cfile); -@@ -1010,7 +1010,7 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume day of month */ -- mday = atoi(val); -+ mday = atol(val); - - /* Hour... */ - token = peek_token(&val, NULL, cfile); -@@ -1021,7 +1021,7 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume hour */ -- hour = atoi(val); -+ hour = atol(val); - - /* Colon separating hour from minute... */ - token = peek_token(&val, NULL, cfile); -@@ -1043,7 +1043,7 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume minute */ -- min = atoi(val); -+ min = atol(val); - - /* Colon separating minute from second... */ - token = peek_token(&val, NULL, cfile); -@@ -1065,13 +1065,13 @@ parse_date_core(cfile) - return((TIME)0); - } - token = next_token(&val, NULL, cfile); /* consume second */ -- sec = atoi(val); -+ sec = atol(val); - - tzoff = 0; - token = peek_token(&val, NULL, cfile); - if (token == NUMBER) { - token = next_token(&val, NULL, cfile); /* consume tzoff */ -- tzoff = atoi(val); -+ tzoff = atol(val); - } else if (token != SEMI) { - token = next_token(&val, NULL, cfile); - parse_warn(cfile, diff --git a/src/patches/dhcp-4.2.1-invalid-dhclient-conf.patch b/src/patches/dhcp-4.2.1-invalid-dhclient-conf.patch deleted file mode 100644 index eeeea84..0000000 --- a/src/patches/dhcp-4.2.1-invalid-dhclient-conf.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up dhcp-4.2.1b1/client/dhclient.conf.supersede dhcp-4.2.1b1/client/dhclient.conf ---- dhcp-4.2.1b1/client/dhclient.conf.supersede 2010-09-15 01:03:56.000000000 +0200 -+++ dhcp-4.2.1b1/client/dhclient.conf 2011-01-27 18:38:28.000000000 +0100 -@@ -4,7 +4,7 @@ send dhcp-lease-time 3600; - supersede domain-search "fugue.com", "home.vix.com"; - prepend domain-name-servers 127.0.0.1; - request subnet-mask, broadcast-address, time-offset, routers, -- domain-name, domain-name-servers, host-name; -+ domain-search, domain-name-servers, host-name; - require subnet-mask, domain-name-servers; - timeout 60; - retry 60; diff --git a/src/patches/dhcp-4.2.1-manpages.patch b/src/patches/dhcp-4.2.1-manpages.patch deleted file mode 100644 index 9a42b7f..0000000 --- a/src/patches/dhcp-4.2.1-manpages.patch +++ /dev/null @@ -1,264 +0,0 @@ -diff -up dhcp-4.2.1b1/client/dhclient.8.man dhcp-4.2.1b1/client/dhclient.8 ---- dhcp-4.2.1b1/client/dhclient.8.man 2010-07-14 22:09:34.000000000 +0200 -+++ dhcp-4.2.1b1/client/dhclient.8 2011-01-27 18:19:07.000000000 +0100 -@@ -115,6 +115,33 @@ dhclient - Dynamic Host Configuration Pr - .B -w - ] - [ -+.B -B -+] -+[ -+.B -I -+.I dhcp-client-identifier -+] -+[ -+.B -H -+.I host-name -+] -+[ -+.B -F -+.I fqdn.fqdn -+] -+[ -+.B -V -+.I vendor-class-identifier -+] -+[ -+.B -R -+.I request-option-list -+] -+[ -+.B -timeout -+.I timeout -+] -+[ - .B -v - ] - [ -@@ -264,6 +291,69 @@ not to exit when it doesn't find any suc - program can then be used to notify the client when a network interface - has been added or removed, so that the client can attempt to configure an IP - address on that interface. -+ -+.TP -+.BI -B -+Set the BOOTP broadcast flag in request packets so servers will always -+broadcast replies. -+ -+.TP -+.BI -I\ <dhcp-client-identifier> -+Specify the dhcp-client-identifier option to send to the DHCP server. -+ -+.TP -+.BI -H\ <host-name> -+Specify the host-name option to send to the DHCP server. The host-name -+string only contains the client's hostname prefix, to which the server will -+append the ddns-domainname or domain-name options, if any, to derive the -+fully qualified domain name of the client. The -+.B -H -+option cannot be used with the -+.B -F -+option. -+ -+.TP -+.BI -F\ <fqdn.fqdn> -+Specify the fqdn.fqdn option to send to the DHCP server. This option cannot -+be used with the -+.B -H -+option. The fqdn.fqdn option must specify the complete domain name of the -+client host, which the server may use for dynamic DNS updates. -+ -+.TP -+.BI -V\ <vendor-class-identifier> -+Specify the vendor-class-identifier option to send to the DHCP server. -+ -+.TP -+.BI -R\ <option>[,<option>...] -+Specify the list of options the client is to request from the server. The -+option list must be a single string consisting of option names separated -+by at least one command and optional space characters. The default option -+list is: -+ -+.BR -+ subnet-mask, broadcast-address, time-offset, routers, -+.BR -+ domain-search, domain-name, domain-name-servers, host-name, -+.BR -+ nis-domain, nis-servers, ntp-servers, interface-mtu -+ -+.TP -+.B -R -+option does not append options to the default request, it overrides the -+default request list. Keep this in mind if you want to request an -+additional option besides the default request list. You will have to -+specify all option names for the -+.B -R -+parameter. -+ -+.TP -+.BI -timeout\ <timeout> -+Specify the time after which -+.B dhclient -+will decide that no DHCP servers can be contacted when no responses have been -+received. -+ - .TP - .BI -n - Do not configure any interfaces. This is most likely to be useful in -diff -up dhcp-4.2.1b1/client/dhclient.conf.5.man dhcp-4.2.1b1/client/dhclient.conf.5 ---- dhcp-4.2.1b1/client/dhclient.conf.5.man 2010-09-15 01:03:56.000000000 +0200 -+++ dhcp-4.2.1b1/client/dhclient.conf.5 2011-01-27 18:22:56.000000000 +0100 -@@ -186,7 +186,8 @@ responding to the client send the client - options. Only the option names should be specified in the request - statement - not option parameters. By default, the DHCPv4 client - requests the subnet-mask, broadcast-address, time-offset, routers, --domain-name, domain-name-servers and host-name options while the DHCPv6 -+domain-search, domain-name, domain-name-servers, host-name, nis-domain, -+nis-servers, ntp-servers and interface-mtu options while the DHCPv6 - client requests the dhcp6 name-servers and domain-search options. Note - that if you enter a 'request' statement, you over-ride these defaults - and these options will not be requested. -@@ -672,6 +673,17 @@ know the DHCP service(s) anycast MAC add - client. The \fIlink-type\fR and \fImac-address\fR parameters are configured - in a similar manner to the \fBhardware\fR statement. - .PP -+ \fBbootp-broadcast-always;\fR -+.PP -+The -+.B bootp-broadcast-always -+statement instructs dhclient to always set the bootp broadcast flag in -+request packets, so that servers will always broadcast replies. -+This is equivalent to supplying the dhclient -B argument, and has -+the same effect as specifying 'always-broadcast' in the server's dhcpd.conf. -+This option is provided as an extension to enable dhclient to work -+on IBM s390 Linux guests. -+.PP - .SH SAMPLE - The following configuration file is used on a laptop running NetBSD - 1.3. The laptop has an IP alias of 192.5.5.213, and has one -@@ -697,7 +709,7 @@ interface "ep0" { - supersede domain-search "fugue.com", "rc.vix.com", "home.vix.com"; - prepend domain-name-servers 127.0.0.1; - request subnet-mask, broadcast-address, time-offset, routers, -- domain-name, domain-name-servers, host-name; -+ domain-search, domain-name, domain-name-servers, host-name; - require subnet-mask, domain-name-servers; - script "CLIENTBINDIR/dhclient-script"; - media "media 10baseT/UTP", "media 10base2/BNC"; -diff -up dhcp-4.2.1b1/client/dhclient-script.8.man dhcp-4.2.1b1/client/dhclient-script.8 ---- dhcp-4.2.1b1/client/dhclient-script.8.man 2010-07-06 21:03:11.000000000 +0200 -+++ dhcp-4.2.1b1/client/dhclient-script.8 2011-01-27 18:24:44.000000000 +0100 -@@ -47,7 +47,7 @@ customizations are needed, they should b - exit hooks provided (see HOOKS for details). These hooks will allow the - user to override the default behaviour of the client in creating a - .B /etc/resolv.conf --file. -+file, and to handle DHCP options not handled by default. - .PP - No standard client script exists for some operating systems, even though - the actual client may work, so a pioneering user may well need to create -@@ -91,6 +91,26 @@ present. The - .B ETCDIR/dhclient-exit-hooks - script can modify the valid of exit_status to change the exit status - of dhclient-script. -+.PP -+Immediately after dhclient brings an interface UP with a new IP address, -+subnet mask, and routes, in the REBOOT/BOUND states, it will check for the -+existence of an executable -+.B ETCDIR/dhclient-up-hooks -+script, and source it if found. This script can handle DHCP options in -+the environment that are not handled by default. A per-interface. -+.B ETCDIR/dhclient-${IF}-up-hooks -+script will override the generic script and be sourced when interface -+$IF has been brought up. -+.PP -+Immediately before dhclient brings an interface DOWN, removing its IP -+address, subnet mask, and routes, in the STOP/RELEASE states, it will -+check for the existence of an executable -+.B ETCDIR/dhclient-down-hooks -+script, and source it if found. This script can handle DHCP options in -+the environment that are not handled by default. A per-interface -+.B ETCDIR/dhclient-${IF}-down-hooks -+script will override the generic script and be sourced when interface -+$IF is about to be brought down. - .SH OPERATION - When dhclient needs to invoke the client configuration script, it - defines a set of variables in the environment, and then invokes -diff -up dhcp-4.2.1b1/common/dhcp-options.5.man dhcp-4.2.1b1/common/dhcp-options.5 ---- dhcp-4.2.1b1/common/dhcp-options.5.man 2010-07-13 22:56:56.000000000 +0200 -+++ dhcp-4.2.1b1/common/dhcp-options.5 2011-01-27 18:25:57.000000000 +0100 -@@ -913,6 +913,21 @@ classless IP routing - it does not inclu - classless IP routing is now the most widely deployed routing standard, - this option is virtually useless, and is not implemented by any of the - popular DHCP clients, for example the Microsoft DHCP client. -+.PP -+NOTE to Fedora dhclient users: -+.br -+dhclient-script interprets trailing 0 octets of the target as indicating -+the subnet class of the route, so for the following static-routes value: -+.br -+ option static-routes 172.0.0.0 172.16.2.254, -+.br -+ 192.168.0.0 192.168.2.254; -+.br -+dhclient-script will create routes: -+.br -+ 172/8 via 172.16.2.254 dev $interface -+.br -+ 192.168/16 via 192.168.2.254 dev $interface - .RE - .PP - .nf -diff -up dhcp-4.2.1b1/server/dhcpd.conf.5.man dhcp-4.2.1b1/server/dhcpd.conf.5 ---- dhcp-4.2.1b1/server/dhcpd.conf.5.man 2010-07-06 21:03:12.000000000 +0200 -+++ dhcp-4.2.1b1/server/dhcpd.conf.5 2011-01-27 18:29:12.000000000 +0100 -@@ -519,6 +519,9 @@ pool { - }; - .fi - .PP -+Dynamic BOOTP leases are not compatible with failover, and, as such, -+you need to disallow BOOTP in pools that you are using failover for. -+.PP - The server currently does very little sanity checking, so if you - configure it wrong, it will just fail in odd ways. I would recommend - therefore that you either do failover or don't do failover, but don't -@@ -533,9 +536,9 @@ primary server might look like this: - failover peer "foo" { - primary; - address anthrax.rc.vix.com; -- port 519; -+ port 647; - peer address trantor.rc.vix.com; -- peer port 520; -+ peer port 847; - max-response-delay 60; - max-unacked-updates 10; - mclt 3600; -@@ -1305,7 +1308,7 @@ the zone containing PTR records - for IS - .PP - .nf - key DHCP_UPDATER { -- algorithm HMAC-MD5.SIG-ALG.REG.INT; -+ algorithm hmac-md5; - secret pRP5FapFoJ95JEL06sv4PQ==; - }; - -@@ -1328,7 +1331,7 @@ dhcpd.conf file: - .PP - .nf - key DHCP_UPDATER { -- algorithm HMAC-MD5.SIG-ALG.REG.INT; -+ algorithm hmac-md5; - secret pRP5FapFoJ95JEL06sv4PQ==; - }; - -@@ -2540,7 +2543,8 @@ statement - The \fInext-server\fR statement is used to specify the host address of - the server from which the initial boot file (specified in the - \fIfilename\fR statement) is to be loaded. \fIServer-name\fR should --be a numeric IP address or a domain name. -+be a numeric IP address or a domain name. If no \fInext-server\fR statement -+applies to a given client, the address 0.0.0.0 is used. - .RE - .PP - The diff --git a/src/patches/dhcp-4.2.1-retransmission.patch b/src/patches/dhcp-4.2.1-retransmission.patch deleted file mode 100644 index 18e447f..0000000 --- a/src/patches/dhcp-4.2.1-retransmission.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up dhcp-4.2.1b1/client/dhc6.c.retransmission dhcp-4.2.1b1/client/dhc6.c ---- dhcp-4.2.1b1/client/dhc6.c.retransmission 2011-01-28 08:40:56.000000000 +0100 -+++ dhcp-4.2.1b1/client/dhc6.c 2011-01-28 08:39:22.000000000 +0100 -@@ -361,7 +361,7 @@ dhc6_retrans_init(struct client_state *c - static void - dhc6_retrans_advance(struct client_state *client) - { -- struct timeval elapsed; -+ struct timeval elapsed, elapsed_after_RT; - - /* elapsed = cur - start */ - elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec; -@@ -378,6 +378,8 @@ dhc6_retrans_advance(struct client_state - elapsed.tv_sec += 1; - elapsed.tv_usec -= 1000000; - } -+ elapsed_after_RT.tv_sec = elapsed.tv_sec; -+ elapsed_after_RT.tv_usec = elapsed.tv_usec; - - /* - * RT for each subsequent message transmission is based on the previous -@@ -415,13 +417,10 @@ dhc6_retrans_advance(struct client_state - elapsed.tv_usec -= 1000000; - } - if (elapsed.tv_sec >= client->MRD) { -- /* -- * wake at RT + cur = start + MRD -- */ -- client->RT = client->MRD + -- (client->start_time.tv_sec - cur_tv.tv_sec); -- client->RT = client->RT * 100 + -- (client->start_time.tv_usec - cur_tv.tv_usec) / 10000; -+ client->RT = client->MRD - elapsed_after_RT.tv_sec; -+ client->RT = client->RT * 100 - elapsed_after_RT.tv_usec / 10000; -+ if (client->RT < 0) -+ client->RT = 0; - } - client->txcount++; - } -@@ -1497,7 +1496,7 @@ check_timing6 (struct client_state *clie - } - - /* Check if finished (-1 argument). */ -- if ((client->MRD != 0) && (elapsed.tv_sec > client->MRD)) { -+ if ((client->MRD != 0) && (elapsed.tv_sec >= client->MRD)) { - log_info("Max retransmission duration exceeded."); - return(CHK_TIM_MRD_EXCEEDED); - } diff --git a/src/patches/dhcp-4.2.1-sendDecline.patch b/src/patches/dhcp-4.2.1-sendDecline.patch deleted file mode 100644 index b2fa4af..0000000 --- a/src/patches/dhcp-4.2.1-sendDecline.patch +++ /dev/null @@ -1,231 +0,0 @@ -diff -up dhcp-4.2.1-P1/client/dhc6.c.sendDecline dhcp-4.2.1-P1/client/dhc6.c ---- dhcp-4.2.1-P1/client/dhc6.c.sendDecline 2010-09-10 22:27:11.000000000 +0200 -+++ dhcp-4.2.1-P1/client/dhc6.c 2011-06-17 14:19:48.992099868 +0200 -@@ -95,6 +95,8 @@ void do_select6(void *input); - void do_refresh6(void *input); - static void do_release6(void *input); - static void start_bound(struct client_state *client); -+static void start_decline6(struct client_state *client); -+static void do_decline6(void *input); - static void start_informed(struct client_state *client); - void informed_handler(struct packet *packet, struct client_state *client); - void bound_handler(struct packet *packet, struct client_state *client); -@@ -2075,6 +2077,7 @@ start_release6(struct client_state *clie - cancel_timeout(do_select6, client); - cancel_timeout(do_refresh6, client); - cancel_timeout(do_release6, client); -+ cancel_timeout(do_decline6, client); - client->state = S_STOPPED; - - /* -@@ -2708,6 +2711,7 @@ dhc6_check_reply(struct client_state *cl - break; - - case S_STOPPED: -+ case S_DECLINED: - action = dhc6_stop_action; - break; - -@@ -2809,6 +2813,7 @@ dhc6_check_reply(struct client_state *cl - break; - - case S_STOPPED: -+ case S_DECLINED: - /* Nothing critical to do at this stage. */ - break; - -@@ -3799,17 +3804,23 @@ reply_handler(struct packet *packet, str - cancel_timeout(do_select6, client); - cancel_timeout(do_refresh6, client); - cancel_timeout(do_release6, client); -+ cancel_timeout(do_decline6, client); - - /* If this is in response to a Release/Decline, clean up and return. */ -- if (client->state == S_STOPPED) { -- if (client->active_lease == NULL) -- return; -+ if ((client->state == S_STOPPED) || -+ (client->state == S_DECLINED)) { -+ -+ if (client->active_lease != NULL) { -+ dhc6_lease_destroy(&client->active_lease, MDL); -+ client->active_lease = NULL; -+ /* We should never wait for nothing!? */ -+ if (stopping_finished()) -+ exit(0); -+ } -+ -+ if (client->state == S_DECLINED) -+ start_init6(client); - -- dhc6_lease_destroy(&client->active_lease, MDL); -- client->active_lease = NULL; -- /* We should never wait for nothing!? */ -- if (stopping_finished()) -- exit(0); - return; - } - -@@ -4336,7 +4347,11 @@ start_bound(struct client_state *client) - oldia, oldaddr); - dhc6_marshall_values("new_", client, lease, ia, addr); - -- script_go(client); -+ // when script returns 3, DAD failed -+ if (script_go(client) == 3) { -+ start_decline6(client); -+ return; -+ } - } - - /* XXX: maybe we should loop on the old values instead? */ -@@ -4382,6 +4397,149 @@ start_bound(struct client_state *client) - dhc6_check_times(client); - } - -+/* -+ * Decline addresses. -+ */ -+void -+start_decline6(struct client_state *client) -+{ -+ /* Cancel any pending transmissions */ -+ cancel_timeout(do_confirm6, client); -+ cancel_timeout(do_select6, client); -+ cancel_timeout(do_refresh6, client); -+ cancel_timeout(do_release6, client); -+ cancel_timeout(do_decline6, client); -+ client->state = S_DECLINED; -+ -+ if (client->active_lease == NULL) -+ return; -+ -+ /* Set timers per RFC3315 section 18.1.7. */ -+ client->IRT = DEC_TIMEOUT * 100; -+ client->MRT = 0; -+ client->MRC = DEC_MAX_RC; -+ client->MRD = 0; -+ -+ dhc6_retrans_init(client); -+ client->v6_handler = reply_handler; -+ -+ client->refresh_type = DHCPV6_DECLINE; -+ do_decline6(client); -+} -+ -+/* -+ * do_decline6() creates a Decline packet and transmits it. -+ */ -+static void -+do_decline6(void *input) -+{ -+ struct client_state *client; -+ struct data_string ds; -+ int send_ret; -+ struct timeval elapsed, tv; -+ -+ client = input; -+ -+ if ((client->active_lease == NULL) || !active_prefix(client)) -+ return; -+ -+ if ((client->MRC != 0) && (client->txcount > client->MRC)) { -+ log_info("Max retransmission count exceeded."); -+ goto decline_done; -+ } -+ -+ /* -+ * Start_time starts at the first transmission. -+ */ -+ if (client->txcount == 0) { -+ client->start_time.tv_sec = cur_tv.tv_sec; -+ client->start_time.tv_usec = cur_tv.tv_usec; -+ } -+ -+ /* elapsed = cur - start */ -+ elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec; -+ elapsed.tv_usec = cur_tv.tv_usec - client->start_time.tv_usec; -+ if (elapsed.tv_usec < 0) { -+ elapsed.tv_sec -= 1; -+ elapsed.tv_usec += 1000000; -+ } -+ -+ memset(&ds, 0, sizeof(ds)); -+ if (!buffer_allocate(&ds.buffer, 4, MDL)) { -+ log_error("Unable to allocate memory for Decline."); -+ goto decline_done; -+ } -+ -+ ds.data = ds.buffer->data; -+ ds.len = 4; -+ ds.buffer->data[0] = DHCPV6_DECLINE; -+ memcpy(ds.buffer->data + 1, client->dhcpv6_transaction_id, 3); -+ -+ /* Form an elapsed option. */ -+ /* Maximum value is 65535 1/100s coded as 0xffff. */ -+ if ((elapsed.tv_sec < 0) || (elapsed.tv_sec > 655) || -+ ((elapsed.tv_sec == 655) && (elapsed.tv_usec > 350000))) { -+ client->elapsed = 0xffff; -+ } else { -+ client->elapsed = elapsed.tv_sec * 100; -+ client->elapsed += elapsed.tv_usec / 10000; -+ } -+ -+ client->elapsed = htons(client->elapsed); -+ -+ log_debug("XMT: Forming Decline."); -+ make_client6_options(client, &client->sent_options, -+ client->active_lease, DHCPV6_DECLINE); -+ dhcpv6_universe.encapsulate(&ds, NULL, NULL, client, NULL, -+ client->sent_options, &global_scope, -+ &dhcpv6_universe); -+ -+ /* Append IA's (but don't release temporary addresses). */ -+ if (wanted_ia_na && -+ dhc6_add_ia_na(client, &ds, client->active_lease, -+ DHCPV6_DECLINE) != ISC_R_SUCCESS) { -+ data_string_forget(&ds, MDL); -+ goto decline_done; -+ } -+ if (wanted_ia_pd && -+ dhc6_add_ia_pd(client, &ds, client->active_lease, -+ DHCPV6_DECLINE) != ISC_R_SUCCESS) { -+ data_string_forget(&ds, MDL); -+ goto decline_done; -+ } -+ -+ /* Transmit and wait. */ -+ log_info("XMT: Decline on %s, interval %ld0ms.", -+ client->name ? client->name : client->interface->name, -+ (long int)client->RT); -+ -+ send_ret = send_packet6(client->interface, ds.data, ds.len, -+ &DHCPv6DestAddr); -+ if (send_ret != ds.len) { -+ log_error("dhc6: sendpacket6() sent %d of %d bytes", -+ send_ret, ds.len); -+ } -+ -+ data_string_forget(&ds, MDL); -+ -+ /* Wait RT */ -+ tv.tv_sec = cur_tv.tv_sec + client->RT / 100; -+ tv.tv_usec = cur_tv.tv_usec + (client->RT % 100) * 10000; -+ if (tv.tv_usec >= 1000000) { -+ tv.tv_sec += 1; -+ tv.tv_usec -= 1000000; -+ } -+ add_timeout(&tv, do_decline6, client, NULL, NULL); -+ dhc6_retrans_advance(client); -+ return; -+ -+decline_done: -+ dhc6_lease_destroy(&client->active_lease, MDL); -+ client->active_lease = NULL; -+ start_init6(client); -+ return; -+} -+ - /* While bound, ignore packets. In the future we'll want to answer - * Reconfigure-Request messages and the like. - */ diff --git a/src/patches/dhcp-4.2.2-CLOEXEC.patch b/src/patches/dhcp-4.2.2-CLOEXEC.patch deleted file mode 100644 index b07e2ff..0000000 --- a/src/patches/dhcp-4.2.2-CLOEXEC.patch +++ /dev/null @@ -1,423 +0,0 @@ -diff -up dhcp-4.2.2b1/client/clparse.c.cloexec dhcp-4.2.2b1/client/clparse.c ---- dhcp-4.2.2b1/client/clparse.c.cloexec 2011-07-01 14:13:30.973887714 +0200 -+++ dhcp-4.2.2b1/client/clparse.c 2011-07-01 14:15:15.021580693 +0200 -@@ -246,7 +246,7 @@ int read_client_conf_file (const char *n - int token; - isc_result_t status; - -- if ((file = open (name, O_RDONLY)) < 0) -+ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) - return uerr2isc (errno); - - cfile = NULL; -@@ -283,7 +283,7 @@ void read_client_leases () - - /* Open the lease file. If we can't open it, just return - - we can safely trust the server to remember our state. */ -- if ((file = open (path_dhclient_db, O_RDONLY)) < 0) -+ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) - return; - - cfile = NULL; -diff -up dhcp-4.2.2b1/client/dhclient.c.cloexec dhcp-4.2.2b1/client/dhclient.c ---- dhcp-4.2.2b1/client/dhclient.c.cloexec 2011-07-01 14:13:30.970887717 +0200 -+++ dhcp-4.2.2b1/client/dhclient.c 2011-07-01 14:16:51.485930388 +0200 -@@ -148,11 +148,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -506,7 +506,7 @@ main(int argc, char **argv) { - int e; - - oldpid = 0; -- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { -+ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) { - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -@@ -548,7 +548,7 @@ main(int argc, char **argv) { - strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx); - sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); - -- if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { -+ if ((pidfd = fopen(new_path_dhclient_pid, "re")) != NULL) { - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -@@ -573,7 +573,7 @@ main(int argc, char **argv) { - int dhc_running = 0; - char procfn[256] = ""; - -- if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { -+ if ((pidfp = fopen(path_dhclient_pid, "re")) != NULL) { - if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { - snprintf(procfn,256,"/proc/%u",dhcpid); - dhc_running = (access(procfn, F_OK) == 0); -@@ -2995,7 +2995,7 @@ void rewrite_client_leases () - - if (leaseFile != NULL) - fclose (leaseFile); -- leaseFile = fopen (path_dhclient_db, "w"); -+ leaseFile = fopen (path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error ("can't create %s: %m", path_dhclient_db); - return; -@@ -3105,7 +3105,7 @@ write_duid(struct data_string *duid) - return DHCP_R_INVALIDARG; - - if (leaseFile == NULL) { /* XXX? */ -- leaseFile = fopen(path_dhclient_db, "w"); -+ leaseFile = fopen(path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; -@@ -3285,7 +3285,7 @@ int write_client_lease (client, lease, r - return 1; - - if (leaseFile == NULL) { /* XXX */ -- leaseFile = fopen (path_dhclient_db, "w"); -+ leaseFile = fopen (path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error ("can't create %s: %m", path_dhclient_db); - return 0; -@@ -3772,9 +3772,9 @@ void go_daemon () - close(2); - - /* Reopen them on /dev/null. */ -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); - - write_client_pid_file (); - -@@ -3791,14 +3791,14 @@ void write_client_pid_file () - return; - } - -- pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644); -+ pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); - - if (pfdesc < 0) { - log_error ("Can't create %s: %m", path_dhclient_pid); - return; - } - -- pf = fdopen (pfdesc, "w"); -+ pf = fdopen (pfdesc, "we"); - if (!pf) { - close(pfdesc); - log_error ("Can't fdopen %s: %m", path_dhclient_pid); -diff -up dhcp-4.2.2b1/common/bpf.c.cloexec dhcp-4.2.2b1/common/bpf.c ---- dhcp-4.2.2b1/common/bpf.c.cloexec 2011-07-01 14:13:30.976887712 +0200 -+++ dhcp-4.2.2b1/common/bpf.c 2011-07-01 14:13:31.030887673 +0200 -@@ -94,7 +94,7 @@ int if_register_bpf (info) - for (b = 0; 1; b++) { - /* %Audit% 31 bytes max. %2004.06.17,Safe% */ - sprintf(filename, BPF_FORMAT, b); -- sock = open (filename, O_RDWR, 0); -+ sock = open (filename, O_RDWR | O_CLOEXEC, 0); - if (sock < 0) { - if (errno == EBUSY) { - continue; -diff -up dhcp-4.2.2b1/common/discover.c.cloexec dhcp-4.2.2b1/common/discover.c ---- dhcp-4.2.2b1/common/discover.c.cloexec 2011-06-27 18:18:20.000000000 +0200 -+++ dhcp-4.2.2b1/common/discover.c 2011-07-01 14:13:31.031887673 +0200 -@@ -421,7 +421,7 @@ begin_iface_scan(struct iface_conf_list - int len; - int i; - -- ifaces->fp = fopen("/proc/net/dev", "r"); -+ ifaces->fp = fopen("/proc/net/dev", "re"); - if (ifaces->fp == NULL) { - log_error("Error opening '/proc/net/dev' to list interfaces"); - return 0; -@@ -456,7 +456,7 @@ begin_iface_scan(struct iface_conf_list - - #ifdef DHCPv6 - if (local_family == AF_INET6) { -- ifaces->fp6 = fopen("/proc/net/if_inet6", "r"); -+ ifaces->fp6 = fopen("/proc/net/if_inet6", "re"); - if (ifaces->fp6 == NULL) { - log_error("Error opening '/proc/net/if_inet6' to " - "list IPv6 interfaces; %m"); -diff -up dhcp-4.2.2b1/common/dlpi.c.cloexec dhcp-4.2.2b1/common/dlpi.c ---- dhcp-4.2.2b1/common/dlpi.c.cloexec 2011-07-01 14:13:30.977887712 +0200 -+++ dhcp-4.2.2b1/common/dlpi.c 2011-07-01 14:13:31.032887673 +0200 -@@ -806,7 +806,7 @@ dlpiopen(const char *ifname) { - } - *dp = '\0'; - -- return open (devname, O_RDWR, 0); -+ return open (devname, O_RDWR | O_CLOEXEC, 0); - } - - /* -diff -up dhcp-4.2.2b1/common/nit.c.cloexec dhcp-4.2.2b1/common/nit.c ---- dhcp-4.2.2b1/common/nit.c.cloexec 2011-07-01 14:13:30.978887712 +0200 -+++ dhcp-4.2.2b1/common/nit.c 2011-07-01 14:13:31.033887672 +0200 -@@ -81,7 +81,7 @@ int if_register_nit (info) - struct strioctl sio; - - /* Open a NIT device */ -- sock = open ("/dev/nit", O_RDWR); -+ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); - if (sock < 0) - log_fatal ("Can't open NIT device for %s: %m", info -> name); - -diff -up dhcp-4.2.2b1/common/resolv.c.cloexec dhcp-4.2.2b1/common/resolv.c ---- dhcp-4.2.2b1/common/resolv.c.cloexec 2009-11-20 02:49:01.000000000 +0100 -+++ dhcp-4.2.2b1/common/resolv.c 2011-07-01 14:13:31.033887672 +0200 -@@ -49,7 +49,7 @@ void read_resolv_conf (parse_time) - struct domain_search_list *dp, *dl, *nd; - isc_result_t status; - -- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { -+ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { - log_error ("Can't open %s: %m", path_resolv_conf); - return; - } -diff -up dhcp-4.2.2b1/common/upf.c.cloexec dhcp-4.2.2b1/common/upf.c ---- dhcp-4.2.2b1/common/upf.c.cloexec 2011-07-01 14:13:30.979887712 +0200 -+++ dhcp-4.2.2b1/common/upf.c 2011-07-01 14:13:31.034887671 +0200 -@@ -77,7 +77,7 @@ int if_register_upf (info) - /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ - sprintf(filename, "/dev/pf/pfilt%d", b); - -- sock = open (filename, O_RDWR, 0); -+ sock = open (filename, O_RDWR | O_CLOEXEC, 0); - if (sock < 0) { - if (errno == EBUSY) { - continue; -diff -up dhcp-4.2.2b1/dst/dst_api.c.cloexec dhcp-4.2.2b1/dst/dst_api.c ---- dhcp-4.2.2b1/dst/dst_api.c.cloexec 2009-10-29 01:46:48.000000000 +0100 -+++ dhcp-4.2.2b1/dst/dst_api.c 2011-07-01 14:13:31.035887670 +0200 -@@ -437,7 +437,7 @@ dst_s_write_private_key(const DST_KEY *k - PRIVATE_KEY, PATH_MAX); - - /* Do not overwrite an existing file */ -- if ((fp = dst_s_fopen(file, "w", 0600)) != NULL) { -+ if ((fp = dst_s_fopen(file, "we", 0600)) != NULL) { - int nn; - if ((nn = fwrite(encoded_block, 1, len, fp)) != len) { - EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n", -@@ -494,7 +494,7 @@ dst_s_read_public_key(const char *in_nam - * flags, proto, alg stored as decimal (or hex numbers FIXME). - * (FIXME: handle parentheses for line continuation.) - */ -- if ((fp = dst_s_fopen(name, "r", 0)) == NULL) { -+ if ((fp = dst_s_fopen(name, "re", 0)) == NULL) { - EREPORT(("dst_read_public_key(): Public Key not found %s\n", - name)); - return (NULL); -@@ -620,7 +620,7 @@ dst_s_write_public_key(const DST_KEY *ke - return (0); - } - /* create public key file */ -- if ((fp = dst_s_fopen(filename, "w+", 0644)) == NULL) { -+ if ((fp = dst_s_fopen(filename, "w+e", 0644)) == NULL) { - EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n", - filename, errno)); - return (0); -@@ -854,7 +854,7 @@ dst_s_read_private_key_file(char *name, - return (0); - } - /* first check if we can find the key file */ -- if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) { -+ if ((fp = dst_s_fopen(filename, "re", 0)) == NULL) { - EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n", - filename, dst_path[0] ? dst_path : - (char *) getcwd(NULL, PATH_MAX - 1))); -diff -up dhcp-4.2.2b1/dst/prandom.c.cloexec dhcp-4.2.2b1/dst/prandom.c ---- dhcp-4.2.2b1/dst/prandom.c.cloexec 2009-11-20 02:49:01.000000000 +0100 -+++ dhcp-4.2.2b1/dst/prandom.c 2011-07-01 14:13:31.035887670 +0200 -@@ -269,7 +269,7 @@ get_dev_random(u_char *output, unsigned - - s = stat("/dev/random", &st); - if (s == 0 && S_ISCHR(st.st_mode)) { -- if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) { -+ if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) { - if ((n = read(fd, output, size)) < 0) - n = 0; - close(fd); -@@ -480,7 +480,7 @@ digest_file(dst_work *work) - work->file_digest = dst_free_key(work->file_digest); - return (0); - } -- if ((fp = fopen(name, "r")) == NULL) -+ if ((fp = fopen(name, "re")) == NULL) - return (0); - for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0; - no += i) -diff -up dhcp-4.2.2b1/omapip/trace.c.cloexec dhcp-4.2.2b1/omapip/trace.c ---- dhcp-4.2.2b1/omapip/trace.c.cloexec 2010-05-27 02:34:57.000000000 +0200 -+++ dhcp-4.2.2b1/omapip/trace.c 2011-07-01 14:13:31.036887669 +0200 -@@ -141,10 +141,10 @@ isc_result_t trace_begin (const char *fi - return DHCP_R_INVALIDARG; - } - -- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); -+ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); - if (traceoutfile < 0 && errno == EEXIST) { - log_error ("WARNING: Overwriting trace file "%s"", filename); -- traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC, -+ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC, - 0600); - } - -@@ -431,7 +431,7 @@ void trace_file_replay (const char *file - isc_result_t result; - int len; - -- traceinfile = fopen (filename, "r"); -+ traceinfile = fopen (filename, "re"); - if (!traceinfile) { - log_error("Can't open tracefile %s: %m", filename); - return; -diff -up dhcp-4.2.2b1/relay/dhcrelay.c.cloexec dhcp-4.2.2b1/relay/dhcrelay.c ---- dhcp-4.2.2b1/relay/dhcrelay.c.cloexec 2011-05-10 15:07:37.000000000 +0200 -+++ dhcp-4.2.2b1/relay/dhcrelay.c 2011-07-01 14:18:07.630209767 +0200 -@@ -183,11 +183,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0(stdin), 1,(stdout), and - 2(stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -540,13 +540,13 @@ main(int argc, char **argv) { - - if (no_pid_file == ISC_FALSE) { - pfdesc = open(path_dhcrelay_pid, -- O_CREAT | O_TRUNC | O_WRONLY, 0644); -+ O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); - - if (pfdesc < 0) { - log_error("Can't create %s: %m", - path_dhcrelay_pid); - } else { -- pf = fdopen(pfdesc, "w"); -+ pf = fdopen(pfdesc, "we"); - if (!pf) - log_error("Can't fdopen %s: %m", - path_dhcrelay_pid); -diff -up dhcp-4.2.2b1/server/confpars.c.cloexec dhcp-4.2.2b1/server/confpars.c ---- dhcp-4.2.2b1/server/confpars.c.cloexec 2010-10-14 00:34:45.000000000 +0200 -+++ dhcp-4.2.2b1/server/confpars.c 2011-07-01 14:13:31.039887666 +0200 -@@ -116,7 +116,7 @@ isc_result_t read_conf_file (const char - } - #endif - -- if ((file = open (filename, O_RDONLY)) < 0) { -+ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { - if (leasep) { - log_error ("Can't open lease database %s: %m --", - path_dhcpd_db); -diff -up dhcp-4.2.2b1/server/db.c.cloexec dhcp-4.2.2b1/server/db.c ---- dhcp-4.2.2b1/server/db.c.cloexec 2010-09-14 00:15:26.000000000 +0200 -+++ dhcp-4.2.2b1/server/db.c 2011-07-01 14:13:31.040887665 +0200 -@@ -1035,7 +1035,7 @@ void db_startup (testp) - } - #endif - if (!testp) { -- db_file = fopen (path_dhcpd_db, "a"); -+ db_file = fopen (path_dhcpd_db, "ae"); - if (!db_file) - log_fatal ("Can't open %s for append.", path_dhcpd_db); - expire_all_pools (); -@@ -1083,12 +1083,12 @@ int new_lease_file () - path_dhcpd_db, (int)t) >= sizeof newfname) - log_fatal("new_lease_file: lease file path too long"); - -- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664); -+ db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0664); - if (db_fd < 0) { - log_error ("Can't create new lease file: %m"); - return 0; - } -- if ((new_db_file = fdopen(db_fd, "w")) == NULL) { -+ if ((new_db_file = fdopen(db_fd, "we")) == NULL) { - log_error("Can't fdopen new lease file: %m"); - close(db_fd); - goto fdfail; -diff -up dhcp-4.2.2b1/server/dhcpd.c.cloexec dhcp-4.2.2b1/server/dhcpd.c ---- dhcp-4.2.2b1/server/dhcpd.c.cloexec 2011-04-21 16:08:15.000000000 +0200 -+++ dhcp-4.2.2b1/server/dhcpd.c 2011-07-01 14:19:40.354124505 +0200 -@@ -270,11 +270,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -793,7 +793,7 @@ main(int argc, char **argv) { - */ - if (no_pid_file == ISC_FALSE) { - /*Read previous pid file. */ -- if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { -+ if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) { - status = read(i, pbuf, (sizeof pbuf) - 1); - close (i); - if (status > 0) { -@@ -812,7 +812,7 @@ main(int argc, char **argv) { - } - - /* Write new pid file. */ -- i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644); -+ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); - if (i >= 0) { - sprintf(pbuf, "%d\n", (int) getpid()); - IGNORE_RET (write(i, pbuf, strlen(pbuf))); -@@ -840,9 +840,9 @@ main(int argc, char **argv) { - close(2); - - /* Reopen them on /dev/null. */ -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); - log_perror = 0; /* No sense logging to /dev/null. */ - - IGNORE_RET (chdir("/")); -diff -up dhcp-4.2.2b1/server/ldap.c.cloexec dhcp-4.2.2b1/server/ldap.c ---- dhcp-4.2.2b1/server/ldap.c.cloexec 2010-03-25 16:26:58.000000000 +0100 -+++ dhcp-4.2.2b1/server/ldap.c 2011-07-01 14:13:31.043887665 +0200 -@@ -685,7 +685,7 @@ ldap_start (void) - - if (ldap_debug_file != NULL && ldap_debug_fd == -1) - { -- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, -+ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, - S_IRUSR | S_IWUSR)) < 0) - log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, - strerror (errno)); diff --git a/src/patches/dhcp-4.2.2-capability.patch b/src/patches/dhcp-4.2.2-capability.patch deleted file mode 100644 index 79af036..0000000 --- a/src/patches/dhcp-4.2.2-capability.patch +++ /dev/null @@ -1,323 +0,0 @@ -diff -up dhcp-4.2.2b1/client/dhclient.8.capability dhcp-4.2.2b1/client/dhclient.8 ---- dhcp-4.2.2b1/client/dhclient.8.capability 2011-07-01 15:09:06.603784531 +0200 -+++ dhcp-4.2.2b1/client/dhclient.8 2011-07-01 15:09:06.663783913 +0200 -@@ -118,6 +118,9 @@ dhclient - Dynamic Host Configuration Pr - .B -w - ] - [ -+.B -nc -+] -+[ - .B -B - ] - [ -@@ -296,6 +299,32 @@ has been added or removed, so that the c - address on that interface. - - .TP -+.BI -nc -+Do not drop capabilities. -+ -+Normally, if -+.B dhclient -+was compiled with libcap-ng support, -+.B dhclient -+drops most capabilities immediately upon startup. While more secure, -+this greatly restricts the additional actions that hooks in -+.B dhclient-script (8) -+can take. (For example, any daemons that -+.B dhclient-script (8) -+starts or restarts will inherit the restricted capabilities as well, -+which may interfere with their correct operation.) Thus, the -+.BI -nc -+option can be used to prevent -+.B dhclient -+from dropping capabilities. -+ -+The -+.BI -nc -+option is ignored if -+.B dhclient -+was not compiled with libcap-ng support. -+ -+.TP - .BI -B - Set the BOOTP broadcast flag in request packets so servers will always - broadcast replies. -diff -up dhcp-4.2.2b1/client/dhclient.c.capability dhcp-4.2.2b1/client/dhclient.c ---- dhcp-4.2.2b1/client/dhclient.c.capability 2011-07-01 15:09:06.644784107 +0200 -+++ dhcp-4.2.2b1/client/dhclient.c 2011-07-01 15:09:06.664783903 +0200 -@@ -39,6 +39,10 @@ - #include <limits.h> - #include <dns/result.h> - -+#ifdef HAVE_LIBCAP_NG -+#include <cap-ng.h> -+#endif -+ - /* - * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define - * that when building ISC code. -@@ -141,6 +145,9 @@ main(int argc, char **argv) { - int timeout_arg = 0; - char *arg_conf = NULL; - int arg_conf_len = 0; -+#ifdef HAVE_LIBCAP_NG -+ int keep_capabilities = 0; -+#endif - - /* Initialize client globals. */ - memset(&default_duid, 0, sizeof(default_duid)); -@@ -410,6 +417,10 @@ main(int argc, char **argv) { - } - - dhclient_request_options = argv[i]; -+ } else if (!strcmp(argv[i], "-nc")) { -+#ifdef HAVE_LIBCAP_NG -+ keep_capabilities = 1; -+#endif - } else if (argv[i][0] == '-') { - usage(); - } else if (interfaces_requested < 0) { -@@ -458,6 +469,19 @@ main(int argc, char **argv) { - path_dhclient_script = s; - } - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_CAPS); -+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_DAC_OVERRIDE); // Drop this someday -+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_NET_ADMIN, CAP_NET_RAW, -+ CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1); -+ capng_apply(CAPNG_SELECT_CAPS); -+ } -+#endif -+ - /* Set up the initial dhcp option universe. */ - initialize_common_option_spaces(); - -diff -up dhcp-4.2.2b1/client/dhclient-script.8.capability dhcp-4.2.2b1/client/dhclient-script.8 ---- dhcp-4.2.2b1/client/dhclient-script.8.capability 2011-07-01 15:09:06.604784521 +0200 -+++ dhcp-4.2.2b1/client/dhclient-script.8 2011-07-01 15:09:06.666783883 +0200 -@@ -239,6 +239,16 @@ repeatedly initialized to the values pro - the other. Assuming the information provided by both servers is - valid, this shouldn't cause any real problems, but it could be - confusing. -+.PP -+Normally, if dhclient was compiled with libcap-ng support, -+dhclient drops most capabilities immediately upon startup. -+While more secure, this greatly restricts the additional actions that -+hooks in dhclient-script can take. For example, any daemons that -+dhclient-script starts or restarts will inherit the restricted -+capabilities as well, which may interfere with their correct operation. -+Thus, the -+.BI -nc -+option can be used to prevent dhclient from dropping capabilities. - .SH SEE ALSO - dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and - dhclient.leases(5). -diff -up dhcp-4.2.2b1/client/Makefile.am.capability dhcp-4.2.2b1/client/Makefile.am ---- dhcp-4.2.2b1/client/Makefile.am.capability 2011-07-01 15:09:06.526785327 +0200 -+++ dhcp-4.2.2b1/client/Makefile.am 2011-07-01 15:09:06.667783873 +0200 -@@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c - scripts/netbsd scripts/nextstep scripts/openbsd \ - scripts/solaris scripts/openwrt - dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- $(BIND9_LIBDIR) -ldns-export -lisc-export -+ $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) - man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 - EXTRA_DIST = $(man_MANS) - -diff -up dhcp-4.2.2b1/configure.ac.capability dhcp-4.2.2b1/configure.ac ---- dhcp-4.2.2b1/configure.ac.capability 2011-07-01 15:09:06.527785317 +0200 -+++ dhcp-4.2.2b1/configure.ac 2011-07-01 15:09:06.667783873 +0200 -@@ -449,6 +449,41 @@ AC_TRY_LINK( - # Look for optional headers. - AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) - -+# look for capabilities library -+AC_ARG_WITH(libcap-ng, -+ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],, -+ with_libcap_ng=auto) -+ -+# Check for Libcap-ng API -+# -+# libcap-ng detection -+if test x$with_libcap_ng = xno ; then -+ have_libcap_ng=no; -+else -+ # Start by checking for header file -+ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no) -+ -+ # See if we have libcap-ng library -+ AC_CHECK_LIB(cap-ng, capng_clear, -+ CAPNG_LDADD=-lcap-ng,) -+ -+ # Check results are usable -+ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then -+ AC_MSG_ERROR(libcap-ng support was requested and the library was not found) -+ fi -+ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then -+ AC_MSG_ERROR(libcap-ng libraries found but headers are missing) -+ fi -+fi -+AC_SUBST(CAPNG_LDADD) -+AC_MSG_CHECKING(whether to use libcap-ng) -+if test x$CAPNG_LDADD != x ; then -+ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support]) -+ AC_MSG_RESULT(yes) -+else -+ AC_MSG_RESULT(no) -+fi -+ - # Solaris needs some libraries for functions - AC_SEARCH_LIBS(socket, [socket]) - AC_SEARCH_LIBS(inet_ntoa, [nsl]) -diff -up dhcp-4.2.2b1/relay/dhcrelay.c.capability dhcp-4.2.2b1/relay/dhcrelay.c ---- dhcp-4.2.2b1/relay/dhcrelay.c.capability 2011-07-01 15:09:06.626784295 +0200 -+++ dhcp-4.2.2b1/relay/dhcrelay.c 2011-07-01 15:12:05.362223794 +0200 -@@ -36,6 +36,11 @@ - #include <syslog.h> - #include <sys/time.h> - -+#ifdef HAVE_LIBCAP_NG -+# include <cap-ng.h> -+ int keep_capabilities = 0; -+#endif -+ - TIME default_lease_time = 43200; /* 12 hours... */ - TIME max_lease_time = 86400; /* 24 hours... */ - struct tree_cache *global_options[256]; -@@ -356,6 +361,10 @@ main(int argc, char **argv) { - sl->next = upstreams; - upstreams = sl; - #endif -+ } else if (!strcmp(argv[i], "-nc")) { -+#ifdef HAVE_LIBCAP_NG -+ keep_capabilities = 1; -+#endif - } else if (!strcmp(argv[i], "-pf")) { - if (++i == argc) - usage(); -@@ -426,6 +435,17 @@ main(int argc, char **argv) { - #endif - } - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_BOTH); -+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1); -+ capng_apply(CAPNG_SELECT_BOTH); -+ log_info ("Dropped all unnecessary capabilities."); -+ } -+#endif -+ - if (!quiet) { - log_info("%s %s", message, PACKAGE_VERSION); - log_info(copyright); -@@ -573,6 +593,15 @@ main(int argc, char **argv) { - dhcpv6_packet_handler = do_packet6; - #endif - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop all capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_BOTH); -+ capng_apply(CAPNG_SELECT_BOTH); -+ log_info ("Dropped all capabilities."); -+ } -+#endif -+ - /* Start dispatching packets and timeouts... */ - dispatch(); - -diff -up dhcp-4.2.2b1/relay/Makefile.am.capability dhcp-4.2.2b1/relay/Makefile.am ---- dhcp-4.2.2b1/relay/Makefile.am.capability 2011-07-01 15:09:06.546785121 +0200 -+++ dhcp-4.2.2b1/relay/Makefile.am 2011-07-01 15:09:06.670783841 +0200 -@@ -3,7 +3,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst - sbin_PROGRAMS = dhcrelay - dhcrelay_SOURCES = dhcrelay.c - dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- $(BIND9_LIBDIR) -ldns-export -lisc-export -+ $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) - man_MANS = dhcrelay.8 - EXTRA_DIST = $(man_MANS) - -diff -up dhcp-4.2.2b1/server/dhcpd.c.capability dhcp-4.2.2b1/server/dhcpd.c ---- dhcp-4.2.2b1/server/dhcpd.c.capability 2011-07-01 15:09:06.636784192 +0200 -+++ dhcp-4.2.2b1/server/dhcpd.c 2011-07-01 15:09:06.670783841 +0200 -@@ -58,6 +58,11 @@ static const char url [] = - # undef group - #endif /* PARANOIA */ - -+#ifdef HAVE_LIBCAP_NG -+# include <cap-ng.h> -+ int keep_capabilities = 0; -+#endif -+ - static void usage(void); - - struct iaddr server_identifier; -@@ -403,6 +408,10 @@ main(int argc, char **argv) { - traceinfile = argv [i]; - trace_replay_init (); - #endif /* TRACING */ -+ } else if (!strcmp(argv[i], "-nc")) { -+#ifdef HAVE_LIBCAP_NG -+ keep_capabilities = 1; -+#endif - } else if (argv [i][0] == '-') { - usage (); - } else { -@@ -459,6 +468,17 @@ main(int argc, char **argv) { - } - #endif /* DHCPv6 */ - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_BOTH); -+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_NET_RAW, CAP_NET_BIND_SERVICE, CAP_SYS_CHROOT, CAP_SETUID, CAP_SETGID, -1); -+ capng_apply(CAPNG_SELECT_BOTH); -+ log_info ("Dropped all unnecessary capabilities."); -+ } -+#endif -+ - /* - * convert relative path names to absolute, for files that need - * to be reopened after chdir() has been called -@@ -859,6 +879,15 @@ main(int argc, char **argv) { - omapi_set_int_value ((omapi_object_t *)dhcp_control_object, - (omapi_object_t *)0, "state", server_running); - -+#ifdef HAVE_LIBCAP_NG -+ /* Drop all capabilities */ -+ if (!keep_capabilities) { -+ capng_clear(CAPNG_SELECT_BOTH); -+ capng_apply(CAPNG_SELECT_BOTH); -+ log_info ("Dropped all capabilities."); -+ } -+#endif -+ - /* Receive packets and dispatch them... */ - dispatch (); - -diff -up dhcp-4.2.2b1/server/Makefile.am.capability dhcp-4.2.2b1/server/Makefile.am ---- dhcp-4.2.2b1/server/Makefile.am.capability 2011-07-01 15:09:06.546785121 +0200 -+++ dhcp-4.2.2b1/server/Makefile.am 2011-07-01 15:09:06.671783830 +0200 -@@ -8,7 +8,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c - - dhcpd_CFLAGS = $(LDAP_CFLAGS) - dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export -+ ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export \ -+ $(CAPNG_LDADD) - - man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 - EXTRA_DIST = $(man_MANS) diff --git a/src/patches/dhcp-4.2.2-dhclient-usage.patch b/src/patches/dhcp-4.2.2-dhclient-usage.patch deleted file mode 100644 index 0d41943..0000000 --- a/src/patches/dhcp-4.2.2-dhclient-usage.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up dhcp-4.2.2b1/client/dhclient.c.usage dhcp-4.2.2b1/client/dhclient.c ---- dhcp-4.2.2b1/client/dhclient.c.usage 2011-07-01 13:55:16.000000000 +0200 -+++ dhcp-4.2.2b1/client/dhclient.c 2011-07-01 13:58:55.243800602 +0200 -@@ -1047,6 +1047,10 @@ static void usage() - " [-s server-addr] [-cf config-file] " - "[-lf lease-file]\n" - " [-pf pid-file] [--no-pid] [-e VAR=val]\n" -+ " [-I <dhcp-client-identifier>] [-B]\n" -+ " [-H <host-name> | -F <fqdn.fqdn>] [-timeout <timeout>]\n" -+ " [-V <vendor-class-identifier>]\n" -+ " [-R <request option list>]\n" - " [-sf script-file] [interface]"); - } - diff --git a/src/patches/dhcp-4.2.2-gpxe-cid.patch b/src/patches/dhcp-4.2.2-gpxe-cid.patch deleted file mode 100644 index c0be4c2..0000000 --- a/src/patches/dhcp-4.2.2-gpxe-cid.patch +++ /dev/null @@ -1,132 +0,0 @@ -diff -up dhcp-4.2.2/client/dhclient.c.gpxe-cid dhcp-4.2.2/client/dhclient.c ---- dhcp-4.2.2/client/dhclient.c.gpxe-cid 2011-09-16 18:23:20.190453902 +0200 -+++ dhcp-4.2.2/client/dhclient.c 2011-09-16 18:27:15.568463599 +0200 -@@ -58,6 +58,13 @@ const char *path_dhclient_pid = NULL; - static char path_dhclient_script_array[] = _PATH_DHCLIENT_SCRIPT; - char *path_dhclient_script = path_dhclient_script_array; - -+/* Default Prefix */ -+static unsigned char default_prefix[12] = { -+ 0xff, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x02, 0x00, -+ 0x00, 0x02, 0xc9, 0x00 -+}; -+ - /* False (default) => we write and use a pid file */ - isc_boolean_t no_pid_file = ISC_FALSE; - -@@ -1250,6 +1257,12 @@ int find_subnet (struct subnet **sp, - static void setup_ib_interface(struct interface_info *ip) - { - struct group *g; -+ struct hardware *hw = &ip->hw_address; -+ char client_id[64]; -+ char *arg_conf = NULL; -+ int arg_conf_len = 0; -+ isc_result_t status; -+ struct parse *cfile = (struct parse *)0; - - /* Set the broadcast flag */ - ip->client->config->bootp_broadcast_always = 1; -@@ -1266,8 +1279,39 @@ static void setup_ib_interface(struct in - } - } - -- /* No client ID specified */ -- log_fatal("dhcp-client-identifier must be specified for InfiniBand"); -+ /* -+ * No client ID specified, make up one based on a default -+ * "prefix" and the port GUID. -+ * -+ * NOTE: This is compatible with what gpxe does. -+ */ -+ sprintf(client_id, "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", -+ default_prefix[0], default_prefix[1], default_prefix[2], -+ default_prefix[3], default_prefix[4], default_prefix[5], -+ default_prefix[6], default_prefix[7], default_prefix[8], -+ default_prefix[9], default_prefix[10], default_prefix[11], -+ hw->hbuf[1], hw->hbuf[2], hw->hbuf[3], hw->hbuf[4], -+ hw->hbuf[5], hw->hbuf[6], hw->hbuf[7], hw->hbuf[8]); -+ -+ arg_conf_len = asprintf(&arg_conf, -+ "send dhcp-client-identifier %s;", -+ client_id); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send option dhcp-client-identifier"); -+ -+ status = new_parse(&cfile, -1, arg_conf, arg_conf_len, -+ "Automatic Infiniband client identifier", 0); -+ -+ if ((status != ISC_R_SUCCESS) || (cfile->warnings_occurred)) -+ log_fatal("Failed to parse Infiniband client identifier"); -+ -+ parse_client_statement(cfile, NULL, ip->client->config); -+ -+ if (cfile->warnings_occurred) -+ log_fatal("Failed to parse Infiniband client identifier"); -+ -+ end_parse(&cfile); - } - - /* Individual States: -diff -up dhcp-4.2.2/common/lpf.c.gpxe-cid dhcp-4.2.2/common/lpf.c ---- dhcp-4.2.2/common/lpf.c.gpxe-cid 2011-09-16 18:23:20.183453996 +0200 -+++ dhcp-4.2.2/common/lpf.c 2011-09-16 18:25:28.235804421 +0200 -@@ -591,6 +591,37 @@ void maybe_setup_fallback () - } - } - -+static unsigned char * get_ib_hw_addr(char * name) -+{ -+ struct ifaddrs *ifaddrs; -+ struct ifaddrs *ifa; -+ struct sockaddr_ll *sll = NULL; -+ static unsigned char hw_addr[8]; -+ -+ if (getifaddrs(&ifaddrs) == -1) -+ return NULL; -+ -+ for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { -+ if (ifa->ifa_addr == NULL) -+ continue; -+ if (ifa->ifa_addr->sa_family != AF_PACKET) -+ continue; -+ if (ifa->ifa_flags & IFF_LOOPBACK) -+ continue; -+ if (strcmp(ifa->ifa_name, name) == 0) { -+ sll = (struct sockaddr_ll *)(void *)ifa->ifa_addr; -+ break; -+ } -+ } -+ if (sll == NULL) { -+ freeifaddrs(ifaddrs); -+ return NULL; -+ } -+ memcpy(hw_addr, &sll->sll_addr[sll->sll_halen - 8], 8); -+ freeifaddrs(ifaddrs); -+ return (unsigned char *)&hw_addr; -+} -+ - void - get_hw_addr(struct interface_info *info) - { -@@ -599,6 +630,7 @@ get_hw_addr(struct interface_info *info) - struct ifaddrs *ifaddrs; - struct ifaddrs *ifa; - struct sockaddr_ll *sll = NULL; -+ unsigned char *hw_addr; - - if (getifaddrs(&ifaddrs) == -1) - log_fatal("Failed to get interfaces"); -@@ -660,6 +692,10 @@ get_hw_addr(struct interface_info *info) - - hw->hlen = 1; - hw->hbuf[0] = HTYPE_INFINIBAND; -+ hw_addr = get_ib_hw_addr(name); -+ if (!hw_addr) -+ log_fatal("Failed getting %s hw addr", name); -+ memcpy (&hw->hbuf [1], hw_addr, 8); - break; - #if defined(ARPHRD_PPP) - case ARPHRD_PPP: diff --git a/src/patches/dhcp-4.2.2-improved-xid.patch b/src/patches/dhcp-4.2.2-improved-xid.patch deleted file mode 100644 index f49fc78..0000000 --- a/src/patches/dhcp-4.2.2-improved-xid.patch +++ /dev/null @@ -1,138 +0,0 @@ -diff -up dhcp-4.2.2/client/dhclient.c.improved-xid dhcp-4.2.2/client/dhclient.c ---- dhcp-4.2.2/client/dhclient.c.improved-xid 2011-09-16 18:18:00.649730661 +0200 -+++ dhcp-4.2.2/client/dhclient.c 2011-09-16 18:22:36.815035513 +0200 -@@ -898,6 +898,26 @@ main(int argc, char **argv) { - } - } - -+ /* We create a backup seed before rediscovering interfaces in order to -+ have a seed built using all of the available interfaces -+ It's interesting if required interfaces doesn't let us defined -+ a really unique seed due to a lack of valid HW addr later -+ (this is the case with DHCP over IB) -+ We only use the last device as using a sum could broke the -+ uniqueness of the seed among multiple nodes -+ */ -+ unsigned backup_seed = 0; -+ for (ip = interfaces; ip; ip = ip -> next) { -+ int junk; -+ if ( ip -> hw_address.hlen <= sizeof seed ) -+ continue; -+ memcpy (&junk, -+ &ip -> hw_address.hbuf [ip -> hw_address.hlen - -+ sizeof seed], sizeof seed); -+ backup_seed = junk; -+ } -+ -+ - /* At this point, all the interfaces that the script thinks - are relevant should be running, so now we once again call - discover_interfaces(), and this time ask it to actually set -@@ -912,14 +932,36 @@ main(int argc, char **argv) { - Not much entropy, but we're booting, so we're not likely to - find anything better. */ - seed = 0; -+ int seed_flag = 0; - for (ip = interfaces; ip; ip = ip->next) { - int junk; -+ if ( ip -> hw_address.hlen <= sizeof seed ) -+ continue; - memcpy(&junk, - &ip->hw_address.hbuf[ip->hw_address.hlen - - sizeof seed], sizeof seed); - seed += junk; -+ seed_flag = 1; - } -- srandom(seed + cur_time + (unsigned)getpid()); -+ if ( seed_flag == 0 ) { -+ if ( backup_seed != 0 ) { -+ seed = backup_seed; -+ log_info ("xid: rand init seed (0x%x) built using all" -+ " available interfaces",seed); -+ } -+ else { -+ seed = cur_time^((unsigned) gethostid()) ; -+ log_info ("xid: warning: no netdev with useable HWADDR found" -+ " for seed's uniqueness enforcement"); -+ log_info ("xid: rand init seed (0x%x) built using gethostid", -+ seed); -+ } -+ /* we only use seed and no current time as a broadcast reply */ -+ /* will certainly be used by the hwaddrless interface */ -+ srandom(seed); -+ } -+ else -+ srandom(seed + cur_time + (unsigned)getpid()); - - /* Setup specific Infiniband options */ - for (ip = interfaces; ip; ip = ip->next) { -@@ -1457,7 +1499,7 @@ void dhcpack (packet) - return; - } - -- log_info ("DHCPACK from %s", piaddr (packet -> client_addr)); -+ log_info ("DHCPACK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); - - lease = packet_to_lease (packet, client); - if (!lease) { -@@ -2174,7 +2216,7 @@ void dhcpnak (packet) - return; - } - -- log_info ("DHCPNAK from %s", piaddr (packet -> client_addr)); -+ log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); - - if (!client -> active) { - #if defined (DEBUG) -@@ -2300,10 +2342,10 @@ void send_discover (cpp) - client -> packet.secs = htons (65535); - client -> secs = client -> packet.secs; - -- log_info ("DHCPDISCOVER on %s to %s port %d interval %ld", -+ log_info ("DHCPDISCOVER on %s to %s port %d interval %ld (xid=0x%x)", - client -> name ? client -> name : client -> interface -> name, - inet_ntoa (sockaddr_broadcast.sin_addr), -- ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval)); -+ ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval), client -> xid); - - /* Send out a packet. */ - result = send_packet (client -> interface, (struct packet *)0, -@@ -2584,10 +2626,10 @@ void send_request (cpp) - client -> packet.secs = htons (65535); - } - -- log_info ("DHCPREQUEST on %s to %s port %d", -+ log_info ("DHCPREQUEST on %s to %s port %d (xid=0x%x)", - client -> name ? client -> name : client -> interface -> name, - inet_ntoa (destination.sin_addr), -- ntohs (destination.sin_port)); -+ ntohs (destination.sin_port), client -> xid); - - if (destination.sin_addr.s_addr != INADDR_BROADCAST && - fallback_interface) -@@ -2618,10 +2660,10 @@ void send_decline (cpp) - - int result; - -- log_info ("DHCPDECLINE on %s to %s port %d", -+ log_info ("DHCPDECLINE on %s to %s port %d (xid=0x%x)", - client -> name ? client -> name : client -> interface -> name, - inet_ntoa (sockaddr_broadcast.sin_addr), -- ntohs (sockaddr_broadcast.sin_port)); -+ ntohs (sockaddr_broadcast.sin_port), client -> xid); - - /* Send out a packet. */ - result = send_packet (client -> interface, (struct packet *)0, -@@ -2661,10 +2703,10 @@ void send_release (cpp) - return; - } - -- log_info ("DHCPRELEASE on %s to %s port %d", -+ log_info ("DHCPRELEASE on %s to %s port %d (xid=0x%x)", - client -> name ? client -> name : client -> interface -> name, - inet_ntoa (destination.sin_addr), -- ntohs (destination.sin_port)); -+ ntohs (destination.sin_port), client -> xid); - - if (fallback_interface) - result = send_packet (fallback_interface, diff --git a/src/patches/dhcp-4.2.2-lpf-ib.patch b/src/patches/dhcp-4.2.2-lpf-ib.patch deleted file mode 100644 index 4034028..0000000 --- a/src/patches/dhcp-4.2.2-lpf-ib.patch +++ /dev/null @@ -1,538 +0,0 @@ -diff -up dhcp-4.2.2/client/dhclient.c.lpf-ib dhcp-4.2.2/client/dhclient.c ---- dhcp-4.2.2/client/dhclient.c.lpf-ib 2011-09-19 11:24:08.693775799 +0200 -+++ dhcp-4.2.2/client/dhclient.c 2011-09-19 11:24:08.703775541 +0200 -@@ -113,6 +113,8 @@ static int check_domain_name_list(const - static int check_option_values(struct universe *universe, unsigned int opt, - const char *ptr, size_t len); - -+static void setup_ib_interface(struct interface_info *ip); -+ - int - main(int argc, char **argv) { - int fd; -@@ -919,6 +921,14 @@ main(int argc, char **argv) { - } - srandom(seed + cur_time + (unsigned)getpid()); - -+ /* Setup specific Infiniband options */ -+ for (ip = interfaces; ip; ip = ip->next) { -+ if (ip->client && -+ (ip->hw_address.hbuf[0] == HTYPE_INFINIBAND)) { -+ setup_ib_interface(ip); -+ } -+ } -+ - /* Start a configuration state machine for each interface. */ - #ifdef DHCPv6 - if (local_family == AF_INET6) { -@@ -1195,6 +1205,29 @@ int find_subnet (struct subnet **sp, - return 0; - } - -+static void setup_ib_interface(struct interface_info *ip) -+{ -+ struct group *g; -+ -+ /* Set the broadcast flag */ -+ ip->client->config->bootp_broadcast_always = 1; -+ -+ /* -+ * Find out if a dhcp-client-identifier option was specified either -+ * in the config file or on the command line -+ */ -+ for (g = ip->client->config->on_transmission; g != NULL; g = g->next) { -+ if ((g->statements != NULL) && -+ (strcmp(g->statements->data.option->option->name, -+ "dhcp-client-identifier") == 0)) { -+ return; -+ } -+ } -+ -+ /* No client ID specified */ -+ log_fatal("dhcp-client-identifier must be specified for InfiniBand"); -+} -+ - /* Individual States: - * - * Each routine is called from the dhclient_state_machine() in one of -diff -up dhcp-4.2.2/common/bpf.c.lpf-ib dhcp-4.2.2/common/bpf.c ---- dhcp-4.2.2/common/bpf.c.lpf-ib 2011-09-19 11:24:08.694775773 +0200 -+++ dhcp-4.2.2/common/bpf.c 2011-09-19 11:24:08.704775516 +0200 -@@ -198,11 +198,44 @@ struct bpf_insn dhcp_bpf_filter [] = { - BPF_STMT(BPF_RET+BPF_K, 0), - }; - -+/* Packet filter program for DHCP over Infiniband. -+ * -+ * XXX -+ * Changes to the filter program may require changes to the constant offsets -+ * used in lpf_gen_filter_setup to patch the port in the BPF program! -+ * XXX -+ */ -+struct bpf_insn dhcp_ib_bpf_filter [] = { -+ /* Packet filter for Infiniband */ -+ /* Make sure it's a UDP packet... */ -+ BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 9), -+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6), -+ -+ /* Make sure this isn't a fragment... */ -+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6), -+ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0), -+ -+ /* Get the IP header length... */ -+ BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 0), -+ -+ /* Make sure it's to the right port... */ -+ BPF_STMT(BPF_LD + BPF_H + BPF_IND, 2), -+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), -+ -+ /* If we passed all the tests, ask for the whole packet. */ -+ BPF_STMT(BPF_RET + BPF_K, (u_int)-1), -+ -+ /* Otherwise, drop it. */ -+ BPF_STMT(BPF_RET + BPF_K, 0), -+}; -+ - #if defined (DEC_FDDI) - struct bpf_insn *bpf_fddi_filter; - #endif - - int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn); -+int dhcp_ib_bpf_filter_len = sizeof dhcp_ib_bpf_filter / sizeof (struct bpf_insn); -+ - #if defined (HAVE_TR_SUPPORT) - struct bpf_insn dhcp_bpf_tr_filter [] = { - /* accept all token ring packets due to variable length header */ -diff -up dhcp-4.2.2/common/lpf.c.lpf-ib dhcp-4.2.2/common/lpf.c ---- dhcp-4.2.2/common/lpf.c.lpf-ib 2011-09-19 11:24:08.694775773 +0200 -+++ dhcp-4.2.2/common/lpf.c 2011-09-19 11:26:15.107109935 +0200 -@@ -42,6 +42,7 @@ - #include "includes/netinet/udp.h" - #include "includes/netinet/if_ether.h" - #include <net/if.h> -+#include <ifaddrs.h> - - #ifndef PACKET_AUXDATA - #define PACKET_AUXDATA 8 -@@ -59,6 +60,15 @@ struct tpacket_auxdata - /* Reinitializes the specified interface after an address change. This - is not required for packet-filter APIs. */ - -+/* Default broadcast address for IPoIB */ -+static unsigned char default_ib_bcast_addr[20] = { -+ 0x00, 0xff, 0xff, 0xff, -+ 0xff, 0x12, 0x40, 0x1b, -+ 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, -+ 0xff, 0xff, 0xff, 0xff -+}; -+ - #ifdef USE_LPF_SEND - void if_reinitialize_send (info) - struct interface_info *info; -@@ -86,10 +96,21 @@ int if_register_lpf (info) - struct sockaddr common; - } sa; - struct ifreq ifr; -+ int type; -+ int protocol; - - /* Make an LPF socket. */ -- if ((sock = socket(PF_PACKET, SOCK_RAW, -- htons((short)ETH_P_ALL))) < 0) { -+ get_hw_addr(info); -+ -+ if (info->hw_address.hbuf[0] == HTYPE_INFINIBAND) { -+ type = SOCK_DGRAM; -+ protocol = ETHERTYPE_IP; -+ } else { -+ type = SOCK_RAW; -+ protocol = ETH_P_ALL; -+ } -+ -+ if ((sock = socket(PF_PACKET, type, htons((short)protocol))) < 0) { - if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || - errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || - errno == EAFNOSUPPORT || errno == EINVAL) { -@@ -112,6 +133,7 @@ int if_register_lpf (info) - /* Bind to the interface name */ - memset (&sa, 0, sizeof sa); - sa.ll.sll_family = AF_PACKET; -+ sa.ll.sll_protocol = htons(protocol); - sa.ll.sll_ifindex = ifr.ifr_ifindex; - if (bind (sock, &sa.common, sizeof sa)) { - if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || -@@ -127,8 +149,6 @@ int if_register_lpf (info) - log_fatal ("Bind socket to interface: %m"); - } - -- get_hw_addr(info->name, &info->hw_address); -- - return sock; - } - #endif /* USE_LPF_SEND || USE_LPF_RECEIVE */ -@@ -183,6 +203,8 @@ void if_deregister_send (info) - in bpf includes... */ - extern struct sock_filter dhcp_bpf_filter []; - extern int dhcp_bpf_filter_len; -+extern struct sock_filter dhcp_ib_bpf_filter []; -+extern int dhcp_ib_bpf_filter_len; - - #if defined (HAVE_TR_SUPPORT) - extern struct sock_filter dhcp_bpf_tr_filter []; -@@ -200,11 +222,13 @@ void if_register_receive (info) - /* Open a LPF device and hang it on this interface... */ - info -> rfdesc = if_register_lpf (info); - -- val = 1; -- if (setsockopt (info -> rfdesc, SOL_PACKET, PACKET_AUXDATA, &val, -- sizeof val) < 0) { -- if (errno != ENOPROTOOPT) -- log_fatal ("Failed to set auxiliary packet data: %m"); -+ if (info->hw_address.hbuf[0] != HTYPE_INFINIBAND) { -+ val = 1; -+ if (setsockopt (info -> rfdesc, SOL_PACKET, PACKET_AUXDATA, -+ &val, sizeof val) < 0) { -+ if (errno != ENOPROTOOPT) -+ log_fatal ("Failed to set auxiliary packet data: %m"); -+ } - } - - #if defined (HAVE_TR_SUPPORT) -@@ -250,15 +274,28 @@ static void lpf_gen_filter_setup (info) - - memset(&p, 0, sizeof(p)); - -- /* Set up the bpf filter program structure. This is defined in -- bpf.c */ -- p.len = dhcp_bpf_filter_len; -- p.filter = dhcp_bpf_filter; -- -- /* Patch the server port into the LPF program... -- XXX changes to filter program may require changes -- to the insn number(s) used below! XXX */ -- dhcp_bpf_filter [8].k = ntohs ((short)local_port); -+ if (info->hw_address.hbuf[0] == HTYPE_INFINIBAND) { -+ /* Set up the bpf filter program structure. */ -+ p.len = dhcp_ib_bpf_filter_len; -+ p.filter = dhcp_ib_bpf_filter; -+ -+ /* Patch the server port into the LPF program... -+ XXX -+ changes to filter program may require changes -+ to the insn number(s) used below! -+ XXX */ -+ dhcp_ib_bpf_filter[6].k = ntohs ((short)local_port); -+ } else { -+ /* Set up the bpf filter program structure. -+ This is defined in bpf.c */ -+ p.len = dhcp_bpf_filter_len; -+ p.filter = dhcp_bpf_filter; -+ -+ /* Patch the server port into the LPF program... -+ XXX changes to filter program may require changes -+ to the insn number(s) used below! XXX */ -+ dhcp_bpf_filter [8].k = ntohs ((short)local_port); -+ } - - if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p, - sizeof p) < 0) { -@@ -315,6 +352,54 @@ static void lpf_tr_filter_setup (info) - #endif /* USE_LPF_RECEIVE */ - - #ifdef USE_LPF_SEND -+ssize_t send_packet_ib(interface, packet, raw, len, from, to, hto) -+ struct interface_info *interface; -+ struct packet *packet; -+ struct dhcp_packet *raw; -+ size_t len; -+ struct in_addr from; -+ struct sockaddr_in *to; -+ struct hardware *hto; -+{ -+ unsigned ibufp = 0; -+ double ih [1536 / sizeof (double)]; -+ unsigned char *buf = (unsigned char *)ih; -+ ssize_t result; -+ -+ union sockunion { -+ struct sockaddr sa; -+ struct sockaddr_ll sll; -+ struct sockaddr_storage ss; -+ } su; -+ -+ assemble_udp_ip_header (interface, buf, &ibufp, from.s_addr, -+ to->sin_addr.s_addr, to->sin_port, -+ (unsigned char *)raw, len); -+ memcpy (buf + ibufp, raw, len); -+ -+ memset(&su, 0, sizeof(su)); -+ su.sll.sll_family = AF_PACKET; -+ su.sll.sll_protocol = htons(ETHERTYPE_IP); -+ -+ if (!(su.sll.sll_ifindex = if_nametoindex(interface->name))) { -+ errno = ENOENT; -+ log_error ("send_packet_ib: %m - failed to get if index"); -+ return -1; -+ } -+ -+ su.sll.sll_hatype = htons(HTYPE_INFINIBAND); -+ su.sll.sll_halen = sizeof(interface->bcast_addr); -+ memcpy(&su.sll.sll_addr, interface->bcast_addr, 20); -+ -+ result = sendto(interface->wfdesc, buf, ibufp + len, 0, -+ &su.sa, sizeof(su)); -+ -+ if (result < 0) -+ log_error ("send_packet_ib: %m"); -+ -+ return result; -+} -+ - ssize_t send_packet (interface, packet, raw, len, from, to, hto) - struct interface_info *interface; - struct packet *packet; -@@ -335,6 +420,11 @@ ssize_t send_packet (interface, packet, - return send_fallback (interface, packet, raw, - len, from, to, hto); - -+ if (interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) { -+ return send_packet_ib(interface, packet, raw, len, from, -+ to, hto); -+ } -+ - if (hto == NULL && interface->anycast_mac_addr.hlen) - hto = &interface->anycast_mac_addr; - -@@ -356,6 +446,42 @@ ssize_t send_packet (interface, packet, - #endif /* USE_LPF_SEND */ - - #ifdef USE_LPF_RECEIVE -+ssize_t receive_packet_ib (interface, buf, len, from, hfrom) -+ struct interface_info *interface; -+ unsigned char *buf; -+ size_t len; -+ struct sockaddr_in *from; -+ struct hardware *hfrom; -+{ -+ int length = 0; -+ int offset = 0; -+ unsigned char ibuf [1536]; -+ unsigned bufix = 0; -+ unsigned paylen; -+ -+ length = read(interface->rfdesc, ibuf, sizeof(ibuf)); -+ -+ if (length <= 0) -+ return length; -+ -+ offset = decode_udp_ip_header(interface, ibuf, bufix, from, -+ (unsigned)length, &paylen, 0); -+ -+ if (offset < 0) -+ return 0; -+ -+ bufix += offset; -+ length -= offset; -+ -+ if (length < paylen) -+ log_fatal("Internal inconsistency at %s:%d.", MDL); -+ -+ /* Copy out the data in the packet... */ -+ memcpy(buf, &ibuf[bufix], paylen); -+ -+ return (ssize_t)paylen; -+} -+ - ssize_t receive_packet (interface, buf, len, from, hfrom) - struct interface_info *interface; - unsigned char *buf; -@@ -382,6 +508,10 @@ ssize_t receive_packet (interface, buf, - }; - struct cmsghdr *cmsg; - -+ if (interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) { -+ return receive_packet_ib(interface, buf, len, from, hfrom); -+ } -+ - length = recvmsg (interface -> rfdesc, &msg, 0); - if (length <= 0) - return length; -@@ -462,33 +592,44 @@ void maybe_setup_fallback () - } - - void --get_hw_addr(const char *name, struct hardware *hw) { -- int sock; -- struct ifreq tmp; -- struct sockaddr *sa; -+get_hw_addr(struct interface_info *info) -+{ -+ struct hardware *hw = &info->hw_address; -+ char *name = info->name; -+ struct ifaddrs *ifaddrs; -+ struct ifaddrs *ifa; -+ struct sockaddr_ll *sll = NULL; - -- if (strlen(name) >= sizeof(tmp.ifr_name)) { -- log_fatal("Device name too long: "%s"", name); -- } -+ if (getifaddrs(&ifaddrs) == -1) -+ log_fatal("Failed to get interfaces"); - -- sock = socket(AF_INET, SOCK_DGRAM, 0); -- if (sock < 0) { -- log_fatal("Can't create socket for "%s": %m", name); -+ for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { -+ -+ if (ifa->ifa_addr == NULL) -+ continue; -+ -+ if (ifa->ifa_addr->sa_family != AF_PACKET) -+ continue; -+ -+ if (ifa->ifa_flags & IFF_LOOPBACK) -+ continue; -+ -+ if (strcmp(ifa->ifa_name, name) == 0) { -+ sll = (struct sockaddr_ll *)(void *)ifa->ifa_addr; -+ break; -+ } - } - -- memset(&tmp, 0, sizeof(tmp)); -- strcpy(tmp.ifr_name, name); -- if (ioctl(sock, SIOCGIFHWADDR, &tmp) < 0) { -- log_fatal("Error getting hardware address for "%s": %m", -- name); -+ if (sll == NULL) { -+ freeifaddrs(ifaddrs); -+ log_fatal("Failed to get HW address for %s\n", name); - } - -- sa = &tmp.ifr_hwaddr; -- switch (sa->sa_family) { -+ switch (sll->sll_hatype) { - case ARPHRD_ETHER: - hw->hlen = 7; - hw->hbuf[0] = HTYPE_ETHER; -- memcpy(&hw->hbuf[1], sa->sa_data, 6); -+ memcpy(&hw->hbuf[1], sll->sll_addr, 6); - break; - case ARPHRD_IEEE802: - #ifdef ARPHRD_IEEE802_TR -@@ -496,18 +637,35 @@ get_hw_addr(const char *name, struct har - #endif /* ARPHRD_IEEE802_TR */ - hw->hlen = 7; - hw->hbuf[0] = HTYPE_IEEE802; -- memcpy(&hw->hbuf[1], sa->sa_data, 6); -+ memcpy(&hw->hbuf[1], sll->sll_addr, 6); - break; - case ARPHRD_FDDI: - hw->hlen = 17; - hw->hbuf[0] = HTYPE_FDDI; -- memcpy(&hw->hbuf[1], sa->sa_data, 16); -+ memcpy(&hw->hbuf[1], sll->sll_addr, 16); -+ break; -+ case ARPHRD_INFINIBAND: -+ /* For Infiniband, save the broadcast address and store -+ * the port GUID into the hardware address. -+ */ -+ if (ifa->ifa_flags & IFF_BROADCAST) { -+ struct sockaddr_ll *bll; -+ -+ bll = (struct sockaddr_ll *)ifa->ifa_broadaddr; -+ memcpy(&info->bcast_addr, bll->sll_addr, 20); -+ } else { -+ memcpy(&info->bcast_addr, default_ib_bcast_addr, -+ 20); -+ } -+ -+ hw->hlen = 1; -+ hw->hbuf[0] = HTYPE_INFINIBAND; - break; - #if defined(ARPHRD_PPP) - case ARPHRD_PPP: - if (local_family != AF_INET6) -- log_fatal("Unsupported device type %d for "%s"", -- sa->sa_family, name); -+ log_fatal("Unsupported device type %ld for "%s"", -+ (long int)sll->sll_family, name); - hw->hlen = 0; - hw->hbuf[0] = HTYPE_RESERVED; - /* 0xdeadbeef should never occur on the wire, -@@ -520,10 +678,11 @@ get_hw_addr(const char *name, struct har - break; - #endif - default: -+ freeifaddrs(ifaddrs); - log_fatal("Unsupported device type %ld for "%s"", -- (long int)sa->sa_family, name); -+ (long int)sll->sll_family, name); - } - -- close(sock); -+ freeifaddrs(ifaddrs); - } - #endif -diff -up dhcp-4.2.2/common/socket.c.lpf-ib dhcp-4.2.2/common/socket.c ---- dhcp-4.2.2/common/socket.c.lpf-ib 2011-06-27 18:18:20.000000000 +0200 -+++ dhcp-4.2.2/common/socket.c 2011-09-19 11:24:08.705775490 +0200 -@@ -324,7 +324,7 @@ void if_register_send (info) - info->wfdesc = if_register_socket(info, AF_INET, 0); - /* If this is a normal IPv4 address, get the hardware address. */ - if (strcmp(info->name, "fallback") != 0) -- get_hw_addr(info->name, &info->hw_address); -+ get_hw_addr(info); - #if defined (USE_SOCKET_FALLBACK) - /* Fallback only registers for send, but may need to receive as - well. */ -@@ -387,7 +387,7 @@ void if_register_receive (info) - #endif /* IP_PKTINFO... */ - /* If this is a normal IPv4 address, get the hardware address. */ - if (strcmp(info->name, "fallback") != 0) -- get_hw_addr(info->name, &info->hw_address); -+ get_hw_addr(info); - - if (!quiet_interface_discovery) - log_info ("Listening on Socket/%s%s%s", -@@ -497,7 +497,7 @@ if_register6(struct interface_info *info - if (req_multi) - if_register_multicast(info); - -- get_hw_addr(info->name, &info->hw_address); -+ get_hw_addr(info); - - if (!quiet_interface_discovery) { - if (info->shared_network != NULL) { -diff -up dhcp-4.2.2/includes/dhcpd.h.lpf-ib dhcp-4.2.2/includes/dhcpd.h ---- dhcp-4.2.2/includes/dhcpd.h.lpf-ib 2011-09-19 11:24:08.696775721 +0200 -+++ dhcp-4.2.2/includes/dhcpd.h 2011-09-19 11:24:08.707775438 +0200 -@@ -1243,6 +1243,7 @@ struct interface_info { - struct shared_network *shared_network; - /* Networks connected to this interface. */ - struct hardware hw_address; /* Its physical address. */ -+ u_int8_t bcast_addr[20]; /* Infiniband broadcast address */ - struct in_addr *addresses; /* Addresses associated with this - * interface. - */ -@@ -2356,7 +2357,7 @@ void print_dns_status (int, struct dhcp_ - #endif - const char *print_time(TIME); - --void get_hw_addr(const char *name, struct hardware *hw); -+void get_hw_addr(struct interface_info *info); - - /* socket.c */ - #if defined (USE_SOCKET_SEND) || defined (USE_SOCKET_RECEIVE) \ -diff -up dhcp-4.2.2/includes/dhcp.h.lpf-ib dhcp-4.2.2/includes/dhcp.h ---- dhcp-4.2.2/includes/dhcp.h.lpf-ib 2011-09-19 11:24:08.696775721 +0200 -+++ dhcp-4.2.2/includes/dhcp.h 2011-09-19 11:24:08.707775438 +0200 -@@ -79,6 +79,7 @@ struct dhcp_packet { - #define HTYPE_ETHER 1 /* Ethernet 10Mbps */ - #define HTYPE_IEEE802 6 /* IEEE 802.2 Token Ring... */ - #define HTYPE_FDDI 8 /* FDDI... */ -+#define HTYPE_INFINIBAND 32 /* Infiniband IPoIB */ - - #define HTYPE_RESERVED 0 /* RFC 5494 */ - diff --git a/src/patches/dhcp-4.2.2-options.patch b/src/patches/dhcp-4.2.2-options.patch deleted file mode 100644 index 32e2add..0000000 --- a/src/patches/dhcp-4.2.2-options.patch +++ /dev/null @@ -1,401 +0,0 @@ -diff -up dhcp-4.2.2b1/client/clparse.c.options dhcp-4.2.2b1/client/clparse.c ---- dhcp-4.2.2b1/client/clparse.c.options 2011-04-21 16:08:14.000000000 +0200 -+++ dhcp-4.2.2b1/client/clparse.c 2011-07-01 13:51:52.935755570 +0200 -@@ -146,6 +146,7 @@ isc_result_t read_client_conf () - /* Requested lease time, used by DHCPv6 (DHCPv4 uses the option cache) - */ - top_level_config.requested_lease = 7200; -+ top_level_config.bootp_broadcast_always = 0; - - group_allocate (&top_level_config.on_receipt, MDL); - if (!top_level_config.on_receipt) -@@ -313,7 +314,8 @@ void read_client_leases () - interface-declaration | - LEASE client-lease-statement | - ALIAS client-lease-statement | -- KEY key-definition */ -+ KEY key-definition | -+ BOOTP_BROADCAST_ALWAYS */ - - void parse_client_statement (cfile, ip, config) - struct parse *cfile; -@@ -732,6 +734,12 @@ void parse_client_statement (cfile, ip, - parse_reject_statement (cfile, config); - return; - -+ case BOOTP_BROADCAST_ALWAYS: -+ token = next_token(&val, (unsigned*)0, cfile); -+ config -> bootp_broadcast_always = 1; -+ parse_semi (cfile); -+ return; -+ - default: - lose = 0; - stmt = (struct executable_statement *)0; -diff -up dhcp-4.2.2b1/client/dhclient.c.options dhcp-4.2.2b1/client/dhclient.c ---- dhcp-4.2.2b1/client/dhclient.c.options 2011-05-11 16:20:59.000000000 +0200 -+++ dhcp-4.2.2b1/client/dhclient.c 2011-07-01 13:51:52.936755545 +0200 -@@ -39,6 +39,12 @@ - #include <limits.h> - #include <dns/result.h> - -+/* -+ * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define -+ * that when building ISC code. -+ */ -+extern int asprintf(char **strp, const char *fmt, ...); -+ - TIME default_lease_time = 43200; /* 12 hours... */ - TIME max_lease_time = 86400; /* 24 hours... */ - -@@ -87,6 +93,9 @@ int wanted_ia_na = -1; /* the absolute - int wanted_ia_ta = 0; - int wanted_ia_pd = 0; - char *mockup_relay = NULL; -+int bootp_broadcast_always = 0; -+ -+extern u_int32_t default_requested_options[]; - - void run_stateless(int exit_mode); - -@@ -123,6 +132,15 @@ main(int argc, char **argv) { - int local_family_set = 0; - #endif /* DHCPv6 */ - char *s; -+ char *dhcp_client_identifier_arg = NULL; -+ char *dhcp_host_name_arg = NULL; -+ char *dhcp_fqdn_arg = NULL; -+ char *dhcp_vendor_class_identifier_arg = NULL; -+ char *dhclient_request_options = NULL; -+ -+ int timeout_arg = 0; -+ char *arg_conf = NULL; -+ int arg_conf_len = 0; - - /* Initialize client globals. */ - memset(&default_duid, 0, sizeof(default_duid)); -@@ -310,6 +328,88 @@ main(int argc, char **argv) { - } else if (!strcmp(argv[i], "--version")) { - log_info("isc-dhclient-%s", PACKAGE_VERSION); - exit(0); -+ } else if (!strcmp(argv[i], "-I")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { -+ log_error("-I option dhcp-client-identifier string "%s" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); -+ exit(1); -+ } -+ -+ dhcp_client_identifier_arg = argv[i]; -+ } else if (!strcmp(argv[i], "-B")) { -+ bootp_broadcast_always = 1; -+ } else if (!strcmp(argv[i], "-H")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { -+ log_error("-H option host-name string "%s" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); -+ exit(1); -+ } -+ -+ if (dhcp_host_name_arg != NULL) { -+ log_error("The -H <host-name> and -F <fqdn> arguments are mutually exclusive"); -+ exit(1); -+ } -+ -+ dhcp_host_name_arg = argv[i]; -+ } else if (!strcmp(argv[i], "-F")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { -+ log_error("-F option fqdn.fqdn string "%s" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); -+ exit(1); -+ } -+ -+ if (dhcp_fqdn_arg != NULL) { -+ log_error("Only one -F <fqdn> argument can be specified"); -+ exit(1); -+ } -+ -+ if (dhcp_host_name_arg != NULL) { -+ log_error("The -F <fqdn> and -H <host-name> arguments are mutually exclusive"); -+ exit(1); -+ } -+ -+ dhcp_fqdn_arg = argv[i]; -+ } else if (!strcmp(argv[i], "-timeout")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ if ((timeout_arg = atoi(argv[i])) <= 0) { -+ log_error("-T timeout option must be > 0 - bad value: %s",argv[i]); -+ exit(1); -+ } -+ } else if (!strcmp(argv[i], "-V")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { -+ log_error("-V option vendor-class-identifier string "%s" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); -+ exit(1); -+ } -+ -+ dhcp_vendor_class_identifier_arg = argv[i]; -+ } else if (!strcmp(argv[i], "-R")) { -+ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { -+ usage(); -+ exit(1); -+ } -+ -+ dhclient_request_options = argv[i]; - } else if (argv[i][0] == '-') { - usage(); - } else if (interfaces_requested < 0) { -@@ -484,6 +584,166 @@ main(int argc, char **argv) { - /* Parse the dhclient.conf file. */ - read_client_conf(); - -+ /* Parse any extra command line configuration arguments: */ -+ if ((dhcp_client_identifier_arg != NULL) && (*dhcp_client_identifier_arg != '\0')) { -+ arg_conf_len = asprintf(&arg_conf, "send dhcp-client-identifier "%s";", dhcp_client_identifier_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -I option dhcp-client-identifier"); -+ } -+ -+ if ((dhcp_host_name_arg != NULL) && (*dhcp_host_name_arg != '\0')) { -+ if (arg_conf == 0) { -+ arg_conf_len = asprintf(&arg_conf, "send host-name "%s";", dhcp_host_name_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -H option host-name"); -+ } else { -+ char *last_arg_conf = arg_conf; -+ arg_conf = NULL; -+ arg_conf_len = asprintf(&arg_conf, "%s\nsend host-name "%s";", last_arg_conf, dhcp_host_name_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -H option host-name"); -+ -+ free(last_arg_conf); -+ } -+ } -+ -+ if ((dhcp_fqdn_arg != NULL) && (*dhcp_fqdn_arg != '\0')) { -+ if (arg_conf == 0) { -+ arg_conf_len = asprintf(&arg_conf, "send fqdn.fqdn "%s";", dhcp_fqdn_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -F option fqdn.fqdn"); -+ } else { -+ char *last_arg_conf = arg_conf; -+ arg_conf = NULL; -+ arg_conf_len = asprintf(&arg_conf, "%s\nsend fqdn.fqdn "%s";", last_arg_conf, dhcp_fqdn_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -F option fqdn.fqdn"); -+ -+ free(last_arg_conf); -+ } -+ } -+ -+ if (timeout_arg) { -+ if (arg_conf == 0) { -+ arg_conf_len = asprintf(&arg_conf, "timeout %d;", timeout_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to process -timeout timeout argument"); -+ } else { -+ char *last_arg_conf = arg_conf; -+ arg_conf = NULL; -+ arg_conf_len = asprintf(&arg_conf, "%s\ntimeout %d;", last_arg_conf, timeout_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len == 0)) -+ log_fatal("Unable to process -timeout timeout argument"); -+ -+ free(last_arg_conf); -+ } -+ } -+ -+ if ((dhcp_vendor_class_identifier_arg != NULL) && (*dhcp_vendor_class_identifier_arg != '\0')) { -+ if (arg_conf == 0) { -+ arg_conf_len = asprintf(&arg_conf, "send vendor-class-identifier "%s";", dhcp_vendor_class_identifier_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -V option vendor-class-identifier"); -+ } else { -+ char *last_arg_conf = arg_conf; -+ arg_conf = NULL; -+ arg_conf_len = asprintf(&arg_conf, "%s\nsend vendor-class-identifier "%s";", last_arg_conf, dhcp_vendor_class_identifier_arg); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to send -V option vendor-class-identifier"); -+ -+ free(last_arg_conf); -+ } -+ } -+ -+ if (dhclient_request_options != NULL) { -+ if (arg_conf == 0) { -+ arg_conf_len = asprintf(&arg_conf, "request %s;", dhclient_request_options); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to parse -R <request options list> argument"); -+ } else { -+ char *last_arg_conf = arg_conf; -+ arg_conf = NULL; -+ arg_conf_len = asprintf(&arg_conf, "%s\nrequest %s;", last_arg_conf, dhclient_request_options); -+ -+ if ((arg_conf == 0) || (arg_conf_len <= 0)) -+ log_fatal("Unable to parse -R <request options list> argument"); -+ -+ free(last_arg_conf); -+ } -+ } -+ -+ if (arg_conf) { -+ if (arg_conf_len == 0) -+ if ((arg_conf_len = strlen(arg_conf)) == 0) -+ /* huh ? cannot happen ! */ -+ log_fatal("Unable to process -I/-H/-F/-timeout/-V/-R configuration arguments"); -+ -+ /* parse the extra dhclient.conf configuration arguments -+ * into top level config: */ -+ struct parse *cfile = (struct parse *)0; -+ const char *val = NULL; -+ int token; -+ -+ status = new_parse(&cfile, -1, arg_conf, arg_conf_len, "extra dhclient -I/-H/-F/-timeout/-V/-R configuration arguments", 0); -+ -+ if ((status != ISC_R_SUCCESS) || (cfile -> warnings_occurred)) -+ log_fatal("Cannot parse -I/-H/-F/-timeout/-V/-R configuration arguments !"); -+ /* more detailed parse failures will be logged */ -+ -+ do { -+ token = peek_token(&val, (unsigned *)0, cfile); -+ if (token == END_OF_FILE) -+ break; -+ -+ parse_client_statement(cfile, (struct interface_info *)0, &top_level_config); -+ } while (1); -+ -+ if (cfile -> warnings_occurred) -+ log_fatal("Cannot parse -I/-H/-F/-timeout/-V/-R configuration arguments !"); -+ end_parse(&cfile); -+ -+ if (timeout_arg) { -+ /* we just set the toplevel timeout, but per-client -+ * timeouts may still be at defaults. Also, it makes no -+ * sense having the reboot_timeout or backoff_cutoff -+ * greater than the timeout: -+ */ -+ if ((top_level_config.backoff_cutoff == 15) && (top_level_config.backoff_cutoff > (timeout_arg / 2))) -+ top_level_config.backoff_cutoff = (((unsigned long)(timeout_arg / 2)) == 0) ? timeout_arg : (unsigned long)(timeout_arg / 2); -+ -+ for (ip=interfaces; ip; ip = ip->next) { -+ if (ip->client->config->timeout == 60) -+ ip->client->config->timeout = timeout_arg; -+ -+ if ((ip->client->config->reboot_timeout == 10) && (ip->client->config->reboot_timeout > ip->client->config->timeout)) -+ ip->client->config->reboot_timeout = ip->client->config->timeout; -+ if ((ip->client->config->backoff_cutoff == 15) && (ip->client->config->backoff_cutoff > top_level_config.backoff_cutoff)) -+ ip->client->config->backoff_cutoff = top_level_config.backoff_cutoff; -+ } -+ } -+ -+ if ((dhclient_request_options != 0) && (top_level_config.requested_options != default_requested_options)) { -+ for (ip=interfaces; ip; ip = ip->next) { -+ if (ip->client->config->requested_options == default_requested_options) -+ ip->client->config->requested_options = top_level_config.requested_options; -+ } -+ } -+ -+ free(arg_conf); -+ arg_conf = NULL; -+ arg_conf_len = 0; -+ } -+ - /* Parse the lease database. */ - read_client_leases(); - -@@ -2397,7 +2657,8 @@ void make_discover (client, lease) - client -> packet.xid = random (); - client -> packet.secs = 0; /* filled in by send_discover. */ - -- if (can_receive_unicast_unconfigured (client -> interface)) -+ if ((!(bootp_broadcast_always || client->config->bootp_broadcast_always)) -+ && can_receive_unicast_unconfigured(client->interface)) - client -> packet.flags = 0; - else - client -> packet.flags = htons (BOOTP_BROADCAST); -@@ -2481,7 +2742,9 @@ void make_request (client, lease) - } else { - memset (&client -> packet.ciaddr, 0, - sizeof client -> packet.ciaddr); -- if (can_receive_unicast_unconfigured (client -> interface)) -+ if ((!(bootp_broadcast_always || -+ client ->config->bootp_broadcast_always)) && -+ can_receive_unicast_unconfigured (client -> interface)) - client -> packet.flags = 0; - else - client -> packet.flags = htons (BOOTP_BROADCAST); -@@ -2543,7 +2806,8 @@ void make_decline (client, lease) - client -> packet.hops = 0; - client -> packet.xid = client -> xid; - client -> packet.secs = 0; /* Filled in by send_request. */ -- if (can_receive_unicast_unconfigured (client -> interface)) -+ if ((!(bootp_broadcast_always || client->config-> bootp_broadcast_always)) -+ && can_receive_unicast_unconfigured (client->interface)) - client -> packet.flags = 0; - else - client -> packet.flags = htons (BOOTP_BROADCAST); -diff -up dhcp-4.2.2b1/common/conflex.c.options dhcp-4.2.2b1/common/conflex.c ---- dhcp-4.2.2b1/common/conflex.c.options 2011-05-11 16:20:59.000000000 +0200 -+++ dhcp-4.2.2b1/common/conflex.c 2011-07-01 13:51:52.938755494 +0200 -@@ -808,6 +808,8 @@ intern(char *atom, enum dhcp_token dfv) - return BALANCE; - if (!strcasecmp (atom + 1, "ound")) - return BOUND; -+ if (!strcasecmp (atom + 1, "ootp-broadcast-always")) -+ return BOOTP_BROADCAST_ALWAYS; - break; - case 'c': - if (!strcasecmp(atom + 1, "ase")) -diff -up dhcp-4.2.2b1/includes/dhcpd.h.options dhcp-4.2.2b1/includes/dhcpd.h ---- dhcp-4.2.2b1/includes/dhcpd.h.options 2011-05-20 16:21:11.000000000 +0200 -+++ dhcp-4.2.2b1/includes/dhcpd.h 2011-07-01 13:51:52.940755442 +0200 -@@ -1147,6 +1147,9 @@ struct client_config { - int do_forward_update; /* If nonzero, and if we have the - information we need, update the - A record for the address we get. */ -+ -+ int bootp_broadcast_always; /* If nonzero, always set the BOOTP_BROADCAST -+ flag in requests */ - }; - - /* Per-interface state used in the dhcp client... */ -diff -up dhcp-4.2.2b1/includes/dhctoken.h.options dhcp-4.2.2b1/includes/dhctoken.h ---- dhcp-4.2.2b1/includes/dhctoken.h.options 2011-05-12 14:02:47.000000000 +0200 -+++ dhcp-4.2.2b1/includes/dhctoken.h 2011-07-01 13:53:43.316861637 +0200 -@@ -361,7 +361,8 @@ enum dhcp_token { - GETHOSTNAME = 662, - REWIND = 663, - INITIAL_DELAY = 664, -- GETHOSTBYNAME = 665 -+ GETHOSTBYNAME = 665, -+ BOOTP_BROADCAST_ALWAYS = 666 - }; - - #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/src/patches/dhcp-4.2.2-remove-bind.patch b/src/patches/dhcp-4.2.2-remove-bind.patch deleted file mode 100644 index 6297772..0000000 --- a/src/patches/dhcp-4.2.2-remove-bind.patch +++ /dev/null @@ -1,149 +0,0 @@ -diff -up dhcp-4.2.2/client/Makefile.am.rh637017 dhcp-4.2.2/client/Makefile.am ---- dhcp-4.2.2/client/Makefile.am.rh637017 2010-09-15 00:32:36.000000000 +0200 -+++ dhcp-4.2.2/client/Makefile.am 2011-08-11 17:28:58.923897561 +0200 -@@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c - scripts/netbsd scripts/nextstep scripts/openbsd \ - scripts/solaris scripts/openwrt - dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- ../bind/lib/libdns.a ../bind/lib/libisc.a -+ $(BIND9_LIBDIR) -ldns-export -lisc-export - man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 - EXTRA_DIST = $(man_MANS) - -diff -up dhcp-4.2.2/common/tests/Makefile.am.rh637017 dhcp-4.2.2/common/tests/Makefile.am ---- dhcp-4.2.2/common/tests/Makefile.am.rh637017 2009-10-28 05:12:30.000000000 +0100 -+++ dhcp-4.2.2/common/tests/Makefile.am 2011-08-11 17:33:45.258637236 +0200 -@@ -6,6 +6,5 @@ TESTS = test_alloc - - test_alloc_SOURCES = test_alloc.c - test_alloc_LDADD = ../libdhcp.a ../../tests/libt_api.a \ -- ../../omapip/libomapi.a ../../bind/lib/libdns.a \ -- ../../bind/lib/libisc.a -- -+ ../../omapip/libomapi.a \ -+ $(BIND9_LIBDIR) -ldns-export -lisc-export -diff -up dhcp-4.2.2/configure.ac.rh637017 dhcp-4.2.2/configure.ac ---- dhcp-4.2.2/configure.ac.rh637017 2011-07-20 02:32:18.000000000 +0200 -+++ dhcp-4.2.2/configure.ac 2011-08-11 17:28:58.924897535 +0200 -@@ -512,20 +512,37 @@ AC_CHECK_MEMBER(struct msghdr.msg_contro - libbind= - AC_ARG_WITH(libbind, - AC_HELP_STRING([--with-libbind=PATH], -- [bind includes and libraries are in PATH -- (default is ./bind)]), -+ [bind includes are in PATH -+ (default is ./bind/includes)]), - use_libbind="$withval", use_libbind="no") - case "$use_libbind" in -+yes|no) -+ libbind="${top_srcdir}/bind/include" -+ ;; -+*) -+ libbind="$use_libbind" -+ ;; -+esac -+ -+BIND9_LIBDIR='-L$(top_builddir)/bind/lib' -+AC_ARG_WITH(libbind-libs, -+ AC_HELP_STRING([--with-libbind-libs=PATH], -+ [bind9 export libraries are in PATH]), -+ [libbind_libs="$withval"], [libbind_libs='no']) -+case "$libbind_libs" in - yes) -- libbind="${top_srcdir}/bind" -+ AC_MSG_ERROR([Specify path to bind9 libraries]) - ;; - no) -- libbind="${top_srcdir}/bind" -+ BUNDLED_BIND=yes - ;; - *) -- libbind="$use_libbind" -+ BIND9_LIBDIR="-L$libbind_libs" -+ BUNDLED_BIND=no - ;; - esac -+AM_CONDITIONAL([BUNDLED_BIND], [test "$BUNDLED_BIND" = yes]) -+AC_SUBST([BIND9_LIBDIR]) - - # OpenLDAP support. - AC_ARG_WITH(ldap, -@@ -562,7 +579,7 @@ fi - CFLAGS="$CFLAGS $STD_CWARNINGS" - - # Try to add the bind include directory --CFLAGS="$CFLAGS -I$libbind/include" -+CFLAGS="$CFLAGS -I$libbind" - - AC_C_FLEXIBLE_ARRAY_MEMBER - -diff -up dhcp-4.2.2/dhcpctl/Makefile.am.rh637017 dhcp-4.2.2/dhcpctl/Makefile.am ---- dhcp-4.2.2/dhcpctl/Makefile.am.rh637017 2009-10-28 05:12:30.000000000 +0100 -+++ dhcp-4.2.2/dhcpctl/Makefile.am 2011-08-11 17:28:58.924897535 +0200 -@@ -6,10 +6,10 @@ EXTRA_DIST = $(man_MANS) - - omshell_SOURCES = omshell.c - omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ -- ../bind/lib/libdns.a ../bind/lib/libisc.a -+ $(BIND9_LIBDIR) -ldns-export -lisc-export - - libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c - - cltest_SOURCES = cltest.c - cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ -- ../bind/lib/libdns.a ../bind/lib/libisc.a -\ No newline at end of file -+ $(BIND9_LIBDIR) -ldns-export -lisc-export -diff -up dhcp-4.2.2/Makefile.am.rh637017 dhcp-4.2.2/Makefile.am ---- dhcp-4.2.2/Makefile.am.rh637017 2010-03-25 00:30:38.000000000 +0100 -+++ dhcp-4.2.2/Makefile.am 2011-08-11 17:28:58.925897509 +0200 -@@ -21,7 +21,13 @@ EXTRA_DIST = RELNOTES LICENSE \ - util/bindvar.sh \ - bind/Makefile bind/bind.tar.gz bind/version.tmp - --SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server -+if BUNDLED_BIND -+SUBDIRS = bind -+else -+SUBDIRS = -+endif -+ -+SUBDIRS += includes tests common dst omapip client dhcpctl relay server - - nobase_include_HEADERS = dhcpctl/dhcpctl.h - -diff -up dhcp-4.2.2/omapip/Makefile.am.rh637017 dhcp-4.2.2/omapip/Makefile.am ---- dhcp-4.2.2/omapip/Makefile.am.rh637017 2010-02-12 01:13:54.000000000 +0100 -+++ dhcp-4.2.2/omapip/Makefile.am 2011-08-11 17:28:58.939897149 +0200 -@@ -10,5 +10,5 @@ man_MANS = omapi.3 - EXTRA_DIST = $(man_MANS) - - svtest_SOURCES = test.c --svtest_LDADD = libomapi.a ../bind/lib/libdns.a ../bind/lib/libisc.a -+svtest_LDADD = libomapi.a $(BIND9_LIBDIR) -ldns-export -lisc-export - -diff -up dhcp-4.2.2/relay/Makefile.am.rh637017 dhcp-4.2.2/relay/Makefile.am ---- dhcp-4.2.2/relay/Makefile.am.rh637017 2009-10-28 05:12:30.000000000 +0100 -+++ dhcp-4.2.2/relay/Makefile.am 2011-08-11 17:28:58.940897123 +0200 -@@ -3,7 +3,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst - sbin_PROGRAMS = dhcrelay - dhcrelay_SOURCES = dhcrelay.c - dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- ../bind/lib/libdns.a ../bind/lib/libisc.a -+ $(BIND9_LIBDIR) -ldns-export -lisc-export - man_MANS = dhcrelay.8 - EXTRA_DIST = $(man_MANS) - -diff -up dhcp-4.2.2/server/Makefile.am.rh637017 dhcp-4.2.2/server/Makefile.am ---- dhcp-4.2.2/server/Makefile.am.rh637017 2010-03-24 22:49:47.000000000 +0100 -+++ dhcp-4.2.2/server/Makefile.am 2011-08-11 17:28:58.944897021 +0200 -@@ -8,8 +8,7 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c - - dhcpd_CFLAGS = $(LDAP_CFLAGS) - dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- ../dhcpctl/libdhcpctl.a ../bind/lib/libdns.a \ -- ../bind/lib/libisc.a -+ ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export - - man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 - EXTRA_DIST = $(man_MANS) diff --git a/src/patches/dhcp-4.2.2-rfc3442-classless-static-routes.patch b/src/patches/dhcp-4.2.2-rfc3442-classless-static-routes.patch deleted file mode 100644 index 0a0bfcb..0000000 --- a/src/patches/dhcp-4.2.2-rfc3442-classless-static-routes.patch +++ /dev/null @@ -1,405 +0,0 @@ -diff -up dhcp-4.2.2b1/client/clparse.c.rfc3442 dhcp-4.2.2b1/client/clparse.c ---- dhcp-4.2.2b1/client/clparse.c.rfc3442 2011-07-01 14:22:38.031534508 +0200 -+++ dhcp-4.2.2b1/client/clparse.c 2011-07-01 14:22:38.128532940 +0200 -@@ -37,7 +37,7 @@ - - struct client_config top_level_config; - --#define NUM_DEFAULT_REQUESTED_OPTS 14 -+#define NUM_DEFAULT_REQUESTED_OPTS 15 - struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1]; - - static void parse_client_default_duid(struct parse *cfile); -@@ -82,7 +82,11 @@ isc_result_t read_client_conf () - dhcp_universe.code_hash, &code, 0, MDL); - - /* 4 */ -- code = DHO_ROUTERS; -+ /* The Classless Static Routes option code MUST appear in the parameter -+ * request list prior to both the Router option code and the Static -+ * Routes option code, if present. (RFC3442) -+ */ -+ code = DHO_CLASSLESS_STATIC_ROUTES; - option_code_hash_lookup(&default_requested_options[3], - dhcp_universe.code_hash, &code, 0, MDL); - -@@ -136,6 +140,11 @@ isc_result_t read_client_conf () - option_code_hash_lookup(&default_requested_options[13], - dhcp_universe.code_hash, &code, 0, MDL); - -+ /* 15 */ -+ code = DHO_ROUTERS; -+ option_code_hash_lookup(&default_requested_options[14], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ - for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { - if (default_requested_options[code] == NULL) - log_fatal("Unable to find option definition for " -diff -up dhcp-4.2.2b1/common/dhcp-options.5.rfc3442 dhcp-4.2.2b1/common/dhcp-options.5 ---- dhcp-4.2.2b1/common/dhcp-options.5.rfc3442 2011-07-01 14:22:38.020534686 +0200 -+++ dhcp-4.2.2b1/common/dhcp-options.5 2011-07-01 14:22:38.129532924 +0200 -@@ -115,6 +115,26 @@ hexadecimal, separated by colons. For - or - option dhcp-client-identifier 43:4c:49:45:54:2d:46:4f:4f; - .fi -+.PP -+The -+.B destination-descriptor -+describe the IP subnet number and subnet mask -+of a particular destination using a compact encoding. This encoding -+consists of one octet describing the width of the subnet mask, -+followed by all the significant octets of the subnet number. -+The following table contains some examples of how various subnet -+number/mask combinations can be encoded: -+.nf -+.sp 1 -+Subnet number Subnet mask Destination descriptor -+0 0 0 -+10.0.0.0 255.0.0.0 8.10 -+10.0.0.0 255.255.255.0 24.10.0.0 -+10.17.0.0 255.255.0.0 16.10.17 -+10.27.129.0 255.255.255.0 24.10.27.129 -+10.229.0.128 255.255.255.128 25.10.229.0.128 -+10.198.122.47 255.255.255.255 32.10.198.122.47 -+.fi - .SH SETTING OPTION VALUES USING EXPRESSIONS - Sometimes it's helpful to be able to set the value of a DHCP option - based on some value that the client has sent. To do this, you can -@@ -931,6 +951,29 @@ dhclient-script will create routes: - .RE - .PP - .nf -+.B option \fBclassless-static-routes\fR \fIdestination-descriptor ip-address\fR -+ [\fB,\fR \fIdestination-descriptor ip-address\fR...]\fB;\fR -+.fi -+.RS 0.25i -+.PP -+This option (see RFC3442) specifies a list of classless static routes -+that the client should install in its routing cache. -+.PP -+This option can contain one or more static routes, each of which -+consists of a destination descriptor and the IP address of the router -+that should be used to reach that destination. -+.PP -+Many clients may not implement the Classless Static Routes option. -+DHCP server administrators should therefore configure their DHCP -+servers to send both a Router option and a Classless Static Routes -+option, and should specify the default router(s) both in the Router -+option and in the Classless Static Routes option. -+.PP -+If the DHCP server returns both a Classless Static Routes option and -+a Router option, the DHCP client ignores the Router option. -+.RE -+.PP -+.nf - .B option \fBstreettalk-directory-assistance-server\fR \fIip-address\fR - [\fB,\fR \fIip-address\fR...]\fB;\fR - .fi -diff -up dhcp-4.2.2b1/common/inet.c.rfc3442 dhcp-4.2.2b1/common/inet.c ---- dhcp-4.2.2b1/common/inet.c.rfc3442 2011-05-11 02:47:22.000000000 +0200 -+++ dhcp-4.2.2b1/common/inet.c 2011-07-01 14:22:38.130532908 +0200 -@@ -528,6 +528,60 @@ free_iaddrcidrnetlist(struct iaddrcidrne - return ISC_R_SUCCESS; - } - -+static const char * -+inet_ntopdd(const unsigned char *src, unsigned srclen, char *dst, size_t size) -+{ -+ char tmp[sizeof("32.255.255.255.255")]; -+ int len; -+ -+ switch (srclen) { -+ case 2: -+ len = sprintf (tmp, "%u.%u", src[0], src[1]); -+ break; -+ case 3: -+ len = sprintf (tmp, "%u.%u.%u", src[0], src[1], src[2]); -+ break; -+ case 4: -+ len = sprintf (tmp, "%u.%u.%u.%u", src[0], src[1], src[2], src[3]); -+ break; -+ case 5: -+ len = sprintf (tmp, "%u.%u.%u.%u.%u", src[0], src[1], src[2], src[3], src[4]); -+ break; -+ default: -+ return NULL; -+ } -+ if (len < 0) -+ return NULL; -+ -+ if (len > size) { -+ errno = ENOSPC; -+ return NULL; -+ } -+ -+ return strcpy (dst, tmp); -+} -+ -+/* pdestdesc() turns an iaddr structure into a printable dest. descriptor */ -+const char * -+pdestdesc(const struct iaddr addr) { -+ static char pbuf[sizeof("255.255.255.255.255")]; -+ -+ if (addr.len == 0) { -+ return "<null destination descriptor>"; -+ } -+ if (addr.len == 1) { -+ return "0"; -+ } -+ if ((addr.len >= 2) && (addr.len <= 5)) { -+ return inet_ntopdd(addr.iabuf, addr.len, pbuf, sizeof(pbuf)); -+ } -+ -+ log_fatal("pdestdesc():%s:%d: Invalid destination descriptor length %d.", -+ MDL, addr.len); -+ /* quell compiler warnings */ -+ return NULL; -+} -+ - /* piaddr() turns an iaddr structure into a printable address. */ - /* XXX: should use a const pointer rather than passing the structure */ - const char * -diff -up dhcp-4.2.2b1/common/options.c.rfc3442 dhcp-4.2.2b1/common/options.c ---- dhcp-4.2.2b1/common/options.c.rfc3442 2011-03-24 22:57:13.000000000 +0100 -+++ dhcp-4.2.2b1/common/options.c 2011-07-01 14:22:38.132532876 +0200 -@@ -706,7 +706,11 @@ cons_options(struct packet *inpacket, st - * packet. - */ - priority_list[priority_len++] = DHO_SUBNET_MASK; -- priority_list[priority_len++] = DHO_ROUTERS; -+ if (lookup_option(&dhcp_universe, cfg_options, -+ DHO_CLASSLESS_STATIC_ROUTES)) -+ priority_list[priority_len++] = DHO_CLASSLESS_STATIC_ROUTES; -+ else -+ priority_list[priority_len++] = DHO_ROUTERS; - priority_list[priority_len++] = DHO_DOMAIN_NAME_SERVERS; - priority_list[priority_len++] = DHO_HOST_NAME; - priority_list[priority_len++] = DHO_FQDN; -@@ -1683,6 +1687,7 @@ const char *pretty_print_option (option, - const unsigned char *dp = data; - char comma; - unsigned long tval; -+ unsigned int octets = 0; - - if (emit_commas) - comma = ','; -@@ -1691,6 +1696,7 @@ const char *pretty_print_option (option, - - memset (enumbuf, 0, sizeof enumbuf); - -+ if (option->format[0] != 'R') { /* see explanation lower */ - /* Figure out the size of the data. */ - for (l = i = 0; option -> format [i]; i++, l++) { - if (l >= sizeof(fmtbuf) - 1) -@@ -1840,6 +1846,33 @@ const char *pretty_print_option (option, - if (numhunk < 0) - numhunk = 1; - -+ } else { /* option->format[i] == 'R') */ -+ /* R (destination descriptor) has variable length. -+ * We can find it only in classless static route option, -+ * so we are for sure parsing classless static route option now. -+ * We go through whole the option to check whether there are no -+ * missing/extra bytes. -+ * I didn't find out how to improve the existing code and that's the -+ * reason for this separate 'else' where I do my own checkings. -+ * I know it's little bit unsystematic, but it works. -+ */ -+ numhunk = 0; -+ numelem = 2; /* RI */ -+ fmtbuf[0]='R'; fmtbuf[1]='I'; fmtbuf[2]=0; -+ for (i =0; i < len; i = i + octets + 5) { -+ if (data[i] > 32) { /* subnet mask width */ -+ log_error ("wrong subnet mask width in destination descriptor"); -+ break; -+ } -+ numhunk++; -+ octets = ((data[i]+7) / 8); -+ } -+ if (i != len) { -+ log_error ("classless static routes option has wrong size or " -+ "there's some garbage in format"); -+ } -+ } -+ - /* Cycle through the array (or hunk) printing the data. */ - for (i = 0; i < numhunk; i++) { - for (j = 0; j < numelem; j++) { -@@ -1978,6 +2011,20 @@ const char *pretty_print_option (option, - strcpy(op, piaddr(iaddr)); - dp += 4; - break; -+ -+ case 'R': -+ if (dp[0] <= 32) -+ iaddr.len = (((dp[0]+7)/8)+1); -+ else { -+ log_error ("wrong subnet mask width in destination descriptor"); -+ return "<error>"; -+ } -+ -+ memcpy(iaddr.iabuf, dp, iaddr.len); -+ strcpy(op, pdestdesc(iaddr)); -+ dp += iaddr.len; -+ break; -+ - case '6': - iaddr.len = 16; - memcpy(iaddr.iabuf, dp, 16); -diff -up dhcp-4.2.2b1/common/parse.c.rfc3442 dhcp-4.2.2b1/common/parse.c ---- dhcp-4.2.2b1/common/parse.c.rfc3442 2011-07-01 14:22:38.097533441 +0200 -+++ dhcp-4.2.2b1/common/parse.c 2011-07-01 14:22:38.135532828 +0200 -@@ -341,6 +341,39 @@ int parse_ip_addr (cfile, addr) - } - - /* -+ * destination-descriptor :== NUMBER DOT NUMBER | -+ * NUMBER DOT NUMBER DOT NUMBER | -+ * NUMBER DOT NUMBER DOT NUMBER DOT NUMBER | -+ * NUMBER DOT NUMBER DOT NUMBER DOT NUMBER DOT NUMBER -+ */ -+ -+int parse_destination_descriptor (cfile, addr) -+ struct parse *cfile; -+ struct iaddr *addr; -+{ -+ unsigned int mask_width, dest_dest_len; -+ addr -> len = 0; -+ if (parse_numeric_aggregate (cfile, addr -> iabuf, -+ &addr -> len, DOT, 10, 8)) { -+ mask_width = (unsigned int)addr->iabuf[0]; -+ dest_dest_len = (((mask_width+7)/8)+1); -+ if (mask_width > 32) { -+ parse_warn (cfile, -+ "subnet mask width (%u) greater than 32.", mask_width); -+ } -+ else if (dest_dest_len != addr->len) { -+ parse_warn (cfile, -+ "destination descriptor with subnet mask width %u " -+ "should have %u octets, but has %u octets.", -+ mask_width, dest_dest_len, addr->len); -+ } -+ -+ return 1; -+ } -+ return 0; -+} -+ -+/* - * Return true if every character in the string is hexadecimal. - */ - static int -@@ -700,8 +733,10 @@ unsigned char *parse_numeric_aggregate ( - if (count) { - token = peek_token (&val, (unsigned *)0, cfile); - if (token != separator) { -- if (!*max) -+ if (!*max) { -+ *max = count; - break; -+ } - if (token != RBRACE && token != LBRACE) - token = next_token (&val, - (unsigned *)0, -@@ -1624,6 +1659,9 @@ int parse_option_code_definition (cfile, - case IP_ADDRESS: - type = 'I'; - break; -+ case DESTINATION_DESCRIPTOR: -+ type = 'R'; -+ break; - case IP6_ADDRESS: - type = '6'; - break; -@@ -5288,6 +5326,15 @@ int parse_option_token (rv, cfile, fmt, - } - break; - -+ case 'R': /* destination descriptor */ -+ if (!parse_destination_descriptor (cfile, &addr)) { -+ return 0; -+ } -+ if (!make_const_data (&t, addr.iabuf, addr.len, 0, 1, MDL)) { -+ return 0; -+ } -+ break; -+ - case '6': /* IPv6 address. */ - if (!parse_ip6_addr(cfile, &addr)) { - return 0; -@@ -5548,6 +5595,13 @@ int parse_option_decl (oc, cfile) - goto exit; - len = ip_addr.len; - dp = ip_addr.iabuf; -+ goto alloc; -+ -+ case 'R': /* destination descriptor */ -+ if (!parse_destination_descriptor (cfile, &ip_addr)) -+ goto exit; -+ len = ip_addr.len; -+ dp = ip_addr.iabuf; - - alloc: - if (hunkix + len > sizeof hunkbuf) { -diff -up dhcp-4.2.2b1/common/tables.c.rfc3442 dhcp-4.2.2b1/common/tables.c ---- dhcp-4.2.2b1/common/tables.c.rfc3442 2011-07-01 14:22:38.087533601 +0200 -+++ dhcp-4.2.2b1/common/tables.c 2011-07-01 14:22:38.137532796 +0200 -@@ -51,6 +51,7 @@ HASH_FUNCTIONS (option_code, const unsig - Format codes: - - I - IPv4 address -+ R - destination descriptor (RFC3442) - 6 - IPv6 address - l - 32-bit signed integer - L - 32-bit unsigned integer -@@ -208,6 +209,7 @@ static struct option dhcp_options[] = { - { "default-url", "t", &dhcp_universe, 114, 1 }, - { "subnet-selection", "I", &dhcp_universe, 118, 1 }, - { "domain-search", "D", &dhcp_universe, 119, 1 }, -+ { "classless-static-routes", "RIA", &dhcp_universe, 121, 1 }, - { "vivco", "Evendor-class.", &dhcp_universe, 124, 1 }, - { "vivso", "Evendor.", &dhcp_universe, 125, 1 }, - #if 0 -diff -up dhcp-4.2.2b1/includes/dhcpd.h.rfc3442 dhcp-4.2.2b1/includes/dhcpd.h ---- dhcp-4.2.2b1/includes/dhcpd.h.rfc3442 2011-07-01 14:22:38.000000000 +0200 -+++ dhcp-4.2.2b1/includes/dhcpd.h 2011-07-01 14:24:19.999810333 +0200 -@@ -2662,6 +2662,7 @@ isc_result_t range2cidr(struct iaddrcidr - const struct iaddr *lo, const struct iaddr *hi); - isc_result_t free_iaddrcidrnetlist(struct iaddrcidrnetlist **result); - const char *piaddr (struct iaddr); -+const char *pdestdesc (struct iaddr); - char *piaddrmask(struct iaddr *, struct iaddr *); - char *piaddrcidr(const struct iaddr *, unsigned int); - u_int16_t validate_port(char *); -@@ -2869,6 +2870,7 @@ void parse_client_lease_declaration (str - int parse_option_decl (struct option_cache **, struct parse *); - void parse_string_list (struct parse *, struct string_list **, int); - int parse_ip_addr (struct parse *, struct iaddr *); -+int parse_destination_descriptor (struct parse *, struct iaddr *); - int parse_ip_addr_with_subnet(struct parse *, struct iaddrmatch *); - void parse_reject_statement (struct parse *, struct client_config *); - -diff -up dhcp-4.2.2b1/includes/dhcp.h.rfc3442 dhcp-4.2.2b1/includes/dhcp.h ---- dhcp-4.2.2b1/includes/dhcp.h.rfc3442 2009-11-20 02:49:01.000000000 +0100 -+++ dhcp-4.2.2b1/includes/dhcp.h 2011-07-01 14:22:38.145532665 +0200 -@@ -158,6 +158,7 @@ struct dhcp_packet { - #define DHO_ASSOCIATED_IP 92 - #define DHO_SUBNET_SELECTION 118 /* RFC3011! */ - #define DHO_DOMAIN_SEARCH 119 /* RFC3397 */ -+#define DHO_CLASSLESS_STATIC_ROUTES 121 /* RFC3442 */ - #define DHO_VIVCO_SUBOPTIONS 124 - #define DHO_VIVSO_SUBOPTIONS 125 - -diff -up dhcp-4.2.2b1/includes/dhctoken.h.rfc3442 dhcp-4.2.2b1/includes/dhctoken.h ---- dhcp-4.2.2b1/includes/dhctoken.h.rfc3442 2011-07-01 14:22:37.000000000 +0200 -+++ dhcp-4.2.2b1/includes/dhctoken.h 2011-07-01 14:25:12.541867623 +0200 -@@ -362,7 +362,8 @@ enum dhcp_token { - REWIND = 663, - INITIAL_DELAY = 664, - GETHOSTBYNAME = 665, -- BOOTP_BROADCAST_ALWAYS = 666 -+ BOOTP_BROADCAST_ALWAYS = 666, -+ DESTINATION_DESCRIPTOR = 667 - }; - - #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/src/patches/dhcp-4.2.2-sharedlib.patch b/src/patches/dhcp-4.2.2-sharedlib.patch deleted file mode 100644 index 74fe9f1..0000000 --- a/src/patches/dhcp-4.2.2-sharedlib.patch +++ /dev/null @@ -1,119 +0,0 @@ -diff -up dhcp-4.2.2/client/Makefile.am.sharedlib dhcp-4.2.2/client/Makefile.am ---- dhcp-4.2.2/client/Makefile.am.sharedlib 2011-09-09 16:35:56.000000000 +0200 -+++ dhcp-4.2.2/client/Makefile.am 2011-09-09 16:36:29.849007951 +0200 -@@ -4,7 +4,7 @@ dhclient_SOURCES = clparse.c dhclient.c - scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ - scripts/netbsd scripts/nextstep scripts/openbsd \ - scripts/solaris scripts/openwrt --dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ - $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) - man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 - EXTRA_DIST = $(man_MANS) -diff -up dhcp-4.2.2/configure.ac.sharedlib dhcp-4.2.2/configure.ac ---- dhcp-4.2.2/configure.ac.sharedlib 2011-09-09 16:35:56.097000001 +0200 -+++ dhcp-4.2.2/configure.ac 2011-09-09 16:35:56.383000000 +0200 -@@ -30,7 +30,8 @@ fi - # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. - AC_USE_SYSTEM_EXTENSIONS - --AC_PROG_RANLIB -+# Use libtool to simplify building of shared libraries -+AC_PROG_LIBTOOL - AC_CONFIG_HEADERS([includes/config.h]) - - # we sometimes need to know byte order for building packets -diff -up dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib dhcp-4.2.2/dhcpctl/Makefile.am ---- dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib 2011-09-09 16:35:55.459000001 +0200 -+++ dhcp-4.2.2/dhcpctl/Makefile.am 2011-09-09 16:35:56.384000000 +0200 -@@ -1,15 +1,15 @@ - bin_PROGRAMS = omshell --lib_LIBRARIES = libdhcpctl.a -+lib_LTLIBRARIES = libdhcpctl.la - noinst_PROGRAMS = cltest - man_MANS = omshell.1 dhcpctl.3 - EXTRA_DIST = $(man_MANS) - - omshell_SOURCES = omshell.c --omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ -+omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ - $(BIND9_LIBDIR) -ldns-export -lisc-export - --libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c -+libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c - - cltest_SOURCES = cltest.c --cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ -+cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ - $(BIND9_LIBDIR) -ldns-export -lisc-export -diff -up dhcp-4.2.2/dst/base64.c.sharedlib dhcp-4.2.2/dst/base64.c ---- dhcp-4.2.2/dst/base64.c.sharedlib 2009-11-20 02:49:01.000000000 +0100 -+++ dhcp-4.2.2/dst/base64.c 2011-09-09 16:35:56.385000000 +0200 -@@ -64,6 +64,7 @@ static const char rcsid[] = "$Id: base64 - - #include <sys/socket.h> - -+#include "dst_internal.h" - #include "cdefs.h" - #include "osdep.h" - #include "arpa/nameser.h" -diff -up dhcp-4.2.2/dst/Makefile.am.sharedlib dhcp-4.2.2/dst/Makefile.am ---- dhcp-4.2.2/dst/Makefile.am.sharedlib 2007-05-29 18:32:10.000000000 +0200 -+++ dhcp-4.2.2/dst/Makefile.am 2011-09-09 16:35:56.386000000 +0200 -@@ -1,8 +1,8 @@ - AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5 - --lib_LIBRARIES = libdst.a -+lib_LTLIBRARIES = libdst.la - --libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \ -+libdst_la_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \ - base64.c prandom.c - - EXTRA_DIST = dst_internal.h md5.h md5_locl.h -diff -up dhcp-4.2.2/omapip/Makefile.am.sharedlib dhcp-4.2.2/omapip/Makefile.am ---- dhcp-4.2.2/omapip/Makefile.am.sharedlib 2011-09-09 16:35:55.000000000 +0200 -+++ dhcp-4.2.2/omapip/Makefile.am 2011-09-09 16:37:36.734000324 +0200 -@@ -1,7 +1,7 @@ --lib_LIBRARIES = libomapi.a -+lib_LTLIBRARIES = libomapi.la - noinst_PROGRAMS = svtest - --libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ -+libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ - errwarn.c listener.c dispatch.c generic.c support.c \ - handle.c message.c convert.c hash.c auth.c inet_addr.c \ - array.c trace.c toisc.c iscprint.c isclib.c -@@ -10,5 +10,5 @@ man_MANS = omapi.3 - EXTRA_DIST = $(man_MANS) - - svtest_SOURCES = test.c --svtest_LDADD = libomapi.a $(BIND9_LIBDIR) -ldns-export -lisc-export -+svtest_LDADD = libomapi.la $(BIND9_LIBDIR) -ldns-export -lisc-export - -diff -up dhcp-4.2.2/relay/Makefile.am.sharedlib dhcp-4.2.2/relay/Makefile.am ---- dhcp-4.2.2/relay/Makefile.am.sharedlib 2011-09-09 16:35:56.000000000 +0200 -+++ dhcp-4.2.2/relay/Makefile.am 2011-09-09 16:37:57.058019749 +0200 -@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst - - sbin_PROGRAMS = dhcrelay - dhcrelay_SOURCES = dhcrelay.c --dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ - $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) - man_MANS = dhcrelay.8 - EXTRA_DIST = $(man_MANS) -diff -up dhcp-4.2.2/server/Makefile.am.sharedlib dhcp-4.2.2/server/Makefile.am ---- dhcp-4.2.2/server/Makefile.am.sharedlib 2011-09-09 16:35:56.000000000 +0200 -+++ dhcp-4.2.2/server/Makefile.am 2011-09-09 16:38:56.291004599 +0200 -@@ -7,8 +7,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c - dhcpv6.c mdb6.c ldap.c ldap_casa.c - - dhcpd_CFLAGS = $(LDAP_CFLAGS) --dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export \ -+dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ -+ ../dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) -ldns-export -lisc-export \ - $(CAPNG_LDADD) - - man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 diff --git a/src/patches/dhcp-4.2.2-xen-checksum.patch b/src/patches/dhcp-4.2.2-xen-checksum.patch deleted file mode 100644 index 038d346..0000000 --- a/src/patches/dhcp-4.2.2-xen-checksum.patch +++ /dev/null @@ -1,249 +0,0 @@ -diff -up dhcp-4.2.2b1/common/bpf.c.xen dhcp-4.2.2b1/common/bpf.c ---- dhcp-4.2.2b1/common/bpf.c.xen 2009-11-20 02:48:59.000000000 +0100 -+++ dhcp-4.2.2b1/common/bpf.c 2011-07-01 14:00:16.936959001 +0200 -@@ -485,7 +485,7 @@ ssize_t receive_packet (interface, buf, - offset = decode_udp_ip_header (interface, - interface -> rbuf, - interface -> rbuf_offset, -- from, hdr.bh_caplen, &paylen); -+ from, hdr.bh_caplen, &paylen, 0); - - /* If the IP or UDP checksum was bad, skip the packet... */ - if (offset < 0) { -diff -up dhcp-4.2.2b1/common/dlpi.c.xen dhcp-4.2.2b1/common/dlpi.c ---- dhcp-4.2.2b1/common/dlpi.c.xen 2011-05-11 16:20:59.000000000 +0200 -+++ dhcp-4.2.2b1/common/dlpi.c 2011-07-01 14:00:16.937958997 +0200 -@@ -693,7 +693,7 @@ ssize_t receive_packet (interface, buf, - length -= offset; - #endif - offset = decode_udp_ip_header (interface, dbuf, bufix, -- from, length, &paylen); -+ from, length, &paylen, 0); - - /* - * If the IP or UDP checksum was bad, skip the packet... -diff -up dhcp-4.2.2b1/common/lpf.c.xen dhcp-4.2.2b1/common/lpf.c ---- dhcp-4.2.2b1/common/lpf.c.xen 2011-05-10 16:38:58.000000000 +0200 -+++ dhcp-4.2.2b1/common/lpf.c 2011-07-01 14:11:24.725748028 +0200 -@@ -29,19 +29,33 @@ - #include "dhcpd.h" - #if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE) - #include <sys/ioctl.h> -+#include <sys/socket.h> - #include <sys/uio.h> - #include <errno.h> - - #include <asm/types.h> - #include <linux/filter.h> - #include <linux/if_ether.h> -+#include <linux/if_packet.h> - #include <netinet/in_systm.h> --#include <net/if_packet.h> - #include "includes/netinet/ip.h" - #include "includes/netinet/udp.h" - #include "includes/netinet/if_ether.h" - #include <net/if.h> - -+#ifndef PACKET_AUXDATA -+#define PACKET_AUXDATA 8 -+ -+struct tpacket_auxdata -+{ -+ __u32 tp_status; -+ __u32 tp_len; -+ __u32 tp_snaplen; -+ __u16 tp_mac; -+ __u16 tp_net; -+}; -+#endif -+ - /* Reinitializes the specified interface after an address change. This - is not required for packet-filter APIs. */ - -@@ -67,10 +81,14 @@ int if_register_lpf (info) - struct interface_info *info; - { - int sock; -- struct sockaddr sa; -+ union { -+ struct sockaddr_ll ll; -+ struct sockaddr common; -+ } sa; -+ struct ifreq ifr; - - /* Make an LPF socket. */ -- if ((sock = socket(PF_PACKET, SOCK_PACKET, -+ if ((sock = socket(PF_PACKET, SOCK_RAW, - htons((short)ETH_P_ALL))) < 0) { - if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || - errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || -@@ -85,11 +103,17 @@ int if_register_lpf (info) - log_fatal ("Open a socket for LPF: %m"); - } - -+ memset (&ifr, 0, sizeof ifr); -+ strncpy (ifr.ifr_name, (const char *)info -> ifp, sizeof ifr.ifr_name); -+ ifr.ifr_name[IFNAMSIZ-1] = '\0'; -+ if (ioctl (sock, SIOCGIFINDEX, &ifr)) -+ log_fatal ("Failed to get interface index: %m"); -+ - /* Bind to the interface name */ - memset (&sa, 0, sizeof sa); -- sa.sa_family = AF_PACKET; -- strncpy (sa.sa_data, (const char *)info -> ifp, sizeof sa.sa_data); -- if (bind (sock, &sa, sizeof sa)) { -+ sa.ll.sll_family = AF_PACKET; -+ sa.ll.sll_ifindex = ifr.ifr_ifindex; -+ if (bind (sock, &sa.common, sizeof sa)) { - if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || - errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || - errno == EAFNOSUPPORT || errno == EINVAL) { -@@ -171,9 +195,18 @@ static void lpf_gen_filter_setup (struct - void if_register_receive (info) - struct interface_info *info; - { -+ int val; -+ - /* Open a LPF device and hang it on this interface... */ - info -> rfdesc = if_register_lpf (info); - -+ val = 1; -+ if (setsockopt (info -> rfdesc, SOL_PACKET, PACKET_AUXDATA, &val, -+ sizeof val) < 0) { -+ if (errno != ENOPROTOOPT) -+ log_fatal ("Failed to set auxiliary packet data: %m"); -+ } -+ - #if defined (HAVE_TR_SUPPORT) - if (info -> hw_address.hbuf [0] == HTYPE_IEEE802) - lpf_tr_filter_setup (info); -@@ -295,7 +328,6 @@ ssize_t send_packet (interface, packet, - double hh [16]; - double ih [1536 / sizeof (double)]; - unsigned char *buf = (unsigned char *)ih; -- struct sockaddr_pkt sa; - int result; - int fudge; - -@@ -316,17 +348,7 @@ ssize_t send_packet (interface, packet, - (unsigned char *)raw, len); - memcpy (buf + ibufp, raw, len); - -- /* For some reason, SOCK_PACKET sockets can't be connected, -- so we have to do a sentdo every time. */ -- memset (&sa, 0, sizeof sa); -- sa.spkt_family = AF_PACKET; -- strncpy ((char *)sa.spkt_device, -- (const char *)interface -> ifp, sizeof sa.spkt_device); -- sa.spkt_protocol = htons(ETH_P_IP); -- -- result = sendto (interface -> wfdesc, -- buf + fudge, ibufp + len - fudge, 0, -- (const struct sockaddr *)&sa, sizeof sa); -+ result = write (interface -> wfdesc, buf + fudge, ibufp + len - fudge); - if (result < 0) - log_error ("send_packet: %m"); - return result; -@@ -343,14 +365,35 @@ ssize_t receive_packet (interface, buf, - { - int length = 0; - int offset = 0; -+ int nocsum = 0; - unsigned char ibuf [1536]; - unsigned bufix = 0; - unsigned paylen; -+ unsigned char cmsgbuf[CMSG_LEN(sizeof(struct tpacket_auxdata))]; -+ struct iovec iov = { -+ .iov_base = ibuf, -+ .iov_len = sizeof ibuf, -+ }; -+ struct msghdr msg = { -+ .msg_iov = &iov, -+ .msg_iovlen = 1, -+ .msg_control = cmsgbuf, -+ .msg_controllen = sizeof(cmsgbuf), -+ }; -+ struct cmsghdr *cmsg; - -- length = read (interface -> rfdesc, ibuf, sizeof ibuf); -+ length = recvmsg (interface -> rfdesc, &msg, 0); - if (length <= 0) - return length; - -+ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { -+ if (cmsg->cmsg_level == SOL_PACKET && -+ cmsg->cmsg_type == PACKET_AUXDATA) { -+ struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg); -+ nocsum = aux->tp_status & TP_STATUS_CSUMNOTREADY; -+ } -+ } -+ - bufix = 0; - /* Decode the physical header... */ - offset = decode_hw_header (interface, ibuf, bufix, hfrom); -@@ -367,7 +410,7 @@ ssize_t receive_packet (interface, buf, - - /* Decode the IP and UDP headers... */ - offset = decode_udp_ip_header (interface, ibuf, bufix, from, -- (unsigned)length, &paylen); -+ (unsigned)length, &paylen, nocsum); - - /* If the IP or UDP checksum was bad, skip the packet... */ - if (offset < 0) -diff -up dhcp-4.2.2b1/common/nit.c.xen dhcp-4.2.2b1/common/nit.c ---- dhcp-4.2.2b1/common/nit.c.xen 2009-11-20 02:49:01.000000000 +0100 -+++ dhcp-4.2.2b1/common/nit.c 2011-07-01 14:00:16.939958989 +0200 -@@ -369,7 +369,7 @@ ssize_t receive_packet (interface, buf, - - /* Decode the IP and UDP headers... */ - offset = decode_udp_ip_header (interface, ibuf, bufix, -- from, length, &paylen); -+ from, length, &paylen, 0); - - /* If the IP or UDP checksum was bad, skip the packet... */ - if (offset < 0) -diff -up dhcp-4.2.2b1/common/packet.c.xen dhcp-4.2.2b1/common/packet.c ---- dhcp-4.2.2b1/common/packet.c.xen 2009-07-23 20:52:20.000000000 +0200 -+++ dhcp-4.2.2b1/common/packet.c 2011-07-01 14:00:16.939958989 +0200 -@@ -211,7 +211,7 @@ ssize_t - decode_udp_ip_header(struct interface_info *interface, - unsigned char *buf, unsigned bufix, - struct sockaddr_in *from, unsigned buflen, -- unsigned *rbuflen) -+ unsigned *rbuflen, int nocsum) - { - unsigned char *data; - struct ip ip; -@@ -322,7 +322,7 @@ decode_udp_ip_header(struct interface_in - 8, IPPROTO_UDP + ulen)))); - - udp_packets_seen++; -- if (usum && usum != sum) { -+ if (!nocsum && usum && usum != sum) { - udp_packets_bad_checksum++; - if (udp_packets_seen > 4 && - (udp_packets_seen / udp_packets_bad_checksum) < 2) { -diff -up dhcp-4.2.2b1/common/upf.c.xen dhcp-4.2.2b1/common/upf.c ---- dhcp-4.2.2b1/common/upf.c.xen 2009-11-20 02:49:01.000000000 +0100 -+++ dhcp-4.2.2b1/common/upf.c 2011-07-01 14:00:16.940958986 +0200 -@@ -320,7 +320,7 @@ ssize_t receive_packet (interface, buf, - - /* Decode the IP and UDP headers... */ - offset = decode_udp_ip_header (interface, ibuf, bufix, -- from, length, &paylen); -+ from, length, &paylen, 0); - - /* If the IP or UDP checksum was bad, skip the packet... */ - if (offset < 0) -diff -up dhcp-4.2.2b1/includes/dhcpd.h.xen dhcp-4.2.2b1/includes/dhcpd.h ---- dhcp-4.2.2b1/includes/dhcpd.h.xen 2011-07-01 14:00:16.000000000 +0200 -+++ dhcp-4.2.2b1/includes/dhcpd.h 2011-07-01 14:12:18.069642470 +0200 -@@ -2796,7 +2796,7 @@ ssize_t decode_hw_header (struct interfa - unsigned, struct hardware *); - ssize_t decode_udp_ip_header (struct interface_info *, unsigned char *, - unsigned, struct sockaddr_in *, -- unsigned, unsigned *); -+ unsigned, unsigned *, int); - - /* ethernet.c */ - void assemble_ethernet_header (struct interface_info *, unsigned char *, diff --git a/src/patches/dhcp/dhcp-64_bit_lease_parse.patch b/src/patches/dhcp/dhcp-64_bit_lease_parse.patch new file mode 100644 index 0000000..a07b5b0 --- /dev/null +++ b/src/patches/dhcp/dhcp-64_bit_lease_parse.patch @@ -0,0 +1,75 @@ +diff -up dhcp-4.3.0a1/common/parse.c.64-bit_lease_parse dhcp-4.3.0a1/common/parse.c +--- dhcp-4.3.0a1/common/parse.c.64-bit_lease_parse 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/common/parse.c 2013-12-19 15:45:25.990771814 +0100 +@@ -938,8 +938,8 @@ TIME + parse_date_core(cfile) + struct parse *cfile; + { +- int guess; +- int tzoff, year, mon, mday, hour, min, sec; ++ TIME guess; ++ long int tzoff, year, mon, mday, hour, min, sec; + const char *val; + enum dhcp_token token; + static int months[11] = { 31, 59, 90, 120, 151, 181, +@@ -965,7 +965,7 @@ parse_date_core(cfile) + } + + skip_token(&val, NULL, cfile); /* consume number */ +- guess = atoi(val); ++ guess = atol(val); + + return((TIME)guess); + } +@@ -993,7 +993,7 @@ parse_date_core(cfile) + somebody invents a time machine, I think we can safely disregard + it. This actually works around a stupid Y2K bug that was present + in a very early beta release of dhcpd. */ +- year = atoi(val); ++ year = atol(val); + if (year > 1900) + year -= 1900; + +@@ -1039,7 +1039,7 @@ parse_date_core(cfile) + return((TIME)0); + } + skip_token(&val, NULL, cfile); /* consume day of month */ +- mday = atoi(val); ++ mday = atol(val); + + /* Hour... */ + token = peek_token(&val, NULL, cfile); +@@ -1050,7 +1050,7 @@ parse_date_core(cfile) + return((TIME)0); + } + skip_token(&val, NULL, cfile); /* consume hour */ +- hour = atoi(val); ++ hour = atol(val); + + /* Colon separating hour from minute... */ + token = peek_token(&val, NULL, cfile); +@@ -1072,7 +1072,7 @@ parse_date_core(cfile) + return((TIME)0); + } + skip_token(&val, NULL, cfile); /* consume minute */ +- min = atoi(val); ++ min = atol(val); + + /* Colon separating minute from second... */ + token = peek_token(&val, NULL, cfile); +@@ -1094,13 +1094,13 @@ parse_date_core(cfile) + return((TIME)0); + } + skip_token(&val, NULL, cfile); /* consume second */ +- sec = atoi(val); ++ sec = atol(val); + + tzoff = 0; + token = peek_token(&val, NULL, cfile); + if (token == NUMBER) { + skip_token(&val, NULL, cfile); /* consume tzoff */ +- tzoff = atoi(val); ++ tzoff = atol(val); + } else if (token != SEMI) { + skip_token(&val, NULL, cfile); + parse_warn(cfile, diff --git a/src/patches/dhcp/dhcp-CLOEXEC.patch b/src/patches/dhcp/dhcp-CLOEXEC.patch new file mode 100644 index 0000000..722865e --- /dev/null +++ b/src/patches/dhcp/dhcp-CLOEXEC.patch @@ -0,0 +1,342 @@ +diff -up dhcp-4.3.0a1/client/clparse.c.cloexec dhcp-4.3.0a1/client/clparse.c +--- dhcp-4.3.0a1/client/clparse.c.cloexec 2013-12-19 15:34:41.638886256 +0100 ++++ dhcp-4.3.0a1/client/clparse.c 2013-12-19 15:34:41.657885985 +0100 +@@ -253,7 +253,7 @@ int read_client_conf_file (const char *n + int token; + isc_result_t status; + +- if ((file = open (name, O_RDONLY)) < 0) ++ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) + return uerr2isc (errno); + + cfile = NULL; +@@ -290,7 +290,7 @@ void read_client_leases () + + /* Open the lease file. If we can't open it, just return - + we can safely trust the server to remember our state. */ +- if ((file = open (path_dhclient_db, O_RDONLY)) < 0) ++ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) + return; + + cfile = NULL; +diff -up dhcp-4.3.0a1/client/dhclient.c.cloexec dhcp-4.3.0a1/client/dhclient.c +--- dhcp-4.3.0a1/client/dhclient.c.cloexec 2013-12-19 15:34:41.629886384 +0100 ++++ dhcp-4.3.0a1/client/dhclient.c 2013-12-19 15:36:41.608180467 +0100 +@@ -148,11 +148,11 @@ main(int argc, char **argv) { + /* Make sure that file descriptors 0 (stdin), 1, (stdout), and + 2 (stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 0) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 1) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 2) + log_perror = 0; /* No sense logging to /dev/null. */ + else if (fd != -1) +@@ -504,7 +504,7 @@ main(int argc, char **argv) { + long temp; + int e; + +- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { ++ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) { + e = fscanf(pidfd, "%ld\n", &temp); + oldpid = (pid_t)temp; + +@@ -554,7 +554,7 @@ main(int argc, char **argv) { + strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx); + sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); + +- if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { ++ if ((pidfd = fopen(new_path_dhclient_pid, "re")) != NULL) { + e = fscanf(pidfd, "%ld\n", &temp); + oldpid = (pid_t)temp; + +@@ -579,7 +579,7 @@ main(int argc, char **argv) { + int dhc_running = 0; + char procfn[256] = ""; + +- if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { ++ if ((pidfp = fopen(path_dhclient_pid, "re")) != NULL) { + if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { + snprintf(procfn,256,"/proc/%u",dhcpid); + dhc_running = (access(procfn, F_OK) == 0); +@@ -3077,7 +3077,7 @@ void rewrite_client_leases () + + if (leaseFile != NULL) + fclose (leaseFile); +- leaseFile = fopen (path_dhclient_db, "w"); ++ leaseFile = fopen (path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error ("can't create %s: %m", path_dhclient_db); + return; +@@ -3261,7 +3261,7 @@ write_duid(struct data_string *duid) + return DHCP_R_INVALIDARG; + + if (leaseFile == NULL) { /* XXX? */ +- leaseFile = fopen(path_dhclient_db, "w"); ++ leaseFile = fopen(path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; +@@ -3441,7 +3441,7 @@ int write_client_lease (client, lease, r + return 1; + + if (leaseFile == NULL) { /* XXX */ +- leaseFile = fopen (path_dhclient_db, "w"); ++ leaseFile = fopen (path_dhclient_db, "we"); + if (leaseFile == NULL) { + log_error ("can't create %s: %m", path_dhclient_db); + return 0; +@@ -3952,9 +3952,9 @@ void go_daemon () + (void) close(2); + + /* Reopen them on /dev/null. */ +- (void) open("/dev/null", O_RDWR); +- (void) open("/dev/null", O_RDWR); +- (void) open("/dev/null", O_RDWR); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); + + write_client_pid_file (); + +@@ -3971,14 +3971,14 @@ void write_client_pid_file () + return; + } + +- pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644); ++ pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); + + if (pfdesc < 0) { + log_error ("Can't create %s: %m", path_dhclient_pid); + return; + } + +- pf = fdopen (pfdesc, "w"); ++ pf = fdopen (pfdesc, "we"); + if (!pf) { + close(pfdesc); + log_error ("Can't fdopen %s: %m", path_dhclient_pid); +diff -up dhcp-4.3.0a1/common/bpf.c.cloexec dhcp-4.3.0a1/common/bpf.c +--- dhcp-4.3.0a1/common/bpf.c.cloexec 2013-12-19 15:34:41.640886227 +0100 ++++ dhcp-4.3.0a1/common/bpf.c 2013-12-19 15:34:41.661885928 +0100 +@@ -95,7 +95,7 @@ int if_register_bpf (info) + for (b = 0; 1; b++) { + /* %Audit% 31 bytes max. %2004.06.17,Safe% */ + sprintf(filename, BPF_FORMAT, b); +- sock = open (filename, O_RDWR, 0); ++ sock = open (filename, O_RDWR | O_CLOEXEC, 0); + if (sock < 0) { + if (errno == EBUSY) { + continue; +diff -up dhcp-4.3.0a1/common/dlpi.c.cloexec dhcp-4.3.0a1/common/dlpi.c +--- dhcp-4.3.0a1/common/dlpi.c.cloexec 2013-12-19 15:34:41.641886213 +0100 ++++ dhcp-4.3.0a1/common/dlpi.c 2013-12-19 15:34:41.662885914 +0100 +@@ -804,7 +804,7 @@ dlpiopen(const char *ifname) { + } + *dp = '\0'; + +- return open (devname, O_RDWR, 0); ++ return open (devname, O_RDWR | O_CLOEXEC, 0); + } + + /* +diff -up dhcp-4.3.0a1/common/nit.c.cloexec dhcp-4.3.0a1/common/nit.c +--- dhcp-4.3.0a1/common/nit.c.cloexec 2013-12-19 15:34:41.642886199 +0100 ++++ dhcp-4.3.0a1/common/nit.c 2013-12-19 15:34:41.662885914 +0100 +@@ -81,7 +81,7 @@ int if_register_nit (info) + struct strioctl sio; + + /* Open a NIT device */ +- sock = open ("/dev/nit", O_RDWR); ++ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); + if (sock < 0) + log_fatal ("Can't open NIT device for %s: %m", info -> name); + +diff -up dhcp-4.3.0a1/common/resolv.c.cloexec dhcp-4.3.0a1/common/resolv.c +--- dhcp-4.3.0a1/common/resolv.c.cloexec 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/common/resolv.c 2013-12-19 15:34:41.663885900 +0100 +@@ -50,7 +50,7 @@ void read_resolv_conf (parse_time) + struct domain_search_list *dp, *dl, *nd; + isc_result_t status; + +- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { ++ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { + log_error ("Can't open %s: %m", path_resolv_conf); + return; + } +diff -up dhcp-4.3.0a1/common/upf.c.cloexec dhcp-4.3.0a1/common/upf.c +--- dhcp-4.3.0a1/common/upf.c.cloexec 2013-12-19 15:34:41.642886199 +0100 ++++ dhcp-4.3.0a1/common/upf.c 2013-12-19 15:34:41.663885900 +0100 +@@ -77,7 +77,7 @@ int if_register_upf (info) + /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ + sprintf(filename, "/dev/pf/pfilt%d", b); + +- sock = open (filename, O_RDWR, 0); ++ sock = open (filename, O_RDWR | O_CLOEXEC, 0); + if (sock < 0) { + if (errno == EBUSY) { + continue; +diff -up dhcp-4.3.0a1/omapip/trace.c.cloexec dhcp-4.3.0a1/omapip/trace.c +--- dhcp-4.3.0a1/omapip/trace.c.cloexec 2013-12-11 01:01:03.000000000 +0100 ++++ dhcp-4.3.0a1/omapip/trace.c 2013-12-19 15:34:41.663885900 +0100 +@@ -142,10 +142,10 @@ isc_result_t trace_begin (const char *fi + return DHCP_R_INVALIDARG; + } + +- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); ++ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); + if (traceoutfile < 0 && errno == EEXIST) { + log_error ("WARNING: Overwriting trace file "%s"", filename); +- traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC, ++ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC, + 0600); + } + +@@ -433,7 +433,7 @@ void trace_file_replay (const char *file + isc_result_t result; + int len; + +- traceinfile = fopen (filename, "r"); ++ traceinfile = fopen (filename, "re"); + if (!traceinfile) { + log_error("Can't open tracefile %s: %m", filename); + return; +diff -up dhcp-4.3.0a1/relay/dhcrelay.c.cloexec dhcp-4.3.0a1/relay/dhcrelay.c +--- dhcp-4.3.0a1/relay/dhcrelay.c.cloexec 2013-12-13 22:26:21.000000000 +0100 ++++ dhcp-4.3.0a1/relay/dhcrelay.c 2013-12-19 15:34:41.664885886 +0100 +@@ -193,11 +193,11 @@ main(int argc, char **argv) { + /* Make sure that file descriptors 0(stdin), 1,(stdout), and + 2(stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 0) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 1) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 2) + log_perror = 0; /* No sense logging to /dev/null. */ + else if (fd != -1) +@@ -564,13 +564,13 @@ main(int argc, char **argv) { + + if (no_pid_file == ISC_FALSE) { + pfdesc = open(path_dhcrelay_pid, +- O_CREAT | O_TRUNC | O_WRONLY, 0644); ++ O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); + + if (pfdesc < 0) { + log_error("Can't create %s: %m", + path_dhcrelay_pid); + } else { +- pf = fdopen(pfdesc, "w"); ++ pf = fdopen(pfdesc, "we"); + if (!pf) + log_error("Can't fdopen %s: %m", + path_dhcrelay_pid); +diff -up dhcp-4.3.0a1/server/confpars.c.cloexec dhcp-4.3.0a1/server/confpars.c +--- dhcp-4.3.0a1/server/confpars.c.cloexec 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/server/confpars.c 2013-12-19 15:34:41.665885871 +0100 +@@ -117,7 +117,7 @@ isc_result_t read_conf_file (const char + } + #endif + +- if ((file = open (filename, O_RDONLY)) < 0) { ++ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { + if (leasep) { + log_error ("Can't open lease database %s: %m --", + path_dhcpd_db); +diff -up dhcp-4.3.0a1/server/db.c.cloexec dhcp-4.3.0a1/server/db.c +--- dhcp-4.3.0a1/server/db.c.cloexec 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/server/db.c 2013-12-19 15:34:41.666885857 +0100 +@@ -1081,7 +1081,7 @@ void db_startup (testp) + } + #endif + if (!testp) { +- db_file = fopen (path_dhcpd_db, "a"); ++ db_file = fopen (path_dhcpd_db, "ae"); + if (!db_file) + log_fatal ("Can't open %s for append.", path_dhcpd_db); + expire_all_pools (); +@@ -1129,12 +1129,12 @@ int new_lease_file () + path_dhcpd_db, (int)t) >= sizeof newfname) + log_fatal("new_lease_file: lease file path too long"); + +- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664); ++ db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0664); + if (db_fd < 0) { + log_error ("Can't create new lease file: %m"); + return 0; + } +- if ((new_db_file = fdopen(db_fd, "w")) == NULL) { ++ if ((new_db_file = fdopen(db_fd, "we")) == NULL) { + log_error("Can't fdopen new lease file: %m"); + close(db_fd); + goto fdfail; +diff -up dhcp-4.3.0a1/server/dhcpd.c.cloexec dhcp-4.3.0a1/server/dhcpd.c +--- dhcp-4.3.0a1/server/dhcpd.c.cloexec 2013-12-13 22:26:01.000000000 +0100 ++++ dhcp-4.3.0a1/server/dhcpd.c 2013-12-19 15:37:17.258674472 +0100 +@@ -193,11 +193,11 @@ main(int argc, char **argv) { + /* Make sure that file descriptors 0 (stdin), 1, (stdout), and + 2 (stderr) are open. To do this, we assume that when we + open a file the lowest available file descriptor is used. */ +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 0) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 1) +- fd = open("/dev/null", O_RDWR); ++ fd = open("/dev/null", O_RDWR | O_CLOEXEC); + if (fd == 2) + log_perror = 0; /* No sense logging to /dev/null. */ + else if (fd != -1) +@@ -716,7 +716,7 @@ main(int argc, char **argv) { + */ + if (no_pid_file == ISC_FALSE) { + /*Read previous pid file. */ +- if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { ++ if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) { + status = read(i, pbuf, (sizeof pbuf) - 1); + close (i); + if (status > 0) { +@@ -735,7 +735,7 @@ main(int argc, char **argv) { + } + + /* Write new pid file. */ +- i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644); ++ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644); + if (i >= 0) { + sprintf(pbuf, "%d\n", (int) getpid()); + IGNORE_RET (write(i, pbuf, strlen(pbuf))); +@@ -763,9 +763,9 @@ main(int argc, char **argv) { + (void) close(2); + + /* Reopen them on /dev/null. */ +- (void) open("/dev/null", O_RDWR); +- (void) open("/dev/null", O_RDWR); +- (void) open("/dev/null", O_RDWR); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); ++ (void) open("/dev/null", O_RDWR | O_CLOEXEC); + log_perror = 0; /* No sense logging to /dev/null. */ + + IGNORE_RET (chdir("/")); +diff -up dhcp-4.3.0a1/server/ldap.c.cloexec dhcp-4.3.0a1/server/ldap.c +--- dhcp-4.3.0a1/server/ldap.c.cloexec 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/server/ldap.c 2013-12-19 15:34:41.667885843 +0100 +@@ -684,7 +684,7 @@ ldap_start (void) + + if (ldap_debug_file != NULL && ldap_debug_fd == -1) + { +- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, ++ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, + S_IRUSR | S_IWUSR)) < 0) + log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, + strerror (errno)); diff --git a/src/patches/dhcp/dhcp-PPP.patch b/src/patches/dhcp/dhcp-PPP.patch new file mode 100644 index 0000000..5d022e4 --- /dev/null +++ b/src/patches/dhcp/dhcp-PPP.patch @@ -0,0 +1,150 @@ +diff -up dhcp-4.3.1b1/client/dhc6.c.mRfpsB dhcp-4.3.1b1/client/dhc6.c +--- dhcp-4.3.1b1/client/dhc6.c.mRfpsB 2014-07-10 17:48:03.779424870 +0200 ++++ dhcp-4.3.1b1/client/dhc6.c 2014-07-10 17:48:03.795424644 +0200 +@@ -5088,7 +5088,8 @@ make_client6_options(struct client_state + */ + if ((oc = lookup_option(&dhcpv6_universe, *op, + D6O_CLIENTID)) == NULL) { +- if (!option_cache(&oc, &default_duid, NULL, clientid_option, ++ if (default_duid.len == 0 || ++ !option_cache(&oc, &default_duid, NULL, clientid_option, + MDL)) + log_fatal("Failure assembling a DUID."); + +diff -up dhcp-4.3.1b1/client/dhclient.c.mRfpsB dhcp-4.3.1b1/client/dhclient.c +--- dhcp-4.3.1b1/client/dhclient.c.mRfpsB 2014-07-10 17:39:25.853763858 +0200 ++++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:49:49.882925843 +0200 +@@ -948,8 +948,8 @@ main(int argc, char **argv) { + if (default_duid.buffer != NULL) + data_string_forget(&default_duid, MDL); + +- form_duid(&default_duid, MDL); +- write_duid(&default_duid); ++ if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS) ++ write_duid(&default_duid); + } + } + +@@ -3267,7 +3267,7 @@ write_options(struct client_state *clien + * is not how it is intended. Upcoming rearchitecting the client should + * address this "one daemon model." + */ +-void ++isc_result_t + form_duid(struct data_string *duid, const char *file, int line) + { + struct interface_info *ip; +@@ -3280,6 +3280,15 @@ form_duid(struct data_string *duid, cons + if (ip == NULL) + log_fatal("Impossible condition at %s:%d.", MDL); + ++ while (ip && ip->hw_address.hbuf[0] == HTYPE_RESERVED) { ++ /* Try the other interfaces */ ++ log_debug("Cannot form default DUID from interface %s.", ip->name); ++ ip = ip->next; ++ } ++ if (ip == NULL) { ++ return ISC_R_UNEXPECTED; ++ } ++ + if ((ip->hw_address.hlen == 0) || + (ip->hw_address.hlen > sizeof(ip->hw_address.hbuf))) + log_fatal("Impossible hardware address length at %s:%d.", MDL); +@@ -3323,6 +3332,8 @@ form_duid(struct data_string *duid, cons + log_info("Created duid %s.", str); + dfree(str, MDL); + } ++ ++ return ISC_R_SUCCESS; + } + + /* Write the default DUID to the lease store. */ +diff -up dhcp-4.3.1b1/common/bpf.c.mRfpsB dhcp-4.3.1b1/common/bpf.c +--- dhcp-4.3.1b1/common/bpf.c.mRfpsB 2014-07-10 17:39:25.797764653 +0200 ++++ dhcp-4.3.1b1/common/bpf.c 2014-07-10 17:48:03.797424616 +0200 +@@ -600,6 +600,22 @@ get_hw_addr(const char *name, struct har + memcpy(&hw->hbuf[1], LLADDR(sa), sa->sdl_alen); + break; + #endif /* IFT_FDDI */ ++#if defined(IFT_PPP) ++ case IFT_PPP: ++ if (local_family != AF_INET6) ++ log_fatal("Unsupported device type %d for "%s"", ++ sa->sdl_type, name); ++ hw->hlen = 0; ++ hw->hbuf[0] = HTYPE_RESERVED; ++ /* 0xdeadbeef should never occur on the wire, ++ * and is a signature that something went wrong. ++ */ ++ hw->hbuf[1] = 0xde; ++ hw->hbuf[2] = 0xad; ++ hw->hbuf[3] = 0xbe; ++ hw->hbuf[4] = 0xef; ++ break; ++#endif + default: + log_fatal("Unsupported device type %d for "%s"", + sa->sdl_type, name); +diff -up dhcp-4.3.1b1/common/lpf.c.mRfpsB dhcp-4.3.1b1/common/lpf.c +--- dhcp-4.3.1b1/common/lpf.c.mRfpsB 2014-07-10 17:39:25.744765404 +0200 ++++ dhcp-4.3.1b1/common/lpf.c 2014-07-10 17:48:03.797424616 +0200 +@@ -511,6 +511,22 @@ get_hw_addr(const char *name, struct har + hw->hbuf[0] = HTYPE_FDDI; + memcpy(&hw->hbuf[1], sa->sa_data, 6); + break; ++#if defined(ARPHRD_PPP) ++ case ARPHRD_PPP: ++ if (local_family != AF_INET6) ++ log_fatal("Unsupported device type %d for "%s"", ++ sa->sa_family, name); ++ hw->hlen = 0; ++ hw->hbuf[0] = HTYPE_RESERVED; ++ /* 0xdeadbeef should never occur on the wire, ++ * and is a signature that something went wrong. ++ */ ++ hw->hbuf[1] = 0xde; ++ hw->hbuf[2] = 0xad; ++ hw->hbuf[3] = 0xbe; ++ hw->hbuf[4] = 0xef; ++ break; ++#endif + default: + log_fatal("Unsupported device type %ld for "%s"", + (long int)sa->sa_family, name); +diff -up dhcp-4.3.1b1/includes/dhcpd.h.mRfpsB dhcp-4.3.1b1/includes/dhcpd.h +--- dhcp-4.3.1b1/includes/dhcpd.h.mRfpsB 2014-07-10 17:48:03.761425124 +0200 ++++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:48:03.798424601 +0200 +@@ -2839,7 +2839,7 @@ void client_dns_remove(struct client_sta + + void dhcpv4_client_assignments(void); + void dhcpv6_client_assignments(void); +-void form_duid(struct data_string *duid, const char *file, int line); ++isc_result_t form_duid(struct data_string *duid, const char *file, int line); + + /* dhc6.c */ + void dhc6_lease_destroy(struct dhc6_lease **src, const char *file, int line); +diff -up dhcp-4.3.1b1/includes/dhcp.h.mRfpsB dhcp-4.3.1b1/includes/dhcp.h +--- dhcp-4.3.1b1/includes/dhcp.h.mRfpsB 2014-07-10 17:48:03.761425124 +0200 ++++ dhcp-4.3.1b1/includes/dhcp.h 2014-07-10 17:48:03.798424601 +0200 +@@ -81,6 +81,8 @@ struct dhcp_packet { + * is no standard for this so we + * just steal a type */ + ++#define HTYPE_RESERVED 0 /* RFC 5494 */ ++ + /* Magic cookie validating dhcp options field (and bootp vendor + extensions field). */ + #define DHCP_OPTIONS_COOKIE "\143\202\123\143" +diff -up dhcp-4.3.1b1/server/dhcpv6.c.mRfpsB dhcp-4.3.1b1/server/dhcpv6.c +--- dhcp-4.3.1b1/server/dhcpv6.c.mRfpsB 2014-07-10 17:47:31.464881409 +0200 ++++ dhcp-4.3.1b1/server/dhcpv6.c 2014-07-10 17:48:03.800424573 +0200 +@@ -330,6 +330,9 @@ generate_new_server_duid(void) { + if (p->hw_address.hlen > 0) { + break; + } ++ if (p->next == NULL && p->hw_address.hbuf[0] == HTYPE_RESERVED) { ++ log_error("Can not generate DUID from interfaces which do not have hardware addresses, please configure server-duid!"); ++ } + } + if (p == NULL) { + return ISC_R_UNEXPECTED; diff --git a/src/patches/dhcp/dhcp-UseMulticast.patch b/src/patches/dhcp/dhcp-UseMulticast.patch new file mode 100644 index 0000000..ee0ea6b --- /dev/null +++ b/src/patches/dhcp/dhcp-UseMulticast.patch @@ -0,0 +1,241 @@ +diff -up dhcp-4.3.1b1/server/dhcpv6.c.UseMulticast dhcp-4.3.1b1/server/dhcpv6.c +--- dhcp-4.3.1b1/server/dhcpv6.c.UseMulticast 2014-07-02 19:58:40.000000000 +0200 ++++ dhcp-4.3.1b1/server/dhcpv6.c 2014-07-10 18:20:03.066256219 +0200 +@@ -376,6 +376,48 @@ generate_new_server_duid(void) { + } + + /* ++ * Is the D6O_UNICAST option defined in dhcpd.conf ? ++ */ ++static isc_boolean_t unicast_option_defined; ++ ++/* ++ * Did we already search dhcpd.conf for D6O_UNICAST option ? ++ * We need to store it here to not parse dhcpd.conf repeatedly. ++ */ ++static isc_boolean_t unicast_option_parsed = ISC_FALSE; ++ ++ ++/* ++ * Is the D6O_UNICAST option defined in dhcpd.conf ? ++ */ ++isc_boolean_t ++is_unicast_option_defined(void) { ++ struct option_state *opt_state; ++ struct option_cache *oc; ++ ++ /* ++ * If we are looking for the unicast option for the first time ++ */ ++ if (unicast_option_parsed == ISC_FALSE) { ++ unicast_option_parsed = ISC_TRUE; ++ opt_state = NULL; ++ if (!option_state_allocate(&opt_state, MDL)) { ++ log_fatal("No memory for option state."); ++ } ++ ++ execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, ++ opt_state, &global_scope, root_group, NULL, NULL); ++ ++ oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST); ++ unicast_option_defined = (oc != NULL); ++ ++ option_state_dereference(&opt_state, MDL); ++ } ++ ++ return (unicast_option_defined); ++} ++ ++/* + * Get the client identifier from the packet. + */ + isc_result_t +@@ -706,6 +748,12 @@ static const int required_opts[] = { + D6O_PREFERENCE, + 0 + }; ++static const int required_opts_NAA[] = { ++ D6O_CLIENTID, ++ D6O_SERVERID, ++ D6O_STATUS_CODE, ++ 0 ++}; + static const int required_opts_solicit[] = { + D6O_CLIENTID, + D6O_SERVERID, +@@ -1587,6 +1635,56 @@ lease_to_client(struct data_string *repl + reply.shared->group, NULL); + } + ++ /* reject unicast message, unless we set unicast option */ ++ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) ++ /* ++ * RFC3315 section 18.2.1 (Request): ++ * ++ * When the server receives a Request message via unicast from a client ++ * to which the server has not sent a unicast option, the server ++ * discards the Request message and responds with a Reply message ++ * containing a Status Code option with the value UseMulticast, a Server ++ * Identifier option containing the server's DUID, the Client Identifier ++ * option from the client message, and no other options. ++ * ++ * Section 18.2.3 (Renew): ++ * ++ * When the server receives a Renew message via unicast from a client to ++ * which the server has not sent a unicast option, the server discards ++ * the Renew message and responds with a Reply message containing a ++ * Status Code option with the value UseMulticast, a Server Identifier ++ * option containing the server's DUID, the Client Identifier option ++ * from the client message, and no other options. ++ */ ++ { ++ /* Set the UseMulticast status code. */ ++ if (!set_status_code(STATUS_UseMulticast, ++ "Unicast not allowed by server.", ++ reply.opt_state)) { ++ log_error("lease_to_client: Unable to set " ++ "UseMulticast status code."); ++ goto exit; ++ } ++ ++ /* Rewind the cursor to the start. */ ++ reply.cursor = REPLY_OPTIONS_INDEX; ++ ++ /* ++ * Produce an reply that includes only: ++ * ++ * Status code. ++ * Server DUID. ++ * Client DUID. ++ */ ++ reply.cursor += store_options6((char *)reply.buf.data + ++ reply.cursor, ++ sizeof(reply.buf) - ++ reply.cursor, ++ reply.opt_state, reply.packet, ++ required_opts_NAA, ++ NULL); ++ } ++ + /* + * RFC3315 section 17.2.2 (Solicit): + * +@@ -1619,6 +1717,7 @@ lease_to_client(struct data_string *repl + * Having stored the client's IA's, store any options that + * will fit in the remaining space. + */ ++ else + reply.cursor += store_options6((char *)reply.buf.data + reply.cursor, + sizeof(reply.buf) - reply.cursor, + reply.opt_state, reply.packet, +@@ -4748,7 +4847,6 @@ dhcpv6_solicit(struct data_string *reply + * Very similar to Solicit handling, except the server DUID is required. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + static void + dhcpv6_request(struct data_string *reply_ret, struct packet *packet) { + struct data_string client_id; +@@ -5078,7 +5176,6 @@ exit: + * except for the error code of when addresses don't match. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + static void + dhcpv6_renew(struct data_string *reply, struct packet *packet) { + struct data_string client_id; +@@ -5322,18 +5419,60 @@ iterate_over_ia_na(struct data_string *r + goto exit; + } + +- snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); +- if (!set_status_code(STATUS_Success, status_msg, opt_state)) { +- goto exit; +- } ++ /* reject unicast message, unless we set unicast option */ ++ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) { ++ /* ++ * RFC3315 section 18.2.6 (Release): ++ * ++ * When the server receives a Release message via unicast from a client ++ * to which the server has not sent a unicast option, the server ++ * discards the Release message and responds with a Reply message ++ * containing a Status Code option with value UseMulticast, a Server ++ * Identifier option containing the server's DUID, the Client Identifier ++ * option from the client message, and no other options. ++ * ++ * Section 18.2.7 (Decline): ++ * ++ * When the server receives a Decline message via unicast from a client ++ * to which the server has not sent a unicast option, the server ++ * discards the Decline message and responds with a Reply message ++ * containing a Status Code option with the value UseMulticast, a Server ++ * Identifier option containing the server's DUID, the Client Identifier ++ * option from the client message, and no other options. ++ */ ++ snprintf(status_msg, sizeof(status_msg), ++ "%s received unicast.", packet_type); ++ if (!set_status_code(STATUS_UseMulticast, status_msg, opt_state)) { ++ goto exit; ++ } + +- /* +- * Add our options that are not associated with any IA_NA or IA_TA. +- */ +- reply_ofs += store_options6(reply_data+reply_ofs, +- sizeof(reply_data)-reply_ofs, ++ /* ++ * Produce an reply that includes only: ++ * ++ * Status code. ++ * Server DUID. ++ * Client DUID. ++ */ ++ reply_ofs += store_options6(reply_data+reply_ofs, ++ sizeof(reply_data)-reply_ofs, + opt_state, packet, +- required_opts, NULL); ++ required_opts_NAA, NULL); ++ ++ goto return_reply; ++ } else { ++ snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); ++ if (!set_status_code(STATUS_Success, status_msg, opt_state)) { ++ goto exit; ++ } ++ ++ /* ++ * Add our options that are not associated with any IA_NA or IA_TA. ++ */ ++ reply_ofs += store_options6(reply_data+reply_ofs, ++ sizeof(reply_data)-reply_ofs, ++ opt_state, packet, ++ required_opts, NULL); ++ } + + /* + * Loop through the IA_NA reported by the client, and deal with +@@ -5471,6 +5610,7 @@ iterate_over_ia_na(struct data_string *r + /* + * Return our reply to the caller. + */ ++return_reply: + reply_ret->len = reply_ofs; + reply_ret->buffer = NULL; + if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) { +@@ -5516,7 +5656,6 @@ exit: + * we still need to be aware of this possibility. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + /* TODO: IA_TA */ + static void + dhcpv6_decline(struct data_string *reply, struct packet *packet) { +@@ -5986,7 +6125,6 @@ exit: + * Release means a client is done with the leases. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + static void + dhcpv6_release(struct data_string *reply, struct packet *packet) { + struct data_string client_id; diff --git a/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch b/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch new file mode 100644 index 0000000..103824c --- /dev/null +++ b/src/patches/dhcp/dhcp-add_timeout_when_NULL.patch @@ -0,0 +1,14 @@ +diff -up dhcp-4.3.0a1/common/dispatch.c.dracut dhcp-4.3.0a1/common/dispatch.c +--- dhcp-4.3.0a1/common/dispatch.c.dracut 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/common/dispatch.c 2013-12-19 15:39:50.350505860 +0100 +@@ -210,6 +210,10 @@ void add_timeout (when, where, what, ref + isc_interval_t interval; + isc_time_t expires; + ++ if (when == NULL) { ++ return; ++ } ++ + /* See if this timeout supersedes an existing timeout. */ + t = (struct timeout *)0; + for (q = timeouts; q; q = q->next) { diff --git a/src/patches/dhcp/dhcp-capability.patch b/src/patches/dhcp/dhcp-capability.patch new file mode 100644 index 0000000..91a1bae --- /dev/null +++ b/src/patches/dhcp/dhcp-capability.patch @@ -0,0 +1,250 @@ +diff -up dhcp-4.3.1b1/client/dhclient.8.zzftXp dhcp-4.3.1b1/client/dhclient.8 +--- dhcp-4.3.1b1/client/dhclient.8.zzftXp 2014-07-10 17:38:26.938599402 +0200 ++++ dhcp-4.3.1b1/client/dhclient.8 2014-07-10 17:39:25.852763873 +0200 +@@ -128,6 +128,9 @@ dhclient - Dynamic Host Configuration Pr + .B -w + ] + [ ++.B -nc ++] ++[ + .B -B + ] + [ +@@ -304,6 +307,32 @@ has been added or removed, so that the c + address on that interface. + + .TP ++.BI -nc ++Do not drop capabilities. ++ ++Normally, if ++.B dhclient ++was compiled with libcap-ng support, ++.B dhclient ++drops most capabilities immediately upon startup. While more secure, ++this greatly restricts the additional actions that hooks in ++.B dhclient-script (8) ++can take. (For example, any daemons that ++.B dhclient-script (8) ++starts or restarts will inherit the restricted capabilities as well, ++which may interfere with their correct operation.) Thus, the ++.BI -nc ++option can be used to prevent ++.B dhclient ++from dropping capabilities. ++ ++The ++.BI -nc ++option is ignored if ++.B dhclient ++was not compiled with libcap-ng support. ++ ++.TP + .BI -B + Set the BOOTP broadcast flag in request packets so servers will always + broadcast replies. +diff -up dhcp-4.3.1b1/client/dhclient.c.zzftXp dhcp-4.3.1b1/client/dhclient.c +--- dhcp-4.3.1b1/client/dhclient.c.zzftXp 2014-07-10 17:39:25.797764653 +0200 ++++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:39:25.853763858 +0200 +@@ -39,6 +39,10 @@ + #include <limits.h> + #include <dns/result.h> + ++#ifdef HAVE_LIBCAP_NG ++#include <cap-ng.h> ++#endif ++ + /* + * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define + * that when building ISC code. +@@ -143,6 +147,9 @@ main(int argc, char **argv) { + int timeout_arg = 0; + char *arg_conf = NULL; + int arg_conf_len = 0; ++#ifdef HAVE_LIBCAP_NG ++ int keep_capabilities = 0; ++#endif + + /* Initialize client globals. */ + memset(&default_duid, 0, sizeof(default_duid)); +@@ -425,6 +432,10 @@ main(int argc, char **argv) { + } + + dhclient_request_options = argv[i]; ++ } else if (!strcmp(argv[i], "-nc")) { ++#ifdef HAVE_LIBCAP_NG ++ keep_capabilities = 1; ++#endif + } else if (argv[i][0] == '-') { + usage(); + } else if (interfaces_requested < 0) { +@@ -473,6 +484,19 @@ main(int argc, char **argv) { + path_dhclient_script = s; + } + ++#ifdef HAVE_LIBCAP_NG ++ /* Drop capabilities */ ++ if (!keep_capabilities) { ++ capng_clear(CAPNG_SELECT_CAPS); ++ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, ++ CAP_DAC_OVERRIDE); // Drop this someday ++ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, ++ CAP_NET_ADMIN, CAP_NET_RAW, ++ CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1); ++ capng_apply(CAPNG_SELECT_CAPS); ++ } ++#endif ++ + /* Set up the initial dhcp option universe. */ + initialize_common_option_spaces(); + +diff -up dhcp-4.3.1b1/client/dhclient-script.8.zzftXp dhcp-4.3.1b1/client/dhclient-script.8 +--- dhcp-4.3.1b1/client/dhclient-script.8.zzftXp 2014-07-10 17:39:25.761765163 +0200 ++++ dhcp-4.3.1b1/client/dhclient-script.8 2014-07-10 17:39:25.851763887 +0200 +@@ -243,6 +243,16 @@ repeatedly initialized to the values pro + the other. Assuming the information provided by both servers is + valid, this shouldn't cause any real problems, but it could be + confusing. ++.PP ++Normally, if dhclient was compiled with libcap-ng support, ++dhclient drops most capabilities immediately upon startup. ++While more secure, this greatly restricts the additional actions that ++hooks in dhclient-script can take. For example, any daemons that ++dhclient-script starts or restarts will inherit the restricted ++capabilities as well, which may interfere with their correct operation. ++Thus, the ++.BI -nc ++option can be used to prevent dhclient from dropping capabilities. + .SH SEE ALSO + dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and + dhclient.leases(5). +diff -up dhcp-4.3.1b1/client/Makefile.am.zzftXp dhcp-4.3.1b1/client/Makefile.am +--- dhcp-4.3.1b1/client/Makefile.am.zzftXp 2014-07-10 17:38:10.778828583 +0200 ++++ dhcp-4.3.1b1/client/Makefile.am 2014-07-10 17:39:25.851763887 +0200 +@@ -10,7 +10,7 @@ dhclient_SOURCES = clparse.c dhclient.c + scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ + scripts/netbsd scripts/nextstep scripts/openbsd \ + scripts/solaris scripts/openwrt +-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ ++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \ + $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 + EXTRA_DIST = $(man_MANS) +diff -up dhcp-4.3.1b1/configure.ac.zzftXp dhcp-4.3.1b1/configure.ac +--- dhcp-4.3.1b1/configure.ac.zzftXp 2014-07-10 17:38:10.779828569 +0200 ++++ dhcp-4.3.1b1/configure.ac 2014-07-10 17:39:25.854763844 +0200 +@@ -499,6 +499,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], + # Look for optional headers. + AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) + ++# look for capabilities library ++AC_ARG_WITH(libcap-ng, ++ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],, ++ with_libcap_ng=auto) ++ ++# Check for Libcap-ng API ++# ++# libcap-ng detection ++if test x$with_libcap_ng = xno ; then ++ have_libcap_ng=no; ++else ++ # Start by checking for header file ++ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no) ++ ++ # See if we have libcap-ng library ++ AC_CHECK_LIB(cap-ng, capng_clear, ++ CAPNG_LDADD=-lcap-ng,) ++ ++ # Check results are usable ++ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then ++ AC_MSG_ERROR(libcap-ng support was requested and the library was not found) ++ fi ++ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then ++ AC_MSG_ERROR(libcap-ng libraries found but headers are missing) ++ fi ++fi ++AC_SUBST(CAPNG_LDADD) ++AC_MSG_CHECKING(whether to use libcap-ng) ++if test x$CAPNG_LDADD != x ; then ++ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support]) ++ AC_MSG_RESULT(yes) ++else ++ AC_MSG_RESULT(no) ++fi ++ + # Solaris needs some libraries for functions + AC_SEARCH_LIBS(socket, [socket]) + AC_SEARCH_LIBS(inet_ntoa, [nsl]) +diff -up dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp dhcp-4.3.1b1/relay/dhcrelay.c +--- dhcp-4.3.1b1/relay/dhcrelay.c.zzftXp 2014-07-10 17:39:25.799764624 +0200 ++++ dhcp-4.3.1b1/relay/dhcrelay.c 2014-07-10 17:40:19.191007421 +0200 +@@ -31,6 +31,11 @@ + #include <signal.h> + #include <sys/time.h> + ++#ifdef HAVE_LIBCAP_NG ++# include <cap-ng.h> ++ int keep_capabilities = 0; ++#endif ++ + TIME default_lease_time = 43200; /* 12 hours... */ + TIME max_lease_time = 86400; /* 24 hours... */ + struct tree_cache *global_options[256]; +@@ -376,6 +381,10 @@ main(int argc, char **argv) { + usage(); + dhcrelay_sub_id = argv[i]; + #endif ++ } else if (!strcmp(argv[i], "-nc")) { ++#ifdef HAVE_LIBCAP_NG ++ keep_capabilities = 1; ++#endif + } else if (!strcmp(argv[i], "-pf")) { + if (++i == argc) + usage(); +@@ -446,6 +455,17 @@ main(int argc, char **argv) { + #endif + } + ++#ifdef HAVE_LIBCAP_NG ++ /* Drop capabilities */ ++ if (!keep_capabilities) { ++ capng_clear(CAPNG_SELECT_BOTH); ++ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, ++ CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1); ++ capng_apply(CAPNG_SELECT_BOTH); ++ log_info ("Dropped all unnecessary capabilities."); ++ } ++#endif ++ + if (!quiet) { + log_info("%s %s", message, PACKAGE_VERSION); + log_info(copyright); +@@ -598,6 +618,15 @@ main(int argc, char **argv) { + signal(SIGTERM, dhcp_signal_handler); /* kill */ + #endif + ++#ifdef HAVE_LIBCAP_NG ++ /* Drop all capabilities */ ++ if (!keep_capabilities) { ++ capng_clear(CAPNG_SELECT_BOTH); ++ capng_apply(CAPNG_SELECT_BOTH); ++ log_info ("Dropped all capabilities."); ++ } ++#endif ++ + /* Start dispatching packets and timeouts... */ + dispatch(); + +diff -up dhcp-4.3.1b1/relay/Makefile.am.zzftXp dhcp-4.3.1b1/relay/Makefile.am +--- dhcp-4.3.1b1/relay/Makefile.am.zzftXp 2014-07-10 17:38:10.780828554 +0200 ++++ dhcp-4.3.1b1/relay/Makefile.am 2014-07-10 17:39:25.854763844 +0200 +@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst + + sbin_PROGRAMS = dhcrelay + dhcrelay_SOURCES = dhcrelay.c +-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ ++dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \ + $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + man_MANS = dhcrelay.8 + EXTRA_DIST = $(man_MANS) diff --git a/src/patches/dhcp/dhcp-default-requested-options.patch b/src/patches/dhcp/dhcp-default-requested-options.patch new file mode 100644 index 0000000..afda222 --- /dev/null +++ b/src/patches/dhcp/dhcp-default-requested-options.patch @@ -0,0 +1,44 @@ +diff -up dhcp-4.3.0a1/client/clparse.c.requested dhcp-4.3.0a1/client/clparse.c +--- dhcp-4.3.0a1/client/clparse.c.requested 2013-12-19 15:13:27.276631307 +0100 ++++ dhcp-4.3.0a1/client/clparse.c 2013-12-19 15:13:27.313630789 +0100 +@@ -37,7 +37,7 @@ + + struct client_config top_level_config; + +-#define NUM_DEFAULT_REQUESTED_OPTS 9 ++#define NUM_DEFAULT_REQUESTED_OPTS 14 + struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1]; + + static void parse_client_default_duid(struct parse *cfile); +@@ -119,6 +119,31 @@ isc_result_t read_client_conf () + option_code_hash_lookup(&default_requested_options[8], + dhcpv6_universe.code_hash, &code, 0, MDL); + ++ /* 10 */ ++ code = DHO_NIS_DOMAIN; ++ option_code_hash_lookup(&default_requested_options[9], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ ++ /* 11 */ ++ code = DHO_NIS_SERVERS; ++ option_code_hash_lookup(&default_requested_options[10], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ ++ /* 12 */ ++ code = DHO_NTP_SERVERS; ++ option_code_hash_lookup(&default_requested_options[11], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ ++ /* 13 */ ++ code = DHO_INTERFACE_MTU; ++ option_code_hash_lookup(&default_requested_options[12], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ ++ /* 14 */ ++ code = DHO_DOMAIN_SEARCH; ++ option_code_hash_lookup(&default_requested_options[13], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ + for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { + if (default_requested_options[code] == NULL) + log_fatal("Unable to find option definition for " diff --git a/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch b/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch new file mode 100644 index 0000000..3e52e64 --- /dev/null +++ b/src/patches/dhcp/dhcp-dhclient-decline-backoff.patch @@ -0,0 +1,63 @@ +diff -up dhcp-4.3.1b1/client/dhclient.c.JwFUZj dhcp-4.3.1b1/client/dhclient.c +--- dhcp-4.3.1b1/client/dhclient.c.JwFUZj 2014-07-10 17:38:50.511265091 +0200 ++++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:39:16.164901267 +0200 +@@ -1281,6 +1281,8 @@ void state_init (cpp) + void *cpp; + { + struct client_state *client = cpp; ++ enum dhcp_state init_state = client->state; ++ struct timeval tv; + + ASSERT_STATE(state, S_INIT); + +@@ -1293,9 +1295,18 @@ void state_init (cpp) + client -> first_sending = cur_time; + client -> interval = client -> config -> initial_interval; + +- /* Add an immediate timeout to cause the first DHCPDISCOVER packet +- to go out. */ +- send_discover (client); ++ if (init_state != S_DECLINED) { ++ /* Add an immediate timeout to cause the first DHCPDISCOVER packet ++ to go out. */ ++ send_discover(client); ++ } else { ++ /* We've received an OFFER and it has been DECLINEd by dhclient-script. ++ * wait for a random time between 1 and backoff_cutoff seconds before ++ * trying again. */ ++ tv . tv_sec = cur_time + ((1 + (random() >> 2)) % client->config->backoff_cutoff); ++ tv . tv_usec = 0; ++ add_timeout(&tv, send_discover, client, 0, 0); ++ } + } + + /* +@@ -1592,6 +1603,7 @@ void bind_lease (client) + "try (declined). Exiting."); + exit(2); + } else { ++ client -> state = S_DECLINED; + state_init(client); + return; + } +@@ -4059,6 +4071,7 @@ void client_location_changed () + case S_INIT: + case S_REBINDING: + case S_STOPPED: ++ case S_DECLINED: + break; + } + client -> state = S_INIT; +diff -up dhcp-4.3.1b1/includes/dhcpd.h.JwFUZj dhcp-4.3.1b1/includes/dhcpd.h +--- dhcp-4.3.1b1/includes/dhcpd.h.JwFUZj 2014-07-10 17:38:26.941599360 +0200 ++++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:38:50.526264878 +0200 +@@ -1087,7 +1087,8 @@ enum dhcp_state { + S_BOUND = 5, + S_RENEWING = 6, + S_REBINDING = 7, +- S_STOPPED = 8 ++ S_STOPPED = 8, ++ S_DECLINED = 9 + }; + + /* Authentication and BOOTP policy possibilities (not all values work diff --git a/src/patches/dhcp/dhcp-dhclient-options.patch b/src/patches/dhcp/dhcp-dhclient-options.patch new file mode 100644 index 0000000..67f144e --- /dev/null +++ b/src/patches/dhcp/dhcp-dhclient-options.patch @@ -0,0 +1,509 @@ +diff -up dhcp-4.3.1b1/client/clparse.c.fLPqYB dhcp-4.3.1b1/client/clparse.c +--- dhcp-4.3.1b1/client/clparse.c.fLPqYB 2014-07-02 19:58:38.000000000 +0200 ++++ dhcp-4.3.1b1/client/clparse.c 2014-07-10 17:38:26.938599402 +0200 +@@ -148,6 +148,7 @@ isc_result_t read_client_conf () + /* Requested lease time, used by DHCPv6 (DHCPv4 uses the option cache) + */ + top_level_config.requested_lease = 7200; ++ top_level_config.bootp_broadcast_always = 0; + + group_allocate (&top_level_config.on_receipt, MDL); + if (!top_level_config.on_receipt) +@@ -353,7 +354,8 @@ void read_client_leases () + interface-declaration | + LEASE client-lease-statement | + ALIAS client-lease-statement | +- KEY key-definition */ ++ KEY key-definition | ++ BOOTP_BROADCAST_ALWAYS */ + + void parse_client_statement (cfile, ip, config) + struct parse *cfile; +@@ -771,6 +773,12 @@ void parse_client_statement (cfile, ip, + parse_reject_statement (cfile, config); + return; + ++ case BOOTP_BROADCAST_ALWAYS: ++ token = next_token(&val, (unsigned*)0, cfile); ++ config -> bootp_broadcast_always = 1; ++ parse_semi (cfile); ++ return; ++ + default: + lose = 0; + stmt = (struct executable_statement *)0; +diff -up dhcp-4.3.1b1/client/dhclient.8.fLPqYB dhcp-4.3.1b1/client/dhclient.8 +--- dhcp-4.3.1b1/client/dhclient.8.fLPqYB 2014-07-02 19:58:38.000000000 +0200 ++++ dhcp-4.3.1b1/client/dhclient.8 2014-07-10 17:38:26.938599402 +0200 +@@ -128,6 +128,33 @@ dhclient - Dynamic Host Configuration Pr + .B -w + ] + [ ++.B -B ++] ++[ ++.B -C ++.I dhcp-client-identifier ++] ++[ ++.B -H ++.I host-name ++] ++[ ++.B -F ++.I fqdn.fqdn ++] ++[ ++.B -V ++.I vendor-class-identifier ++] ++[ ++.B -R ++.I request-option-list ++] ++[ ++.B -timeout ++.I timeout ++] ++[ + .B -v + ] + [ +@@ -275,6 +302,69 @@ not to exit when it doesn't find any suc + program can then be used to notify the client when a network interface + has been added or removed, so that the client can attempt to configure an IP + address on that interface. ++ ++.TP ++.BI -B ++Set the BOOTP broadcast flag in request packets so servers will always ++broadcast replies. ++ ++.TP ++.BI -C\ <dhcp-client-identifier> ++Specify the dhcp-client-identifier option to send to the DHCP server. ++ ++.TP ++.BI -H\ <host-name> ++Specify the host-name option to send to the DHCP server. The host-name ++string only contains the client's hostname prefix, to which the server will ++append the ddns-domainname or domain-name options, if any, to derive the ++fully qualified domain name of the client. The ++.B -H ++option cannot be used with the ++.B -F ++option. ++ ++.TP ++.BI -F\ <fqdn.fqdn> ++Specify the fqdn.fqdn option to send to the DHCP server. This option cannot ++be used with the ++.B -H ++option. The fqdn.fqdn option must specify the complete domain name of the ++client host, which the server may use for dynamic DNS updates. ++ ++.TP ++.BI -V\ <vendor-class-identifier> ++Specify the vendor-class-identifier option to send to the DHCP server. ++ ++.TP ++.BI -R\ <option>[,<option>...] ++Specify the list of options the client is to request from the server. The ++option list must be a single string consisting of option names separated ++by at least one command and optional space characters. The default option ++list is: ++ ++.BR ++ subnet-mask, broadcast-address, time-offset, routers, ++.BR ++ domain-search, domain-name, domain-name-servers, host-name, ++.BR ++ nis-domain, nis-servers, ntp-servers, interface-mtu ++ ++.TP ++.B -R ++option does not append options to the default request, it overrides the ++default request list. Keep this in mind if you want to request an ++additional option besides the default request list. You will have to ++specify all option names for the ++.B -R ++parameter. ++ ++.TP ++.BI -timeout\ <timeout> ++Specify the time after which ++.B dhclient ++will decide that no DHCP servers can be contacted when no responses have been ++received. ++ + .TP + .BI -n + Do not configure any interfaces. This is most likely to be useful in +diff -up dhcp-4.3.1b1/client/dhclient.c.fLPqYB dhcp-4.3.1b1/client/dhclient.c +--- dhcp-4.3.1b1/client/dhclient.c.fLPqYB 2014-07-02 19:58:38.000000000 +0200 ++++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:38:44.520350055 +0200 +@@ -39,6 +39,12 @@ + #include <limits.h> + #include <dns/result.h> + ++/* ++ * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define ++ * that when building ISC code. ++ */ ++extern int asprintf(char **strp, const char *fmt, ...); ++ + TIME default_lease_time = 43200; /* 12 hours... */ + TIME max_lease_time = 86400; /* 24 hours... */ + +@@ -88,6 +94,9 @@ int wanted_ia_na = -1; /* the absolute + int wanted_ia_ta = 0; + int wanted_ia_pd = 0; + char *mockup_relay = NULL; ++int bootp_broadcast_always = 0; ++ ++extern struct option *default_requested_options[]; + + void run_stateless(int exit_mode); + +@@ -125,6 +134,15 @@ main(int argc, char **argv) { + int local_family_set = 0; + #endif /* DHCPv6 */ + char *s; ++ char *dhcp_client_identifier_arg = NULL; ++ char *dhcp_host_name_arg = NULL; ++ char *dhcp_fqdn_arg = NULL; ++ char *dhcp_vendor_class_identifier_arg = NULL; ++ char *dhclient_request_options = NULL; ++ ++ int timeout_arg = 0; ++ char *arg_conf = NULL; ++ int arg_conf_len = 0; + + /* Initialize client globals. */ + memset(&default_duid, 0, sizeof(default_duid)); +@@ -325,6 +343,88 @@ main(int argc, char **argv) { + strlen(PACKAGE_VERSION))); + IGNORE_RET(write(STDERR_FILENO, "\n", 1)); + exit(0); ++ } else if (!strcmp(argv[i], "-C")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-C option dhcp-client-identifier string "%s" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ dhcp_client_identifier_arg = argv[i]; ++ } else if (!strcmp(argv[i], "-B")) { ++ bootp_broadcast_always = 1; ++ } else if (!strcmp(argv[i], "-H")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-H option host-name string "%s" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ if (dhcp_host_name_arg != NULL) { ++ log_error("The -H <host-name> and -F <fqdn> arguments are mutually exclusive"); ++ exit(1); ++ } ++ ++ dhcp_host_name_arg = argv[i]; ++ } else if (!strcmp(argv[i], "-F")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-F option fqdn.fqdn string "%s" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ if (dhcp_fqdn_arg != NULL) { ++ log_error("Only one -F <fqdn> argument can be specified"); ++ exit(1); ++ } ++ ++ if (dhcp_host_name_arg != NULL) { ++ log_error("The -F <fqdn> and -H <host-name> arguments are mutually exclusive"); ++ exit(1); ++ } ++ ++ dhcp_fqdn_arg = argv[i]; ++ } else if (!strcmp(argv[i], "-timeout")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ if ((timeout_arg = atoi(argv[i])) <= 0) { ++ log_error("timeout option must be > 0 - bad value: %s",argv[i]); ++ exit(1); ++ } ++ } else if (!strcmp(argv[i], "-V")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ if (strlen(argv[i]) >= DHCP_MAX_OPTION_LEN) { ++ log_error("-V option vendor-class-identifier string "%s" is too long - maximum length is: %d", argv[i], DHCP_MAX_OPTION_LEN-1); ++ exit(1); ++ } ++ ++ dhcp_vendor_class_identifier_arg = argv[i]; ++ } else if (!strcmp(argv[i], "-R")) { ++ if ((++i == argc) || (argv[i] == NULL) || (*(argv[i])=='\0')) { ++ usage(); ++ exit(1); ++ } ++ ++ dhclient_request_options = argv[i]; + } else if (argv[i][0] == '-') { + usage(); + } else if (interfaces_requested < 0) { +@@ -507,6 +607,156 @@ main(int argc, char **argv) { + /* Parse the dhclient.conf file. */ + read_client_conf(); + ++ /* Parse any extra command line configuration arguments: */ ++ if ((dhcp_client_identifier_arg != NULL) && (*dhcp_client_identifier_arg != '\0')) { ++ arg_conf_len = asprintf(&arg_conf, "send dhcp-client-identifier "%s";", dhcp_client_identifier_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -C option dhcp-client-identifier"); ++ } ++ ++ if ((dhcp_host_name_arg != NULL) && (*dhcp_host_name_arg != '\0')) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "send host-name "%s";", dhcp_host_name_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -H option host-name"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nsend host-name "%s";", last_arg_conf, dhcp_host_name_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -H option host-name"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if ((dhcp_fqdn_arg != NULL) && (*dhcp_fqdn_arg != '\0')) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "send fqdn.fqdn "%s";", dhcp_fqdn_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -F option fqdn.fqdn"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nsend fqdn.fqdn "%s";", last_arg_conf, dhcp_fqdn_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -F option fqdn.fqdn"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if (timeout_arg) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "timeout %d;", timeout_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to process -timeout timeout argument"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\ntimeout %d;", last_arg_conf, timeout_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len == 0)) ++ log_fatal("Unable to process -timeout timeout argument"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if ((dhcp_vendor_class_identifier_arg != NULL) && (*dhcp_vendor_class_identifier_arg != '\0')) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "send vendor-class-identifier "%s";", dhcp_vendor_class_identifier_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -V option vendor-class-identifier"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nsend vendor-class-identifier "%s";", last_arg_conf, dhcp_vendor_class_identifier_arg); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send -V option vendor-class-identifier"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if (dhclient_request_options != NULL) { ++ if (arg_conf == 0) { ++ arg_conf_len = asprintf(&arg_conf, "request %s;", dhclient_request_options); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to parse -R <request options list> argument"); ++ } else { ++ char *last_arg_conf = arg_conf; ++ arg_conf = NULL; ++ arg_conf_len = asprintf(&arg_conf, "%s\nrequest %s;", last_arg_conf, dhclient_request_options); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to parse -R <request options list> argument"); ++ ++ free(last_arg_conf); ++ } ++ } ++ ++ if (arg_conf) { ++ if (arg_conf_len == 0) ++ if ((arg_conf_len = strlen(arg_conf)) == 0) ++ /* huh ? cannot happen ! */ ++ log_fatal("Unable to process -C/-H/-F/-timeout/-V/-R configuration arguments"); ++ ++ /* parse the extra dhclient.conf configuration arguments ++ * into top level config: */ ++ struct parse *cfile = (struct parse *)0; ++ const char *val = NULL; ++ int token; ++ ++ status = new_parse(&cfile, -1, arg_conf, arg_conf_len, "extra dhclient -C/-H/-F/-timeout/-V/-R configuration arguments", 0); ++ ++ if ((status != ISC_R_SUCCESS) || (cfile -> warnings_occurred)) ++ log_fatal("Cannot parse -C/-H/-F/-timeout/-V/-R configuration arguments !"); ++ /* more detailed parse failures will be logged */ ++ ++ do { ++ token = peek_token(&val, (unsigned *)0, cfile); ++ if (token == END_OF_FILE) ++ break; ++ ++ parse_client_statement(cfile, (struct interface_info *)0, &top_level_config); ++ } while (1); ++ ++ if (cfile -> warnings_occurred) ++ log_fatal("Cannot parse -C/-H/-F/-timeout/-V/-R configuration arguments !"); ++ end_parse(&cfile); ++ ++ if (timeout_arg) { ++ /* we just set the toplevel timeout, but per-client ++ * timeouts may still be at defaults. ++ */ ++ for (ip=interfaces; ip; ip = ip->next) { ++ if (ip->client->config->timeout == 60) ++ ip->client->config->timeout = timeout_arg; ++ } ++ } ++ ++ if ((dhclient_request_options != 0) && (top_level_config.requested_options != default_requested_options)) { ++ for (ip=interfaces; ip; ip = ip->next) { ++ if (ip->client->config->requested_options == default_requested_options) ++ ip->client->config->requested_options = top_level_config.requested_options; ++ } ++ } ++ ++ free(arg_conf); ++ arg_conf = NULL; ++ arg_conf_len = 0; ++ } ++ + /* Parse the lease database. */ + read_client_leases(); + +@@ -756,6 +1006,10 @@ static void usage() + " [-s server-addr] [-cf config-file]\n" + " [-df duid-file] [-lf lease-file]\n" + " [-pf pid-file] [--no-pid] [-e VAR=val]\n" ++ " [-C <dhcp-client-identifier>] [-B]\n" ++ " [-H <host-name> | -F <fqdn.fqdn>] [-timeout <timeout>]\n" ++ " [-V <vendor-class-identifier>]\n" ++ " [-R <request option list>]\n" + " [-sf script-file] [interface]"); + } + +@@ -2531,7 +2785,8 @@ void make_discover (client, lease) + client -> packet.xid = random (); + client -> packet.secs = 0; /* filled in by send_discover. */ + +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(bootp_broadcast_always || client->config->bootp_broadcast_always)) ++ && can_receive_unicast_unconfigured(client->interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +@@ -2615,7 +2870,9 @@ void make_request (client, lease) + } else { + memset (&client -> packet.ciaddr, 0, + sizeof client -> packet.ciaddr); +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(bootp_broadcast_always || ++ client ->config->bootp_broadcast_always)) && ++ can_receive_unicast_unconfigured (client -> interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +@@ -2677,7 +2934,8 @@ void make_decline (client, lease) + client -> packet.hops = 0; + client -> packet.xid = client -> xid; + client -> packet.secs = 0; /* Filled in by send_request. */ +- if (can_receive_unicast_unconfigured (client -> interface)) ++ if ((!(bootp_broadcast_always || client->config-> bootp_broadcast_always)) ++ && can_receive_unicast_unconfigured (client->interface)) + client -> packet.flags = 0; + else + client -> packet.flags = htons (BOOTP_BROADCAST); +diff -up dhcp-4.3.1b1/common/conflex.c.fLPqYB dhcp-4.3.1b1/common/conflex.c +--- dhcp-4.3.1b1/common/conflex.c.fLPqYB 2014-07-02 19:58:38.000000000 +0200 ++++ dhcp-4.3.1b1/common/conflex.c 2014-07-10 17:38:26.940599374 +0200 +@@ -811,6 +811,8 @@ intern(char *atom, enum dhcp_token dfv) + return BALANCE; + if (!strcasecmp (atom + 1, "ound")) + return BOUND; ++ if (!strcasecmp (atom + 1, "ootp-broadcast-always")) ++ return BOOTP_BROADCAST_ALWAYS; + break; + case 'c': + if (!strcasecmp(atom + 1, "ase")) +diff -up dhcp-4.3.1b1/includes/dhcpd.h.fLPqYB dhcp-4.3.1b1/includes/dhcpd.h +--- dhcp-4.3.1b1/includes/dhcpd.h.fLPqYB 2014-07-02 19:58:39.000000000 +0200 ++++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:38:26.941599360 +0200 +@@ -1152,6 +1152,9 @@ struct client_config { + int do_forward_update; /* If nonzero, and if we have the + information we need, update the + A record for the address we get. */ ++ ++ int bootp_broadcast_always; /* If nonzero, always set the BOOTP_BROADCAST ++ flag in requests */ + }; + + /* Per-interface state used in the dhcp client... */ +diff -up dhcp-4.3.1b1/includes/dhctoken.h.fLPqYB dhcp-4.3.1b1/includes/dhctoken.h +--- dhcp-4.3.1b1/includes/dhctoken.h.fLPqYB 2014-07-02 19:58:39.000000000 +0200 ++++ dhcp-4.3.1b1/includes/dhctoken.h 2014-07-10 17:38:26.942599346 +0200 +@@ -367,7 +367,8 @@ enum dhcp_token { + TOKEN_INFINIBAND = 668, + POOL6 = 669, + V6RELAY = 670, +- V6RELOPT = 671 ++ V6RELOPT = 671, ++ BOOTP_BROADCAST_ALWAYS = 672 + }; + + #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/src/patches/dhcp/dhcp-errwarn-message.patch b/src/patches/dhcp/dhcp-errwarn-message.patch new file mode 100644 index 0000000..a65c2c2 --- /dev/null +++ b/src/patches/dhcp/dhcp-errwarn-message.patch @@ -0,0 +1,22 @@ +diff -up dhcp-4.3.0b1/omapip/errwarn.c.errwarn dhcp-4.3.0b1/omapip/errwarn.c +--- dhcp-4.3.0b1/omapip/errwarn.c.errwarn 2014-01-21 09:31:47.301334249 +0100 ++++ dhcp-4.3.0b1/omapip/errwarn.c 2014-01-21 09:33:20.569039072 +0100 +@@ -76,11 +76,13 @@ void log_fatal (const char * fmt, ... ) + } + + log_error ("%s", ""); +- log_error ("If you think you have received this message due to a bug rather"); +- log_error ("than a configuration issue please read the section on submitting"); +- log_error ("bugs on either our web page at www.isc.org or in the README file"); +- log_error ("before submitting a bug. These pages explain the proper"); +- log_error ("process and the information we find helpful for debugging.."); ++ log_error ("This version of ISC DHCP is based on the release available"); ++ log_error ("on ftp.isc.org. Features have been added and other changes"); ++ log_error ("have been made to the base software release in order to make"); ++ log_error ("it work better with this distribution."); ++ log_error ("%s", ""); ++ log_error ("Please report for this software via the Red Hat Bugzilla site:"); ++ log_error (" http://bugzilla.redhat.com"); + log_error ("%s", ""); + log_error ("exiting."); + diff --git a/src/patches/dhcp/dhcp-garbage-chars.patch b/src/patches/dhcp/dhcp-garbage-chars.patch new file mode 100644 index 0000000..131360b --- /dev/null +++ b/src/patches/dhcp/dhcp-garbage-chars.patch @@ -0,0 +1,12 @@ +diff -up dhcp-4.3.0rc1/common/tables.c.garbage dhcp-4.3.0rc1/common/tables.c +--- dhcp-4.3.0rc1/common/tables.c.garbage 2014-01-29 10:03:52.132624677 +0100 ++++ dhcp-4.3.0rc1/common/tables.c 2014-01-29 10:04:51.413875343 +0100 +@@ -213,7 +213,7 @@ static struct option dhcp_options[] = { + { "name-service-search", "Sa", &dhcp_universe, 117, 1 }, + #endif + { "subnet-selection", "I", &dhcp_universe, 118, 1 }, +- { "domain-search", "Dc", &dhcp_universe, 119, 1 }, ++ { "domain-search", "D", &dhcp_universe, 119, 1 }, + { "vivco", "Evendor-class.", &dhcp_universe, 124, 1 }, + { "vivso", "Evendor.", &dhcp_universe, 125, 1 }, + #if 0 diff --git a/src/patches/dhcp/dhcp-gpxe-cid.patch b/src/patches/dhcp/dhcp-gpxe-cid.patch new file mode 100644 index 0000000..c8c2b84 --- /dev/null +++ b/src/patches/dhcp/dhcp-gpxe-cid.patch @@ -0,0 +1,73 @@ +diff -up dhcp-4.3.0a1/client/dhclient.c.gpxe-cid dhcp-4.3.0a1/client/dhclient.c +--- dhcp-4.3.0a1/client/dhclient.c.gpxe-cid 2013-12-20 13:28:45.105048317 +0100 ++++ dhcp-4.3.0a1/client/dhclient.c 2013-12-20 13:28:45.109048261 +0100 +@@ -47,6 +47,14 @@ + const char *path_dhclient_pid = NULL; + static char path_dhclient_script_array[] = _PATH_DHCLIENT_SCRIPT; + char *path_dhclient_script = path_dhclient_script_array; ++ ++/* Default Prefix */ ++static unsigned char default_prefix[12] = { ++ 0xff, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x02, 0x00, ++ 0x00, 0x02, 0xc9, 0x00 ++}; ++ + const char *path_dhclient_duid = NULL; + + /* False (default) => we write and use a pid file */ +@@ -1253,6 +1260,12 @@ int find_subnet (struct subnet **sp, + static void setup_ib_interface(struct interface_info *ip) + { + struct group *g; ++ struct hardware *hw = &ip->hw_address; ++ char client_id[64]; ++ char *arg_conf = NULL; ++ int arg_conf_len = 0; ++ isc_result_t status; ++ struct parse *cfile = (struct parse *)0; + + /* Set the broadcast flag */ + ip->client->config->bootp_broadcast_always = 1; +@@ -1269,8 +1282,39 @@ static void setup_ib_interface(struct in + } + } + +- /* No client ID specified */ +- log_fatal("dhcp-client-identifier must be specified for InfiniBand"); ++ /* ++ * No client ID specified, make up one based on a default ++ * "prefix" and the port GUID. ++ * ++ * NOTE: This is compatible with what gpxe does. ++ */ ++ sprintf(client_id, "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", ++ default_prefix[0], default_prefix[1], default_prefix[2], ++ default_prefix[3], default_prefix[4], default_prefix[5], ++ default_prefix[6], default_prefix[7], default_prefix[8], ++ default_prefix[9], default_prefix[10], default_prefix[11], ++ hw->hbuf[1], hw->hbuf[2], hw->hbuf[3], hw->hbuf[4], ++ hw->hbuf[5], hw->hbuf[6], hw->hbuf[7], hw->hbuf[8]); ++ ++ arg_conf_len = asprintf(&arg_conf, ++ "send dhcp-client-identifier %s;", ++ client_id); ++ ++ if ((arg_conf == 0) || (arg_conf_len <= 0)) ++ log_fatal("Unable to send option dhcp-client-identifier"); ++ ++ status = new_parse(&cfile, -1, arg_conf, arg_conf_len, ++ "Automatic Infiniband client identifier", 0); ++ ++ if ((status != ISC_R_SUCCESS) || (cfile->warnings_occurred)) ++ log_fatal("Failed to parse Infiniband client identifier"); ++ ++ parse_client_statement(cfile, NULL, ip->client->config); ++ ++ if (cfile->warnings_occurred) ++ log_fatal("Failed to parse Infiniband client identifier"); ++ ++ end_parse(&cfile); + } + + /* Individual States: diff --git a/src/patches/dhcp/dhcp-honor-expired.patch b/src/patches/dhcp/dhcp-honor-expired.patch new file mode 100644 index 0000000..bd89297 --- /dev/null +++ b/src/patches/dhcp/dhcp-honor-expired.patch @@ -0,0 +1,49 @@ +diff -up dhcp-4.3.0a1/client/dhc6.c.honor-expired dhcp-4.3.0a1/client/dhc6.c +--- dhcp-4.3.0a1/client/dhc6.c.honor-expired 2013-12-19 16:00:28.062183037 +0100 ++++ dhcp-4.3.0a1/client/dhc6.c 2013-12-19 16:00:28.076182842 +0100 +@@ -1351,6 +1351,32 @@ start_info_request6(struct client_state + go_daemon(); + } + ++/* Run through the addresses in lease and return true if there's any unexpired. ++ * Return false otherwise. ++ */ ++isc_boolean_t ++unexpired_address_in_lease(struct dhc6_lease *lease) ++{ ++ struct dhc6_ia *ia; ++ struct dhc6_addr *addr; ++ ++ for (ia = lease->bindings ; ia != NULL ; ia = ia->next) { ++ for (addr = ia->addrs ; addr != NULL ; addr = addr->next) { ++ if (addr->flags & DHC6_ADDR_EXPIRED) ++ continue; ++ ++ if (addr->starts + addr->max_life > cur_time) { ++ return ISC_TRUE; ++ } ++ } ++ } ++ ++ log_info("PRC: Previous lease is devoid of active addresses." ++ " Re-initializing."); ++ ++ return ISC_FALSE; ++} ++ + /* + * start_confirm6() kicks off an "init-reboot" version of the process, at + * startup to find out if old bindings are 'fair' and at runtime whenever +@@ -1363,8 +1389,10 @@ start_confirm6(struct client_state *clie + + /* If there is no active lease, there is nothing to check. */ + if ((client->active_lease == NULL) || +- !active_prefix(client) || +- client->active_lease->released) { ++ !active_prefix(client) || ++ client->active_lease->released || ++ !unexpired_address_in_lease(client->active_lease)) { ++ dhc6_lease_destroy(&client->active_lease, MDL); + start_init6(client); + return; + } diff --git a/src/patches/dhcp/dhcp-improved-xid.patch b/src/patches/dhcp/dhcp-improved-xid.patch new file mode 100644 index 0000000..eccff49 --- /dev/null +++ b/src/patches/dhcp/dhcp-improved-xid.patch @@ -0,0 +1,138 @@ +diff -up dhcp-4.3.0a1/client/dhclient.c.improved-xid dhcp-4.3.0a1/client/dhclient.c +--- dhcp-4.3.0a1/client/dhclient.c.improved-xid 2013-12-20 13:29:41.836260810 +0100 ++++ dhcp-4.3.0a1/client/dhclient.c 2013-12-20 13:29:41.843260713 +0100 +@@ -894,6 +894,26 @@ main(int argc, char **argv) { + } + } + ++ /* We create a backup seed before rediscovering interfaces in order to ++ have a seed built using all of the available interfaces ++ It's interesting if required interfaces doesn't let us defined ++ a really unique seed due to a lack of valid HW addr later ++ (this is the case with DHCP over IB) ++ We only use the last device as using a sum could broke the ++ uniqueness of the seed among multiple nodes ++ */ ++ unsigned backup_seed = 0; ++ for (ip = interfaces; ip; ip = ip -> next) { ++ int junk; ++ if ( ip -> hw_address.hlen <= sizeof seed ) ++ continue; ++ memcpy (&junk, ++ &ip -> hw_address.hbuf [ip -> hw_address.hlen - ++ sizeof seed], sizeof seed); ++ backup_seed = junk; ++ } ++ ++ + /* At this point, all the interfaces that the script thinks + are relevant should be running, so now we once again call + discover_interfaces(), and this time ask it to actually set +@@ -908,14 +928,36 @@ main(int argc, char **argv) { + Not much entropy, but we're booting, so we're not likely to + find anything better. */ + seed = 0; ++ int seed_flag = 0; + for (ip = interfaces; ip; ip = ip->next) { + int junk; ++ if ( ip -> hw_address.hlen <= sizeof seed ) ++ continue; + memcpy(&junk, + &ip->hw_address.hbuf[ip->hw_address.hlen - + sizeof seed], sizeof seed); + seed += junk; ++ seed_flag = 1; + } +- srandom(seed + cur_time + (unsigned)getpid()); ++ if ( seed_flag == 0 ) { ++ if ( backup_seed != 0 ) { ++ seed = backup_seed; ++ log_info ("xid: rand init seed (0x%x) built using all" ++ " available interfaces",seed); ++ } ++ else { ++ seed = cur_time^((unsigned) gethostid()) ; ++ log_info ("xid: warning: no netdev with useable HWADDR found" ++ " for seed's uniqueness enforcement"); ++ log_info ("xid: rand init seed (0x%x) built using gethostid", ++ seed); ++ } ++ /* we only use seed and no current time as a broadcast reply */ ++ /* will certainly be used by the hwaddrless interface */ ++ srandom(seed); ++ } ++ else ++ srandom(seed + cur_time + (unsigned)getpid()); + + /* Setup specific Infiniband options */ + for (ip = interfaces; ip; ip = ip->next) { +@@ -1460,7 +1502,7 @@ void dhcpack (packet) + return; + } + +- log_info ("DHCPACK from %s", piaddr (packet -> client_addr)); ++ log_info ("DHCPACK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); + + lease = packet_to_lease (packet, client); + if (!lease) { +@@ -2171,7 +2213,7 @@ void dhcpnak (packet) + return; + } + +- log_info ("DHCPNAK from %s", piaddr (packet -> client_addr)); ++ log_info ("DHCPNAK from %s (xid=0x%x)", piaddr (packet -> client_addr), client -> xid); + + if (!client -> active) { + #if defined (DEBUG) +@@ -2298,10 +2340,10 @@ void send_discover (cpp) + client -> packet.secs = htons (65535); + client -> secs = client -> packet.secs; + +- log_info ("DHCPDISCOVER on %s to %s port %d interval %ld", ++ log_info ("DHCPDISCOVER on %s to %s port %d interval %ld (xid=0x%x)", + client -> name ? client -> name : client -> interface -> name, + inet_ntoa (sockaddr_broadcast.sin_addr), +- ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval)); ++ ntohs (sockaddr_broadcast.sin_port), (long)(client -> interval), client -> xid); + + /* Send out a packet. */ + result = send_packet(client->interface, NULL, &client->packet, +@@ -2570,10 +2612,10 @@ void send_request (cpp) + client -> packet.secs = htons (65535); + } + +- log_info ("DHCPREQUEST on %s to %s port %d", ++ log_info ("DHCPREQUEST on %s to %s port %d (xid=0x%x)", + client -> name ? client -> name : client -> interface -> name, + inet_ntoa (destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), client -> xid); + + if (destination.sin_addr.s_addr != INADDR_BROADCAST && + fallback_interface) { +@@ -2613,10 +2655,10 @@ void send_decline (cpp) + + int result; + +- log_info ("DHCPDECLINE on %s to %s port %d", ++ log_info ("DHCPDECLINE on %s to %s port %d (xid=0x%x)", + client->name ? client->name : client->interface->name, + inet_ntoa(sockaddr_broadcast.sin_addr), +- ntohs(sockaddr_broadcast.sin_port)); ++ ntohs(sockaddr_broadcast.sin_port), client -> xid); + + /* Send out a packet. */ + result = send_packet(client->interface, NULL, &client->packet, +@@ -2659,10 +2701,10 @@ void send_release (cpp) + return; + } + +- log_info ("DHCPRELEASE on %s to %s port %d", ++ log_info ("DHCPRELEASE on %s to %s port %d (xid=0x%x)", + client -> name ? client -> name : client -> interface -> name, + inet_ntoa (destination.sin_addr), +- ntohs (destination.sin_port)); ++ ntohs (destination.sin_port), client -> xid); + + if (fallback_interface) { + result = send_packet(fallback_interface, NULL, &client->packet, diff --git a/src/patches/dhcp/dhcp-logpid.patch b/src/patches/dhcp/dhcp-logpid.patch new file mode 100644 index 0000000..e1a6ebd --- /dev/null +++ b/src/patches/dhcp/dhcp-logpid.patch @@ -0,0 +1,11 @@ +--- expanded_org/client/dhclient.c Wed Aug 06 23:35:00 2014 ++++ expanded_logpid/client/dhclient.c Mon Feb 16 13:35:31 2015 +@@ -142,7 +142,7 @@ + else if (fd != -1) + close(fd); + +- openlog("dhclient", DHCP_LOG_OPTIONS, LOG_DAEMON); ++ openlog("dhclient", LOG_NDELAY | LOG_PID, LOG_DAEMON); + + #if !(defined(DEBUG) || defined(__CYGWIN32__)) + setlogmask(LOG_UPTO(LOG_INFO)); diff --git a/src/patches/dhcp/dhcp-lpf-ib.patch b/src/patches/dhcp/dhcp-lpf-ib.patch new file mode 100644 index 0000000..8e094d6 --- /dev/null +++ b/src/patches/dhcp/dhcp-lpf-ib.patch @@ -0,0 +1,585 @@ +diff -up dhcp-4.3.1b1/client/dhclient.c.bmgpWV dhcp-4.3.1b1/client/dhclient.c +--- dhcp-4.3.1b1/client/dhclient.c.bmgpWV 2014-07-10 17:50:26.922402550 +0200 ++++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:53:43.629623477 +0200 +@@ -114,6 +114,8 @@ static int check_domain_name_list(const + static int check_option_values(struct universe *universe, unsigned int opt, + const char *ptr, size_t len); + ++static void setup_ib_interface(struct interface_info *ip); ++ + #ifndef UNIT_TEST + int + main(int argc, char **argv) { +@@ -937,6 +939,13 @@ main(int argc, char **argv) { + } + srandom(seed + cur_time + (unsigned)getpid()); + ++ /* Setup specific Infiniband options */ ++ for (ip = interfaces; ip; ip = ip->next) { ++ if (ip->client && ++ (ip->hw_address.hbuf[0] == HTYPE_INFINIBAND)) { ++ setup_ib_interface(ip); ++ } ++ } + + /* + * Establish a default DUID. We always do so for v6 and +@@ -1230,6 +1239,29 @@ int find_subnet (struct subnet **sp, + return 0; + } + ++static void setup_ib_interface(struct interface_info *ip) ++{ ++ struct group *g; ++ ++ /* Set the broadcast flag */ ++ ip->client->config->bootp_broadcast_always = 1; ++ ++ /* ++ * Find out if a dhcp-client-identifier option was specified either ++ * in the config file or on the command line ++ */ ++ for (g = ip->client->config->on_transmission; g != NULL; g = g->next) { ++ if ((g->statements != NULL) && ++ (strcmp(g->statements->data.option->option->name, ++ "dhcp-client-identifier") == 0)) { ++ return; ++ } ++ } ++ ++ /* No client ID specified */ ++ log_fatal("dhcp-client-identifier must be specified for InfiniBand"); ++} ++ + /* Individual States: + * + * Each routine is called from the dhclient_state_machine() in one of +diff -up dhcp-4.3.1b1/common/bpf.c.bmgpWV dhcp-4.3.1b1/common/bpf.c +--- dhcp-4.3.1b1/common/bpf.c.bmgpWV 2014-07-10 17:48:03.797424616 +0200 ++++ dhcp-4.3.1b1/common/bpf.c 2014-07-10 17:52:57.705272295 +0200 +@@ -199,11 +199,44 @@ struct bpf_insn dhcp_bpf_filter [] = { + BPF_STMT(BPF_RET+BPF_K, 0), + }; + ++/* Packet filter program for DHCP over Infiniband. ++ * ++ * XXX ++ * Changes to the filter program may require changes to the constant offsets ++ * used in lpf_gen_filter_setup to patch the port in the BPF program! ++ * XXX ++ */ ++struct bpf_insn dhcp_ib_bpf_filter [] = { ++ /* Packet filter for Infiniband */ ++ /* Make sure it's a UDP packet... */ ++ BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 9), ++ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6), ++ ++ /* Make sure this isn't a fragment... */ ++ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6), ++ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0), ++ ++ /* Get the IP header length... */ ++ BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 0), ++ ++ /* Make sure it's to the right port... */ ++ BPF_STMT(BPF_LD + BPF_H + BPF_IND, 2), ++ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), ++ ++ /* If we passed all the tests, ask for the whole packet. */ ++ BPF_STMT(BPF_RET + BPF_K, (u_int)-1), ++ ++ /* Otherwise, drop it. */ ++ BPF_STMT(BPF_RET + BPF_K, 0), ++}; ++ + #if defined (DEC_FDDI) + struct bpf_insn *bpf_fddi_filter; + #endif + + int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn); ++int dhcp_ib_bpf_filter_len = sizeof dhcp_ib_bpf_filter / sizeof (struct bpf_insn); ++ + #if defined (HAVE_TR_SUPPORT) + struct bpf_insn dhcp_bpf_tr_filter [] = { + /* accept all token ring packets due to variable length header */ +diff -up dhcp-4.3.1b1/common/lpf.c.bmgpWV dhcp-4.3.1b1/common/lpf.c +--- dhcp-4.3.1b1/common/lpf.c.bmgpWV 2014-07-10 17:48:03.797424616 +0200 ++++ dhcp-4.3.1b1/common/lpf.c 2014-07-10 17:52:57.706272281 +0200 +@@ -46,6 +46,17 @@ + #if defined (USE_LPF_RECEIVE) || defined (USE_LPF_HWADDR) + #include <sys/ioctl.h> + #include <net/if.h> ++#include <ifaddrs.h> ++ ++/* Default broadcast address for IPoIB */ ++static unsigned char default_ib_bcast_addr[20] = { ++ 0x00, 0xff, 0xff, 0xff, ++ 0xff, 0x12, 0x40, 0x1b, ++ 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, ++ 0xff, 0xff, 0xff, 0xff ++}; ++ + #endif + + #if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE) +@@ -92,10 +103,21 @@ int if_register_lpf (info) + struct sockaddr common; + } sa; + struct ifreq ifr; ++ int type; ++ int protocol; + + /* Make an LPF socket. */ +- if ((sock = socket(PF_PACKET, SOCK_RAW, +- htons((short)ETH_P_ALL))) < 0) { ++ get_hw_addr(info); ++ ++ if (info->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ type = SOCK_DGRAM; ++ protocol = ETHERTYPE_IP; ++ } else { ++ type = SOCK_RAW; ++ protocol = ETH_P_ALL; ++ } ++ ++ if ((sock = socket(PF_PACKET, type, htons((short)protocol))) < 0) { + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || + errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || + errno == EAFNOSUPPORT || errno == EINVAL) { +@@ -118,6 +140,7 @@ int if_register_lpf (info) + /* Bind to the interface name */ + memset (&sa, 0, sizeof sa); + sa.ll.sll_family = AF_PACKET; ++ sa.ll.sll_protocol = htons(protocol); + sa.ll.sll_ifindex = ifr.ifr_ifindex; + if (bind (sock, &sa.common, sizeof sa)) { + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || +@@ -133,8 +156,6 @@ int if_register_lpf (info) + log_fatal ("Bind socket to interface: %m"); + } + +- get_hw_addr(info->name, &info->hw_address); +- + return sock; + } + #endif /* USE_LPF_SEND || USE_LPF_RECEIVE */ +@@ -189,6 +210,8 @@ void if_deregister_send (info) + in bpf includes... */ + extern struct sock_filter dhcp_bpf_filter []; + extern int dhcp_bpf_filter_len; ++extern struct sock_filter dhcp_ib_bpf_filter []; ++extern int dhcp_ib_bpf_filter_len; + + #if defined (HAVE_TR_SUPPORT) + extern struct sock_filter dhcp_bpf_tr_filter []; +@@ -206,11 +229,13 @@ void if_register_receive (info) + /* Open a LPF device and hang it on this interface... */ + info -> rfdesc = if_register_lpf (info); + +- val = 1; +- if (setsockopt (info -> rfdesc, SOL_PACKET, PACKET_AUXDATA, &val, +- sizeof val) < 0) { +- if (errno != ENOPROTOOPT) +- log_fatal ("Failed to set auxiliary packet data: %m"); ++ if (info->hw_address.hbuf[0] != HTYPE_INFINIBAND) { ++ val = 1; ++ if (setsockopt (info -> rfdesc, SOL_PACKET, PACKET_AUXDATA, ++ &val, sizeof val) < 0) { ++ if (errno != ENOPROTOOPT) ++ log_fatal ("Failed to set auxiliary packet data: %m"); ++ } + } + + #if defined (HAVE_TR_SUPPORT) +@@ -256,15 +281,28 @@ static void lpf_gen_filter_setup (info) + + memset(&p, 0, sizeof(p)); + +- /* Set up the bpf filter program structure. This is defined in +- bpf.c */ +- p.len = dhcp_bpf_filter_len; +- p.filter = dhcp_bpf_filter; +- +- /* Patch the server port into the LPF program... +- XXX changes to filter program may require changes +- to the insn number(s) used below! XXX */ +- dhcp_bpf_filter [8].k = ntohs ((short)local_port); ++ if (info->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ /* Set up the bpf filter program structure. */ ++ p.len = dhcp_ib_bpf_filter_len; ++ p.filter = dhcp_ib_bpf_filter; ++ ++ /* Patch the server port into the LPF program... ++ XXX ++ changes to filter program may require changes ++ to the insn number(s) used below! ++ XXX */ ++ dhcp_ib_bpf_filter[6].k = ntohs ((short)local_port); ++ } else { ++ /* Set up the bpf filter program structure. ++ This is defined in bpf.c */ ++ p.len = dhcp_bpf_filter_len; ++ p.filter = dhcp_bpf_filter; ++ ++ /* Patch the server port into the LPF program... ++ XXX changes to filter program may require changes ++ to the insn number(s) used below! XXX */ ++ dhcp_bpf_filter [8].k = ntohs ((short)local_port); ++ } + + if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p, + sizeof p) < 0) { +@@ -321,6 +359,54 @@ static void lpf_tr_filter_setup (info) + #endif /* USE_LPF_RECEIVE */ + + #ifdef USE_LPF_SEND ++ssize_t send_packet_ib(interface, packet, raw, len, from, to, hto) ++ struct interface_info *interface; ++ struct packet *packet; ++ struct dhcp_packet *raw; ++ size_t len; ++ struct in_addr from; ++ struct sockaddr_in *to; ++ struct hardware *hto; ++{ ++ unsigned ibufp = 0; ++ double ih [1536 / sizeof (double)]; ++ unsigned char *buf = (unsigned char *)ih; ++ ssize_t result; ++ ++ union sockunion { ++ struct sockaddr sa; ++ struct sockaddr_ll sll; ++ struct sockaddr_storage ss; ++ } su; ++ ++ assemble_udp_ip_header (interface, buf, &ibufp, from.s_addr, ++ to->sin_addr.s_addr, to->sin_port, ++ (unsigned char *)raw, len); ++ memcpy (buf + ibufp, raw, len); ++ ++ memset(&su, 0, sizeof(su)); ++ su.sll.sll_family = AF_PACKET; ++ su.sll.sll_protocol = htons(ETHERTYPE_IP); ++ ++ if (!(su.sll.sll_ifindex = if_nametoindex(interface->name))) { ++ errno = ENOENT; ++ log_error ("send_packet_ib: %m - failed to get if index"); ++ return -1; ++ } ++ ++ su.sll.sll_hatype = htons(HTYPE_INFINIBAND); ++ su.sll.sll_halen = sizeof(interface->bcast_addr); ++ memcpy(&su.sll.sll_addr, interface->bcast_addr, 20); ++ ++ result = sendto(interface->wfdesc, buf, ibufp + len, 0, ++ &su.sa, sizeof(su)); ++ ++ if (result < 0) ++ log_error ("send_packet_ib: %m"); ++ ++ return result; ++} ++ + ssize_t send_packet (interface, packet, raw, len, from, to, hto) + struct interface_info *interface; + struct packet *packet; +@@ -341,6 +427,11 @@ ssize_t send_packet (interface, packet, + return send_fallback (interface, packet, raw, + len, from, to, hto); + ++ if (interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ return send_packet_ib(interface, packet, raw, len, from, ++ to, hto); ++ } ++ + if (hto == NULL && interface->anycast_mac_addr.hlen) + hto = &interface->anycast_mac_addr; + +@@ -362,6 +453,42 @@ ssize_t send_packet (interface, packet, + #endif /* USE_LPF_SEND */ + + #ifdef USE_LPF_RECEIVE ++ssize_t receive_packet_ib (interface, buf, len, from, hfrom) ++ struct interface_info *interface; ++ unsigned char *buf; ++ size_t len; ++ struct sockaddr_in *from; ++ struct hardware *hfrom; ++{ ++ int length = 0; ++ int offset = 0; ++ unsigned char ibuf [1536]; ++ unsigned bufix = 0; ++ unsigned paylen; ++ ++ length = read(interface->rfdesc, ibuf, sizeof(ibuf)); ++ ++ if (length <= 0) ++ return length; ++ ++ offset = decode_udp_ip_header(interface, ibuf, bufix, from, ++ (unsigned)length, &paylen, 0); ++ ++ if (offset < 0) ++ return 0; ++ ++ bufix += offset; ++ length -= offset; ++ ++ if (length < paylen) ++ log_fatal("Internal inconsistency at %s:%d.", MDL); ++ ++ /* Copy out the data in the packet... */ ++ memcpy(buf, &ibuf[bufix], paylen); ++ ++ return (ssize_t)paylen; ++} ++ + ssize_t receive_packet (interface, buf, len, from, hfrom) + struct interface_info *interface; + unsigned char *buf; +@@ -388,6 +515,10 @@ ssize_t receive_packet (interface, buf, + }; + struct cmsghdr *cmsg; + ++ if (interface->hw_address.hbuf[0] == HTYPE_INFINIBAND) { ++ return receive_packet_ib(interface, buf, len, from, hfrom); ++ } ++ + length = recvmsg (interface -> rfdesc, &msg, 0); + if (length <= 0) + return length; +@@ -469,11 +600,33 @@ void maybe_setup_fallback () + #endif + + #if defined (USE_LPF_RECEIVE) || defined (USE_LPF_HWADDR) +-void +-get_hw_addr(const char *name, struct hardware *hw) { ++struct sockaddr_ll * ++get_ll (struct ifaddrs *ifaddrs, struct ifaddrs **ifa, char *name) ++{ ++ for (*ifa = ifaddrs; *ifa != NULL; *ifa = (*ifa)->ifa_next) { ++ if ((*ifa)->ifa_addr == NULL) ++ continue; ++ ++ if ((*ifa)->ifa_addr->sa_family != AF_PACKET) ++ continue; ++ ++ if ((*ifa)->ifa_flags & IFF_LOOPBACK) ++ continue; ++ ++ if (strcmp((*ifa)->ifa_name, name) == 0) ++ return (struct sockaddr_ll *)(void *)(*ifa)->ifa_addr; ++ } ++ *ifa = NULL; ++ return NULL; ++} ++ ++struct sockaddr_ll * ++ioctl_get_ll(char *name) ++{ + int sock; + struct ifreq tmp; +- struct sockaddr *sa; ++ struct sockaddr *sa = NULL; ++ struct sockaddr_ll *sll = NULL; + + if (strlen(name) >= sizeof(tmp.ifr_name)) { + log_fatal("Device name too long: "%s"", name); +@@ -487,16 +640,62 @@ get_hw_addr(const char *name, struct har + memset(&tmp, 0, sizeof(tmp)); + strcpy(tmp.ifr_name, name); + if (ioctl(sock, SIOCGIFHWADDR, &tmp) < 0) { +- log_fatal("Error getting hardware address for "%s": %m", ++ log_fatal("Error getting hardware address for "%s": %m", + name); + } ++ close(sock); + + sa = &tmp.ifr_hwaddr; +- switch (sa->sa_family) { ++ // needs to be freed outside this function ++ sll = dmalloc (sizeof (struct sockaddr_ll), MDL); ++ if (!sll) ++ log_fatal("Unable to allocate memory for link layer address"); ++ memcpy(&sll->sll_hatype, &sa->sa_family, sizeof (sll->sll_hatype)); ++ memcpy(sll->sll_addr, sa->sa_data, sizeof (sll->sll_addr)); ++ switch (sll->sll_hatype) { ++ case ARPHRD_INFINIBAND: ++ /* ioctl limits hardware addresses to 8 bytes */ ++ sll->sll_halen = 8; ++ break; ++ default: ++ break; ++ } ++ return sll; ++} ++ ++void ++get_hw_addr(struct interface_info *info) ++{ ++ struct hardware *hw = &info->hw_address; ++ char *name = info->name; ++ struct ifaddrs *ifaddrs = NULL; ++ struct ifaddrs *ifa = NULL; ++ struct sockaddr_ll *sll = NULL; ++ int sll_allocated = 0; ++ char *dup = NULL; ++ char *colon = NULL; ++ ++ if (getifaddrs(&ifaddrs) == -1) ++ log_fatal("Failed to get interfaces"); ++ ++ if ((sll = get_ll(ifaddrs, &ifa, name)) == NULL) { ++ /* ++ * We were unable to get link-layer address for name. ++ * Fall back to ioctl(SIOCGIFHWADDR). ++ */ ++ sll = ioctl_get_ll(name); ++ if (sll != NULL) ++ sll_allocated = 1; ++ else ++ // shouldn't happen ++ log_fatal("Unexpected internal error"); ++ } ++ ++ switch (sll->sll_hatype) { + case ARPHRD_ETHER: + hw->hlen = 7; + hw->hbuf[0] = HTYPE_ETHER; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); + break; + case ARPHRD_IEEE802: + #ifdef ARPHRD_IEEE802_TR +@@ -504,18 +703,48 @@ get_hw_addr(const char *name, struct har + #endif /* ARPHRD_IEEE802_TR */ + hw->hlen = 7; + hw->hbuf[0] = HTYPE_IEEE802; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); + break; + case ARPHRD_FDDI: + hw->hlen = 7; + hw->hbuf[0] = HTYPE_FDDI; +- memcpy(&hw->hbuf[1], sa->sa_data, 6); ++ memcpy(&hw->hbuf[1], sll->sll_addr, 6); ++ break; ++ case ARPHRD_INFINIBAND: ++ dup = strdup(name); ++ /* Aliased infiniband interface is special case where ++ * neither get_ll() nor ioctl_get_ll() get's correct hw ++ * address, so we have to truncate the :0 and run ++ * get_ll() again for the rest. ++ */ ++ if ((colon = strchr(dup, ':')) != NULL) { ++ *colon = '\0'; ++ if ((sll = get_ll(ifaddrs, &ifa, dup)) == NULL) ++ log_fatal("Error getting hardware address for "%s": %m", name); ++ } ++ free (dup); ++ /* For Infiniband, save the broadcast address and store ++ * the port GUID into the hardware address. ++ */ ++ if (ifa && (ifa->ifa_flags & IFF_BROADCAST)) { ++ struct sockaddr_ll *bll; ++ ++ bll = (struct sockaddr_ll *)ifa->ifa_broadaddr; ++ memcpy(&info->bcast_addr, bll->sll_addr, 20); ++ } else { ++ memcpy(&info->bcast_addr, default_ib_bcast_addr, ++ 20); ++ } ++ ++ hw->hlen = 1; ++ hw->hbuf[0] = HTYPE_INFINIBAND; ++ memcpy(&hw->hbuf[1], &sll->sll_addr[sll->sll_halen - 8], 8); + break; + #if defined(ARPHRD_PPP) + case ARPHRD_PPP: + if (local_family != AF_INET6) +- log_fatal("Unsupported device type %d for "%s"", +- sa->sa_family, name); ++ log_fatal("local_family != AF_INET6 for "%s"", ++ name); + hw->hlen = 0; + hw->hbuf[0] = HTYPE_RESERVED; + /* 0xdeadbeef should never occur on the wire, +@@ -528,10 +757,13 @@ get_hw_addr(const char *name, struct har + break; + #endif + default: +- log_fatal("Unsupported device type %ld for "%s"", +- (long int)sa->sa_family, name); ++ freeifaddrs(ifaddrs); ++ log_fatal("Unsupported device type %hu for "%s"", ++ sll->sll_hatype, name); + } + +- close(sock); ++ if (sll_allocated) ++ dfree(sll, MDL); ++ freeifaddrs(ifaddrs); + } + #endif +diff -up dhcp-4.3.1b1/common/socket.c.bmgpWV dhcp-4.3.1b1/common/socket.c +--- dhcp-4.3.1b1/common/socket.c.bmgpWV 2014-07-02 19:58:38.000000000 +0200 ++++ dhcp-4.3.1b1/common/socket.c 2014-07-10 17:52:57.706272281 +0200 +@@ -322,7 +322,7 @@ void if_register_send (info) + info->wfdesc = if_register_socket(info, AF_INET, 0, NULL); + /* If this is a normal IPv4 address, get the hardware address. */ + if (strcmp(info->name, "fallback") != 0) +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + #if defined (USE_SOCKET_FALLBACK) + /* Fallback only registers for send, but may need to receive as + well. */ +@@ -385,7 +385,7 @@ void if_register_receive (info) + #endif /* IP_PKTINFO... */ + /* If this is a normal IPv4 address, get the hardware address. */ + if (strcmp(info->name, "fallback") != 0) +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) + log_info ("Listening on Socket/%s%s%s", +@@ -499,7 +499,7 @@ if_register6(struct interface_info *info + if (req_multi) + if_register_multicast(info); + +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) { + if (info->shared_network != NULL) { +@@ -555,7 +555,7 @@ if_register_linklocal6(struct interface_ + info->rfdesc = sock; + info->wfdesc = sock; + +- get_hw_addr(info->name, &info->hw_address); ++ get_hw_addr(info); + + if (!quiet_interface_discovery) { + if (info->shared_network != NULL) { +diff -up dhcp-4.3.1b1/includes/dhcpd.h.bmgpWV dhcp-4.3.1b1/includes/dhcpd.h +--- dhcp-4.3.1b1/includes/dhcpd.h.bmgpWV 2014-07-10 17:50:26.923402536 +0200 ++++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:52:57.707272266 +0200 +@@ -1248,6 +1248,7 @@ struct interface_info { + struct shared_network *shared_network; + /* Networks connected to this interface. */ + struct hardware hw_address; /* Its physical address. */ ++ u_int8_t bcast_addr[20]; /* Infiniband broadcast address */ + struct in_addr *addresses; /* Addresses associated with this + * interface. + */ +@@ -2439,7 +2440,7 @@ void print_dns_status (int, struct dhcp_ + #endif + const char *print_time(TIME); + +-void get_hw_addr(const char *name, struct hardware *hw); ++void get_hw_addr(struct interface_info *info); + + /* socket.c */ + #if defined (USE_SOCKET_SEND) || defined (USE_SOCKET_RECEIVE) \ diff --git a/src/patches/dhcp/dhcp-manpages.patch b/src/patches/dhcp/dhcp-manpages.patch new file mode 100644 index 0000000..dde16c7 --- /dev/null +++ b/src/patches/dhcp/dhcp-manpages.patch @@ -0,0 +1,157 @@ +diff -up dhcp-4.3.0a1/client/dhclient-script.8.man dhcp-4.3.0a1/client/dhclient-script.8 +--- dhcp-4.3.0a1/client/dhclient-script.8.man 2013-12-11 01:01:02.000000000 +0100 ++++ dhcp-4.3.0a1/client/dhclient-script.8 2013-12-19 15:27:17.617118805 +0100 +@@ -48,7 +48,7 @@ customizations are needed, they should b + exit hooks provided (see HOOKS for details). These hooks will allow the + user to override the default behaviour of the client in creating a + .B /etc/resolv.conf +-file. ++file, and to handle DHCP options not handled by default. + .PP + No standard client script exists for some operating systems, even though + the actual client may work, so a pioneering user may well need to create +@@ -92,6 +92,26 @@ present. The + .B ETCDIR/dhclient-exit-hooks + script can modify the valid of exit_status to change the exit status + of dhclient-script. ++.PP ++Immediately after dhclient brings an interface UP with a new IP address, ++subnet mask, and routes, in the REBOOT/BOUND states, it will check for the ++existence of an executable ++.B ETCDIR/dhclient-up-hooks ++script, and source it if found. This script can handle DHCP options in ++the environment that are not handled by default. A per-interface. ++.B ETCDIR/dhclient-${IF}-up-hooks ++script will override the generic script and be sourced when interface ++$IF has been brought up. ++.PP ++Immediately before dhclient brings an interface DOWN, removing its IP ++address, subnet mask, and routes, in the STOP/RELEASE states, it will ++check for the existence of an executable ++.B ETCDIR/dhclient-down-hooks ++script, and source it if found. This script can handle DHCP options in ++the environment that are not handled by default. A per-interface ++.B ETCDIR/dhclient-${IF}-down-hooks ++script will override the generic script and be sourced when interface ++$IF is about to be brought down. + .SH OPERATION + When dhclient needs to invoke the client configuration script, it + defines a set of variables in the environment, and then invokes +diff -up dhcp-4.3.0a1/client/dhclient.conf.5.man dhcp-4.3.0a1/client/dhclient.conf.5 +--- dhcp-4.3.0a1/client/dhclient.conf.5.man 2013-12-11 01:01:02.000000000 +0100 ++++ dhcp-4.3.0a1/client/dhclient.conf.5 2013-12-19 15:27:17.617118805 +0100 +@@ -202,7 +202,8 @@ responding to the client send the client + options. Only the option names should be specified in the request + statement - not option parameters. By default, the DHCPv4 client + requests the subnet-mask, broadcast-address, time-offset, routers, +-domain-name, domain-name-servers and host-name options while the DHCPv6 ++domain-search, domain-name, domain-name-servers, host-name, nis-domain, ++nis-servers, ntp-servers and interface-mtu options while the DHCPv6 + client requests the dhcp6 name-servers and domain-search options. Note + that if you enter a 'request' statement, you over-ride these defaults + and these options will not be requested. +@@ -688,6 +689,17 @@ know the DHCP service(s) anycast MAC add + client. The \fIlink-type\fR and \fImac-address\fR parameters are configured + in a similar manner to the \fBhardware\fR statement. + .PP ++ \fBbootp-broadcast-always;\fR ++.PP ++The ++.B bootp-broadcast-always ++statement instructs dhclient to always set the bootp broadcast flag in ++request packets, so that servers will always broadcast replies. ++This is equivalent to supplying the dhclient -B argument, and has ++the same effect as specifying 'always-broadcast' in the server's dhcpd.conf. ++This option is provided as an extension to enable dhclient to work ++on IBM s390 Linux guests. ++.PP + .SH SAMPLE + The following configuration file is used on a laptop running NetBSD + 1.3. The laptop has an IP alias of 192.5.5.213, and has one +@@ -713,7 +725,7 @@ interface "ep0" { + supersede domain-search "fugue.com", "rc.vix.com", "home.vix.com"; + prepend domain-name-servers 127.0.0.1; + request subnet-mask, broadcast-address, time-offset, routers, +- domain-name, domain-name-servers, host-name; ++ domain-search, domain-name, domain-name-servers, host-name; + require subnet-mask, domain-name-servers; + script "CLIENTBINDIR/dhclient-script"; + media "media 10baseT/UTP", "media 10base2/BNC"; +diff -up dhcp-4.3.0a1/common/dhcp-options.5.man dhcp-4.3.0a1/common/dhcp-options.5 +--- dhcp-4.3.0a1/common/dhcp-options.5.man 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/common/dhcp-options.5 2013-12-19 15:27:17.618118791 +0100 +@@ -914,6 +914,21 @@ classless IP routing - it does not inclu + classless IP routing is now the most widely deployed routing standard, + this option is virtually useless, and is not implemented by any of the + popular DHCP clients, for example the Microsoft DHCP client. ++.PP ++NOTE to Fedora dhclient users: ++.br ++dhclient-script interprets trailing 0 octets of the target as indicating ++the subnet class of the route, so for the following static-routes value: ++.br ++ option static-routes 172.0.0.0 172.16.2.254, ++.br ++ 192.168.0.0 192.168.2.254; ++.br ++dhclient-script will create routes: ++.br ++ 172/8 via 172.16.2.254 dev $interface ++.br ++ 192.168/16 via 192.168.2.254 dev $interface + .RE + .PP + .nf +diff -up dhcp-4.3.0a1/server/dhcpd.conf.5.man dhcp-4.3.0a1/server/dhcpd.conf.5 +--- dhcp-4.3.0a1/server/dhcpd.conf.5.man 2013-12-13 21:49:44.000000000 +0100 ++++ dhcp-4.3.0a1/server/dhcpd.conf.5 2013-12-19 15:30:14.266670962 +0100 +@@ -527,6 +527,9 @@ pool { + }; + .fi + .PP ++Dynamic BOOTP leases are not compatible with failover, and, as such, ++you need to disallow BOOTP in pools that you are using failover for. ++.PP + The server currently does very little sanity checking, so if you + configure it wrong, it will just fail in odd ways. I would recommend + therefore that you either do failover or don't do failover, but don't +@@ -541,9 +544,9 @@ primary server might look like this: + failover peer "foo" { + primary; + address anthrax.rc.vix.com; +- port 519; ++ port 647; + peer address trantor.rc.vix.com; +- peer port 520; ++ peer port 847; + max-response-delay 60; + max-unacked-updates 10; + mclt 3600; +@@ -1241,7 +1244,7 @@ the zone containing PTR records - for IS + .PP + .nf + key DHCP_UPDATER { +- algorithm HMAC-MD5.SIG-ALG.REG.INT; ++ algorithm hmac-md5; + secret pRP5FapFoJ95JEL06sv4PQ==; + }; + +@@ -1264,7 +1267,7 @@ dhcpd.conf file: + .PP + .nf + key DHCP_UPDATER { +- algorithm HMAC-MD5.SIG-ALG.REG.INT; ++ algorithm hmac-md5; + secret pRP5FapFoJ95JEL06sv4PQ==; + }; + +@@ -2539,7 +2542,8 @@ statement + The \fInext-server\fR statement is used to specify the host address of + the server from which the initial boot file (specified in the + \fIfilename\fR statement) is to be loaded. \fIServer-name\fR should +-be a numeric IP address or a domain name. ++be a numeric IP address or a domain name. If no \fInext-server\fR statement ++applies to a given client, the address 0.0.0.0 is used. + .RE + .PP + The diff --git a/src/patches/dhcp/dhcp-paranoia.patch b/src/patches/dhcp/dhcp-paranoia.patch new file mode 100644 index 0000000..0f2db8c --- /dev/null +++ b/src/patches/dhcp/dhcp-paranoia.patch @@ -0,0 +1,156 @@ +diff -up dhcp-4.3.1b1/client/dhclient.c.dlTsyN dhcp-4.3.1b1/client/dhclient.c +--- dhcp-4.3.1b1/client/dhclient.c.dlTsyN 2014-07-10 17:49:49.882925843 +0200 ++++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:50:26.922402550 +0200 +@@ -1748,11 +1748,6 @@ int write_host (host) + return 0; + } + +-void db_startup (testp) +- int testp; +-{ +-} +- + void bootp (packet) + struct packet *packet; + { +diff -up dhcp-4.3.1b1/includes/dhcpd.h.dlTsyN dhcp-4.3.1b1/includes/dhcpd.h +--- dhcp-4.3.1b1/includes/dhcpd.h.dlTsyN 2014-07-10 17:48:03.798424601 +0200 ++++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:50:26.923402536 +0200 +@@ -2866,7 +2866,11 @@ void commit_leases_timeout (void *); + void commit_leases_readerdry(void *); + int commit_leases (void); + int commit_leases_timed (void); ++#if defined (PARANOIA) ++void db_startup (int, uid_t, gid_t); ++#else + void db_startup (int); ++#endif /* PARANOIA */ + int new_lease_file (void); + int group_writer (struct group_object *); + int write_ia(const struct ia_xx *); +diff -up dhcp-4.3.1b1/server/confpars.c.dlTsyN dhcp-4.3.1b1/server/confpars.c +--- dhcp-4.3.1b1/server/confpars.c.dlTsyN 2014-07-10 17:39:25.801764596 +0200 ++++ dhcp-4.3.1b1/server/confpars.c 2014-07-10 17:50:26.924402522 +0200 +@@ -219,7 +219,11 @@ void trace_conf_input (trace_type_t *tty + } + + if (!leaseconf_initialized && ttype == trace_readleases_type) { ++#if defined (PARANOIA) ++ db_startup (0, 0, 0); ++#else + db_startup (0); ++#endif /* PARANOIA */ + leaseconf_initialized = 1; + postdb_startup (); + } +diff -up dhcp-4.3.1b1/server/db.c.dlTsyN dhcp-4.3.1b1/server/db.c +--- dhcp-4.3.1b1/server/db.c.dlTsyN 2014-07-10 17:39:25.801764596 +0200 ++++ dhcp-4.3.1b1/server/db.c 2014-07-10 17:50:26.925402508 +0200 +@@ -42,6 +42,10 @@ static int counting = 0; + static int count = 0; + TIME write_time; + int lease_file_is_corrupt = 0; ++#if defined (PARANOIA) ++uid_t global_set_uid = 0; ++gid_t global_set_gid = 0; ++#endif /* PARANOIA */ + + /* Write a single binding scope value in parsable format. + */ +@@ -1046,8 +1050,11 @@ int commit_leases_timed() + return (1); + } + +-void db_startup (testp) +- int testp; ++#if defined (PARANOIA) ++void db_startup (int testp, uid_t set_uid, gid_t set_gid) ++#else ++void db_startup (int testp) ++#endif /* PARANOIA */ + { + isc_result_t status; + +@@ -1066,6 +1073,11 @@ void db_startup (testp) + } + #endif + ++#if defined (PARANOIA) ++ global_set_uid = set_uid; ++ global_set_gid = set_gid; ++#endif /* PARANOIA */ ++ + #if defined (TRACING) + /* If we're playing back, there is no lease file, so we can't + append it, so we create one immediately (maybe this isn't +@@ -1128,6 +1140,17 @@ int new_lease_file () + log_error ("Can't create new lease file: %m"); + return 0; + } ++ ++#if defined (PARANOIA) ++ if (global_set_uid && !geteuid() && ++ global_set_gid && !getegid()) ++ if (fchown(db_fd, global_set_uid, global_set_gid)) { ++ log_fatal ("Can't chown new lease file: %m"); ++ close(db_fd); ++ goto fdfail; ++ } ++#endif /* PARANOIA */ ++ + if ((new_db_file = fdopen(db_fd, "we")) == NULL) { + log_error("Can't fdopen new lease file: %m"); + close(db_fd); +diff -up dhcp-4.3.1b1/server/dhcpd.8.dlTsyN dhcp-4.3.1b1/server/dhcpd.8 +--- dhcp-4.3.1b1/server/dhcpd.8.dlTsyN 2014-07-02 19:58:39.000000000 +0200 ++++ dhcp-4.3.1b1/server/dhcpd.8 2014-07-10 17:50:26.925402508 +0200 +@@ -82,6 +82,18 @@ dhcpd - Dynamic Host Configuration Proto + .I trace-output-file + ] + [ ++.B -user ++.I user ++] ++[ ++.B -group ++.I group ++] ++[ ++.B -chroot ++.I dir ++] ++[ + .B -play + .I trace-playback-file + ] +@@ -269,6 +281,15 @@ lease file. + .TP + .BI --version + Print version number and exit. ++.TP ++.BI -user \ user ++Setuid to user after completing privileged operations, such as creating sockets that listen on privileged ports. ++.TP ++.BI -group \ group ++Setgid to group after completing privileged operations, such as creating sockets that listen on privileged ports. ++.TP ++.BI -chroot \ dir ++Chroot to directory after processing the command line arguments, but before reading the configuration file. + .PP + .I Modifying default file locations: + The following options can be used to modify the locations +diff -up dhcp-4.3.1b1/server/dhcpd.c.dlTsyN dhcp-4.3.1b1/server/dhcpd.c +--- dhcp-4.3.1b1/server/dhcpd.c.dlTsyN 2014-07-10 17:39:25.802764582 +0200 ++++ dhcp-4.3.1b1/server/dhcpd.c 2014-07-10 17:52:35.341588248 +0200 +@@ -628,7 +628,11 @@ main(int argc, char **argv) { + group_write_hook = group_writer; + + /* Start up the database... */ ++#if defined (PARANOIA) ++ db_startup (lftest, set_uid, set_gid); ++#else + db_startup (lftest); ++#endif /* PARANOIA */ + + if (lftest) + exit (0); diff --git a/src/patches/dhcp/dhcp-paths.patch b/src/patches/dhcp/dhcp-paths.patch new file mode 100644 index 0000000..2f43e51 --- /dev/null +++ b/src/patches/dhcp/dhcp-paths.patch @@ -0,0 +1,44 @@ +--- expanded_org/includes/dhcpd.h Wed Aug 06 23:35:02 2014 ++++ expanded_patched_51_4_2_0_paths_patch/includes/dhcpd.h Mon Feb 16 13:22:11 2015 +@@ -1424,15 +1424,15 @@ + #else /* !DEBUG */ + + #ifndef _PATH_DHCPD_CONF +-#define _PATH_DHCPD_CONF "/etc/dhcpd.conf" ++#define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf" + #endif /* DEBUG */ + + #ifndef _PATH_DHCPD_DB +-#define _PATH_DHCPD_DB LOCALSTATEDIR"/db/dhcpd.leases" ++#define _PATH_DHCPD_DB LOCALSTATEDIR"/dhcpd/dhcpd.leases" + #endif + + #ifndef _PATH_DHCPD6_DB +-#define _PATH_DHCPD6_DB LOCALSTATEDIR"/db/dhcpd6.leases" ++#define _PATH_DHCPD6_DB LOCALSTATEDIR"/dhcpd/dhcpd6.leases" + #endif + + #ifndef _PATH_DHCPD_PID +@@ -1446,7 +1446,7 @@ + #endif /* DEBUG */ + + #ifndef _PATH_DHCLIENT_CONF +-#define _PATH_DHCLIENT_CONF "/etc/dhclient.conf" ++#define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf" + #endif + + #ifndef _PATH_DHCLIENT_SCRIPT +@@ -1462,11 +1462,11 @@ + #endif + + #ifndef _PATH_DHCLIENT_DB +-#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/db/dhclient.leases" ++#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/dhclient/dhclient.leases" + #endif + + #ifndef _PATH_DHCLIENT6_DB +-#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/db/dhclient6.leases" ++#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/dhclient/dhclient6.leases" + #endif + + #ifndef _PATH_RESOLV_CONF diff --git a/src/patches/dhcp/dhcp-release-by-ifup.patch b/src/patches/dhcp/dhcp-release-by-ifup.patch new file mode 100644 index 0000000..677eb5c --- /dev/null +++ b/src/patches/dhcp/dhcp-release-by-ifup.patch @@ -0,0 +1,85 @@ +diff -up dhcp-4.3.0a1/client/dhclient.c.ifup dhcp-4.3.0a1/client/dhclient.c +--- dhcp-4.3.0a1/client/dhclient.c.ifup 2013-12-19 14:53:08.817760677 +0100 ++++ dhcp-4.3.0a1/client/dhclient.c 2013-12-19 15:05:16.290518574 +0100 +@@ -521,9 +521,81 @@ main(int argc, char **argv) { + } + } + fclose(pidfd); ++ } else { ++ /* handle release for interfaces requested with Red Hat ++ * /sbin/ifup - pidfile will be /var/run/dhclient-$interface.pid ++ */ ++ ++ if ((path_dhclient_pid == NULL) || (*path_dhclient_pid == '\0')) ++ path_dhclient_pid = "/var/run/dhclient.pid"; ++ ++ char *new_path_dhclient_pid; ++ struct interface_info *ip; ++ int pdp_len = strlen(path_dhclient_pid), pfx, dpfx; ++ ++ /* find append point: beginning of any trailing '.pid' ++ * or '-$IF.pid' */ ++ for (pfx=pdp_len; (pfx >= 0) && (path_dhclient_pid[pfx] != '.') && (path_dhclient_pid[pfx] != '/'); pfx--); ++ if (pfx == -1) ++ pfx = pdp_len; ++ ++ if (path_dhclient_pid[pfx] == '/') ++ pfx += 1; ++ ++ for (dpfx=pfx; (dpfx >= 0) && (path_dhclient_pid[dpfx] != '-') && (path_dhclient_pid[dpfx] != '/'); dpfx--); ++ if ((dpfx > -1) && (path_dhclient_pid[dpfx] != '/')) ++ pfx = dpfx; ++ ++ for (ip = interfaces; ip; ip = ip->next) { ++ if (interfaces_requested && (ip->flags & (INTERFACE_REQUESTED))) { ++ int n_len = strlen(ip->name); ++ ++ new_path_dhclient_pid = (char*) malloc(pfx + n_len + 6); ++ strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx); ++ sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); ++ ++ if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { ++ e = fscanf(pidfd, "%ld\n", &temp); ++ oldpid = (pid_t)temp; ++ ++ if (e != 0 && e != EOF) { ++ if (oldpid) { ++ if (kill(oldpid, SIGTERM) == 0) ++ unlink(path_dhclient_pid); ++ } ++ } ++ ++ fclose(pidfd); ++ } ++ ++ free(new_path_dhclient_pid); ++ } ++ } ++ } ++ } else { ++ FILE *pidfp = NULL; ++ long temp = 0; ++ pid_t dhcpid = 0; ++ int dhc_running = 0; ++ char procfn[256] = ""; ++ ++ if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { ++ if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { ++ snprintf(procfn,256,"/proc/%u",dhcpid); ++ dhc_running = (access(procfn, F_OK) == 0); ++ } ++ ++ fclose(pidfp); ++ } ++ ++ if (dhc_running) { ++ log_fatal("dhclient(%u) is already running - exiting. ", dhcpid); ++ return(1); + } + } + ++ write_client_pid_file(); ++ + if (!quiet) { + log_info("%s %s", message, PACKAGE_VERSION); + log_info(copyright); diff --git a/src/patches/dhcp/dhcp-remove-bind.patch b/src/patches/dhcp/dhcp-remove-bind.patch new file mode 100644 index 0000000..5ab0338 --- /dev/null +++ b/src/patches/dhcp/dhcp-remove-bind.patch @@ -0,0 +1,192 @@ +diff -up dhcp-4.3.1b1/client/Makefile.am.brGmwh dhcp-4.3.1b1/client/Makefile.am +--- dhcp-4.3.1b1/client/Makefile.am.brGmwh 2014-07-02 19:58:38.000000000 +0200 ++++ dhcp-4.3.1b1/client/Makefile.am 2014-07-10 17:36:30.484250976 +0200 +@@ -10,8 +10,8 @@ dhclient_SOURCES = clparse.c dhclient.c + scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ + scripts/netbsd scripts/nextstep scripts/openbsd \ + scripts/solaris scripts/openwrt +-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../bind/lib/libirs.a \ +- ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a ++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ ++ $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 + EXTRA_DIST = $(man_MANS) + +diff -up dhcp-4.3.1b1/common/tests/Makefile.am.brGmwh dhcp-4.3.1b1/common/tests/Makefile.am +--- dhcp-4.3.1b1/common/tests/Makefile.am.brGmwh 2014-07-10 17:36:30.485250962 +0200 ++++ dhcp-4.3.1b1/common/tests/Makefile.am 2014-07-10 17:38:04.010924566 +0200 +@@ -13,21 +13,20 @@ ATF_TESTS += alloc_unittest dns_unittest + alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c + alloc_unittest_LDADD = $(ATF_LDFLAGS) + alloc_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a ../../bind/lib/libirs.a \ +- ../../bind/lib/libdns.a ../../bind/lib/libisccfg.a ../../bind/lib/libisc.a ++ ../../omapip/libomapi.a \ ++ $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + + dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c + dns_unittest_LDADD = $(ATF_LDFLAGS) + dns_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a ../../bind/lib/libirs.a \ +- ../../bind/lib/libdns.a ../../bind/lib/libisccfg.a ../../bind/lib/libisc.a ++ ../../omapip/libomapi.a \ ++ $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + + misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c + misc_unittest_LDADD = $(ATF_LDFLAGS) + misc_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a ../../bind/lib/libirs.a \ +- ../../bind/lib/libdns.a ../../bind/lib/libisccfg.a ../../bind/lib/libisc.a +- ++ ../../omapip/libomapi.a \ ++ $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + check: $(ATF_TESTS) + atf-run | atf-report + +diff -up dhcp-4.3.1b1/configure.ac.brGmwh dhcp-4.3.1b1/configure.ac +--- dhcp-4.3.1b1/configure.ac.brGmwh 2014-07-02 20:01:26.000000000 +0200 ++++ dhcp-4.3.1b1/configure.ac 2014-07-10 17:36:30.485250962 +0200 +@@ -562,20 +562,37 @@ AC_CHECK_MEMBER(struct msghdr.msg_contro + + libbind= + AC_ARG_WITH(libbind, +- AS_HELP_STRING([--with-libbind=PATH],[bind includes and libraries are in PATH +- (default is ./bind)]), ++ AS_HELP_STRING([--with-libbind=PATH],[bind includes are in PATH ++ (default is ./bind/includes)]), + use_libbind="$withval", use_libbind="no") + case "$use_libbind" in ++yes|no) ++ libbind="${top_srcdir}/bind/include" ++ ;; ++*) ++ libbind="$use_libbind" ++ ;; ++esac ++ ++BIND9_LIBDIR='-L$(top_builddir)/bind/lib' ++AC_ARG_WITH(libbind-libs, ++ AC_HELP_STRING([--with-libbind-libs=PATH], ++ [bind9 export libraries are in PATH]), ++ [libbind_libs="$withval"], [libbind_libs='no']) ++case "$libbind_libs" in + yes) +- libbind="${top_srcdir}/bind" ++ AC_MSG_ERROR([Specify path to bind9 libraries]) + ;; + no) +- libbind="${top_srcdir}/bind" ++ BUNDLED_BIND=yes + ;; + *) +- libbind="$use_libbind" ++ BIND9_LIBDIR="-L$libbind_libs" ++ BUNDLED_BIND=no + ;; + esac ++AM_CONDITIONAL([BUNDLED_BIND], [test "$BUNDLED_BIND" = yes]) ++AC_SUBST([BIND9_LIBDIR]) + + # OpenLDAP support. + AC_ARG_WITH(ldap, +@@ -610,7 +627,7 @@ fi + CFLAGS="$CFLAGS $STD_CWARNINGS" + + # Try to add the bind include directory +-CFLAGS="$CFLAGS -I$libbind/include" ++CFLAGS="$CFLAGS -I$libbind" + + case "$host" in + *-darwin*) +diff -up dhcp-4.3.1b1/dhcpctl/Makefile.am.brGmwh dhcp-4.3.1b1/dhcpctl/Makefile.am +--- dhcp-4.3.1b1/dhcpctl/Makefile.am.brGmwh 2014-07-02 19:58:38.000000000 +0200 ++++ dhcp-4.3.1b1/dhcpctl/Makefile.am 2014-07-10 17:36:30.485250962 +0200 +@@ -6,12 +6,9 @@ EXTRA_DIST = $(man_MANS) + + omshell_SOURCES = omshell.c + omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ +- ../bind/lib/libirs.a ../bind/lib/libdns.a \ +- ../bind/lib/libisccfg.a ../bind/lib/libisc.a +- ++ $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c + + cltest_SOURCES = cltest.c + cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ +- ../bind/lib/libirs.a ../bind/lib/libdns.a \ +- ../bind/lib/libisccfg.a ../bind/lib/libisc.a ++ $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc +diff -up dhcp-4.3.1b1/Makefile.am.brGmwh dhcp-4.3.1b1/Makefile.am +--- dhcp-4.3.1b1/Makefile.am.brGmwh 2014-07-02 19:58:38.000000000 +0200 ++++ dhcp-4.3.1b1/Makefile.am 2014-07-10 17:36:30.484250976 +0200 +@@ -25,7 +25,13 @@ EXTRA_DIST = RELNOTES LICENSE \ + bind/Makefile bind/bind.tar.gz bind/version.tmp \ + common/tests/Atffile server/tests/Atffile + +-SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server ++if BUNDLED_BIND ++SUBDIRS = bind ++else ++SUBDIRS = ++endif ++ ++SUBDIRS += includes tests common dst omapip client dhcpctl relay server + + nobase_include_HEADERS = dhcpctl/dhcpctl.h + +diff -up dhcp-4.3.1b1/omapip/Makefile.am.brGmwh dhcp-4.3.1b1/omapip/Makefile.am +--- dhcp-4.3.1b1/omapip/Makefile.am.brGmwh 2014-07-02 19:58:39.000000000 +0200 ++++ dhcp-4.3.1b1/omapip/Makefile.am 2014-07-10 17:36:30.486250948 +0200 +@@ -10,6 +10,5 @@ man_MANS = omapi.3 + EXTRA_DIST = $(man_MANS) + + svtest_SOURCES = test.c +-svtest_LDADD = libomapi.a ../bind/lib/libirs.a ../bind/lib/libdns.a \ +- ../bind/lib/libisccfg.a ../bind/lib/libisc.a +- ++svtest_LDADD = libomapi.a \ ++ $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc +diff -up dhcp-4.3.1b1/relay/Makefile.am.brGmwh dhcp-4.3.1b1/relay/Makefile.am +--- dhcp-4.3.1b1/relay/Makefile.am.brGmwh 2014-07-02 19:58:39.000000000 +0200 ++++ dhcp-4.3.1b1/relay/Makefile.am 2014-07-10 17:36:30.486250948 +0200 +@@ -3,8 +3,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst + sbin_PROGRAMS = dhcrelay + dhcrelay_SOURCES = dhcrelay.c + dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +- ../bind/lib/libirs.a ../bind/lib/libdns.a \ +- ../bind/lib/libisccfg.a ../bind/lib/libisc.a ++ $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + man_MANS = dhcrelay.8 + EXTRA_DIST = $(man_MANS) + +diff -up dhcp-4.3.1b1/server/Makefile.am.brGmwh dhcp-4.3.1b1/server/Makefile.am +--- dhcp-4.3.1b1/server/Makefile.am.brGmwh 2014-07-02 19:58:39.000000000 +0200 ++++ dhcp-4.3.1b1/server/Makefile.am 2014-07-10 17:36:30.486250948 +0200 +@@ -13,10 +13,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c + dhcpv6.c mdb6.c ldap.c ldap_casa.c + + dhcpd_CFLAGS = $(LDAP_CFLAGS) +-dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +- ../dhcpctl/libdhcpctl.a ../bind/lib/libirs.a \ +- ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a +- ++dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dhcpctl/libdhcpctl.a \ ++ $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 + EXTRA_DIST = $(man_MANS) + +diff -up dhcp-4.3.1b1/server/tests/Makefile.am.brGmwh dhcp-4.3.1b1/server/tests/Makefile.am +--- dhcp-4.3.1b1/server/tests/Makefile.am.brGmwh 2014-07-02 19:58:40.000000000 +0200 ++++ dhcp-4.3.1b1/server/tests/Makefile.am 2014-07-10 17:36:30.486250948 +0200 +@@ -18,9 +18,8 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpa + ../ldap.c ../ldap_casa.c ../dhcpd.c + + DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a \ +- $(top_builddir)/dhcpctl/libdhcpctl.a $(top_builddir)/bind/lib/libirs.a \ +- $(top_builddir)/bind/lib/libdns.a $(top_builddir)/bind/lib/libisccfg.a \ +- $(top_builddir)/bind/lib/libisc.a ++ $(top_builddir)/dhcpctl/libdhcpctl.a \ ++ $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + + ATF_TESTS = + TESTS = diff --git a/src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch b/src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch new file mode 100644 index 0000000..94ed5ba --- /dev/null +++ b/src/patches/dhcp/dhcp-rfc3442-classless-static-routes.patch @@ -0,0 +1,405 @@ +diff -up dhcp-4.3.0rc1/client/clparse.c.rfc3442 dhcp-4.3.0rc1/client/clparse.c +--- dhcp-4.3.0rc1/client/clparse.c.rfc3442 2014-01-29 10:05:48.474400352 +0100 ++++ dhcp-4.3.0rc1/client/clparse.c 2014-01-29 10:05:48.517399955 +0100 +@@ -31,7 +31,7 @@ + + struct client_config top_level_config; + +-#define NUM_DEFAULT_REQUESTED_OPTS 14 ++#define NUM_DEFAULT_REQUESTED_OPTS 15 + struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1]; + + static void parse_client_default_duid(struct parse *cfile); +@@ -84,7 +84,11 @@ isc_result_t read_client_conf () + dhcp_universe.code_hash, &code, 0, MDL); + + /* 4 */ +- code = DHO_ROUTERS; ++ /* The Classless Static Routes option code MUST appear in the parameter ++ * request list prior to both the Router option code and the Static ++ * Routes option code, if present. (RFC3442) ++ */ ++ code = DHO_CLASSLESS_STATIC_ROUTES; + option_code_hash_lookup(&default_requested_options[3], + dhcp_universe.code_hash, &code, 0, MDL); + +@@ -138,6 +142,11 @@ isc_result_t read_client_conf () + option_code_hash_lookup(&default_requested_options[13], + dhcp_universe.code_hash, &code, 0, MDL); + ++ /* 15 */ ++ code = DHO_ROUTERS; ++ option_code_hash_lookup(&default_requested_options[14], ++ dhcp_universe.code_hash, &code, 0, MDL); ++ + for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { + if (default_requested_options[code] == NULL) + log_fatal("Unable to find option definition for " +diff -up dhcp-4.3.0rc1/common/dhcp-options.5.rfc3442 dhcp-4.3.0rc1/common/dhcp-options.5 +--- dhcp-4.3.0rc1/common/dhcp-options.5.rfc3442 2014-01-29 10:05:48.466400426 +0100 ++++ dhcp-4.3.0rc1/common/dhcp-options.5 2014-01-29 10:05:48.518399945 +0100 +@@ -111,6 +111,26 @@ hexadecimal, separated by colons. For e + or + option dhcp-client-identifier 43:4c:49:45:54:2d:46:4f:4f; + .fi ++.PP ++The ++.B destination-descriptor ++describe the IP subnet number and subnet mask ++of a particular destination using a compact encoding. This encoding ++consists of one octet describing the width of the subnet mask, ++followed by all the significant octets of the subnet number. ++The following table contains some examples of how various subnet ++number/mask combinations can be encoded: ++.nf ++.sp 1 ++Subnet number Subnet mask Destination descriptor ++0 0 0 ++10.0.0.0 255.0.0.0 8.10 ++10.0.0.0 255.255.255.0 24.10.0.0 ++10.17.0.0 255.255.0.0 16.10.17 ++10.27.129.0 255.255.255.0 24.10.27.129 ++10.229.0.128 255.255.255.128 25.10.229.0.128 ++10.198.122.47 255.255.255.255 32.10.198.122.47 ++.fi + .SH SETTING OPTION VALUES USING EXPRESSIONS + Sometimes it's helpful to be able to set the value of a DHCP option + based on some value that the client has sent. To do this, you can +@@ -972,6 +992,29 @@ dhclient-script will create routes: + .RE + .PP + .nf ++.B option \fBclassless-static-routes\fR \fIdestination-descriptor ip-address\fR ++ [\fB,\fR \fIdestination-descriptor ip-address\fR...]\fB;\fR ++.fi ++.RS 0.25i ++.PP ++This option (see RFC3442) specifies a list of classless static routes ++that the client should install in its routing cache. ++.PP ++This option can contain one or more static routes, each of which ++consists of a destination descriptor and the IP address of the router ++that should be used to reach that destination. ++.PP ++Many clients may not implement the Classless Static Routes option. ++DHCP server administrators should therefore configure their DHCP ++servers to send both a Router option and a Classless Static Routes ++option, and should specify the default router(s) both in the Router ++option and in the Classless Static Routes option. ++.PP ++If the DHCP server returns both a Classless Static Routes option and ++a Router option, the DHCP client ignores the Router option. ++.RE ++.PP ++.nf + .B option \fBstreettalk-directory-assistance-server\fR \fIip-address\fR + [\fB,\fR \fIip-address\fR...]\fB;\fR + .fi +diff -up dhcp-4.3.0rc1/common/inet.c.rfc3442 dhcp-4.3.0rc1/common/inet.c +--- dhcp-4.3.0rc1/common/inet.c.rfc3442 2014-01-26 19:40:44.000000000 +0100 ++++ dhcp-4.3.0rc1/common/inet.c 2014-01-29 10:05:48.519399936 +0100 +@@ -521,6 +521,60 @@ free_iaddrcidrnetlist(struct iaddrcidrne + return ISC_R_SUCCESS; + } + ++static const char * ++inet_ntopdd(const unsigned char *src, unsigned srclen, char *dst, size_t size) ++{ ++ char tmp[sizeof("32.255.255.255.255")]; ++ int len; ++ ++ switch (srclen) { ++ case 2: ++ len = sprintf (tmp, "%u.%u", src[0], src[1]); ++ break; ++ case 3: ++ len = sprintf (tmp, "%u.%u.%u", src[0], src[1], src[2]); ++ break; ++ case 4: ++ len = sprintf (tmp, "%u.%u.%u.%u", src[0], src[1], src[2], src[3]); ++ break; ++ case 5: ++ len = sprintf (tmp, "%u.%u.%u.%u.%u", src[0], src[1], src[2], src[3], src[4]); ++ break; ++ default: ++ return NULL; ++ } ++ if (len < 0) ++ return NULL; ++ ++ if (len > size) { ++ errno = ENOSPC; ++ return NULL; ++ } ++ ++ return strcpy (dst, tmp); ++} ++ ++/* pdestdesc() turns an iaddr structure into a printable dest. descriptor */ ++const char * ++pdestdesc(const struct iaddr addr) { ++ static char pbuf[sizeof("255.255.255.255.255")]; ++ ++ if (addr.len == 0) { ++ return "<null destination descriptor>"; ++ } ++ if (addr.len == 1) { ++ return "0"; ++ } ++ if ((addr.len >= 2) && (addr.len <= 5)) { ++ return inet_ntopdd(addr.iabuf, addr.len, pbuf, sizeof(pbuf)); ++ } ++ ++ log_fatal("pdestdesc():%s:%d: Invalid destination descriptor length %d.", ++ MDL, addr.len); ++ /* quell compiler warnings */ ++ return NULL; ++} ++ + /* piaddr() turns an iaddr structure into a printable address. */ + /* XXX: should use a const pointer rather than passing the structure */ + const char * +diff -up dhcp-4.3.0rc1/common/options.c.rfc3442 dhcp-4.3.0rc1/common/options.c +--- dhcp-4.3.0rc1/common/options.c.rfc3442 2014-01-26 19:40:44.000000000 +0100 ++++ dhcp-4.3.0rc1/common/options.c 2014-01-29 10:05:48.520399927 +0100 +@@ -707,7 +707,11 @@ cons_options(struct packet *inpacket, st + * packet. + */ + priority_list[priority_len++] = DHO_SUBNET_MASK; +- priority_list[priority_len++] = DHO_ROUTERS; ++ if (lookup_option(&dhcp_universe, cfg_options, ++ DHO_CLASSLESS_STATIC_ROUTES)) ++ priority_list[priority_len++] = DHO_CLASSLESS_STATIC_ROUTES; ++ else ++ priority_list[priority_len++] = DHO_ROUTERS; + priority_list[priority_len++] = DHO_DOMAIN_NAME_SERVERS; + priority_list[priority_len++] = DHO_HOST_NAME; + priority_list[priority_len++] = DHO_FQDN; +@@ -1688,6 +1692,7 @@ const char *pretty_print_option (option, + unsigned long tval; + isc_boolean_t a_array = ISC_FALSE; + int len_used; ++ unsigned int octets = 0; + + if (emit_commas) + comma = ','; +@@ -1696,6 +1701,7 @@ const char *pretty_print_option (option, + + memset (enumbuf, 0, sizeof enumbuf); + ++ if (option->format[0] != 'R') { /* see explanation lower */ + /* Figure out the size of the data. */ + for (l = i = 0; option -> format [i]; i++, l++) { + if (l >= sizeof(fmtbuf) - 1) +@@ -1870,6 +1876,33 @@ const char *pretty_print_option (option, + if (numhunk < 0) + numhunk = 1; + ++ } else { /* option->format[i] == 'R') */ ++ /* R (destination descriptor) has variable length. ++ * We can find it only in classless static route option, ++ * so we are for sure parsing classless static route option now. ++ * We go through whole the option to check whether there are no ++ * missing/extra bytes. ++ * I didn't find out how to improve the existing code and that's the ++ * reason for this separate 'else' where I do my own checkings. ++ * I know it's little bit unsystematic, but it works. ++ */ ++ numhunk = 0; ++ numelem = 2; /* RI */ ++ fmtbuf[0]='R'; fmtbuf[1]='I'; fmtbuf[2]=0; ++ for (i =0; i < len; i = i + octets + 5) { ++ if (data[i] > 32) { /* subnet mask width */ ++ log_error ("wrong subnet mask width in destination descriptor"); ++ break; ++ } ++ numhunk++; ++ octets = ((data[i]+7) / 8); ++ } ++ if (i != len) { ++ log_error ("classless static routes option has wrong size or " ++ "there's some garbage in format"); ++ } ++ } ++ + /* Cycle through the array (or hunk) printing the data. */ + for (i = 0; i < numhunk; i++) { + if ((a_array == ISC_TRUE) && (i != 0) && (numelem > 0)) { +@@ -2025,6 +2058,20 @@ const char *pretty_print_option (option, + strcpy(op, piaddr(iaddr)); + dp += 4; + break; ++ ++ case 'R': ++ if (dp[0] <= 32) ++ iaddr.len = (((dp[0]+7)/8)+1); ++ else { ++ log_error ("wrong subnet mask width in destination descriptor"); ++ return "<error>"; ++ } ++ ++ memcpy(iaddr.iabuf, dp, iaddr.len); ++ strcpy(op, pdestdesc(iaddr)); ++ dp += iaddr.len; ++ break; ++ + case '6': + iaddr.len = 16; + memcpy(iaddr.iabuf, dp, 16); +diff -up dhcp-4.3.0rc1/common/parse.c.rfc3442 dhcp-4.3.0rc1/common/parse.c +--- dhcp-4.3.0rc1/common/parse.c.rfc3442 2014-01-29 10:05:48.491400195 +0100 ++++ dhcp-4.3.0rc1/common/parse.c 2014-01-29 10:05:48.522399908 +0100 +@@ -335,6 +335,39 @@ int parse_ip_addr (cfile, addr) + } + + /* ++ * destination-descriptor :== NUMBER DOT NUMBER | ++ * NUMBER DOT NUMBER DOT NUMBER | ++ * NUMBER DOT NUMBER DOT NUMBER DOT NUMBER | ++ * NUMBER DOT NUMBER DOT NUMBER DOT NUMBER DOT NUMBER ++ */ ++ ++int parse_destination_descriptor (cfile, addr) ++ struct parse *cfile; ++ struct iaddr *addr; ++{ ++ unsigned int mask_width, dest_dest_len; ++ addr -> len = 0; ++ if (parse_numeric_aggregate (cfile, addr -> iabuf, ++ &addr -> len, DOT, 10, 8)) { ++ mask_width = (unsigned int)addr->iabuf[0]; ++ dest_dest_len = (((mask_width+7)/8)+1); ++ if (mask_width > 32) { ++ parse_warn (cfile, ++ "subnet mask width (%u) greater than 32.", mask_width); ++ } ++ else if (dest_dest_len != addr->len) { ++ parse_warn (cfile, ++ "destination descriptor with subnet mask width %u " ++ "should have %u octets, but has %u octets.", ++ mask_width, dest_dest_len, addr->len); ++ } ++ ++ return 1; ++ } ++ return 0; ++} ++ ++/* + * Return true if every character in the string is hexadecimal. + */ + static int +@@ -713,8 +746,10 @@ unsigned char *parse_numeric_aggregate ( + if (count) { + token = peek_token (&val, (unsigned *)0, cfile); + if (token != separator) { +- if (!*max) ++ if (!*max) { ++ *max = count; + break; ++ } + if (token != RBRACE && token != LBRACE) + token = next_token (&val, + (unsigned *)0, +@@ -1654,6 +1689,9 @@ int parse_option_code_definition (cfile, + case IP_ADDRESS: + type = 'I'; + break; ++ case DESTINATION_DESCRIPTOR: ++ type = 'R'; ++ break; + case IP6_ADDRESS: + type = '6'; + break; +@@ -5071,6 +5109,15 @@ int parse_option_token (rv, cfile, fmt, + } + break; + ++ case 'R': /* destination descriptor */ ++ if (!parse_destination_descriptor (cfile, &addr)) { ++ return 0; ++ } ++ if (!make_const_data (&t, addr.iabuf, addr.len, 0, 1, MDL)) { ++ return 0; ++ } ++ break; ++ + case '6': /* IPv6 address. */ + if (!parse_ip6_addr(cfile, &addr)) { + return 0; +@@ -5348,6 +5395,13 @@ int parse_option_decl (oc, cfile) + goto exit; + len = ip_addr.len; + dp = ip_addr.iabuf; ++ goto alloc; ++ ++ case 'R': /* destination descriptor */ ++ if (!parse_destination_descriptor (cfile, &ip_addr)) ++ goto exit; ++ len = ip_addr.len; ++ dp = ip_addr.iabuf; + + alloc: + if (hunkix + len > sizeof hunkbuf) { +diff -up dhcp-4.3.0rc1/common/tables.c.rfc3442 dhcp-4.3.0rc1/common/tables.c +--- dhcp-4.3.0rc1/common/tables.c.rfc3442 2014-01-29 10:05:48.485400250 +0100 ++++ dhcp-4.3.0rc1/common/tables.c 2014-01-29 10:06:25.724038563 +0100 +@@ -46,6 +46,7 @@ HASH_FUNCTIONS (option_code, const unsig + Format codes: + + I - IPv4 address ++ R - destination descriptor (RFC3442) + 6 - IPv6 address + l - 32-bit signed integer + L - 32-bit unsigned integer +@@ -214,6 +215,7 @@ static struct option dhcp_options[] = { + #endif + { "subnet-selection", "I", &dhcp_universe, 118, 1 }, + { "domain-search", "D", &dhcp_universe, 119, 1 }, ++ { "classless-static-routes", "RIA", &dhcp_universe, 121, 1 }, + { "vivco", "Evendor-class.", &dhcp_universe, 124, 1 }, + { "vivso", "Evendor.", &dhcp_universe, 125, 1 }, + #if 0 +diff -up dhcp-4.3.0rc1/includes/dhcpd.h.rfc3442 dhcp-4.3.0rc1/includes/dhcpd.h +--- dhcp-4.3.0rc1/includes/dhcpd.h.rfc3442 2014-01-29 10:05:48.470400389 +0100 ++++ dhcp-4.3.0rc1/includes/dhcpd.h 2014-01-29 10:05:48.525399881 +0100 +@@ -2725,6 +2725,7 @@ isc_result_t range2cidr(struct iaddrcidr + const struct iaddr *lo, const struct iaddr *hi); + isc_result_t free_iaddrcidrnetlist(struct iaddrcidrnetlist **result); + const char *piaddr (struct iaddr); ++const char *pdestdesc (struct iaddr); + char *piaddrmask(struct iaddr *, struct iaddr *); + char *piaddrcidr(const struct iaddr *, unsigned int); + u_int16_t validate_port(char *); +@@ -2934,6 +2935,7 @@ void parse_client_lease_declaration (str + int parse_option_decl (struct option_cache **, struct parse *); + void parse_string_list (struct parse *, struct string_list **, int); + int parse_ip_addr (struct parse *, struct iaddr *); ++int parse_destination_descriptor (struct parse *, struct iaddr *); + int parse_ip_addr_with_subnet(struct parse *, struct iaddrmatch *); + void parse_reject_statement (struct parse *, struct client_config *); + +diff -up dhcp-4.3.0rc1/includes/dhcp.h.rfc3442 dhcp-4.3.0rc1/includes/dhcp.h +--- dhcp-4.3.0rc1/includes/dhcp.h.rfc3442 2014-01-26 19:40:44.000000000 +0100 ++++ dhcp-4.3.0rc1/includes/dhcp.h 2014-01-29 10:05:48.524399890 +0100 +@@ -159,6 +159,7 @@ struct dhcp_packet { + #define DHO_ASSOCIATED_IP 92 + #define DHO_SUBNET_SELECTION 118 /* RFC3011! */ + #define DHO_DOMAIN_SEARCH 119 /* RFC3397 */ ++#define DHO_CLASSLESS_STATIC_ROUTES 121 /* RFC3442 */ + #define DHO_VIVCO_SUBOPTIONS 124 + #define DHO_VIVSO_SUBOPTIONS 125 + +diff -up dhcp-4.3.0rc1/includes/dhctoken.h.rfc3442 dhcp-4.3.0rc1/includes/dhctoken.h +--- dhcp-4.3.0rc1/includes/dhctoken.h.rfc3442 2014-01-29 10:05:48.435400713 +0100 ++++ dhcp-4.3.0rc1/includes/dhctoken.h 2014-01-29 10:05:48.526399871 +0100 +@@ -368,7 +368,8 @@ enum dhcp_token { + POOL6 = 669, + V6RELAY = 670, + V6RELOPT = 671, +- BOOTP_BROADCAST_ALWAYS = 672 ++ BOOTP_BROADCAST_ALWAYS = 672, ++ DESTINATION_DESCRIPTOR = 673 + }; + + #define is_identifier(x) ((x) >= FIRST_TOKEN && \ diff --git a/src/patches/dhcp/dhcp-sendDecline.patch b/src/patches/dhcp/dhcp-sendDecline.patch new file mode 100644 index 0000000..e683366 --- /dev/null +++ b/src/patches/dhcp/dhcp-sendDecline.patch @@ -0,0 +1,231 @@ +diff -up dhcp-4.3.0a1/client/dhc6.c.sendDecline dhcp-4.3.0a1/client/dhc6.c +--- dhcp-4.3.0a1/client/dhc6.c.sendDecline 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/client/dhc6.c 2013-12-19 15:56:18.297660118 +0100 +@@ -96,6 +96,8 @@ void do_select6(void *input); + void do_refresh6(void *input); + static void do_release6(void *input); + static void start_bound(struct client_state *client); ++static void start_decline6(struct client_state *client); ++static void do_decline6(void *input); + static void start_informed(struct client_state *client); + void informed_handler(struct packet *packet, struct client_state *client); + void bound_handler(struct packet *packet, struct client_state *client); +@@ -2017,6 +2019,7 @@ start_release6(struct client_state *clie + cancel_timeout(do_select6, client); + cancel_timeout(do_refresh6, client); + cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); + client->state = S_STOPPED; + + /* +@@ -2650,6 +2653,7 @@ dhc6_check_reply(struct client_state *cl + break; + + case S_STOPPED: ++ case S_DECLINED: + action = dhc6_stop_action; + break; + +@@ -2751,6 +2755,7 @@ dhc6_check_reply(struct client_state *cl + break; + + case S_STOPPED: ++ case S_DECLINED: + /* Nothing critical to do at this stage. */ + break; + +@@ -3741,17 +3746,23 @@ reply_handler(struct packet *packet, str + cancel_timeout(do_select6, client); + cancel_timeout(do_refresh6, client); + cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); + + /* If this is in response to a Release/Decline, clean up and return. */ +- if (client->state == S_STOPPED) { +- if (client->active_lease == NULL) +- return; ++ if ((client->state == S_STOPPED) || ++ (client->state == S_DECLINED)) { ++ ++ if (client->active_lease != NULL) { ++ dhc6_lease_destroy(&client->active_lease, MDL); ++ client->active_lease = NULL; ++ /* We should never wait for nothing!? */ ++ if (stopping_finished()) ++ exit(0); ++ } ++ ++ if (client->state == S_DECLINED) ++ start_init6(client); + +- dhc6_lease_destroy(&client->active_lease, MDL); +- client->active_lease = NULL; +- /* We should never wait for nothing!? */ +- if (stopping_finished()) +- exit(0); + return; + } + +@@ -4279,7 +4290,11 @@ start_bound(struct client_state *client) + dhc6_marshall_values("new_", client, lease, ia, addr); + script_write_requested6(client); + +- script_go(client); ++ // when script returns 3, DAD failed ++ if (script_go(client) == 3) { ++ start_decline6(client); ++ return; ++ } + } + + /* XXX: maybe we should loop on the old values instead? */ +@@ -4327,6 +4342,149 @@ start_bound(struct client_state *client) + dhc6_check_times(client); + } + ++/* ++ * Decline addresses. ++ */ ++void ++start_decline6(struct client_state *client) ++{ ++ /* Cancel any pending transmissions */ ++ cancel_timeout(do_confirm6, client); ++ cancel_timeout(do_select6, client); ++ cancel_timeout(do_refresh6, client); ++ cancel_timeout(do_release6, client); ++ cancel_timeout(do_decline6, client); ++ client->state = S_DECLINED; ++ ++ if (client->active_lease == NULL) ++ return; ++ ++ /* Set timers per RFC3315 section 18.1.7. */ ++ client->IRT = DEC_TIMEOUT * 100; ++ client->MRT = 0; ++ client->MRC = DEC_MAX_RC; ++ client->MRD = 0; ++ ++ dhc6_retrans_init(client); ++ client->v6_handler = reply_handler; ++ ++ client->refresh_type = DHCPV6_DECLINE; ++ do_decline6(client); ++} ++ ++/* ++ * do_decline6() creates a Decline packet and transmits it. ++ */ ++static void ++do_decline6(void *input) ++{ ++ struct client_state *client; ++ struct data_string ds; ++ int send_ret; ++ struct timeval elapsed, tv; ++ ++ client = input; ++ ++ if ((client->active_lease == NULL) || !active_prefix(client)) ++ return; ++ ++ if ((client->MRC != 0) && (client->txcount > client->MRC)) { ++ log_info("Max retransmission count exceeded."); ++ goto decline_done; ++ } ++ ++ /* ++ * Start_time starts at the first transmission. ++ */ ++ if (client->txcount == 0) { ++ client->start_time.tv_sec = cur_tv.tv_sec; ++ client->start_time.tv_usec = cur_tv.tv_usec; ++ } ++ ++ /* elapsed = cur - start */ ++ elapsed.tv_sec = cur_tv.tv_sec - client->start_time.tv_sec; ++ elapsed.tv_usec = cur_tv.tv_usec - client->start_time.tv_usec; ++ if (elapsed.tv_usec < 0) { ++ elapsed.tv_sec -= 1; ++ elapsed.tv_usec += 1000000; ++ } ++ ++ memset(&ds, 0, sizeof(ds)); ++ if (!buffer_allocate(&ds.buffer, 4, MDL)) { ++ log_error("Unable to allocate memory for Decline."); ++ goto decline_done; ++ } ++ ++ ds.data = ds.buffer->data; ++ ds.len = 4; ++ ds.buffer->data[0] = DHCPV6_DECLINE; ++ memcpy(ds.buffer->data + 1, client->dhcpv6_transaction_id, 3); ++ ++ /* Form an elapsed option. */ ++ /* Maximum value is 65535 1/100s coded as 0xffff. */ ++ if ((elapsed.tv_sec < 0) || (elapsed.tv_sec > 655) || ++ ((elapsed.tv_sec == 655) && (elapsed.tv_usec > 350000))) { ++ client->elapsed = 0xffff; ++ } else { ++ client->elapsed = elapsed.tv_sec * 100; ++ client->elapsed += elapsed.tv_usec / 10000; ++ } ++ ++ client->elapsed = htons(client->elapsed); ++ ++ log_debug("XMT: Forming Decline."); ++ make_client6_options(client, &client->sent_options, ++ client->active_lease, DHCPV6_DECLINE); ++ dhcpv6_universe.encapsulate(&ds, NULL, NULL, client, NULL, ++ client->sent_options, &global_scope, ++ &dhcpv6_universe); ++ ++ /* Append IA's (but don't release temporary addresses). */ ++ if (wanted_ia_na && ++ dhc6_add_ia_na(client, &ds, client->active_lease, ++ DHCPV6_DECLINE) != ISC_R_SUCCESS) { ++ data_string_forget(&ds, MDL); ++ goto decline_done; ++ } ++ if (wanted_ia_pd && ++ dhc6_add_ia_pd(client, &ds, client->active_lease, ++ DHCPV6_DECLINE) != ISC_R_SUCCESS) { ++ data_string_forget(&ds, MDL); ++ goto decline_done; ++ } ++ ++ /* Transmit and wait. */ ++ log_info("XMT: Decline on %s, interval %ld0ms.", ++ client->name ? client->name : client->interface->name, ++ (long int)client->RT); ++ ++ send_ret = send_packet6(client->interface, ds.data, ds.len, ++ &DHCPv6DestAddr); ++ if (send_ret != ds.len) { ++ log_error("dhc6: sendpacket6() sent %d of %d bytes", ++ send_ret, ds.len); ++ } ++ ++ data_string_forget(&ds, MDL); ++ ++ /* Wait RT */ ++ tv.tv_sec = cur_tv.tv_sec + client->RT / 100; ++ tv.tv_usec = cur_tv.tv_usec + (client->RT % 100) * 10000; ++ if (tv.tv_usec >= 1000000) { ++ tv.tv_sec += 1; ++ tv.tv_usec -= 1000000; ++ } ++ add_timeout(&tv, do_decline6, client, NULL, NULL); ++ dhc6_retrans_advance(client); ++ return; ++ ++decline_done: ++ dhc6_lease_destroy(&client->active_lease, MDL); ++ client->active_lease = NULL; ++ start_init6(client); ++ return; ++} ++ + /* While bound, ignore packets. In the future we'll want to answer + * Reconfigure-Request messages and the like. + */ diff --git a/src/patches/dhcp/dhcp-sharedlib.patch b/src/patches/dhcp/dhcp-sharedlib.patch new file mode 100644 index 0000000..abb2acc --- /dev/null +++ b/src/patches/dhcp/dhcp-sharedlib.patch @@ -0,0 +1,107 @@ +diff -up dhcp-4.3.1b1/common/tests/Makefile.am.uCWMBl dhcp-4.3.1b1/common/tests/Makefile.am +--- dhcp-4.3.1b1/common/tests/Makefile.am.uCWMBl 2014-07-10 17:38:10.779828569 +0200 ++++ dhcp-4.3.1b1/common/tests/Makefile.am 2014-07-10 17:38:21.355678580 +0200 +@@ -13,19 +13,19 @@ ATF_TESTS += alloc_unittest dns_unittest + alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c + alloc_unittest_LDADD = $(ATF_LDFLAGS) + alloc_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a \ ++ ../../omapip/libomapi.la \ + $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + + dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c + dns_unittest_LDADD = $(ATF_LDFLAGS) +-dns_unittest_LDADD += ../libdhcp.a \ ++dns_unittest_LDADD += ../libdhcp.la \ + ../../omapip/libomapi.a \ + $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + + misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c + misc_unittest_LDADD = $(ATF_LDFLAGS) + misc_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a \ ++ ../../omapip/libomapi.la \ + $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + check: $(ATF_TESTS) + atf-run | atf-report +diff -up dhcp-4.3.1b1/configure.ac.uCWMBl dhcp-4.3.1b1/configure.ac +--- dhcp-4.3.1b1/configure.ac.uCWMBl 2014-07-10 17:38:10.766828753 +0200 ++++ dhcp-4.3.1b1/configure.ac 2014-07-10 17:38:10.779828569 +0200 +@@ -39,7 +39,8 @@ fi + # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. + AC_USE_SYSTEM_EXTENSIONS + +-AC_PROG_RANLIB ++# Use libtool to simplify building of shared libraries ++AC_PROG_LIBTOOL + AC_CONFIG_HEADERS([includes/config.h]) + + # we sometimes need to know byte order for building packets +diff -up dhcp-4.3.1b1/dhcpctl/Makefile.am.uCWMBl dhcp-4.3.1b1/dhcpctl/Makefile.am +--- dhcp-4.3.1b1/dhcpctl/Makefile.am.uCWMBl 2014-07-10 17:36:30.485250962 +0200 ++++ dhcp-4.3.1b1/dhcpctl/Makefile.am 2014-07-10 17:38:10.780828554 +0200 +@@ -1,14 +1,14 @@ + bin_PROGRAMS = omshell +-lib_LIBRARIES = libdhcpctl.a ++lib_LTLIBRARIES = libdhcpctl.la + noinst_PROGRAMS = cltest + man_MANS = omshell.1 dhcpctl.3 + EXTRA_DIST = $(man_MANS) + + omshell_SOURCES = omshell.c +-omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ ++omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ + $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc +-libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c ++libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c + + cltest_SOURCES = cltest.c +-cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ ++cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ + $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc +diff -up dhcp-4.3.1b1/omapip/Makefile.am.uCWMBl dhcp-4.3.1b1/omapip/Makefile.am +--- dhcp-4.3.1b1/omapip/Makefile.am.uCWMBl 2014-07-10 17:36:30.486250948 +0200 ++++ dhcp-4.3.1b1/omapip/Makefile.am 2014-07-10 17:38:10.780828554 +0200 +@@ -1,7 +1,7 @@ +-lib_LIBRARIES = libomapi.a ++lib_LTLIBRARIES = libomapi.la + noinst_PROGRAMS = svtest + +-libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ ++libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ + errwarn.c listener.c dispatch.c generic.c support.c \ + handle.c message.c convert.c hash.c auth.c inet_addr.c \ + array.c trace.c toisc.c iscprint.c isclib.c +@@ -10,5 +10,5 @@ man_MANS = omapi.3 + EXTRA_DIST = $(man_MANS) + + svtest_SOURCES = test.c +-svtest_LDADD = libomapi.a \ ++svtest_LDADD = libomapi.la \ + $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc +diff -up dhcp-4.3.1b1/server/Makefile.am.uCWMBl dhcp-4.3.1b1/server/Makefile.am +--- dhcp-4.3.1b1/server/Makefile.am.uCWMBl 2014-07-10 17:36:30.486250948 +0200 ++++ dhcp-4.3.1b1/server/Makefile.am 2014-07-10 17:38:10.780828554 +0200 +@@ -13,7 +13,7 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c + dhcpv6.c mdb6.c ldap.c ldap_casa.c + + dhcpd_CFLAGS = $(LDAP_CFLAGS) +-dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dhcpctl/libdhcpctl.a \ ++dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la ../dhcpctl/libdhcpctl.la \ + $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 + EXTRA_DIST = $(man_MANS) +diff -up dhcp-4.3.1b1/server/tests/Makefile.am.uCWMBl dhcp-4.3.1b1/server/tests/Makefile.am +--- dhcp-4.3.1b1/server/tests/Makefile.am.uCWMBl 2014-07-10 17:36:30.486250948 +0200 ++++ dhcp-4.3.1b1/server/tests/Makefile.am 2014-07-10 17:38:10.780828554 +0200 +@@ -17,8 +17,8 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpa + ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c \ + ../ldap.c ../ldap_casa.c ../dhcpd.c + +-DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a \ +- $(top_builddir)/dhcpctl/libdhcpctl.a \ ++DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la \ ++ $(top_builddir)/dhcpctl/libdhcpctl.la \ + $(BIND9_LIBDIR) -lirs -ldns -lisccfg -lisc + + ATF_TESTS = diff --git a/src/patches/dhcp/dhcp-stateless-DUID-LLT.patch b/src/patches/dhcp/dhcp-stateless-DUID-LLT.patch new file mode 100644 index 0000000..a7f22b5 --- /dev/null +++ b/src/patches/dhcp/dhcp-stateless-DUID-LLT.patch @@ -0,0 +1,48 @@ +From 61fa3dd9e789997f66e848c7e3fb2f554ee374e2 Mon Sep 17 00:00:00 2001 +From: Jiri Popelka jpopelka@redhat.com +Date: Thu, 18 Dec 2014 11:53:26 +0100 +Subject: [PATCH] Write DUID_LLT even in stateless mode. + +By default, DHCPv6 dhclient creates DUID-LL +if it is running in stateless mode (-6 -S) and +doesn't write it into leases file, most likely +because the DUID-LL is always generated the same. + +It's however possible to specify DUID to be of type LLT instead of LL +with '-D LLT'. Rfc 3315 says that: +'Clients and servers using this type of DUID MUST +store the DUID-LLT in stable storage.' +That's not fulfiled in this case (-6 -S -D LLT), +because it's generated each time again. + +It's not a big deal because the server doesn't store any +info about 'stateless' clients, so it doesn't matter +that the DUID-LLT is different each time. +But there's a TAHI test which tests this, i.e. that +DUID-LLT is still the same even in stateless mode. +It's a test DHCP_CONF.7.1.9, part B. +https://www.ipv6ready.org/docs/Phase2_DHCPv6_Conformance_Latest.pdf + +Signed-off-by: Jiri Popelka jpopelka@redhat.com +--- + client/dhclient.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/client/dhclient.c b/client/dhclient.c +index 5ef59cd..026e3fe 100644 +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -788,7 +788,9 @@ void run_stateless(int exit_mode) + if (default_duid.buffer != NULL) + data_string_forget(&default_duid, MDL); + +- form_duid(&default_duid, MDL); ++ if (form_duid(&default_duid, MDL) == ISC_R_SUCCESS && ++ duid_type == DUID_LLT) ++ write_duid(&default_duid); + } + + /* Start a configuration state machine. */ +-- +2.1.0 + diff --git a/src/patches/dhcp/dhcp-unicast-bootp.patch b/src/patches/dhcp/dhcp-unicast-bootp.patch new file mode 100644 index 0000000..a0db9de --- /dev/null +++ b/src/patches/dhcp/dhcp-unicast-bootp.patch @@ -0,0 +1,101 @@ +diff -up dhcp-4.3.0a1/server/bootp.c.unicast dhcp-4.3.0a1/server/bootp.c +--- dhcp-4.3.0a1/server/bootp.c.unicast 2013-12-11 01:25:12.000000000 +0100 ++++ dhcp-4.3.0a1/server/bootp.c 2013-12-19 15:12:12.974671154 +0100 +@@ -59,6 +59,7 @@ void bootp (packet) + char msgbuf [1024]; + int ignorep; + int peer_has_leases = 0; ++ int norelay = 0; + + if (packet -> raw -> op != BOOTREQUEST) + return; +@@ -74,7 +75,7 @@ void bootp (packet) + ? inet_ntoa (packet -> raw -> giaddr) + : packet -> interface -> name); + +- if (!locate_network (packet)) { ++ if ((norelay = locate_network (packet)) == 0) { + log_info ("%s: network unknown", msgbuf); + return; + } +@@ -396,6 +397,15 @@ void bootp (packet) + + goto out; + } ++ } else if (norelay == 2) { ++ to.sin_addr = raw.ciaddr; ++ to.sin_port = remote_port; ++ if (fallback_interface) { ++ result = send_packet (fallback_interface, NULL, &raw, ++ outgoing.packet_length, from, ++ &to, &hto); ++ goto out; ++ } + + /* If it comes from a client that already knows its address + and is not requesting a broadcast response, and we can +diff -up dhcp-4.3.0a1/server/dhcp.c.unicast dhcp-4.3.0a1/server/dhcp.c +--- dhcp-4.3.0a1/server/dhcp.c.unicast 2013-12-13 21:50:38.000000000 +0100 ++++ dhcp-4.3.0a1/server/dhcp.c 2013-12-19 15:12:12.975671140 +0100 +@@ -4627,6 +4627,7 @@ int locate_network (packet) + struct data_string data; + struct subnet *subnet = (struct subnet *)0; + struct option_cache *oc; ++ int norelay = 0; + + /* See if there's a Relay Agent Link Selection Option, or a + * Subnet Selection Option. The Link-Select and Subnet-Select +@@ -4642,12 +4643,24 @@ int locate_network (packet) + from the interface, if there is one. If not, fail. */ + if (!oc && !packet -> raw -> giaddr.s_addr) { + if (packet -> interface -> shared_network) { +- shared_network_reference +- (&packet -> shared_network, +- packet -> interface -> shared_network, MDL); +- return 1; ++ struct in_addr any_addr; ++ any_addr.s_addr = INADDR_ANY; ++ ++ if (!packet -> packet_type && memcmp(&packet -> raw -> ciaddr, &any_addr, 4)) { ++ struct iaddr cip; ++ memcpy(cip.iabuf, &packet -> raw -> ciaddr, 4); ++ cip.len = 4; ++ if (!find_grouped_subnet(&subnet, packet->interface->shared_network, cip, MDL)) ++ norelay = 2; ++ } ++ ++ if (!norelay) { ++ shared_network_reference(&packet -> shared_network, packet -> interface -> shared_network, MDL); ++ return 1; ++ } ++ } else { ++ return 0; + } +- return 0; + } + + /* If there's an option indicating link connection, and it's valid, +@@ -4670,7 +4683,10 @@ int locate_network (packet) + data_string_forget (&data, MDL); + } else { + ia.len = 4; +- memcpy (ia.iabuf, &packet -> raw -> giaddr, 4); ++ if (norelay) ++ memcpy (ia.iabuf, &packet->raw->ciaddr, 4); ++ else ++ memcpy (ia.iabuf, &packet->raw->giaddr, 4); + } + + /* If we know the subnet on which the IP address lives, use it. */ +@@ -4678,7 +4694,10 @@ int locate_network (packet) + shared_network_reference (&packet -> shared_network, + subnet -> shared_network, MDL); + subnet_dereference (&subnet, MDL); +- return 1; ++ if (norelay) ++ return norelay; ++ else ++ return 1; + } + + /* Otherwise, fail. */ diff --git a/src/patches/dhcp/dhcp-xen-checksum.patch b/src/patches/dhcp/dhcp-xen-checksum.patch new file mode 100644 index 0000000..eabc3c1 --- /dev/null +++ b/src/patches/dhcp/dhcp-xen-checksum.patch @@ -0,0 +1,251 @@ +diff -up dhcp-4.3.0rc1/common/bpf.c.xen dhcp-4.3.0rc1/common/bpf.c +--- dhcp-4.3.0rc1/common/bpf.c.xen 2014-01-29 10:03:27.503941664 +0100 ++++ dhcp-4.3.0rc1/common/bpf.c 2014-01-29 10:03:37.564812175 +0100 +@@ -481,7 +481,7 @@ ssize_t receive_packet (interface, buf, + /* Decode the IP and UDP headers... */ + offset = decode_udp_ip_header(interface, interface->rbuf, + interface->rbuf_offset, +- from, hdr.bh_caplen, &paylen); ++ from, hdr.bh_caplen, &paylen, 0); + + /* If the IP or UDP checksum was bad, skip the packet... */ + if (offset < 0) { +diff -up dhcp-4.3.0rc1/common/dlpi.c.xen dhcp-4.3.0rc1/common/dlpi.c +--- dhcp-4.3.0rc1/common/dlpi.c.xen 2014-01-25 05:18:03.000000000 +0100 ++++ dhcp-4.3.0rc1/common/dlpi.c 2014-01-29 10:03:27.503941664 +0100 +@@ -691,7 +691,7 @@ ssize_t receive_packet (interface, buf, + length -= offset; + #endif + offset = decode_udp_ip_header (interface, dbuf, bufix, +- from, length, &paylen); ++ from, length, &paylen, 0); + + /* + * If the IP or UDP checksum was bad, skip the packet... +diff -up dhcp-4.3.0rc1/common/lpf.c.xen dhcp-4.3.0rc1/common/lpf.c +--- dhcp-4.3.0rc1/common/lpf.c.xen 2014-01-25 05:18:03.000000000 +0100 ++++ dhcp-4.3.0rc1/common/lpf.c 2014-01-29 10:03:27.504941651 +0100 +@@ -29,14 +29,15 @@ + + #include "dhcpd.h" + #if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE) ++#include <sys/socket.h> + #include <sys/uio.h> + #include <errno.h> + + #include <asm/types.h> + #include <linux/filter.h> + #include <linux/if_ether.h> ++#include <linux/if_packet.h> + #include <netinet/in_systm.h> +-#include <net/if_packet.h> + #include "includes/netinet/ip.h" + #include "includes/netinet/udp.h" + #include "includes/netinet/if_ether.h" +@@ -51,6 +52,19 @@ + /* Reinitializes the specified interface after an address change. This + is not required for packet-filter APIs. */ + ++#ifndef PACKET_AUXDATA ++#define PACKET_AUXDATA 8 ++ ++struct tpacket_auxdata ++{ ++ __u32 tp_status; ++ __u32 tp_len; ++ __u32 tp_snaplen; ++ __u16 tp_mac; ++ __u16 tp_net; ++}; ++#endif ++ + #ifdef USE_LPF_SEND + void if_reinitialize_send (info) + struct interface_info *info; +@@ -73,10 +87,14 @@ int if_register_lpf (info) + struct interface_info *info; + { + int sock; +- struct sockaddr sa; ++ union { ++ struct sockaddr_ll ll; ++ struct sockaddr common; ++ } sa; ++ struct ifreq ifr; + + /* Make an LPF socket. */ +- if ((sock = socket(PF_PACKET, SOCK_PACKET, ++ if ((sock = socket(PF_PACKET, SOCK_RAW, + htons((short)ETH_P_ALL))) < 0) { + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || + errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || +@@ -91,11 +109,17 @@ int if_register_lpf (info) + log_fatal ("Open a socket for LPF: %m"); + } + ++ memset (&ifr, 0, sizeof ifr); ++ strncpy (ifr.ifr_name, (const char *)info -> ifp, sizeof ifr.ifr_name); ++ ifr.ifr_name[IFNAMSIZ-1] = '\0'; ++ if (ioctl (sock, SIOCGIFINDEX, &ifr)) ++ log_fatal ("Failed to get interface index: %m"); ++ + /* Bind to the interface name */ + memset (&sa, 0, sizeof sa); +- sa.sa_family = AF_PACKET; +- strncpy (sa.sa_data, (const char *)info -> ifp, sizeof sa.sa_data); +- if (bind (sock, &sa, sizeof sa)) { ++ sa.ll.sll_family = AF_PACKET; ++ sa.ll.sll_ifindex = ifr.ifr_ifindex; ++ if (bind (sock, &sa.common, sizeof sa)) { + if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || + errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || + errno == EAFNOSUPPORT || errno == EINVAL) { +@@ -177,9 +201,18 @@ static void lpf_gen_filter_setup (struct + void if_register_receive (info) + struct interface_info *info; + { ++ int val; ++ + /* Open a LPF device and hang it on this interface... */ + info -> rfdesc = if_register_lpf (info); + ++ val = 1; ++ if (setsockopt (info -> rfdesc, SOL_PACKET, PACKET_AUXDATA, &val, ++ sizeof val) < 0) { ++ if (errno != ENOPROTOOPT) ++ log_fatal ("Failed to set auxiliary packet data: %m"); ++ } ++ + #if defined (HAVE_TR_SUPPORT) + if (info -> hw_address.hbuf [0] == HTYPE_IEEE802) + lpf_tr_filter_setup (info); +@@ -301,7 +334,6 @@ ssize_t send_packet (interface, packet, + double hh [16]; + double ih [1536 / sizeof (double)]; + unsigned char *buf = (unsigned char *)ih; +- struct sockaddr_pkt sa; + int result; + int fudge; + +@@ -322,17 +354,7 @@ ssize_t send_packet (interface, packet, + (unsigned char *)raw, len); + memcpy (buf + ibufp, raw, len); + +- /* For some reason, SOCK_PACKET sockets can't be connected, +- so we have to do a sentdo every time. */ +- memset (&sa, 0, sizeof sa); +- sa.spkt_family = AF_PACKET; +- strncpy ((char *)sa.spkt_device, +- (const char *)interface -> ifp, sizeof sa.spkt_device); +- sa.spkt_protocol = htons(ETH_P_IP); +- +- result = sendto (interface -> wfdesc, +- buf + fudge, ibufp + len - fudge, 0, +- (const struct sockaddr *)&sa, sizeof sa); ++ result = write (interface -> wfdesc, buf + fudge, ibufp + len - fudge); + if (result < 0) + log_error ("send_packet: %m"); + return result; +@@ -349,14 +371,35 @@ ssize_t receive_packet (interface, buf, + { + int length = 0; + int offset = 0; ++ int nocsum = 0; + unsigned char ibuf [1536]; + unsigned bufix = 0; + unsigned paylen; ++ unsigned char cmsgbuf[CMSG_LEN(sizeof(struct tpacket_auxdata))]; ++ struct iovec iov = { ++ .iov_base = ibuf, ++ .iov_len = sizeof ibuf, ++ }; ++ struct msghdr msg = { ++ .msg_iov = &iov, ++ .msg_iovlen = 1, ++ .msg_control = cmsgbuf, ++ .msg_controllen = sizeof(cmsgbuf), ++ }; ++ struct cmsghdr *cmsg; + +- length = read (interface -> rfdesc, ibuf, sizeof ibuf); ++ length = recvmsg (interface -> rfdesc, &msg, 0); + if (length <= 0) + return length; + ++ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { ++ if (cmsg->cmsg_level == SOL_PACKET && ++ cmsg->cmsg_type == PACKET_AUXDATA) { ++ struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg); ++ nocsum = aux->tp_status & TP_STATUS_CSUMNOTREADY; ++ } ++ } ++ + bufix = 0; + /* Decode the physical header... */ + offset = decode_hw_header (interface, ibuf, bufix, hfrom); +@@ -373,7 +416,7 @@ ssize_t receive_packet (interface, buf, + + /* Decode the IP and UDP headers... */ + offset = decode_udp_ip_header (interface, ibuf, bufix, from, +- (unsigned)length, &paylen); ++ (unsigned)length, &paylen, nocsum); + + /* If the IP or UDP checksum was bad, skip the packet... */ + if (offset < 0) +diff -up dhcp-4.3.0rc1/common/nit.c.xen dhcp-4.3.0rc1/common/nit.c +--- dhcp-4.3.0rc1/common/nit.c.xen 2014-01-26 19:40:44.000000000 +0100 ++++ dhcp-4.3.0rc1/common/nit.c 2014-01-29 10:03:27.504941651 +0100 +@@ -363,7 +363,7 @@ ssize_t receive_packet (interface, buf, + + /* Decode the IP and UDP headers... */ + offset = decode_udp_ip_header (interface, ibuf, bufix, +- from, length, &paylen); ++ from, length, &paylen, 0); + + /* If the IP or UDP checksum was bad, skip the packet... */ + if (offset < 0) +diff -up dhcp-4.3.0rc1/common/packet.c.xen dhcp-4.3.0rc1/common/packet.c +--- dhcp-4.3.0rc1/common/packet.c.xen 2013-12-11 01:01:02.000000000 +0100 ++++ dhcp-4.3.0rc1/common/packet.c 2014-01-29 10:03:27.504941651 +0100 +@@ -226,7 +226,7 @@ ssize_t + decode_udp_ip_header(struct interface_info *interface, + unsigned char *buf, unsigned bufix, + struct sockaddr_in *from, unsigned buflen, +- unsigned *rbuflen) ++ unsigned *rbuflen, int nocsum) + { + unsigned char *data; + struct ip ip; +@@ -337,7 +337,7 @@ decode_udp_ip_header(struct interface_in + 8, IPPROTO_UDP + ulen)))); + + udp_packets_seen++; +- if (usum && usum != sum) { ++ if (!nocsum && usum && usum != sum) { + udp_packets_bad_checksum++; + if (udp_packets_seen > 4 && + (udp_packets_seen / udp_packets_bad_checksum) < 2) { +diff -up dhcp-4.3.0rc1/common/upf.c.xen dhcp-4.3.0rc1/common/upf.c +--- dhcp-4.3.0rc1/common/upf.c.xen 2014-01-26 19:40:44.000000000 +0100 ++++ dhcp-4.3.0rc1/common/upf.c 2014-01-29 10:03:27.505941638 +0100 +@@ -314,7 +314,7 @@ ssize_t receive_packet (interface, buf, + + /* Decode the IP and UDP headers... */ + offset = decode_udp_ip_header (interface, ibuf, bufix, +- from, length, &paylen); ++ from, length, &paylen, 0); + + /* If the IP or UDP checksum was bad, skip the packet... */ + if (offset < 0) +diff -up dhcp-4.3.0rc1/includes/dhcpd.h.xen dhcp-4.3.0rc1/includes/dhcpd.h +--- dhcp-4.3.0rc1/includes/dhcpd.h.xen 2014-01-29 10:03:27.489941844 +0100 ++++ dhcp-4.3.0rc1/includes/dhcpd.h 2014-01-29 10:03:27.506941626 +0100 +@@ -2861,7 +2861,7 @@ ssize_t decode_hw_header (struct interfa + unsigned, struct hardware *); + ssize_t decode_udp_ip_header (struct interface_info *, unsigned char *, + unsigned, struct sockaddr_in *, +- unsigned, unsigned *); ++ unsigned, unsigned *, int); + + /* ethernet.c */ + void assemble_ethernet_header (struct interface_info *, unsigned char *, diff --git a/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch b/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch index 09e3858..1d6a657 100644 --- a/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch +++ b/src/patches/dnsmasq/0001-Add-newline-at-the-end-of-example-config-file.patch @@ -1,7 +1,7 @@ From f2658275b25ebfe691cdcb9fede85a3088cca168 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 25 Sep 2014 21:51:25 +0100 -Subject: [PATCH 01/71] Add newline at the end of example config file. +Subject: [PATCH 01/87] Add newline at the end of example config file.
--- dnsmasq.conf.example | 2 +- diff --git a/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch b/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch index bcaac85..54a36a7 100644 --- a/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch +++ b/src/patches/dnsmasq/0002-crash-at-startup-when-an-empty-suffix-is-supplied-to.patch @@ -1,7 +1,7 @@ From 00cd9d551998307225312fd21f761cfa8868bd2c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 2 Oct 2014 21:44:21 +0100 -Subject: [PATCH 02/71] crash at startup when an empty suffix is supplied to +Subject: [PATCH 02/87] crash at startup when an empty suffix is supplied to --conf-dir
--- diff --git a/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch b/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch index a7ef611..eda9685 100644 --- a/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch +++ b/src/patches/dnsmasq/0003-Debian-build-fixes-for-kFreeBSD.patch @@ -1,7 +1,7 @@ From 6ac3bc0452a74e16e3d620a0757b0f8caab182ec Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 3 Oct 2014 08:48:11 +0100 -Subject: [PATCH 03/71] Debian build fixes for kFreeBSD +Subject: [PATCH 03/87] Debian build fixes for kFreeBSD
--- src/tables.c | 6 +++++- diff --git a/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch b/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch index e64e314..6374fef 100644 --- a/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch +++ b/src/patches/dnsmasq/0004-Set-conntrack-mark-before-connect-call.patch @@ -1,7 +1,7 @@ From e9828b6f66b22ce8873f8d30a773137d1aef1b92 Mon Sep 17 00:00:00 2001 From: Karl Vogel karl.vogel@gmail.com Date: Fri, 3 Oct 2014 21:45:15 +0100 -Subject: [PATCH 04/71] Set conntrack mark before connect() call. +Subject: [PATCH 04/87] Set conntrack mark before connect() call.
SO_MARK has to be done before issuing the connect() call on the TCP socket. diff --git a/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch b/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch index 48ed92e..6052d45 100644 --- a/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch +++ b/src/patches/dnsmasq/0005-Fix-typo-in-new-Dbus-code.patch @@ -1,7 +1,7 @@ From 17b475912f6a4e72797a543dad59d4d5dde6bb1b Mon Sep 17 00:00:00 2001 From: Daniel Collins daniel.collins@smoothwall.net Date: Fri, 3 Oct 2014 21:58:43 +0100 -Subject: [PATCH 05/71] Fix typo in new Dbus code. +Subject: [PATCH 05/87] Fix typo in new Dbus code.
Simon's fault. --- diff --git a/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch b/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch index c8c5169..d7a0207 100644 --- a/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch +++ b/src/patches/dnsmasq/0006-Fit-example-conf-file-typo.patch @@ -1,7 +1,7 @@ From 3d9d2dd0018603a2ae4b9cd65ac6ff959f4fd8c7 Mon Sep 17 00:00:00 2001 From: Tomas Hozza thozza@redhat.com Date: Mon, 6 Oct 2014 10:46:48 +0100 -Subject: [PATCH 06/71] Fit example conf file typo. +Subject: [PATCH 06/87] Fit example conf file typo.
--- dnsmasq.conf.example | 2 +- diff --git a/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch b/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch index c21ece4..81e67b1 100644 --- a/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch +++ b/src/patches/dnsmasq/0007-Improve-RFC-compliance-when-unable-to-supply-address.patch @@ -1,7 +1,7 @@ From b9ff5c8f435173cfa616e3c398bdc089ef690a07 Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko themiron@mail.ru Date: Mon, 6 Oct 2014 14:34:24 +0100 -Subject: [PATCH 07/71] Improve RFC-compliance when unable to supply addresses +Subject: [PATCH 07/87] Improve RFC-compliance when unable to supply addresses in DHCPv6
While testing https://github.com/sbyx/odhcp6c client I have noticed it diff --git a/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch b/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch index 227cab7..a0706ba 100644 --- a/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch +++ b/src/patches/dnsmasq/0008-Fix-conntrack-with-bind-interfaces.patch @@ -1,7 +1,7 @@ From 98906275a02ae260fe3f82133bd79054f8315f06 Mon Sep 17 00:00:00 2001 From: Hans Dedecker dedeckeh@gmail.com Date: Tue, 9 Dec 2014 22:22:53 +0000 -Subject: [PATCH 08/71] Fix conntrack with --bind-interfaces +Subject: [PATCH 08/87] Fix conntrack with --bind-interfaces
Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is enabled so the assigned mark can be correctly retrieved and set in forward_query when diff --git a/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch b/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch index 7773e0b..28dae8c 100644 --- a/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch +++ b/src/patches/dnsmasq/0009-Use-inotify-instead-of-polling-on-Linux.patch @@ -1,7 +1,7 @@ From 193de4abf59e49c6b70d54cfe9720fcb95ca2f71 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 10 Dec 2014 17:32:16 +0000 -Subject: [PATCH 09/71] Use inotify instead of polling on Linux. +Subject: [PATCH 09/87] Use inotify instead of polling on Linux.
This should solve problems people are seeing when a file changes twice within a second and thus is missed for polling. diff --git a/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch b/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch index f5e0ccd..34dbf3a 100644 --- a/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch +++ b/src/patches/dnsmasq/0010-Teach-the-new-inotify-code-about-symlinks.patch @@ -1,7 +1,7 @@ From 857973e6f7e0a3d03535a9df7f9373fd7a0b65cc Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 15 Dec 2014 15:58:13 +0000 -Subject: [PATCH 10/71] Teach the new inotify code about symlinks. +Subject: [PATCH 10/87] Teach the new inotify code about symlinks.
--- src/inotify.c | 43 +++++++++++++++++++++++++++---------------- diff --git a/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch b/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch index 800cfb6..b7c670f 100644 --- a/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch +++ b/src/patches/dnsmasq/0011-Remove-floor-on-EDNS0-packet-size-with-DNSSEC.patch @@ -1,7 +1,7 @@ From 800c5cc1e7438818fd80f08c2d472df249a6942d Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 15 Dec 2014 17:50:15 +0000 -Subject: [PATCH 11/71] Remove floor on EDNS0 packet size with DNSSEC. +Subject: [PATCH 11/87] Remove floor on EDNS0 packet size with DNSSEC.
--- CHANGELOG | 6 +++++- diff --git a/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch b/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch index 1a0925a..8dbf7bd 100644 --- a/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch +++ b/src/patches/dnsmasq/0012-CHANGELOG-re.-inotify.patch @@ -1,7 +1,7 @@ From ad946d555dce44eb690c7699933b6ff40ab85bb6 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 15 Dec 2014 17:52:22 +0000 -Subject: [PATCH 12/71] CHANGELOG re. inotify. +Subject: [PATCH 12/87] CHANGELOG re. inotify.
--- CHANGELOG | 4 ++++ diff --git a/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch b/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch index d467a9e..c102b72 100644 --- a/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch +++ b/src/patches/dnsmasq/0013-Fix-breakage-of-domain-domain-subnet-local.patch @@ -1,7 +1,7 @@ From 3ad3f3bbd4ee716a7d2fb1e115cf89bd1b1a5de9 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 16 Dec 2014 18:25:17 +0000 -Subject: [PATCH 13/71] Fix breakage of --domain=<domain>,<subnet>,local +Subject: [PATCH 13/87] Fix breakage of --domain=<domain>,<subnet>,local
--- CHANGELOG | 4 ++++ diff --git a/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch b/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch index b77acce..8d81825 100644 --- a/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch +++ b/src/patches/dnsmasq/0014-Remove-redundant-IN6_IS_ADDR_ULA-a-macro-defn.patch @@ -1,7 +1,7 @@ From bd9520b7ade7098ee423acc38965376aa57feb07 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 16 Dec 2014 20:41:29 +0000 -Subject: [PATCH 14/71] Remove redundant IN6_IS_ADDR_ULA(a) macro defn. +Subject: [PATCH 14/87] Remove redundant IN6_IS_ADDR_ULA(a) macro defn.
--- src/network.c | 4 ---- diff --git a/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch b/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch index 0680423..9544a16 100644 --- a/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch +++ b/src/patches/dnsmasq/0015-Eliminate-IPv6-privacy-addresses-from-interface-name.patch @@ -1,7 +1,7 @@ From 476693678e778886b64d0b56e27eb7695cbcca99 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 17 Dec 2014 12:41:56 +0000 -Subject: [PATCH 15/71] Eliminate IPv6 privacy addresses from --interface-name +Subject: [PATCH 15/87] Eliminate IPv6 privacy addresses from --interface-name answers.
--- diff --git a/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch b/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch index 6b35378..9fb6efb 100644 --- a/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch +++ b/src/patches/dnsmasq/0016-Tweak-field-width-in-cache-dump-to-avoid-truncating-.patch @@ -1,7 +1,7 @@ From 3267804598047bd1781cab91508d1bc516e5ddbb Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 17 Dec 2014 20:38:20 +0000 -Subject: [PATCH 16/71] Tweak field width in cache dump to avoid truncating +Subject: [PATCH 16/87] Tweak field width in cache dump to avoid truncating IPv6 addresses.
--- diff --git a/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch b/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch index 01095a2..45370a6 100644 --- a/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch +++ b/src/patches/dnsmasq/0017-Fix-crash-in-DNSSEC-code-when-attempting-to-verify-l.patch @@ -1,7 +1,7 @@ From 094b5c3d904bae9aeb3206d9f3b8348926b84975 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 21 Dec 2014 16:11:52 +0000 -Subject: [PATCH 17/71] Fix crash in DNSSEC code when attempting to verify +Subject: [PATCH 17/87] Fix crash in DNSSEC code when attempting to verify large RRs.
--- diff --git a/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch b/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch index 49adf85..11e5178 100644 --- a/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch +++ b/src/patches/dnsmasq/0018-Make-caching-work-for-CNAMEs-pointing-to-A-AAAA-reco.patch @@ -1,7 +1,7 @@ From cbc652423403e3cef00e00240f6beef713142246 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 21 Dec 2014 21:21:53 +0000 -Subject: [PATCH 18/71] Make caching work for CNAMEs pointing to A/AAAA records +Subject: [PATCH 18/87] Make caching work for CNAMEs pointing to A/AAAA records shadowed in /etc/hosts
If the answer to an upstream query is a CNAME which points to an diff --git a/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch b/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch index 33e5180..4fe15f0 100644 --- a/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch +++ b/src/patches/dnsmasq/0019-Fix-problems-validating-NSEC3-and-wildcards.patch @@ -1,7 +1,7 @@ From fbc5205702c7f6f431d9f1043c553d7fb62ddfdb Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 23 Dec 2014 15:46:08 +0000 -Subject: [PATCH 19/71] Fix problems validating NSEC3 and wildcards. +Subject: [PATCH 19/87] Fix problems validating NSEC3 and wildcards.
--- src/dnssec.c | 253 ++++++++++++++++++++++++++++++----------------------------- diff --git a/src/patches/dnsmasq/0020-Initialise-return-value.patch b/src/patches/dnsmasq/0020-Initialise-return-value.patch index c0493df..cfa39ce 100644 --- a/src/patches/dnsmasq/0020-Initialise-return-value.patch +++ b/src/patches/dnsmasq/0020-Initialise-return-value.patch @@ -1,7 +1,7 @@ From 83d2ed09fc0216b567d7fb2197e4ff3eae150b0d Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 23 Dec 2014 18:42:38 +0000 -Subject: [PATCH 20/71] Initialise return value. +Subject: [PATCH 20/87] Initialise return value.
--- src/dnssec.c | 7 +++++-- diff --git a/src/patches/dnsmasq/0021-Add-ignore-address-option.patch b/src/patches/dnsmasq/0021-Add-ignore-address-option.patch index e5422a1..d3fda4b 100644 --- a/src/patches/dnsmasq/0021-Add-ignore-address-option.patch +++ b/src/patches/dnsmasq/0021-Add-ignore-address-option.patch @@ -1,7 +1,7 @@ From 32fc6dbe03569d70dd394420ceb73532cf303c33 Mon Sep 17 00:00:00 2001 From: Glen Huang curvedmark@gmail.com Date: Sat, 27 Dec 2014 15:28:12 +0000 -Subject: [PATCH 21/71] Add --ignore-address option. +Subject: [PATCH 21/87] Add --ignore-address option.
--- CHANGELOG | 8 ++++++++ diff --git a/src/patches/dnsmasq/0022-Bad-packet-protection.patch b/src/patches/dnsmasq/0022-Bad-packet-protection.patch index 1fbe54c..58ac5eb 100644 --- a/src/patches/dnsmasq/0022-Bad-packet-protection.patch +++ b/src/patches/dnsmasq/0022-Bad-packet-protection.patch @@ -1,7 +1,7 @@ From 0b1008d367d44e77352134a4c5178f896f0db3e7 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 27 Dec 2014 15:33:32 +0000 -Subject: [PATCH 22/71] Bad packet protection. +Subject: [PATCH 22/87] Bad packet protection.
--- src/dnssec.c | 2 +- diff --git a/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch b/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch index 6e57877..ebfa6b1 100644 --- a/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch +++ b/src/patches/dnsmasq/0023-Fix-build-failure-in-new-inotify-code-on-BSD.patch @@ -1,7 +1,7 @@ From d310ab7ecbffce79d3d90debba621e0222f9bced Mon Sep 17 00:00:00 2001 From: Matthias Andree matthias.andree@gmx.de Date: Sat, 27 Dec 2014 15:36:38 +0000 -Subject: [PATCH 23/71] Fix build failure in new inotify code on BSD. +Subject: [PATCH 23/87] Fix build failure in new inotify code on BSD.
--- src/inotify.c | 4 ++-- diff --git a/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch b/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch index 867a95d..64219ff 100644 --- a/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch +++ b/src/patches/dnsmasq/0024-Implement-makefile-dependencies-on-COPTS-variable.patch @@ -1,7 +1,7 @@ From 81c538efcebfce2ce4a1d3a420b6c885b8f08df9 Mon Sep 17 00:00:00 2001 From: Yousong Zhou yszhou4tech@gmail.com Date: Sat, 3 Jan 2015 16:36:14 +0000 -Subject: [PATCH 24/71] Implement makefile dependencies on COPTS variable. +Subject: [PATCH 24/87] Implement makefile dependencies on COPTS variable.
--- .gitignore | 2 +- diff --git a/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch b/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch index 4a379c1..2297e6f 100644 --- a/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch +++ b/src/patches/dnsmasq/0025-Fix-race-condition-issue-in-makefile.patch @@ -1,7 +1,7 @@ From d8dbd903d024f84a149dac2f8a674a68dfed47a3 Mon Sep 17 00:00:00 2001 From: Yousong Zhou yszhou4tech@gmail.com Date: Mon, 5 Jan 2015 17:03:35 +0000 -Subject: [PATCH 25/71] Fix race condition issue in makefile. +Subject: [PATCH 25/87] Fix race condition issue in makefile.
--- Makefile | 4 +++- diff --git a/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch b/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch index 837c124..6fb5db1 100644 --- a/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch +++ b/src/patches/dnsmasq/0026-DNSSEC-do-top-down-search-for-limit-of-secure-delega.patch @@ -1,7 +1,7 @@ From 97e618a0e3f29465acc689d87288596b006f197e Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 7 Jan 2015 21:55:43 +0000 -Subject: [PATCH 26/71] DNSSEC: do top-down search for limit of secure +Subject: [PATCH 26/87] DNSSEC: do top-down search for limit of secure delegation.
--- diff --git a/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch b/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch index 23b9471..41e3649 100644 --- a/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch +++ b/src/patches/dnsmasq/0027-Add-log-queries-extra-option-for-more-complete-loggi.patch @@ -1,7 +1,7 @@ From 25cf5e373eb41c088d4ee5e625209c4cf6a5659e Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 9 Jan 2015 15:53:03 +0000 -Subject: [PATCH 27/71] Add --log-queries=extra option for more complete +Subject: [PATCH 27/87] Add --log-queries=extra option for more complete logging.
--- diff --git a/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch b/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch index 6f7f27c..85de912 100644 --- a/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch +++ b/src/patches/dnsmasq/0028-Add-min-cache-ttl-option.patch @@ -1,7 +1,7 @@ From 28de38768e2c7d763b9aa5b7a4d251d5e56bab0b Mon Sep 17 00:00:00 2001 From: RinSatsuki aa65535@live.com Date: Sat, 10 Jan 2015 15:22:21 +0000 -Subject: [PATCH 28/71] Add --min-cache-ttl option. +Subject: [PATCH 28/87] Add --min-cache-ttl option.
--- CHANGELOG | 7 +++++++ diff --git a/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch b/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch index 4834269..afbece3 100644 --- a/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch +++ b/src/patches/dnsmasq/0029-Log-port-of-requestor-when-doing-extra-logging.patch @@ -1,7 +1,7 @@ From 9f79ee4ae34886c0319f06d8f162b81ef79d62fb Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 12 Jan 2015 20:18:18 +0000 -Subject: [PATCH 29/71] Log port of requestor when doing extra logging. +Subject: [PATCH 29/87] Log port of requestor when doing extra logging.
--- src/cache.c | 6 +++--- diff --git a/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch b/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch index fef0e11..ac206e3 100644 --- a/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch +++ b/src/patches/dnsmasq/0030-Don-t-answer-from-cache-RRsets-from-wildcards-as-we-.patch @@ -1,7 +1,7 @@ From 5e321739db381a1d7b5964d76e9c81471d2564c9 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 12 Jan 2015 23:16:56 +0000 -Subject: [PATCH 30/71] Don't answer from cache RRsets from wildcards, as we +Subject: [PATCH 30/87] Don't answer from cache RRsets from wildcards, as we don't have NSECs.
--- diff --git a/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch b/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch index 8ebe469..20a0e4b 100644 --- a/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch +++ b/src/patches/dnsmasq/0031-Logs-for-DS-records-consistent.patch @@ -1,7 +1,7 @@ From ae4624bf46b5e37ff1a9a2ba3c927e0dede95adb Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 12 Jan 2015 23:22:08 +0000 -Subject: [PATCH 31/71] Logs for DS records consistent. +Subject: [PATCH 31/87] Logs for DS records consistent.
--- src/rfc1035.c | 2 +- diff --git a/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch b/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch index 60a44b9..5b5fc07 100644 --- a/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch +++ b/src/patches/dnsmasq/0032-Cope-with-multiple-interfaces-with-the-same-LL-addre.patch @@ -1,7 +1,7 @@ From 393415597c8b5b09558b789ab9ac238dbe3db65d Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 18 Jan 2015 22:11:10 +0000 -Subject: [PATCH 32/71] Cope with multiple interfaces with the same LL address. +Subject: [PATCH 32/87] Cope with multiple interfaces with the same LL address.
--- CHANGELOG | 4 ++++ diff --git a/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch b/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch index f426e8f..926885f 100644 --- a/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch +++ b/src/patches/dnsmasq/0033-Don-t-treat-SERVFAIL-as-a-recoverable-error.patch @@ -1,7 +1,7 @@ From 2ae195f5a71f7c5a75717845de1bd72fc7dd67f3 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 18 Jan 2015 22:20:48 +0000 -Subject: [PATCH 33/71] Don't treat SERVFAIL as a recoverable error..... +Subject: [PATCH 33/87] Don't treat SERVFAIL as a recoverable error.....
--- src/forward.c | 2 +- diff --git a/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch b/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch index 53780b2..4ca8cc5 100644 --- a/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch +++ b/src/patches/dnsmasq/0034-Add-dhcp-hostsdir-config-option.patch @@ -1,7 +1,7 @@ From 5f4dc5c6ca50655ab14f572c7e30815ed74cd51a Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 20 Jan 2015 20:51:02 +0000 -Subject: [PATCH 34/71] Add --dhcp-hostsdir config option. +Subject: [PATCH 34/87] Add --dhcp-hostsdir config option.
--- CHANGELOG | 5 +++ diff --git a/src/patches/dnsmasq/0035-Update-German-translation.patch b/src/patches/dnsmasq/0035-Update-German-translation.patch index 2d18e76..23f1a5f 100644 --- a/src/patches/dnsmasq/0035-Update-German-translation.patch +++ b/src/patches/dnsmasq/0035-Update-German-translation.patch @@ -1,7 +1,7 @@ From fbf01f7046e75f9aa73fd4aab2a94e43386d9052 Mon Sep 17 00:00:00 2001 From: Conrad Kostecki ck@conrad-kostecki.de Date: Tue, 20 Jan 2015 21:07:56 +0000 -Subject: [PATCH 35/71] Update German translation. +Subject: [PATCH 35/87] Update German translation.
--- po/de.po | 101 +++++++++++++++++++++++++++++---------------------------------- diff --git a/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch b/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch index ffe4cf6..c89b678 100644 --- a/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch +++ b/src/patches/dnsmasq/0036-Don-t-reply-to-DHCPv6-SOLICIT-messages-when-not-conf.patch @@ -1,7 +1,7 @@ From 61b838dd574c51d96fef100285a0d225824534f9 Mon Sep 17 00:00:00 2001 From: Win King Wan pinwing+dnsmasq@gmail.com Date: Wed, 21 Jan 2015 20:41:48 +0000 -Subject: [PATCH 36/71] Don't reply to DHCPv6 SOLICIT messages when not +Subject: [PATCH 36/87] Don't reply to DHCPv6 SOLICIT messages when not configured for statefull DHCPv6.
--- diff --git a/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch b/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch index 3cd7999..1617095 100644 --- a/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch +++ b/src/patches/dnsmasq/0037-Allow-inotify-to-be-disabled-at-compile-time-on-Linu.patch @@ -1,7 +1,7 @@ From 0491805d2ff6e7727f0272c94fd97d9897d1e22c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 26 Jan 2015 11:23:43 +0000 -Subject: [PATCH 37/71] Allow inotify to be disabled at compile time on Linux. +Subject: [PATCH 37/87] Allow inotify to be disabled at compile time on Linux.
--- CHANGELOG | 4 +++- diff --git a/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch b/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch index 08eb5b5..fee3aae 100644 --- a/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch +++ b/src/patches/dnsmasq/0038-Expand-inotify-code-to-dhcp-hostsdir-dhcp-optsdir-an.patch @@ -1,7 +1,7 @@ From 70d1873dd9e70041ed4bb88c69d5b886b7cc634c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 31 Jan 2015 19:59:29 +0000 -Subject: [PATCH 38/71] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and +Subject: [PATCH 38/87] Expand inotify code to dhcp-hostsdir, dhcp-optsdir and hostsdir.
--- diff --git a/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch b/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch index 7303df4..58a4ce6 100644 --- a/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch +++ b/src/patches/dnsmasq/0039-Update-copyrights-for-dawn-of-2015.patch @@ -1,7 +1,7 @@ From aff3396280e944833f0e23d834aa6acd5fe2605a Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 31 Jan 2015 20:13:40 +0000 -Subject: [PATCH 39/71] Update copyrights for dawn of 2015. +Subject: [PATCH 39/87] Update copyrights for dawn of 2015.
--- Makefile | 2 +- diff --git a/src/patches/dnsmasq/0040-inotify-documentation-updates.patch b/src/patches/dnsmasq/0040-inotify-documentation-updates.patch index 9c3ac9c..bd0ce4d 100644 --- a/src/patches/dnsmasq/0040-inotify-documentation-updates.patch +++ b/src/patches/dnsmasq/0040-inotify-documentation-updates.patch @@ -1,7 +1,7 @@ From 3d04f46334d0e345f589eda1372e638b946fe637 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 31 Jan 2015 21:59:13 +0000 -Subject: [PATCH 40/71] inotify documentation updates. +Subject: [PATCH 40/87] inotify documentation updates.
--- man/dnsmasq.8 | 11 +++++++++-- diff --git a/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch b/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch index 1fc1c73..be9122c 100644 --- a/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch +++ b/src/patches/dnsmasq/0041-Fix-broken-ECDSA-DNSSEC-signatures.patch @@ -1,7 +1,7 @@ From 6ef15b34ca83c62a939f69356d5c3f7a6bfef3d0 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 31 Jan 2015 22:44:26 +0000 -Subject: [PATCH 41/71] Fix broken ECDSA DNSSEC signatures. +Subject: [PATCH 41/87] Fix broken ECDSA DNSSEC signatures.
--- CHANGELOG | 2 ++ diff --git a/src/patches/dnsmasq/0042-BSD-make-support.patch b/src/patches/dnsmasq/0042-BSD-make-support.patch index 750f113..a60c1bd 100644 --- a/src/patches/dnsmasq/0042-BSD-make-support.patch +++ b/src/patches/dnsmasq/0042-BSD-make-support.patch @@ -1,7 +1,7 @@ From 106266761828a0acb006346ae47bf031dee46a5d Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 1 Feb 2015 00:15:16 +0000 -Subject: [PATCH 42/71] BSD make support +Subject: [PATCH 42/87] BSD make support
--- Makefile | 6 ++++-- diff --git a/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch b/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch index aa55fe2..0fcc8cd 100644 --- a/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch +++ b/src/patches/dnsmasq/0043-Fix-build-failure-on-openBSD.patch @@ -1,7 +1,7 @@ From 8d8a54ec79d9f96979fabbd97b1dd2ddebc7d78f Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 1 Feb 2015 21:48:46 +0000 -Subject: [PATCH 43/71] Fix build failure on openBSD. +Subject: [PATCH 43/87] Fix build failure on openBSD.
--- src/tables.c | 2 +- diff --git a/src/patches/dnsmasq/0044-Manpage-typo-fix.patch b/src/patches/dnsmasq/0044-Manpage-typo-fix.patch index bbc4d48..dd45634 100644 --- a/src/patches/dnsmasq/0044-Manpage-typo-fix.patch +++ b/src/patches/dnsmasq/0044-Manpage-typo-fix.patch @@ -1,7 +1,7 @@ From d36b732c4cfa91ea09af64b5dc0f3a85a075e5bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= thiebaud@weksteen.fr Date: Mon, 2 Feb 2015 21:37:27 +0000 -Subject: [PATCH 44/71] Manpage typo fix. +Subject: [PATCH 44/87] Manpage typo fix.
--- man/dnsmasq.8 | 2 +- diff --git a/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch b/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch index 2d43b93..7a719f8 100644 --- a/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch +++ b/src/patches/dnsmasq/0045-Fixup-dhcp-configs-after-reading-extra-hostfiles-wit.patch @@ -1,7 +1,7 @@ From 2941d3ac898cf84b544e47c9735c5e4111711db1 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 2 Feb 2015 22:36:42 +0000 -Subject: [PATCH 45/71] Fixup dhcp-configs after reading extra hostfiles with +Subject: [PATCH 45/87] Fixup dhcp-configs after reading extra hostfiles with inotify.
--- diff --git a/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch b/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch index 8b173f2..3db945d 100644 --- a/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch +++ b/src/patches/dnsmasq/0046-Extra-logging-for-inotify-code.patch @@ -1,7 +1,7 @@ From f9c863708c6b0aea31ff7a466647685dc739de50 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Tue, 3 Feb 2015 21:52:48 +0000 -Subject: [PATCH 46/71] Extra logging for inotify code. +Subject: [PATCH 46/87] Extra logging for inotify code.
--- src/cache.c | 9 ++++----- diff --git a/src/patches/dnsmasq/0047-man-page-typo.patch b/src/patches/dnsmasq/0047-man-page-typo.patch index 9710dfb..5a81152 100644 --- a/src/patches/dnsmasq/0047-man-page-typo.patch +++ b/src/patches/dnsmasq/0047-man-page-typo.patch @@ -1,7 +1,7 @@ From efb8b5566aafc1f3ce18514a2df93af5a2e4998c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 7 Feb 2015 22:36:34 +0000 -Subject: [PATCH 47/71] man page typo. +Subject: [PATCH 47/87] man page typo.
--- man/dnsmasq.8 | 1 + diff --git a/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch b/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch index fb7753c..e69e0a6 100644 --- a/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch +++ b/src/patches/dnsmasq/0048-Fix-get-version-script-which-returned-wrong-tag-in-s.patch @@ -1,7 +1,7 @@ From f4f400776b3c1aa303d1a0fcd500f0ab5bc970f2 Mon Sep 17 00:00:00 2001 From: Shantanu Gadgil shantanugadgil@yahoo.com Date: Wed, 11 Feb 2015 20:16:59 +0000 -Subject: [PATCH 48/71] Fix get-version script which returned wrong tag in some +Subject: [PATCH 48/87] Fix get-version script which returned wrong tag in some situations.
--- diff --git a/src/patches/dnsmasq/0049-Typos.patch b/src/patches/dnsmasq/0049-Typos.patch index c843bf2..e78f185 100644 --- a/src/patches/dnsmasq/0049-Typos.patch +++ b/src/patches/dnsmasq/0049-Typos.patch @@ -1,7 +1,7 @@ From 8ff70de618eb7de9147dbfbd4deca4a2dd62f0cb Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 14 Feb 2015 20:02:37 +0000 -Subject: [PATCH 49/71] Typos. +Subject: [PATCH 49/87] Typos.
--- src/inotify.c | 3 ++- diff --git a/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch b/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch index 7b9a1b3..7b5a92d 100644 --- a/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch +++ b/src/patches/dnsmasq/0050-Make-dynamic-hosts-files-work-when-no-hosts-set.patch @@ -1,7 +1,7 @@ From caeea190f12efd20139f694aac4942d1ac00019f Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 14 Feb 2015 20:08:56 +0000 -Subject: [PATCH 50/71] Make dynamic hosts files work when --no-hosts set. +Subject: [PATCH 50/87] Make dynamic hosts files work when --no-hosts set.
--- src/cache.c | 21 +++++++++++---------- diff --git a/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch b/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch index a65ed21..cfc7b00 100644 --- a/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch +++ b/src/patches/dnsmasq/0051-Fix-trivial-memory-leaks-to-quieten-valgrind.patch @@ -1,7 +1,7 @@ From 28b879ac47b872af6e8c5e86d76806c69338434d Mon Sep 17 00:00:00 2001 From: Chen Wei weichen302@icloud.com Date: Tue, 17 Feb 2015 22:07:35 +0000 -Subject: [PATCH 51/71] Fix trivial memory leaks to quieten valgrind. +Subject: [PATCH 51/87] Fix trivial memory leaks to quieten valgrind.
--- src/dnsmasq.c | 2 ++ diff --git a/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch b/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch index 69aeb92..0a50689 100644 --- a/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch +++ b/src/patches/dnsmasq/0052-Fix-uninitialized-value-used-in-get_client_mac.patch @@ -1,7 +1,7 @@ From 0705a7e2d57654b27c7e14f35ca77241c1821f4d Mon Sep 17 00:00:00 2001 From: Tomas Hozza thozza@redhat.com Date: Mon, 23 Feb 2015 21:26:26 +0000 -Subject: [PATCH 52/71] Fix uninitialized value used in get_client_mac() +Subject: [PATCH 52/87] Fix uninitialized value used in get_client_mac()
--- src/dhcp6.c | 4 +++- diff --git a/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch b/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch index b37498e..854771a 100644 --- a/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch +++ b/src/patches/dnsmasq/0053-Log-parsing-utils-in-contrib-reverse-dns.patch @@ -1,7 +1,7 @@ From 47b9ac59c715827252ae6e6732903c3dabb697fb Mon Sep 17 00:00:00 2001 From: Joachim Zobel jz-2014@heute-morgen.de Date: Mon, 23 Feb 2015 21:38:11 +0000 -Subject: [PATCH 53/71] Log parsing utils in contrib/reverse-dns +Subject: [PATCH 53/87] Log parsing utils in contrib/reverse-dns
--- contrib/reverse-dns/README | 18 ++++++++++++++++++ diff --git a/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch b/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch index 5073440..cb9e86f 100644 --- a/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch +++ b/src/patches/dnsmasq/0054-Add-dnssec-timestamp-option-and-facility.patch @@ -1,7 +1,7 @@ From f6e62e2af96f5fa0d1e3d93167a93a8f09bf6e61 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 1 Mar 2015 18:17:54 +0000 -Subject: [PATCH 54/71] Add --dnssec-timestamp option and facility. +Subject: [PATCH 54/87] Add --dnssec-timestamp option and facility.
--- CHANGELOG | 6 +++++ diff --git a/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch b/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch index 768e14a..40b6607 100644 --- a/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch +++ b/src/patches/dnsmasq/0055-Fix-last-commit-to-not-crash-if-uid-changing-not-con.patch @@ -1,7 +1,7 @@ From 9003b50b13da624ca45f3e0cf99abb623b8d026b Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 2 Mar 2015 22:47:23 +0000 -Subject: [PATCH 55/71] Fix last commit to not crash if uid changing not +Subject: [PATCH 55/87] Fix last commit to not crash if uid changing not configured.
--- diff --git a/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch b/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch index d39a058..f6f7873 100644 --- a/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch +++ b/src/patches/dnsmasq/0056-New-version-of-contrib-reverse-dns.patch @@ -1,7 +1,7 @@ From 4c960fa90a975d20f75a1ecabd217247f1922c8f Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 4 Mar 2015 20:32:26 +0000 -Subject: [PATCH 56/71] New version of contrib/reverse-dns +Subject: [PATCH 56/87] New version of contrib/reverse-dns
--- contrib/reverse-dns/README | 22 +++--- diff --git a/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch b/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch index 462d572..924e3dc 100644 --- a/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch +++ b/src/patches/dnsmasq/0057-Tweak-DNSSEC-timestamp-code-to-create-file-later-rem.patch @@ -1,7 +1,7 @@ From 360f2513ab12a9bf1e262d388dd2ea8a566590a3 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 7 Mar 2015 18:28:06 +0000 -Subject: [PATCH 57/71] Tweak DNSSEC timestamp code to create file later, +Subject: [PATCH 57/87] Tweak DNSSEC timestamp code to create file later, removing need to chown it.
--- diff --git a/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch b/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch index aa30241..ded0984 100644 --- a/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch +++ b/src/patches/dnsmasq/0058-Fix-boilerplate-code-for-re-running-system-calls-on-.patch @@ -1,7 +1,7 @@ From ff841ebf5a5d6864ff48571f607c32ce80dbb75a Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Wed, 11 Mar 2015 21:36:30 +0000 -Subject: [PATCH 58/71] Fix boilerplate code for re-running system calls on +Subject: [PATCH 58/87] Fix boilerplate code for re-running system calls on EINTR and EAGAIN etc.
The nasty code with static variable in retry_send() which diff --git a/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch b/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch index 6a2a0f4..f8091d4 100644 --- a/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch +++ b/src/patches/dnsmasq/0059-Make-address-example.com-equivalent-to-server-exampl.patch @@ -1,7 +1,7 @@ From 979fe86bc8693f660eddea232ae39cbbb50b294c Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 19 Mar 2015 22:50:22 +0000 -Subject: [PATCH 59/71] Make --address=/example.com/ equivalent to +Subject: [PATCH 59/87] Make --address=/example.com/ equivalent to --server=/example.com/
--- diff --git a/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch b/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch index 1eb504b..dcf1a3c 100644 --- a/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch +++ b/src/patches/dnsmasq/0060-dhcp-set-outbound-interface-via-cmsg-in-unicast-repl.patch @@ -1,7 +1,7 @@ From 65c721200023ef0023114459a8d12f8b0a24cfd8 Mon Sep 17 00:00:00 2001 From: Lung-Pin Chang changlp@cs.nctu.edu.tw Date: Thu, 19 Mar 2015 23:22:21 +0000 -Subject: [PATCH 60/71] dhcp: set outbound interface via cmsg in unicast reply +Subject: [PATCH 60/87] dhcp: set outbound interface via cmsg in unicast reply
If multiple routes to the same network exist, Linux blindly picks the first interface (route) based on destination address, which might not be diff --git a/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch b/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch index b566ebf..7f2b1b0 100644 --- a/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch +++ b/src/patches/dnsmasq/0061-Don-t-fail-DNSSEC-when-a-signed-CNAME-dangles-into-a.patch @@ -1,7 +1,7 @@ From 8805283088d670baecb92569252c01cf754cda51 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Thu, 26 Mar 2015 21:15:43 +0000 -Subject: [PATCH 61/71] Don't fail DNSSEC when a signed CNAME dangles into an +Subject: [PATCH 61/87] Don't fail DNSSEC when a signed CNAME dangles into an unsigned zone.
--- diff --git a/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch b/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch index a660450..496776d 100644 --- a/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch +++ b/src/patches/dnsmasq/0062-Return-SERVFAIL-when-validation-abandoned.patch @@ -1,7 +1,7 @@ From 150162bc37170a6edae9d488435e836b1e4e3a4e Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 27 Mar 2015 09:58:26 +0000 -Subject: [PATCH 62/71] Return SERVFAIL when validation abandoned. +Subject: [PATCH 62/87] Return SERVFAIL when validation abandoned.
--- src/forward.c | 11 +++++++++-- diff --git a/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch b/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch index 93161d0..25ae12e 100644 --- a/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch +++ b/src/patches/dnsmasq/0063-Protect-against-broken-DNSSEC-upstreams.patch @@ -1,7 +1,7 @@ From 0b8a5a30a77331974ba24a04e43e720585dfbc61 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 27 Mar 2015 11:44:55 +0000 -Subject: [PATCH 63/71] Protect against broken DNSSEC upstreams. +Subject: [PATCH 63/87] Protect against broken DNSSEC upstreams.
--- src/dnssec.c | 7 +++++-- diff --git a/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch b/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch index 389beee..41730b8 100644 --- a/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch +++ b/src/patches/dnsmasq/0064-DNSSEC-fix-for-non-ascii-characters-in-labels.patch @@ -1,7 +1,7 @@ From 1e153945def3c50d1e59ceea6a768db0ac770f98 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sat, 28 Mar 2015 21:34:07 +0000 -Subject: [PATCH 64/71] DNSSEC fix for non-ascii characters in labels. +Subject: [PATCH 64/87] DNSSEC fix for non-ascii characters in labels.
--- src/dnssec.c | 34 +++++++++++++++++----------------- diff --git a/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch b/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch index 69f6081..212fe30 100644 --- a/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch +++ b/src/patches/dnsmasq/0065-Allow-control-characters-in-names-in-the-cache-handl.patch @@ -1,7 +1,7 @@ From 394ff492da6af5da7e7d356be9586683bc5fc011 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 29 Mar 2015 22:17:14 +0100 -Subject: [PATCH 65/71] Allow control characters in names in the cache, handle +Subject: [PATCH 65/87] Allow control characters in names in the cache, handle when logging.
--- diff --git a/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch b/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch index 04a865f..dbc4deb 100644 --- a/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch +++ b/src/patches/dnsmasq/0066-Fix-crash-in-last-commit.patch @@ -1,7 +1,7 @@ From 794fccca7ffebfba4468bfffc6276b68bbf6afd9 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Sun, 29 Mar 2015 22:35:44 +0100 -Subject: [PATCH 66/71] Fix crash in last commit. +Subject: [PATCH 66/87] Fix crash in last commit.
--- src/cache.c | 7 ++++--- diff --git a/src/patches/dnsmasq/0067-Merge-message-translations.patch b/src/patches/dnsmasq/0067-Merge-message-translations.patch index 090da5c..ac735bd 100644 --- a/src/patches/dnsmasq/0067-Merge-message-translations.patch +++ b/src/patches/dnsmasq/0067-Merge-message-translations.patch @@ -1,7 +1,7 @@ From fd6ad9e481ab7c812a6b1515244908818cbb0442 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Mon, 30 Mar 2015 07:52:21 +0100 -Subject: [PATCH 67/71] Merge message translations. +Subject: [PATCH 67/87] Merge message translations.
--- po/de.po | 803 +++++++++++++++++++++++++++++++++-------------------------- diff --git a/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch b/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch index 3439cc1..b61ad0a 100644 --- a/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch +++ b/src/patches/dnsmasq/0068-add-tftp-no-fail-to-ignore-missing-tftp-root.patch @@ -1,7 +1,7 @@ From 30d0879ed55cb67b1b735beab3d93f3bb3ef1dd2 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek stefan.tomanek+dnsmasq@wertarbyte.de Date: Tue, 31 Mar 2015 22:32:11 +0100 -Subject: [PATCH 68/71] add --tftp-no-fail to ignore missing tftp root +Subject: [PATCH 68/87] add --tftp-no-fail to ignore missing tftp root
--- CHANGELOG | 3 +++ diff --git a/src/patches/dnsmasq/0069-Whitespace-fixes.patch b/src/patches/dnsmasq/0069-Whitespace-fixes.patch index 6784ee3..865e9a9 100644 --- a/src/patches/dnsmasq/0069-Whitespace-fixes.patch +++ b/src/patches/dnsmasq/0069-Whitespace-fixes.patch @@ -1,7 +1,7 @@ From 7aa970e2c7043201663d86a4b5d8cd5c592cef39 Mon Sep 17 00:00:00 2001 From: Stefan Tomanek stefan.tomanek+dnsmasq@wertarbyte.de Date: Wed, 1 Apr 2015 17:55:07 +0100 -Subject: [PATCH 69/71] Whitespace fixes. +Subject: [PATCH 69/87] Whitespace fixes.
--- src/dnsmasq.c | 14 +++++++------- diff --git a/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch b/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch index 1350ca6..a2f9638 100644 --- a/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch +++ b/src/patches/dnsmasq/0070-Return-INSECURE-rather-than-BOGUS-when-DS-proved-not.patch @@ -1,7 +1,7 @@ From fe3992f9fa69fa975ea31919c53933b5f6a63527 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 3 Apr 2015 21:25:05 +0100 -Subject: [PATCH 70/71] Return INSECURE, rather than BOGUS when DS proved not +Subject: [PATCH 70/87] Return INSECURE, rather than BOGUS when DS proved not to exist.
Return INSECURE when validating DNS replies which have RRSIGs, but diff --git a/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch b/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch index 83cdb0c..723c492 100644 --- a/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch +++ b/src/patches/dnsmasq/0071-Fix-compiler-warning-when-not-including-DNSSEC.patch @@ -1,7 +1,7 @@ From 982faf402487e265ed11ac03524531d42b03c966 Mon Sep 17 00:00:00 2001 From: Simon Kelley simon@thekelleys.org.uk Date: Fri, 3 Apr 2015 21:42:30 +0100 -Subject: [PATCH 71/71] Fix compiler warning when not including DNSSEC. +Subject: [PATCH 71/87] Fix compiler warning when not including DNSSEC.
--- src/forward.c | 3 ++- diff --git a/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch b/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch new file mode 100644 index 0000000..3f579bd --- /dev/null +++ b/src/patches/dnsmasq/0072-Fix-crash-caused-by-looking-up-servers.bind-when-man.patch @@ -0,0 +1,54 @@ +From 04b0ac05377936d121a36873bb63d492cde292c9 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Mon, 6 Apr 2015 17:19:13 +0100 +Subject: [PATCH 72/87] Fix crash caused by looking up servers.bind when many + servers defined. + +--- + CHANGELOG | 7 ++++++- + src/cache.c | 4 ++-- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 34432ae4807f..6aa3d851a297 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -75,7 +75,12 @@ version 2.73 + + Add --tftp-no-fail option. Thanks to Stefan Tomanek for + the patch. +- ++ ++ Fix crash caused by looking up servers.bind, CHAOS text record, ++ when more than about five --servers= lines are in the dnsmasq ++ config. This causes memory corruption which causes a crash later. ++ Thanks to Matt Coddington for sterling work chasing this down. ++ + + version 2.72 + Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. +diff --git a/src/cache.c b/src/cache.c +index d7bea574c0d8..178d654ca92e 100644 +--- a/src/cache.c ++++ b/src/cache.c +@@ -1367,7 +1367,7 @@ int cache_make_stat(struct txt_record *t) + } + port = prettyprint_addr(&serv->addr, daemon->addrbuff); + lenp = p++; /* length */ +- bytes_avail = (p - buff) + bufflen; ++ bytes_avail = bufflen - (p - buff ); + bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries); + if (bytes_needed >= bytes_avail) + { +@@ -1381,7 +1381,7 @@ int cache_make_stat(struct txt_record *t) + lenp = p - 1; + buff = new; + bufflen = newlen; +- bytes_avail = (p - buff) + bufflen; ++ bytes_avail = bufflen - (p - buff ); + bytes_needed = snprintf(p, bytes_avail, "%s#%d %u %u", daemon->addrbuff, port, queries, failed_queries); + } + *lenp = bytes_needed; +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch b/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch new file mode 100644 index 0000000..27e4cde --- /dev/null +++ b/src/patches/dnsmasq/0073-Fix-crash-on-receipt-of-certain-malformed-DNS-reques.patch @@ -0,0 +1,61 @@ +From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Thu, 9 Apr 2015 21:48:00 +0100 +Subject: [PATCH 73/87] Fix crash on receipt of certain malformed DNS requests. + +--- + CHANGELOG | 3 +++ + src/rfc1035.c | 9 ++++++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 6aa3d851a297..9af617056f1f 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -125,6 +125,9 @@ version 2.72 + Fix problem with --local-service option on big-endian platforms + Thanks to Richard Genoud for the patch. + ++ Fix crash on receipt of certain malformed DNS requests. Thanks ++ to Nick Sampanis for spotting the problem. ++ + + version 2.71 + Subtle change to error handling to help DNSSEC validation +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 7a07b0cee906..a995ab50d74a 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, + size_t setup_reply(struct dns_header *header, size_t qlen, + struct all_addr *addrp, unsigned int flags, unsigned long ttl) + { +- unsigned char *p = skip_questions(header, qlen); ++ unsigned char *p; ++ ++ if (!(p = skip_questions(header, qlen))) ++ return 0; + + /* clear authoritative and truncated flags, set QR flag */ + header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; +@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, + SET_RCODE(header, NOERROR); /* empty domain */ + else if (flags == F_NXDOMAIN) + SET_RCODE(header, NXDOMAIN); +- else if (p && flags == F_IPV4) ++ else if (flags == F_IPV4) + { /* we know the address */ + SET_RCODE(header, NOERROR); + header->ancount = htons(1); +@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, + add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); + } + #ifdef HAVE_IPV6 +- else if (p && flags == F_IPV6) ++ else if (flags == F_IPV6) + { + SET_RCODE(header, NOERROR); + header->ancount = htons(1); +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch b/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch new file mode 100644 index 0000000..2435371 --- /dev/null +++ b/src/patches/dnsmasq/0074-Fix-crash-in-auth-code-with-odd-configuration.patch @@ -0,0 +1,113 @@ +From 38440b204db65f9be16c4c3daa7e991e4356f6ed Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Sun, 12 Apr 2015 21:52:47 +0100 +Subject: [PATCH 74/87] Fix crash in auth code with odd configuration. + +--- + CHANGELOG | 32 +++++++++++++++++++++----------- + src/auth.c | 13 ++++++++----- + 2 files changed, 29 insertions(+), 16 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 9af617056f1f..f2142c71cbdc 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -68,18 +68,31 @@ version 2.73 + Fix broken DNSSEC validation of ECDSA signatures. + + Add --dnssec-timestamp option, which provides an automatic +- way to detect when the system time becomes valid after boot +- on systems without an RTC, whilst allowing DNS queries before the +- clock is valid so that NTP can run. Thanks to +- Kevin Darbyshire-Bryant for developing this idea. ++ way to detect when the system time becomes valid after ++ boot on systems without an RTC, whilst allowing DNS ++ queries before the clock is valid so that NTP can run. ++ Thanks to Kevin Darbyshire-Bryant for developing this idea. + + Add --tftp-no-fail option. Thanks to Stefan Tomanek for + the patch. + +- Fix crash caused by looking up servers.bind, CHAOS text record, +- when more than about five --servers= lines are in the dnsmasq +- config. This causes memory corruption which causes a crash later. +- Thanks to Matt Coddington for sterling work chasing this down. ++ Fix crash caused by looking up servers.bind, CHAOS text ++ record, when more than about five --servers= lines are ++ in the dnsmasq config. This causes memory corruption ++ which causes a crash later. Thanks to Matt Coddington for ++ sterling work chasing this down. ++ ++ Fix crash on receipt of certain malformed DNS requests. ++ Thanks to Nick Sampanis for spotting the problem. ++ ++ Fix crash in authoritative DNS code, if a .arpa zone ++ is declared as authoritative, and then a PTR query which ++ is not to be treated as authoritative arrived. Normally, ++ directly declaring .arpa zone as authoritative is not ++ done, so this crash wouldn't be seen. Instead the ++ relevant .arpa zone should be specified as a subnet ++ in the auth-zone declaration. Thanks to Johnny S. Lee ++ for the bugreport and initial patch. + + + version 2.72 +@@ -125,10 +138,7 @@ version 2.72 + Fix problem with --local-service option on big-endian platforms + Thanks to Richard Genoud for the patch. + +- Fix crash on receipt of certain malformed DNS requests. Thanks +- to Nick Sampanis for spotting the problem. + +- + version 2.71 + Subtle change to error handling to help DNSSEC validation + when servers fail to provide NODATA answers for +diff --git a/src/auth.c b/src/auth.c +index 15721e52793f..4a5c39fc5c07 100644 +--- a/src/auth.c ++++ b/src/auth.c +@@ -141,7 +141,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + for (zone = daemon->auth_zones; zone; zone = zone->next) + if ((subnet = find_subnet(zone, flag, &addr))) + break; +- ++ + if (!zone) + { + auth = 0; +@@ -186,7 +186,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + + if (intr) + { +- if (in_zone(zone, intr->name, NULL)) ++ if (local_query || in_zone(zone, intr->name, NULL)) + { + found = 1; + log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL); +@@ -208,8 +208,11 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + *p = 0; /* must be bare name */ + + /* add external domain */ +- strcat(name, "."); +- strcat(name, zone->domain); ++ if (zone) ++ { ++ strcat(name, "."); ++ strcat(name, zone->domain); ++ } + log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid)); + found = 1; + if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, +@@ -217,7 +220,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + T_PTR, C_IN, "d", name)) + anscount++; + } +- else if (crecp->flags & (F_DHCP | F_HOSTS) && in_zone(zone, name, NULL)) ++ else if (crecp->flags & (F_DHCP | F_HOSTS) && (local_query || in_zone(zone, name, NULL))) + { + log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid)); + found = 1; +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch b/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch new file mode 100644 index 0000000..fbc3802 --- /dev/null +++ b/src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch @@ -0,0 +1,106 @@ +From 78c6184752dce27849e36cce4360abc27b8d76d2 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Thu, 16 Apr 2015 15:05:30 +0100 +Subject: [PATCH 75/87] Auth: correct replies to NS and SOA in .arpa zones. + +--- + CHANGELOG | 8 ++++++++ + src/auth.c | 51 ++++++++++++++++++++++++++++++--------------------- + 2 files changed, 38 insertions(+), 21 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index f2142c71cbdc..0619788e9cef 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -94,6 +94,14 @@ version 2.73 + in the auth-zone declaration. Thanks to Johnny S. Lee + for the bugreport and initial patch. + ++ Fix authoritative DNS code to correctly reply to NS ++ and SOA queries for .arpa zones for which we are ++ declared authoritative by means of a subnet in auth-zone. ++ Previously we provided correct answers to PTR queries ++ in such zones (including NS and SOA) but not direct ++ NS and SOA queries. Thanks to Johnny S. Lee for ++ pointing out the problem. ++ + + version 2.72 + Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. +diff --git a/src/auth.c b/src/auth.c +index 4a5c39fc5c07..2b0b7d6b052d 100644 +--- a/src/auth.c ++++ b/src/auth.c +@@ -131,24 +131,27 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + continue; + } + +- if (qtype == T_PTR) ++ if ((qtype == T_PTR || qtype == T_SOA || qtype == T_NS) && ++ (flag = in_arpa_name_2_addr(name, &addr)) && ++ !local_query) + { +- if (!(flag = in_arpa_name_2_addr(name, &addr))) +- continue; +- +- if (!local_query) ++ for (zone = daemon->auth_zones; zone; zone = zone->next) ++ if ((subnet = find_subnet(zone, flag, &addr))) ++ break; ++ ++ if (!zone) + { +- for (zone = daemon->auth_zones; zone; zone = zone->next) +- if ((subnet = find_subnet(zone, flag, &addr))) +- break; +- +- if (!zone) +- { +- auth = 0; +- continue; +- } ++ auth = 0; ++ continue; + } ++ else if (qtype == T_SOA) ++ soa = 1, found = 1; ++ else if (qtype == T_NS) ++ ns = 1, found = 1; ++ } + ++ if (qtype == T_PTR && flag) ++ { + intr = NULL; + + if (flag == F_IPV4) +@@ -243,14 +246,20 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + } + + cname_restart: +- for (zone = daemon->auth_zones; zone; zone = zone->next) +- if (in_zone(zone, name, &cut)) +- break; +- +- if (!zone) ++ if (found) ++ /* NS and SOA .arpa requests have set found above. */ ++ cut = NULL; ++ else + { +- auth = 0; +- continue; ++ for (zone = daemon->auth_zones; zone; zone = zone->next) ++ if (in_zone(zone, name, &cut)) ++ break; ++ ++ if (!zone) ++ { ++ auth = 0; ++ continue; ++ } + } + + for (rec = daemon->mxnames; rec; rec = rec->next) +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch b/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch new file mode 100644 index 0000000..1598460 --- /dev/null +++ b/src/patches/dnsmasq/0076-Fix-srk-induced-crash-in-new-tftp_no_fail-code.patch @@ -0,0 +1,36 @@ +From b4c0f092d8ce63ea4763c0ac17aa8d24318ad301 Mon Sep 17 00:00:00 2001 +From: Stefan Tomanek stefan.tomanek+dnsmasq@wertarbyte.de +Date: Thu, 16 Apr 2015 15:20:59 +0100 +Subject: [PATCH 76/87] Fix (srk induced) crash in new tftp_no_fail code. + +--- + src/dnsmasq.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index a7c5da8fbd01..20b15c05103a 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -655,7 +655,8 @@ int main (int argc, char **argv) + _exit(0); + } + } +- closedir(dir); ++ else ++ closedir(dir); + } + + for (p = daemon->if_prefix; p; p = p->next) +@@ -670,7 +671,8 @@ int main (int argc, char **argv) + _exit(0); + } + } +- closedir(dir); ++ else ++ closedir(dir); + } + } + #endif +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch b/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch new file mode 100644 index 0000000..a68ac4c --- /dev/null +++ b/src/patches/dnsmasq/0077-Note-CVE-2015-3294.patch @@ -0,0 +1,26 @@ +From 0df29f5e23fd2f16181847db1fcf3a8b392d869a Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Thu, 16 Apr 2015 15:24:52 +0100 +Subject: [PATCH 77/87] Note CVE-2015-3294 + +--- + CHANGELOG | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/CHANGELOG b/CHANGELOG +index 0619788e9cef..7f2b1e002e9e 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -84,6 +84,9 @@ version 2.73 + + Fix crash on receipt of certain malformed DNS requests. + Thanks to Nick Sampanis for spotting the problem. ++ Note that this is could allow the dnsmasq process's ++ memory to be read by an attacker under certain ++ circumstances, so it has a CVE, CVE-2015-3294 + + Fix crash in authoritative DNS code, if a .arpa zone + is declared as authoritative, and then a PTR query which +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch b/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch new file mode 100644 index 0000000..2e040e3 --- /dev/null +++ b/src/patches/dnsmasq/0078-Log-domain-when-reporting-DNSSEC-validation-failure.patch @@ -0,0 +1,59 @@ +From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Fri, 17 Apr 2015 22:50:20 +0100 +Subject: [PATCH 78/87] Log domain when reporting DNSSEC validation failure. + +--- + src/forward.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/forward.c b/src/forward.c +index 3f6b9a23b6ab..1c7da3f5655c 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -1014,7 +1014,7 @@ void reply_query(int fd, int family, time_t now) + header->hb3 |= HB3_TC; + else + { +- char *result; ++ char *result, *domain = "result"; + + if (forward->work_counter == 0) + { +@@ -1024,7 +1024,10 @@ void reply_query(int fd, int family, time_t now) + else + result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS")); + +- log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result); ++ if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL)) ++ domain = daemon->namebuff; ++ ++ log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result); + } + + if (status == STAT_SECURE) +@@ -1975,7 +1978,7 @@ unsigned char *tcp_request(int confd, time_t now, + { + int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */ + int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount); +- char *result; ++ char *result, *domain = "result"; + + if (status == STAT_INSECURE_DS) + { +@@ -1993,8 +1996,10 @@ unsigned char *tcp_request(int confd, time_t now, + } + else + result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS")); +- +- log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result); ++ if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL)) ++ domain = daemon->namebuff; ++ ++ log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result); + + if (status == STAT_BOGUS) + { +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch b/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch new file mode 100644 index 0000000..6b0453e --- /dev/null +++ b/src/patches/dnsmasq/0079-Check-IP-address-command-line-arg-in-dhcp_release.c.patch @@ -0,0 +1,28 @@ +From a006eb7e1486023480ea40244720ef7aab51de71 Mon Sep 17 00:00:00 2001 +From: Moshe Levi moshele@mellanox.com +Date: Sun, 19 Apr 2015 22:10:40 +0100 +Subject: [PATCH 79/87] Check IP address command line arg in dhcp_release.c + +--- + contrib/wrt/dhcp_release.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/contrib/wrt/dhcp_release.c b/contrib/wrt/dhcp_release.c +index 53f47dda3aec..a51f04b30cab 100644 +--- a/contrib/wrt/dhcp_release.c ++++ b/contrib/wrt/dhcp_release.c +@@ -277,6 +277,11 @@ int main(int argc, char **argv) + exit(1); + } + ++ if (inet_addr(argv[2]) == INADDR_NONE) ++ { ++ perror("invalid ip address"); ++ exit(1); ++ } + + lease.s_addr = inet_addr(argv[2]); + server = find_interface(lease, nl, if_nametoindex(argv[1])); +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch b/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch new file mode 100644 index 0000000..8aa5c5c --- /dev/null +++ b/src/patches/dnsmasq/0080-Revert-61b838dd574c51d96fef100285a0d225824534f9-and-.patch @@ -0,0 +1,53 @@ +From 338b340be9e7198f5c0f68133d070d6598a0814c Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Mon, 20 Apr 2015 21:34:05 +0100 +Subject: [PATCH 80/87] Revert 61b838dd574c51d96fef100285a0d225824534f9 and + just quieten log instead. + +--- + src/rfc3315.c | 24 ++++++++++-------------- + 1 file changed, 10 insertions(+), 14 deletions(-) + +diff --git a/src/rfc3315.c b/src/rfc3315.c +index c1ddc805988d..c45116a40a09 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -824,25 +824,21 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + } + else + { +- /* Windows 8 always requests an address even if the Managed bit +- in RA is 0 and it keeps retrying if it receives a reply +- stating that no addresses are available. We solve this +- by not replying at all if we're not configured to give any +- addresses by DHCPv6. RFC 3315 17.2.1. appears to allow this. */ +- +- for (c = state->context; c; c = c->current) +- if (!(c->flags & CONTEXT_RA_STATELESS)) +- break; +- +- if (!c) +- return 0; +- + /* no address, return error */ + o1 = new_opt6(OPTION6_STATUS_CODE); + put_opt6_short(DHCP6NOADDRS); + put_opt6_string(_("no addresses available")); + end_opt6(o1); +- log6_packet(state, state->lease_allocate ? "DHCPREPLY" : "DHCPADVERTISE", NULL, _("no addresses available")); ++ ++ /* Some clients will ask repeatedly when we're not giving ++ out addresses because we're in stateless mode. Avoid spamming ++ the log in that case. */ ++ for (c = state->context; c; c = c->current) ++ if (!(c->flags & CONTEXT_RA_STATELESS)) ++ { ++ log6_packet(state, state->lease_allocate ? "DHCPREPLY" : "DHCPADVERTISE", NULL, _("no addresses available")); ++ break; ++ } + } + + break; +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch b/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch new file mode 100644 index 0000000..4fb78d4 --- /dev/null +++ b/src/patches/dnsmasq/0081-Handle-domain-names-with-.-or-000-within-labels.patch @@ -0,0 +1,215 @@ +From cbe379ad6b52a538a4416a7cd992817e5637ccf9 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Tue, 21 Apr 2015 22:57:06 +0100 +Subject: [PATCH 81/87] Handle domain names with '.' or /000 within labels. + +Only in DNSSEC mode, where we might need to validate or store +such names. In none-DNSSEC mode, simply don't cache these, as before. +--- + src/dns-protocol.h | 4 ++++ + src/dnsmasq.c | 15 +++++++++++++-- + src/dnssec.c | 40 +++++++++++++++++++++++++++++++--------- + src/rfc1035.c | 16 +++++++++++++++- + src/util.c | 9 ++++++++- + 5 files changed, 71 insertions(+), 13 deletions(-) + +diff --git a/src/dns-protocol.h b/src/dns-protocol.h +index 16fade33d98c..7f5d686bb150 100644 +--- a/src/dns-protocol.h ++++ b/src/dns-protocol.h +@@ -142,3 +142,7 @@ struct dns_header { + + #define ADD_RDLEN(header, pp, plen, len) \ + (!CHECK_LEN(header, pp, plen, len) ? 0 : (((pp) += (len)), 1)) ++ ++/* Escape character in our presentation format for names. ++ Cannot be '.' or /000 and must be !isprint() */ ++#define NAME_ESCAPE 1 +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index 20b15c05103a..19a6428b09e8 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -102,8 +102,19 @@ int main (int argc, char **argv) + #ifdef HAVE_DNSSEC + if (option_bool(OPT_DNSSEC_VALID)) + { +- daemon->keyname = safe_malloc(MAXDNAME); +- daemon->workspacename = safe_malloc(MAXDNAME); ++ /* Note that both /000 and '.' are allowed within labels. These get ++ represented in presentation format using NAME_ESCAPE as an escape ++ character when in DNSSEC mode. ++ In theory, if all the characters in a name were /000 or ++ '.' or NAME_ESCAPE then all would have to be escaped, so the ++ presentation format would be twice as long as the spec. ++ ++ daemon->namebuff was previously allocated by the option-reading ++ code before we knew if we're in DNSSEC mode, so reallocate here. */ ++ free(daemon->namebuff); ++ daemon->namebuff = safe_malloc(MAXDNAME * 2); ++ daemon->keyname = safe_malloc(MAXDNAME * 2); ++ daemon->workspacename = safe_malloc(MAXDNAME * 2); + } + #endif + +diff --git a/src/dnssec.c b/src/dnssec.c +index 05e0983cb251..c116a7b5f6f4 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -321,10 +321,18 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha + thus generating names in canonical form. + Calling to_wire followed by from_wire is almost an identity, + except that the UC remains mapped to LC. ++ ++ Note that both /000 and '.' are allowed within labels. These get ++ represented in presentation format using NAME_ESCAPE as an escape ++ character. In theory, if all the characters in a name were /000 or ++ '.' or NAME_ESCAPE then all would have to be escaped, so the ++ presentation format would be twice as long as the spec (1024). ++ The buffers are all delcared as 2049 (allowing for the trailing zero) ++ for this reason. + */ + static int to_wire(char *name) + { +- unsigned char *l, *p, term; ++ unsigned char *l, *p, *q, term; + int len; + + for (l = (unsigned char*)name; *l != 0; l = p) +@@ -332,7 +340,10 @@ static int to_wire(char *name) + for (p = l; *p != '.' && *p != 0; p++) + if (*p >= 'A' && *p <= 'Z') + *p = *p - 'A' + 'a'; +- ++ else if (*p == NAME_ESCAPE) ++ for (q = p; *q; q++) ++ *q = *(q+1); ++ + term = *p; + + if ((len = p - l) != 0) +@@ -351,13 +362,23 @@ static int to_wire(char *name) + /* Note: no compression allowed in input. */ + static void from_wire(char *name) + { +- unsigned char *l; ++ unsigned char *l, *p, *last; + int len; +- ++ ++ for (last = (unsigned char *)name; *last != 0; last += *last+1); ++ + for (l = (unsigned char *)name; *l != 0; l += len+1) + { + len = *l; + memmove(l, l+1, len); ++ for (p = l; p < l + len; p++) ++ if (*p == '.' || *p == 0 || *p == NAME_ESCAPE) ++ { ++ memmove(p+1, p, 1 + last - p); ++ len++; ++ *p++ = NAME_ESCAPE; ++ } ++ + l[len] = '.'; + } + +@@ -645,7 +666,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int + if (left1 != 0) + memmove(buff1, buff1 + len1 - left1, left1); + +- if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0) ++ if ((len1 = get_rdata(header, plen, end1, buff1 + left1, (MAXDNAME * 2) - left1, &p1, &dp1)) == 0) + { + quit = 1; + len1 = end1 - p1; +@@ -656,7 +677,7 @@ static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int + if (left2 != 0) + memmove(buff2, buff2 + len2 - left2, left2); + +- if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0) ++ if ((len2 = get_rdata(header, plen, end2, buff2 + left2, (MAXDNAME *2) - left2, &p2, &dp2)) == 0) + { + quit = 1; + len2 = end2 - p2; +@@ -902,10 +923,11 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in + + end = p + rdlen; + +- /* canonicalise rdata and calculate length of same, use name buffer as workspace */ ++ /* canonicalise rdata and calculate length of same, use name buffer as workspace. ++ Note that name buffer is twice MAXDNAME long in DNSSEC mode. */ + cp = p; + dp = rr_desc; +- for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg); ++ for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)) != 0; len += seg); + len += end - cp; + len = htons(len); + hash->update(ctx, 2, (unsigned char *)&len); +@@ -913,7 +935,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in + /* Now canonicalise again and digest. */ + cp = p; + dp = rr_desc; +- while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp))) ++ while ((seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp))) + hash->update(ctx, seg, (unsigned char *)name); + if (cp != end) + hash->update(ctx, end - cp, cp); +diff --git a/src/rfc1035.c b/src/rfc1035.c +index a995ab50d74a..19fecc818c06 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -128,6 +128,15 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + if (isExtract) + { + unsigned char c = *p; ++#ifdef HAVE_DNSSEC ++ if (option_bool(OPT_DNSSEC_VALID)) ++ { ++ if (c == 0 || c == '.' || c == NAME_ESCAPE) ++ *cp++ = NAME_ESCAPE; ++ *cp++ = c; ++ } ++ else ++#endif + if (c != 0 && c != '.') + *cp++ = c; + else +@@ -144,9 +153,14 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + cp++; + if (c1 >= 'A' && c1 <= 'Z') + c1 += 'a' - 'A'; ++#ifdef HAVE_DNSSEC ++ if (option_bool(OPT_DNSSEC_VALID) && c1 == NAME_ESCAPE) ++ c1 = *cp++; ++#endif ++ + if (c2 >= 'A' && c2 <= 'Z') + c2 += 'a' - 'A'; +- ++ + if (c1 != c2) + retvalue = 2; + } +diff --git a/src/util.c b/src/util.c +index 648bc4d4b428..0c1a48b4700a 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -226,7 +226,14 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval) + { + unsigned char *cp = p++; + for (j = 0; *sval && (*sval != '.'); sval++, j++) +- *p++ = *sval; ++ { ++#ifdef HAVE_DNSSEC ++ if (option_bool(OPT_DNSSEC_VALID) && *sval == NAME_ESCAPE) ++ *p++ = *(++sval); ++ else ++#endif ++ *p++ = *sval; ++ } + *cp = j; + if (*sval) + sval++; +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch b/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch new file mode 100644 index 0000000..ea6f08d --- /dev/null +++ b/src/patches/dnsmasq/0082-Tweaks-to-previous-DNS-label-charset-commit.patch @@ -0,0 +1,136 @@ +From b8f16556d36924cd8dc7663cb4129d7b1f3fc2be Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Wed, 22 Apr 2015 21:14:31 +0100 +Subject: [PATCH 82/87] Tweaks to previous, DNS label charset commit. + +--- + src/dns-protocol.h | 6 +++++- + src/dnssec.c | 9 ++++++--- + src/rfc1035.c | 25 ++++++++++++++++++------- + src/util.c | 2 +- + 4 files changed, 30 insertions(+), 12 deletions(-) + +diff --git a/src/dns-protocol.h b/src/dns-protocol.h +index 7f5d686bb150..4b71746f8d26 100644 +--- a/src/dns-protocol.h ++++ b/src/dns-protocol.h +@@ -144,5 +144,9 @@ struct dns_header { + (!CHECK_LEN(header, pp, plen, len) ? 0 : (((pp) += (len)), 1)) + + /* Escape character in our presentation format for names. +- Cannot be '.' or /000 and must be !isprint() */ ++ Cannot be '.' or /000 and must be !isprint(). ++ Note that escaped chars are stored as ++ <NAME_ESCAPE> <orig-char+1> ++ to ensure that the escaped form of /000 doesn't include /000 ++*/ + #define NAME_ESCAPE 1 +diff --git a/src/dnssec.c b/src/dnssec.c +index c116a7b5f6f4..a9e12153ccf2 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -341,9 +341,11 @@ static int to_wire(char *name) + if (*p >= 'A' && *p <= 'Z') + *p = *p - 'A' + 'a'; + else if (*p == NAME_ESCAPE) +- for (q = p; *q; q++) ++ { ++ for (q = p; *q; q++) + *q = *(q+1); +- ++ (*p)--; ++ } + term = *p; + + if ((len = p - l) != 0) +@@ -376,7 +378,8 @@ static void from_wire(char *name) + { + memmove(p+1, p, 1 + last - p); + len++; +- *p++ = NAME_ESCAPE; ++ *p++ = NAME_ESCAPE; ++ (*p)++; + } + + l[len] = '.'; +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 19fecc818c06..32df31ad603c 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -20,7 +20,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + char *name, int isExtract, int extrabytes) + { + unsigned char *cp = (unsigned char *)name, *p = *pp, *p1 = NULL; +- unsigned int j, l, hops = 0; ++ unsigned int j, l, namelen = 0, hops = 0; + int retvalue = 1; + + if (isExtract) +@@ -94,9 +94,15 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + count = 256; + digs = ((count-1)>>2)+1; + +- /* output is [x<hex>/siz]. which is digs+9 chars */ +- if (cp - (unsigned char *)name + digs + 9 >= MAXDNAME) ++ /* output is [x<hex>/siz]. which is digs+6/7/8 chars */ ++ namelen += digs+6; ++ if (count > 9) ++ namelen++; ++ if (count > 99) ++ namelen++; ++ if (namelen+1 >= MAXDNAME) + return 0; ++ + if (!CHECK_LEN(header, p, plen, (count-1)>>3)) + return 0; + +@@ -119,7 +125,8 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + } + else + { /* label_type = 0 -> label. */ +- if (cp - (unsigned char *)name + l + 1 >= MAXDNAME) ++ namelen += l; ++ if (namelen+1 >= MAXDNAME) + return 0; + if (!CHECK_LEN(header, p, plen, l)) + return 0; +@@ -132,8 +139,12 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + if (option_bool(OPT_DNSSEC_VALID)) + { + if (c == 0 || c == '.' || c == NAME_ESCAPE) +- *cp++ = NAME_ESCAPE; +- *cp++ = c; ++ { ++ *cp++ = NAME_ESCAPE; ++ *cp++ = c+1; ++ } ++ else ++ *cp++ = c; + } + else + #endif +@@ -155,7 +166,7 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, + c1 += 'a' - 'A'; + #ifdef HAVE_DNSSEC + if (option_bool(OPT_DNSSEC_VALID) && c1 == NAME_ESCAPE) +- c1 = *cp++; ++ c1 = (*cp++)-1; + #endif + + if (c2 >= 'A' && c2 <= 'Z') +diff --git a/src/util.c b/src/util.c +index 0c1a48b4700a..9299703c6d30 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -229,7 +229,7 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval) + { + #ifdef HAVE_DNSSEC + if (option_bool(OPT_DNSSEC_VALID) && *sval == NAME_ESCAPE) +- *p++ = *(++sval); ++ *p++ = (*(++sval))-1; + else + #endif + *p++ = *sval; +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch b/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch new file mode 100644 index 0000000..96dc14b --- /dev/null +++ b/src/patches/dnsmasq/0083-Logs-in-DHCPv6-not-suppressed-by-dhcp6-quiet.patch @@ -0,0 +1,46 @@ +From a5ae1f85873829efe473075ad77806cc02792622 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Sat, 25 Apr 2015 21:46:10 +0100 +Subject: [PATCH 83/87] Logs in DHCPv6 not suppressed by dhcp6-quiet. + +--- + CHANGELOG | 6 +++++- + src/rfc3315.c | 4 ++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 7f2b1e002e9e..af2b22cf8f73 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -103,7 +103,11 @@ version 2.73 + Previously we provided correct answers to PTR queries + in such zones (including NS and SOA) but not direct + NS and SOA queries. Thanks to Johnny S. Lee for +- pointing out the problem. ++ pointing out the problem. ++ ++ Fix logging of DHCPREPLY which should be suppressed ++ by quiet-dhcp6. Thanks to J. Pablo Abonia for ++ spotting the problem. + + + version 2.72 +diff --git a/src/rfc3315.c b/src/rfc3315.c +index c45116a40a09..b4f5dd2db61f 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -1047,9 +1047,9 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + { + preferred_time = valid_time = 0; + message = _("address invalid"); +- } ++ } + +- if (message) ++ if (message && (message != state->hostname)) + log6_packet(state, "DHCPREPLY", req_addr, message); + else + log6_quiet(state, "DHCPREPLY", req_addr, message); +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch b/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch new file mode 100644 index 0000000..38670a8 --- /dev/null +++ b/src/patches/dnsmasq/0084-Make-get-version-work-when-repo-is-a-git-submodule.patch @@ -0,0 +1,28 @@ +From 8efd731cc4ed2baa42aa69d0a9d336392e9987cb Mon Sep 17 00:00:00 2001 +From: "Johnny S. Lee" _@jsl.io +Date: Sun, 26 Apr 2015 22:23:57 +0100 +Subject: [PATCH 84/87] Make get-version work when repo is a git submodule. + +--- + bld/get-version | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/bld/get-version b/bld/get-version +index 7ab75db729ac..5372869c0852 100755 +--- a/bld/get-version ++++ b/bld/get-version +@@ -11,8 +11,9 @@ + # If there is more than one v[0-9].* tag, sort them and use the + # first. This favours, eg v2.63 over 2.63rc6. + +-if which git >/dev/null 2>&1 && [ -d $1/.git ]; then +- cd $1; git describe | sed 's/^v//' ++if which git >/dev/null 2>&1 && \ ++ ([ -d $1/.git ] || grep '^gitdir:' $1/.git >/dev/null 2>&1); then ++ cd $1; git describe | sed 's/^v//' + elif grep '$Format:%d$' $1/VERSION >/dev/null 2>&1; then + # unsubstituted VERSION, but no git available. + echo UNKNOWN +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch b/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch new file mode 100644 index 0000000..04bee99 --- /dev/null +++ b/src/patches/dnsmasq/0085-Fix-argument-order-botch-which-broke-DNSSEC-for-TCP-.patch @@ -0,0 +1,40 @@ +From e66b4dff3c562c7836d5be4c26972d665ad783f1 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Tue, 28 Apr 2015 20:45:57 +0100 +Subject: [PATCH 85/87] Fix argument-order botch which broke DNSSEC for TCP + queries. + +--- + src/forward.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/forward.c b/src/forward.c +index 1c7da3f5655c..a8e403c4b25e 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -1996,8 +1996,9 @@ unsigned char *tcp_request(int confd, time_t now, + } + else + result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS")); +- if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL)) +- domain = daemon->namebuff; ++ ++ if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL)) ++ domain = daemon->namebuff; + + log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result); + +@@ -2040,8 +2041,8 @@ unsigned char *tcp_request(int confd, time_t now, + #endif + + m = process_reply(header, now, last_server, (unsigned int)m, +- option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, bogusanswer, +- cache_secure, ad_question, do_bit, added_pheader, check_subnet, &peer_addr); ++ option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, cache_secure, bogusanswer, ++ ad_question, do_bit, added_pheader, check_subnet, &peer_addr); + + break; + } +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch b/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch new file mode 100644 index 0000000..1fa5c7a --- /dev/null +++ b/src/patches/dnsmasq/0086-Don-t-remove-RRSIG-RR-from-answers-to-ANY-queries-wh.patch @@ -0,0 +1,29 @@ +From 2ed162ac204f3609fe4d9f9a0430baeaa352d88f Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Tue, 28 Apr 2015 21:26:35 +0100 +Subject: [PATCH 86/87] Don't remove RRSIG RR from answers to ANY queries when + the do bit is not set. + +--- + src/rfc1035.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 32df31ad603c..5828055caa5d 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1608,6 +1608,11 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, + GETSHORT(qtype, p); + GETSHORT(qclass, p); + ++ /* Don't filter RRSIGS from answers to ANY queries, even if do-bit ++ not set. */ ++ if (qtype == T_ANY) ++ *do_bit = 1; ++ + ans = 0; /* have we answered this question */ + + if (qtype == T_TXT || qtype == T_ANY) +-- +2.1.0 + diff --git a/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch b/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch new file mode 100644 index 0000000..8d1ca9e --- /dev/null +++ b/src/patches/dnsmasq/0087-Constify-some-DHCP-lease-management-functions.patch @@ -0,0 +1,57 @@ +From 64bcff1c7c72eecda8750bc2dca8b4c5dc38a837 Mon Sep 17 00:00:00 2001 +From: Nicolas Cavallari nicolas.cavallari@green-communications.fr +Date: Tue, 28 Apr 2015 21:55:18 +0100 +Subject: [PATCH 87/87] Constify some DHCP lease management functions. + +--- + src/dnsmasq.h | 7 ++++--- + src/lease.c | 8 ++++---- + 2 files changed, 8 insertions(+), 7 deletions(-) + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 6fe4a4189188..824a86009439 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -1304,9 +1304,10 @@ void lease_update_slaac(time_t now); + void lease_set_iaid(struct dhcp_lease *lease, int iaid); + void lease_make_duid(time_t now); + #endif +-void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr, +- unsigned char *clid, int hw_len, int hw_type, int clid_len, time_t now, int force); +-void lease_set_hostname(struct dhcp_lease *lease, char *name, int auth, char *domain, char *config_domain); ++void lease_set_hwaddr(struct dhcp_lease *lease, const unsigned char *hwaddr, ++ const unsigned char *clid, int hw_len, int hw_type, ++ int clid_len, time_t now, int force); ++void lease_set_hostname(struct dhcp_lease *lease, const char *name, int auth, char *domain, char *config_domain); + void lease_set_expires(struct dhcp_lease *lease, unsigned int len, time_t now); + void lease_set_interface(struct dhcp_lease *lease, int interface, time_t now); + struct dhcp_lease *lease_find_by_client(unsigned char *hwaddr, int hw_len, int hw_type, +diff --git a/src/lease.c b/src/lease.c +index 545bbb7fd09c..8adb60588671 100644 +--- a/src/lease.c ++++ b/src/lease.c +@@ -813,9 +813,9 @@ void lease_set_iaid(struct dhcp_lease *lease, int iaid) + } + #endif + +-void lease_set_hwaddr(struct dhcp_lease *lease, unsigned char *hwaddr, +- unsigned char *clid, int hw_len, int hw_type, int clid_len, +- time_t now, int force) ++void lease_set_hwaddr(struct dhcp_lease *lease, const unsigned char *hwaddr, ++ const unsigned char *clid, int hw_len, int hw_type, ++ int clid_len, time_t now, int force) + { + #ifdef HAVE_DHCP6 + int change = force; +@@ -897,7 +897,7 @@ static void kill_name(struct dhcp_lease *lease) + lease->hostname = lease->fqdn = NULL; + } + +-void lease_set_hostname(struct dhcp_lease *lease, char *name, int auth, char *domain, char *config_domain) ++void lease_set_hostname(struct dhcp_lease *lease, const char *name, int auth, char *domain, char *config_domain) + { + struct dhcp_lease *lease_tmp; + char *new_name = NULL, *new_fqdn = NULL; +-- +2.1.0 + diff --git a/src/patches/dracut-038_add_sdhci-pci.patch b/src/patches/dracut-038_add_sdhci-pci.patch new file mode 100644 index 0000000..b002246 --- /dev/null +++ b/src/patches/dracut-038_add_sdhci-pci.patch @@ -0,0 +1,12 @@ +diff -Naur dracut-038.org/modules.d/90kernel-modules/module-setup.sh dracut-038/modules.d/90kernel-modules/module-setup.sh +--- dracut-038.org/modules.d/90kernel-modules/module-setup.sh 2014-06-30 12:03:12.000000000 +0200 ++++ dracut-038/modules.d/90kernel-modules/module-setup.sh 2015-05-05 14:58:56.820197839 +0200 +@@ -47,7 +47,7 @@ + atkbd i8042 usbhid hid-apple hid-sunplus hid-cherry hid-logitech \ + hid-logitech-dj hid-microsoft firewire-ohci \ + pcmcia usb_storage nvme hid-hyperv hv-vmbus \ +- sdhci_acpi ++ sdhci_acpi sdhci_pci + + if [[ "$(uname -p)" == arm* ]]; then + # arm specific modules diff --git a/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch b/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch new file mode 100644 index 0000000..24a8ca1 --- /dev/null +++ b/src/patches/fireinfo-Skip-search-for-hypervisor-name-when-the-CPU-string-.patch @@ -0,0 +1,34 @@ +From c667589410912ca980a78f417e86dd6585d58f9a Mon Sep 17 00:00:00 2001 +From: Michael Tremer michael.tremer@ipfire.org +Date: Mon, 4 May 2015 16:00:31 +0200 +Subject: [PATCH] Skip search for hypervisor name when the CPU string is empty + +--- + src/_fireinfo/fireinfo.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/_fireinfo/fireinfo.c b/src/_fireinfo/fireinfo.c +index fc639d9d4cd9..6601c21a733f 100644 +--- a/src/_fireinfo/fireinfo.c ++++ b/src/_fireinfo/fireinfo.c +@@ -156,11 +156,12 @@ int detect_hypervisor(int *hypervisor) { + + *hypervisor = HYPER_OTHER; + +- int id; +- for (id = HYPER_NONE + 1; id < HYPER_LAST; id++) { +- if (strcmp(hypervisor_ids[id], sig.text) == 0) { +- *hypervisor = id; +- break; ++ if (*sig.text) { ++ for (int id = HYPER_NONE + 1; id < HYPER_LAST; id++) { ++ if (strcmp(hypervisor_ids[id], sig.text) == 0) { ++ *hypervisor = id; ++ break; ++ } + } + } + +-- +2.1.0 + diff --git a/src/patches/glibc/glibc-rh1207995.patch b/src/patches/glibc/glibc-rh1207995.patch new file mode 100644 index 0000000..1732de6 --- /dev/null +++ b/src/patches/glibc/glibc-rh1207995.patch @@ -0,0 +1,27 @@ +# +# Based on the following commit: +# +# commit f9d2d03254a58d92635a311a42253eeed5a40a47 +# Author: Andreas Schwab schwab@suse.de +# Date: Mon May 26 18:01:31 2014 +0200 +# +# Fix invalid file descriptor reuse while sending DNS query (BZ #15946) +# +# 2014-06-03 Andreas Schwab schwab@suse.de +# +# [BZ #15946] +# * resolv/res_send.c (send_dg): Reload file descriptor after +# calling reopen. +# +diff --git a/resolv/res_send.c b/resolv/res_send.c +index 3273d55..af42b8a 100644 +--- a/resolv/res_send.c ++++ b/resolv/res_send.c +@@ -1410,6 +1410,7 @@ send_dg(res_state statp, + retval = reopen (statp, terrno, ns); + if (retval <= 0) + return retval; ++ pfd[0].fd = EXT(statp).nssocks[ns]; + } + } + goto wait; diff --git a/src/patches/glibc/glibc-rh1209375.patch b/src/patches/glibc/glibc-rh1209375.patch new file mode 100644 index 0000000..74393f0 --- /dev/null +++ b/src/patches/glibc/glibc-rh1209375.patch @@ -0,0 +1,18 @@ +@@ -, +, @@ + resolv/nss_dns/dns-host.c:getanswer_r. +--- + resolv/nss_dns/dns-host.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) +--- a/resolv/nss_dns/dns-host.c ++++ a/resolv/nss_dns/dns-host.c +@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, + int have_to_map = 0; + uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); + buffer += pad; +- if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0)) ++ buflen = buflen > pad ? buflen - pad : 0; ++ if (__builtin_expect (buflen < sizeof (struct host_data), 0)) + { + /* The buffer is too small. */ + too_small: +-- diff --git a/src/patches/hostapd-2.3_increase_EAPOL-timeouts.patch b/src/patches/hostapd-2.3_increase_EAPOL-timeouts.patch new file mode 100644 index 0000000..bbda55a --- /dev/null +++ b/src/patches/hostapd-2.3_increase_EAPOL-timeouts.patch @@ -0,0 +1,16 @@ +diff -Naur hostapd-2.3.org/src/ap/wpa_auth.c hostapd-2.3/src/ap/wpa_auth.c +--- hostapd-2.3.org/src/ap/wpa_auth.c 2014-10-09 16:41:31.000000000 +0200 ++++ hostapd-2.3/src/ap/wpa_auth.c 2015-04-07 16:32:10.671422975 +0200 +@@ -45,9 +45,9 @@ + + static const u32 dot11RSNAConfigGroupUpdateCount = 4; + static const u32 dot11RSNAConfigPairwiseUpdateCount = 4; +-static const u32 eapol_key_timeout_first = 100; /* ms */ +-static const u32 eapol_key_timeout_subseq = 1000; /* ms */ +-static const u32 eapol_key_timeout_first_group = 500; /* ms */ ++static const u32 eapol_key_timeout_first = 300; /* ms */ ++static const u32 eapol_key_timeout_subseq = 3000; /* ms */ ++static const u32 eapol_key_timeout_first_group = 1500; /* ms */ + + /* TODO: make these configurable */ + static const int dot11RSNAConfigPMKLifetime = 43200; diff --git a/src/patches/linux-3.14.x-hyperv-2008-fix.patch b/src/patches/linux-3.14.x-hyperv-2008-fix.patch new file mode 100644 index 0000000..e538e08 --- /dev/null +++ b/src/patches/linux-3.14.x-hyperv-2008-fix.patch @@ -0,0 +1,50 @@ +From 99d3016de4f2a29635f5382b0e9bd0e5f2151487 Mon Sep 17 00:00:00 2001 +From: Haiyang Zhang haiyangz@microsoft.com +Date: Sun, 9 Mar 2014 16:10:59 -0700 +Subject: hyperv: Change the receive buffer size for legacy hosts + +Due to a bug in the Hyper-V host verion 2008R2, we need to use a slightly smaller +receive buffer size, otherwise the buffer will not be accepted by the legacy hosts. + +Signed-off-by: Haiyang Zhang haiyangz@microsoft.com +Signed-off-by: David S. Miller davem@davemloft.net + +diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h +index 7d06b49..13010b4 100644 +--- a/drivers/net/hyperv/hyperv_net.h ++++ b/drivers/net/hyperv/hyperv_net.h +@@ -513,6 +513,7 @@ struct nvsp_message { + #define NETVSC_MTU 65536 + + #define NETVSC_RECEIVE_BUFFER_SIZE (1024*1024*16) /* 16MB */ ++#define NETVSC_RECEIVE_BUFFER_SIZE_LEGACY (1024*1024*15) /* 15MB */ + + #define NETVSC_RECEIVE_BUFFER_ID 0xcafe + +diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c +index 1a0280d..daddea2 100644 +--- a/drivers/net/hyperv/netvsc.c ++++ b/drivers/net/hyperv/netvsc.c +@@ -365,6 +365,11 @@ static int netvsc_connect_vsp(struct hv_device *device) + goto cleanup; + + /* Post the big receive buffer to NetVSP */ ++ if (net_device->nvsp_version <= NVSP_PROTOCOL_VERSION_2) ++ net_device->recv_buf_size = NETVSC_RECEIVE_BUFFER_SIZE_LEGACY; ++ else ++ net_device->recv_buf_size = NETVSC_RECEIVE_BUFFER_SIZE; ++ + ret = netvsc_init_recv_buf(device); + + cleanup: +@@ -898,7 +903,6 @@ int netvsc_device_add(struct hv_device *device, void *additional_info) + ndev = net_device->ndev; + + /* Initialize the NetVSC channel extension */ +- net_device->recv_buf_size = NETVSC_RECEIVE_BUFFER_SIZE; + spin_lock_init(&net_device->recv_pkt_list_lock); + + INIT_LIST_HEAD(&net_device->recv_pkt_list); +-- +cgit v0.10.2 + diff --git a/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch b/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch deleted file mode 100644 index 1c0f994..0000000 --- a/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 7f558e6e8abee42cc966e2cb64be0de875797e07 Mon Sep 17 00:00:00 2001 -From: Arne Fitzenreiter arne_f@ipfire.org -Date: Fri, 20 Feb 2015 10:01:26 +0100 -Subject: [PATCH] sun7i: dts: lamobo-r1: fix sata pwr regulator pin. - -Lamobo-R1 use PB3 instead of PB8 for controlling the SATA power regulator. ---- - arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git a/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts b/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts -index 1eb6c9b..d634d2f 100644 ---- a/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts -+++ b/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts -@@ -166,6 +166,16 @@ - reg = <1>; - }; - }; -+ -+ pio: pinctrl@01c20800 { -+ ahci_pwr_pin_a: ahci_pwr_pin@0 { -+ allwinner,pins = "PB3"; -+ allwinner,function = "gpio_out"; -+ allwinner,drive = <0>; -+ allwinner,pull = <0>; -+ }; -+ }; -+ - }; - - leds { -@@ -181,6 +191,14 @@ - }; - - reg_ahci_5v: ahci-5v { -+ compatible = "regulator-fixed"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&ahci_pwr_pin_a>; -+ regulator-name = "ahci-5v"; -+ regulator-min-microvolt = <5000000>; -+ regulator-max-microvolt = <5000000>; -+ enable-active-high; -+ gpio = <&pio 1 3 0>; - status = "okay"; - }; - --- -1.8.5.2 - diff --git a/src/patches/openssl-1.0.1e-rpmbuild.patch b/src/patches/openssl-1.0.1e-rpmbuild.patch deleted file mode 100644 index b01520e..0000000 --- a/src/patches/openssl-1.0.1e-rpmbuild.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up openssl-1.0.1e/Configure.rpmbuild openssl-1.0.1e/Configure ---- openssl-1.0.1e/Configure.rpmbuild 2014-08-13 19:19:53.211005598 +0200 -+++ openssl-1.0.1e/Configure 2014-08-13 19:29:21.704099285 +0200 -@@ -1675,7 +1676,7 @@ while (<IN>) - elsif ($shared_extension ne "" && $shared_extension =~ /^.s([ol]).[^.]*.[^.]*$/) - { - my $sotmp = $1; -- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_MAJOR) .s$sotmp/; -+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_SONAMEVER) .s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^.[^.]*.[^.]*.dylib$/) - { -diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org ---- openssl-1.0.1e/Makefile.org.rpmbuild 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/Makefile.org 2014-08-13 19:19:53.218005759 +0200 -@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= - SHLIB_MAJOR= - SHLIB_MINOR= - SHLIB_EXT= -+SHLIB_SONAMEVER=10 - PLATFORM=dist - OPTIONS= - CONFIGURE_ARGS= -@@ -333,10 +334,9 @@ clean-shared: - link-shared: - @ set -e; for i in $(SHLIBDIRS); do \ - $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ -- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ -+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - symlink.$(SHLIB_TARGET); \ -- libs="$$libs -l$$i"; \ - done - - build-shared: do_$(SHLIB_TARGET) link-shared -@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET): - libs="$(LIBKRB5) $$libs"; \ - fi; \ - $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ -- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ -+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - LIBDEPS="$$libs $(EX_LIBS)" \ - link_a.$(SHLIB_TARGET); \ ---- a/Configure.old 2015-03-19 18:10:45.101201021 +0000 -+++ b/Configure 2015-03-19 18:11:19.324547495 +0000 -@@ -345,14 +345,14 @@ - #### - # *-generic* is endian-neutral target, but ./config is free to - # throw in -D[BL]_ENDIAN, whichever appropriate... --"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_SONAMEVER)", - "linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", - # It's believed that majority of ARM toolchains predefine appropriate -march. - # If you compiler does not, do complement config command line with one! - "linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", - #### IA-32 targets... - "linux-ia32-icc", "icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_SONAMEVER)", - "linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", - #### - "linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", diff --git a/src/patches/openssl-1.0.2a-rpmbuild.patch b/src/patches/openssl-1.0.2a-rpmbuild.patch new file mode 100644 index 0000000..2395d86 --- /dev/null +++ b/src/patches/openssl-1.0.2a-rpmbuild.patch @@ -0,0 +1,62 @@ +diff -Nur openssl-1.0.2a-vanilla/Configure openssl-1.0.2a/Configure +--- openssl-1.0.2a-vanilla/Configure 2015-03-19 13:30:36.000000000 +0000 ++++ openssl-1.0.2a/Configure 2015-04-23 10:31:41.336569854 +0000 +@@ -348,7 +348,7 @@ + #### + # *-generic* is endian-neutral target, but ./config is free to + # throw in -D[BL]_ENDIAN, whichever appropriate... +-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", ++"linux-generic32","gcc:$(CFLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:$(CFLAGS):.so.$(SHLIB_SONAMEVER)", + "linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", + + ####################################################################### +@@ -389,7 +389,7 @@ + "linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", + #### IA-32 targets... + "linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", +-"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", ++"linux-elf", "gcc:-DL_ENDIAN $(CFLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_SONAMEVER)", + "linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", + #### + "linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", +@@ -1737,7 +1737,7 @@ + elsif ($shared_extension ne "" && $shared_extension =~ /^.s([ol]).[^.]*.[^.]*$/) + { + my $sotmp = $1; +- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_MAJOR) .s$sotmp/; ++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_SONAMEVER) .s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^.[^.]*.[^.]*.dylib$/) + { +diff -Nur openssl-1.0.2a-vanilla/Makefile.org openssl-1.0.2a/Makefile.org +--- openssl-1.0.2a-vanilla/Makefile.org 2015-03-19 13:30:36.000000000 +0000 ++++ openssl-1.0.2a/Makefile.org 2015-04-23 10:30:03.184371933 +0000 +@@ -10,6 +10,7 @@ + SHLIB_MAJOR= + SHLIB_MINOR= + SHLIB_EXT= ++SHLIB_SONAMEVER=10 + PLATFORM=dist + OPTIONS= + CONFIGURE_ARGS= +@@ -335,10 +336,9 @@ + link-shared: + @ set -e; for i in $(SHLIBDIRS); do \ + $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ +- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ ++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + symlink.$(SHLIB_TARGET); \ +- libs="$$libs -l$$i"; \ + done + + build-shared: do_$(SHLIB_TARGET) link-shared +@@ -349,7 +349,7 @@ + libs="$(LIBKRB5) $$libs"; \ + fi; \ + $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ +- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ ++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + LIBDEPS="$$libs $(EX_LIBS)" \ + link_a.$(SHLIB_TARGET); \ diff --git a/src/patches/openssl-1.0.2a_auto_enable_padlock.patch b/src/patches/openssl-1.0.2a_auto_enable_padlock.patch new file mode 100644 index 0000000..b5c0e95 --- /dev/null +++ b/src/patches/openssl-1.0.2a_auto_enable_padlock.patch @@ -0,0 +1,34 @@ +diff -Naur openssl-1.0.2a.org/crypto/engine/eng_all.c openssl-1.0.2a/crypto/engine/eng_all.c +--- openssl-1.0.2a.org/crypto/engine/eng_all.c 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/crypto/engine/eng_all.c 2015-04-27 12:27:05.063569969 +0200 +@@ -120,6 +120,14 @@ + ENGINE_load_capi(); + # endif + #endif ++#ifdef OPENSSL_NO_STATIC_ENGINE ++ ENGINE *e; ++ e = ENGINE_by_id("padlock"); ++ if (e != NULL) { ++ ENGINE_add(e); ++ ENGINE_free(e); ++ } ++#endif + ENGINE_register_all_complete(); + } + +diff -Naur openssl-1.0.2a.org/ssl/ssl_algs.c openssl-1.0.2a/ssl/ssl_algs.c +--- openssl-1.0.2a.org/ssl/ssl_algs.c 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/ssl/ssl_algs.c 2015-04-27 11:04:27.893399695 +0200 +@@ -151,5 +151,12 @@ + #endif + /* initialize cipher/digest methods table */ + ssl_load_ciphers(); ++ ++ /* Init available hardware crypto engines */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE * padlock = ENGINE_by_id("padlock"); ++ if (padlock) ENGINE_set_default_ciphers(padlock); ++ + return (1); + } diff --git a/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch b/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch new file mode 100644 index 0000000..097cc80 --- /dev/null +++ b/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch @@ -0,0 +1,11 @@ +diff -Naur openssl-1.0.2a.org/crypto/x86cpuid.pl openssl-1.0.2a/crypto/x86cpuid.pl +--- openssl-1.0.2a.org/crypto/x86cpuid.pl 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/crypto/x86cpuid.pl 2015-04-28 13:47:57.853521020 +0200 +@@ -71,6 +71,7 @@ + &mov ("eax",1); + &xor ("ecx","ecx"); + &cpuid (); ++ &and ("ecx",0xfffffdff); # clear SSSE3 because it is incredible slow on AMD's + &bt ("edx",28); + &jnc (&label("generic")); + &shr ("ebx",16); diff --git a/src/patches/qemu-0.15.0_missing_definitions_hack.patch b/src/patches/qemu-0.15.0_missing_definitions_hack.patch deleted file mode 100644 index 4ff2c08..0000000 --- a/src/patches/qemu-0.15.0_missing_definitions_hack.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff -Naur qemu-kvm-0.15.0.org/hw/9pfs/virtio-9p-local.c qemu-kvm-0.15.0/hw/9pfs/virtio-9p-local.c ---- qemu-kvm-0.15.0.org/hw/9pfs/virtio-9p-local.c 2011-08-09 14:40:29.000000000 +0200 -+++ qemu-kvm-0.15.0/hw/9pfs/virtio-9p-local.c 2011-08-14 10:31:22.711480316 +0200 -@@ -21,6 +21,16 @@ - #include <sys/un.h> - #include <attr/xattr.h> - -+#ifndef AT_FDCWD -+/* Copied from linux/include/linux/fcntl.h * because direct include fails */ -+#define AT_FDCWD -100 /* Special value used to indicate -+ openat should use the current -+ working directory. */ -+#define AT_SYMLINK_NOFOLLOW 0x100 /* Do not follow symbolic links. */ -+#define AT_REMOVEDIR 0x200 /* Remove directory instead of -+ unlinking file. */ -+#define AT_SYMLINK_FOLLOW 0x400 /* Follow symbolic links. */ -+#endif - - static int local_lstat(FsContext *fs_ctx, const char *path, struct stat *stbuf) - { -diff -Naur qemu-kvm-0.15.0.org/linux-user/syscall.c qemu-kvm-0.15.0/linux-user/syscall.c ---- qemu-kvm-0.15.0.org/linux-user/syscall.c 2011-08-09 14:40:29.000000000 +0200 -+++ qemu-kvm-0.15.0/linux-user/syscall.c 2011-08-14 12:43:43.190231600 +0200 -@@ -971,6 +971,16 @@ - return result; - } - -+/* Copied from linux/include/asm/resource.h * because direct include fails */ -+ -+#ifndef RLIMIT_NICE -+#define RLIMIT_NICE 13 /* max nice prio allowed to raise to -+ 0-39 for nice level 19 .. -20 */ -+#endif -+#ifndef RLIMIT_RTPRIO -+#define RLIMIT_RTPRIO 14 /* maximum realtime priority */ -+#endif -+ - static inline int target_to_host_resource(int code) - { - switch (code) { diff --git a/src/patches/strongswan-5.0.2_ipfire.patch b/src/patches/strongswan-5.0.2_ipfire.patch deleted file mode 100644 index 71eb24e..0000000 --- a/src/patches/strongswan-5.0.2_ipfire.patch +++ /dev/null @@ -1,364 +0,0 @@ ---- a/src/_updown/_updown.in -+++ b/src/_updown/_updown.in -@@ -178,6 +178,29 @@ - ;; - esac - -+function ip_encode() { -+ local IFS=. -+ -+ local int=0 -+ for field in $1; do -+ int=$(( $(( $int << 8 )) | $field )) -+ done -+ -+ echo $int -+} -+ -+function ip_in_subnet() { -+ local netmask -+ netmask=$(_netmask $2) -+ [ $(( $(ip_encode $1) & $netmask)) = $(( $(ip_encode ${2%/*}) & $netmask )) ] -+} -+ -+function _netmask() { -+ local vlsm -+ vlsm=${1#*/} -+ [ $vlsm -eq 0 ] && echo 0 || echo $(( -1 << $(( 32 - $vlsm )) )) -+} -+ - # utility functions for route manipulation - # Meddling with this stuff should not be necessary and requires great care. - uproute() { -@@ -407,12 +430,12 @@ - # connection to me, with (left/right)firewall=yes, coming up - # This is used only by the default updown script, not by your custom - # ones, so do not mess with it; see CAUTION comment up at top. -- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ - -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT -- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT -+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j MARK --set-mark 50 - # - # allow IPIP traffic because of the implicit SA created by the kernel if - # IPComp is used (for small inbound packets that are not compressed) -@@ -428,10 +451,10 @@ - if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO \ -- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" -+ "host+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" - else - logger -t $TAG -p $FAC_PRIO \ -- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" -+ "host+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" - fi - fi - ;; -@@ -439,12 +462,12 @@ - # connection to me, with (left/right)firewall=yes, going down - # This is used only by the default updown script, not by your custom - # ones, so do not mess with it; see CAUTION comment up at top. -- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ - -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT -- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT -+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j MARK --set-mark 50 - # - # IPIP exception teardown - if [ -n "$PLUTO_IPCOMP" ] -@@ -459,10 +482,10 @@ - if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO -- \ -- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" -+ "host- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" - else - logger -t $TAG -p $FAC_PRIO -- \ -- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" -+ "host- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" - fi - fi - ;; -@@ -472,24 +495,24 @@ - # ones, so do not mess with it; see CAUTION comment up at top. - if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] - then -- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ iptables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT $S_MY_PORT \ -- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT -- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j MARK --set-mark 50 -+ iptables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ -- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT -+ -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j RETURN - fi - # - # a virtual IP requires an INPUT and OUTPUT rule on the host - # or sometimes host access via the internal IP is needed - if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] - then -- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ -- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT -- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j RETURN -+ iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT $S_MY_PORT \ -- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT -+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j MARK --set-mark 50 - fi - # - # allow IPIP traffic because of the implicit SA created by the kernel if -@@ -497,7 +520,7 @@ - # INPUT is correct here even for forwarded traffic. - if [ -n "$PLUTO_IPCOMP" ] - then -- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \ -+ iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p 4 \ - -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT - fi - # -@@ -507,12 +530,51 @@ - if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO \ -- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" -+ "client+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - else - logger -t $TAG -p $FAC_PRIO \ -- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" -+ "client+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - fi - fi -+ -+ # -+ # Open Firewall for IPinIP + AH + ESP Traffic -+ iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p IP \ -+ -s $PLUTO_PEER $S_PEER_PORT \ -+ -d $PLUTO_ME $D_MY_PORT -j ACCEPT -+ iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p AH \ -+ -s $PLUTO_PEER $S_PEER_PORT \ -+ -d $PLUTO_ME $D_MY_PORT -j ACCEPT -+ iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p ESP \ -+ -s $PLUTO_PEER $S_PEER_PORT \ -+ -d $PLUTO_ME $D_MY_PORT -j ACCEPT -+ if [ $VPN_LOGGING ] -+ then -+ logger -t $TAG -p $FAC_PRIO \ -+ "tunnel+ $PLUTO_PEER -- $PLUTO_ME" -+ fi -+ -+ # Add source nat so also the gateway can access the other nets -+ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) -+ for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do -+ ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}" -+ if [ $? -eq 0 ]; then -+ src=${_src} -+ break -+ fi -+ done -+ -+ if [ -n "${src}" ]; then -+ iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src -+ logger -t $TAG -p $FAC_PRIO \ -+ "snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src" -+ else -+ logger -t $TAG -p $FAC_PRIO \ -+ "Cannot create NAT rule because no IP of the IPFire does match the subnet. $PLUTO_MY_CLIENT" -+ fi -+ -+ # Flush routing cache -+ ip route flush cache - ;; - down-client:iptables) - # connection to client subnet, with (left/right)firewall=yes, going down -@@ -520,34 +582,34 @@ - # ones, so do not mess with it; see CAUTION comment up at top. - if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] - then -- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ iptables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ -- $IPSEC_POLICY_OUT -j ACCEPT -- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ $IPSEC_POLICY_OUT -j MARK --set-mark 50 -+ iptables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT $D_MY_PORT \ -- $IPSEC_POLICY_IN -j ACCEPT -+ $IPSEC_POLICY_IN -j RETURN - fi - # - # a virtual IP requires an INPUT and OUTPUT rule on the host - # or sometimes host access via the internal IP is needed - if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] - then -- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT $D_MY_PORT \ -- $IPSEC_POLICY_IN -j ACCEPT -- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ $IPSEC_POLICY_IN -j RETURN -+ iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ -- $IPSEC_POLICY_OUT -j ACCEPT -+ $IPSEC_POLICY_OUT -j MARK --set-mark 50 - fi - # - # IPIP exception teardown - if [ -n "$PLUTO_IPCOMP" ] - then -- iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \ -+ iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p 4 \ - -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT - fi - # -@@ -557,12 +619,51 @@ - if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO -- \ -- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" -+ "client- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - else - logger -t $TAG -p $FAC_PRIO -- \ -- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" -+ "client- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - fi - fi -+ -+ # -+ # Close Firewall for IPinIP + AH + ESP Traffic -+ iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p IP \ -+ -s $PLUTO_PEER $S_PEER_PORT \ -+ -d $PLUTO_ME $D_MY_PORT -j ACCEPT -+ iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p AH \ -+ -s $PLUTO_PEER $S_PEER_PORT \ -+ -d $PLUTO_ME $D_MY_PORT -j ACCEPT -+ iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p ESP \ -+ -s $PLUTO_PEER $S_PEER_PORT \ -+ -d $PLUTO_ME $D_MY_PORT -j ACCEPT -+ if [ $VPN_LOGGING ] -+ then -+ logger -t $TAG -p $FAC_PRIO \ -+ "tunnel- $PLUTO_PEER -- $PLUTO_ME" -+ fi -+ -+ # remove source nat -+ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) -+ for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do -+ ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}" -+ if [ $? -eq 0 ]; then -+ src=${_src} -+ break -+ fi -+ done -+ -+ if [ -n "${src}" ]; then -+ iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src -+ logger -t $TAG -p $FAC_PRIO \ -+ "snat- $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src" -+ else -+ logger -t $TAG -p $FAC_PRIO \ -+ "Cannot remove NAT rule because no IP of the IPFire does match the subnet." -+ fi -+ -+ # Flush routing cache -+ ip route flush cache - ;; - # - # IPv6 -@@ -597,10 +698,10 @@ - # connection to me, with (left/right)firewall=yes, coming up - # This is used only by the default updown script, not by your custom - # ones, so do not mess with it; see CAUTION comment up at top. -- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ ip6tables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ - -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT -- ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ ip6tables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ - -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT - # -@@ -621,10 +722,10 @@ - # connection to me, with (left/right)firewall=yes, going down - # This is used only by the default updown script, not by your custom - # ones, so do not mess with it; see CAUTION comment up at top. -- ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ ip6tables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ - -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT -- ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ ip6tables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ - -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT - # -@@ -647,10 +748,10 @@ - # ones, so do not mess with it; see CAUTION comment up at top. - if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ] - then -- ip6tables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ ip6tables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT -- ip6tables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ ip6tables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT - fi -@@ -659,10 +760,10 @@ - # or sometimes host access via the internal IP is needed - if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] - then -- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ ip6tables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT -- ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ ip6tables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT - fi -@@ -686,11 +787,11 @@ - # ones, so do not mess with it; see CAUTION comment up at top. - if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ] - then -- ip6tables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ ip6tables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ - $IPSEC_POLICY_OUT -j ACCEPT -- ip6tables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ ip6tables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT $D_MY_PORT \ - $IPSEC_POLICY_IN -j ACCEPT -@@ -700,11 +801,11 @@ - # or sometimes host access via the internal IP is needed - if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] - then -- ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -+ ip6tables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT $D_MY_PORT \ - $IPSEC_POLICY_IN -j ACCEPT -- ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -+ ip6tables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ - $IPSEC_POLICY_OUT -j ACCEPT diff --git a/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch b/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch deleted file mode 100644 index 44b247e..0000000 --- a/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit 650a3ad5151958b99a95836fb8b84b8aa18da1be -Author: Tobias Brunner tobias@strongswan.org -Date: Wed Feb 25 08:09:11 2015 +0100 - - ike-sa-manager: Make sure the message ID of initial messages is 0 - - It is mandated by the RFCs and it is expected by the task managers. - - Initial messages with invalid MID will be treated like regular messages, - so no IKE_SA will be created for them. Instead, if the responder SPI is 0 - no SA will be found and the message is rejected with ALERT_INVALID_IKE_SPI. - If an SPI is set and we do find an SA, then we either ignore the message - because the MID is unexpected, or because we don't allow initial messages - on established connections. - - There is one exception, though, if an attacker can slip in an IKE_SA_INIT - with both SPIs set before the client's IKE_AUTH is handled by the server, - it does get processed (see next commit). - - References #816. - -diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c -index d0cbd47..5e2b925 100644 ---- a/src/libcharon/sa/ike_sa_manager.c -+++ b/src/libcharon/sa/ike_sa_manager.c -@@ -1184,7 +1184,8 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, - - DBG2(DBG_MGR, "checkout IKE_SA by message"); - -- if (id->get_responder_spi(id) == 0) -+ if (id->get_responder_spi(id) == 0 && -+ message->get_message_id(message) == 0) - { - if (message->get_major_version(message) == IKEV2_MAJOR_VERSION) - { diff --git a/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch b/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch deleted file mode 100644 index 4d76e7c..0000000 --- a/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch +++ /dev/null @@ -1,42 +0,0 @@ -commit dd0ebb54837298c869389d36a0b42eefdb893dd6 -Author: Tobias Brunner tobias@strongswan.org -Date: Wed Feb 25 08:30:33 2015 +0100 - - ikev2: Only accept initial messages in specific states - - The previous code allowed an attacker to slip in an IKE_SA_INIT with - both SPIs and MID 1 set when an IKE_AUTH would be expected instead. - - References #816. - -diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c -index be84e71..540d4dc 100644 ---- a/src/libcharon/sa/ikev2/task_manager_v2.c -+++ b/src/libcharon/sa/ikev2/task_manager_v2.c -@@ -1304,17 +1304,16 @@ METHOD(task_manager_t, process_message, status_t, - { - if (mid == this->responding.mid) - { -- /* reject initial messages once established */ -- if (msg->get_exchange_type(msg) == IKE_SA_INIT || -- msg->get_exchange_type(msg) == IKE_AUTH) -+ /* reject initial messages if not received in specific states */ -+ if ((msg->get_exchange_type(msg) == IKE_SA_INIT && -+ this->ike_sa->get_state(this->ike_sa) != IKE_CREATED) || -+ (msg->get_exchange_type(msg) == IKE_AUTH && -+ this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)) - { -- if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED && -- this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING) -- { -- DBG1(DBG_IKE, "ignoring %N in established IKE_SA state", -- exchange_type_names, msg->get_exchange_type(msg)); -- return FAILED; -- } -+ DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N", -+ exchange_type_names, msg->get_exchange_type(msg), -+ ike_sa_state_names, this->ike_sa->get_state(this->ike_sa)); -+ return FAILED; - } - if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) - { /* with MOBIKE, we do no implicit updates */ diff --git a/src/patches/strongswan-5.2.2-issue-816-eb25190.patch b/src/patches/strongswan-5.2.2-issue-816-eb25190.patch deleted file mode 100644 index 8dcb32b..0000000 --- a/src/patches/strongswan-5.2.2-issue-816-eb25190.patch +++ /dev/null @@ -1,31 +0,0 @@ -commit eb251906298b529fa53b8a99746a9a7a9f318dd5 -Author: Tobias Brunner tobias@strongswan.org -Date: Wed Feb 25 08:18:58 2015 +0100 - - ikev2: Don't destroy the SA if an IKE_SA_INIT with unexpected MID is received - - This reverts 8f727d800751 ("Clean up IKE_SA state if IKE_SA_INIT request - does not have message ID 0") because it allowed to close any IKE_SA by - sending an IKE_SA_INIT with an unexpected MID and both SPIs set to those - of that SA. - - The next commit will prevent SAs from getting created for IKE_SA_INIT messages - with invalid MID. - - Fixes #816. - -diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c -index 48266aa..be84e71 100644 ---- a/src/libcharon/sa/ikev2/task_manager_v2.c -+++ b/src/libcharon/sa/ikev2/task_manager_v2.c -@@ -1355,10 +1355,6 @@ METHOD(task_manager_t, process_message, status_t, - { - DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored", - mid, this->responding.mid); -- if (msg->get_exchange_type(msg) == IKE_SA_INIT) -- { /* clean up IKE_SA state if IKE_SA_INIT has invalid msg ID */ -- return DESTROY_ME; -- } - } - } - else diff --git a/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch b/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch deleted file mode 100644 index 0c54812..0000000 --- a/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch +++ /dev/null @@ -1,50 +0,0 @@ -From cd2c30a56ec9bdab8b3923851509f27a4fd6f537 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner tobias@strongswan.org -Date: Tue, 10 Feb 2015 19:03:44 +0100 -Subject: [PATCH] ikev1: Set protocol ID and SPIs in INITIAL-CONTACT - notification payloads - -The payload we sent before is not compliant with RFC 2407 and thus some -peers might abort negotiation (e.g. with an INVALID-PROTOCOL-ID error). - - #819 ---- - src/libcharon/sa/ikev1/tasks/main_mode.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c -index 5065e70..3ea4a2a 100644 ---- a/src/libcharon/sa/ikev1/tasks/main_mode.c -+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c -@@ -213,6 +213,10 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message, - { - identification_t *idr; - host_t *host; -+ notify_payload_t *notify; -+ ike_sa_id_t *ike_sa_id; -+ u_int64_t spi_i, spi_r; -+ chunk_t spi; - - idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE); - if (idr && !idr->contains_wildcards(idr)) -@@ -224,8 +228,15 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message, - if (!charon->ike_sa_manager->has_contact(charon->ike_sa_manager, - idi, idr, host->get_family(host))) - { -- message->add_notify(message, FALSE, INITIAL_CONTACT_IKEV1, -- chunk_empty); -+ notify = notify_payload_create_from_protocol_and_type( -+ PLV1_NOTIFY, PROTO_IKE, INITIAL_CONTACT_IKEV1); -+ ike_sa_id = this->ike_sa->get_id(this->ike_sa); -+ spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); -+ spi_r = ike_sa_id->get_responder_spi(ike_sa_id); -+ spi = chunk_cata("cc", chunk_from_thing(spi_i), -+ chunk_from_thing(spi_r)); -+ notify->set_spi_data(notify, spi); -+ message->add_payload(message, (payload_t*)notify); - } - } - } --- -1.7.9.5 - diff --git a/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch b/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch new file mode 100644 index 0000000..2252e31 --- /dev/null +++ b/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch @@ -0,0 +1,34 @@ +From 4b59d129fd1026bab37256af0df9ae7ace39e7ba Mon Sep 17 00:00:00 2001 +From: Michael Tremer michael.tremer@ipfire.org +Date: Mon, 27 Apr 2015 18:49:45 +0200 +Subject: [PATCH] stroke: Increase stroke buffer size to 8k + +Complicated connections can have lots of arguments +for the ike= and esp= directives in the ipsec.conf +configuration file. strongSwan wouldn't import those +because the size of the message that is send from +stroke to charon exceeded the limit of 4k. + +This patch increases the size of the buffer that +can be passed to charon to 8k which should be enough +even for connections with longer configurations. +--- + src/stroke/stroke_msg.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h +index c2b923f6db9a..c391efa00105 100644 +--- a/src/stroke/stroke_msg.h ++++ b/src/stroke/stroke_msg.h +@@ -32,7 +32,7 @@ + */ + #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl" + +-#define STROKE_BUF_LEN 4096 ++#define STROKE_BUF_LEN 8192 + + typedef enum list_flag_t list_flag_t; + +-- +2.1.0 + diff --git a/src/patches/strongswan-ipfire.patch b/src/patches/strongswan-ipfire.patch new file mode 100644 index 0000000..7071983 --- /dev/null +++ b/src/patches/strongswan-ipfire.patch @@ -0,0 +1,364 @@ +--- strongswan-5.3.0/src/_updown/_updown.in.old 2015-03-17 18:17:43.000000000 +0000 ++++ strongswan-5.3.0/src/_updown/_updown.in 2015-03-30 22:48:27.084030719 +0000 +@@ -122,6 +122,29 @@ + # address family. + # + ++function ip_encode() { ++ local IFS=. ++ ++ local int=0 ++ for field in $1; do ++ int=$(( $(( $int << 8 )) | $field )) ++ done ++ ++ echo $int ++} ++ ++function ip_in_subnet() { ++ local netmask ++ netmask=$(_netmask $2) ++ [ $(( $(ip_encode $1) & $netmask)) = $(( $(ip_encode ${2%/*}) & $netmask )) ] ++} ++ ++function _netmask() { ++ local vlsm ++ vlsm=${1#*/} ++ [ $vlsm -eq 0 ] && echo 0 || echo $(( -1 << $(( 32 - $vlsm )) )) ++} ++ + # define a minimum PATH environment in case it is not set + PATH="/sbin:/bin:/usr/sbin:/usr/bin:@sbindir@" + export PATH +@@ -232,12 +255,12 @@ + # connection to me, with (left/right)firewall=yes, coming up + # This is used only by the default updown script, not by your custom + # ones, so do not mess with it; see CAUTION comment up at top. +- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ + -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT +- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ iptables --wait -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ +- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT ++ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j MARK --set-mark 50 + # + # allow IPIP traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) +@@ -253,10 +276,10 @@ + if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] + then + logger -t $TAG -p $FAC_PRIO \ +- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" ++ "host+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" + else + logger -t $TAG -p $FAC_PRIO \ +- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" ++ "host+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" + fi + fi + ;; +@@ -264,12 +287,12 @@ + # connection to me, with (left/right)firewall=yes, going down + # This is used only by the default updown script, not by your custom + # ones, so do not mess with it; see CAUTION comment up at top. +- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ + -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT +- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ iptables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ +- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT ++ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j MARK --set-mark 50 + # + # IPIP exception teardown + if [ -n "$PLUTO_IPCOMP" ] +@@ -284,10 +307,10 @@ + if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] + then + logger -t $TAG -p $FAC_PRIO -- \ +- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" ++ "host- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" + else + logger -t $TAG -p $FAC_PRIO -- \ +- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" ++ "host- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" + fi + fi + ;; +@@ -297,24 +320,24 @@ + # ones, so do not mess with it; see CAUTION comment up at top. + if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] + then +- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ iptables --wait -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_MY_CLIENT $S_MY_PORT \ +- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT +- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j MARK --set-mark 50 ++ iptables --wait -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ +- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT ++ -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j RETURN + fi + # + # a virtual IP requires an INPUT and OUTPUT rule on the host + # or sometimes host access via the internal IP is needed + if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] + then +- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ +- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT +- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j RETURN ++ iptables --wait -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_MY_CLIENT $S_MY_PORT \ +- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT ++ -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j MARK --set-mark 50 + fi + # + # allow IPIP traffic because of the implicit SA created by the kernel if +@@ -322,7 +345,7 @@ + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then +- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \ ++ iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p 4 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # +@@ -332,12 +355,51 @@ + if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] + then + logger -t $TAG -p $FAC_PRIO \ +- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" ++ "client+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" + else + logger -t $TAG -p $FAC_PRIO \ +- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" ++ "client+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" + fi + fi ++ ++ # ++ # Open Firewall for IPinIP + AH + ESP Traffic ++ iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p IP \ ++ -s $PLUTO_PEER $S_PEER_PORT \ ++ -d $PLUTO_ME $D_MY_PORT -j ACCEPT ++ iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p AH \ ++ -s $PLUTO_PEER $S_PEER_PORT \ ++ -d $PLUTO_ME $D_MY_PORT -j ACCEPT ++ iptables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p ESP \ ++ -s $PLUTO_PEER $S_PEER_PORT \ ++ -d $PLUTO_ME $D_MY_PORT -j ACCEPT ++ if [ $VPN_LOGGING ] ++ then ++ logger -t $TAG -p $FAC_PRIO \ ++ "tunnel+ $PLUTO_PEER -- $PLUTO_ME" ++ fi ++ ++ # Add source nat so also the gateway can access the other nets ++ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) ++ for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do ++ ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}" ++ if [ $? -eq 0 ]; then ++ src=${_src} ++ break ++ fi ++ done ++ ++ if [ -n "${src}" ]; then ++ iptables --wait -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src ++ logger -t $TAG -p $FAC_PRIO \ ++ "snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src" ++ else ++ logger -t $TAG -p $FAC_PRIO \ ++ "Cannot create NAT rule because no IP of the IPFire does match the subnet. $PLUTO_MY_CLIENT" ++ fi ++ ++ # Flush routing cache ++ ip route flush cache + ;; + down-client:iptables) + # connection to client subnet, with (left/right)firewall=yes, going down +@@ -345,34 +407,34 @@ + # ones, so do not mess with it; see CAUTION comment up at top. + if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] + then +- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ iptables --wait -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_MY_CLIENT $S_MY_PORT \ + -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ +- $IPSEC_POLICY_OUT -j ACCEPT +- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ $IPSEC_POLICY_OUT -j MARK --set-mark 50 ++ iptables --wait -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ + -d $PLUTO_MY_CLIENT $D_MY_PORT \ +- $IPSEC_POLICY_IN -j ACCEPT ++ $IPSEC_POLICY_IN -j RETURN + fi + # + # a virtual IP requires an INPUT and OUTPUT rule on the host + # or sometimes host access via the internal IP is needed + if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] + then +- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ + -d $PLUTO_MY_CLIENT $D_MY_PORT \ +- $IPSEC_POLICY_IN -j ACCEPT +- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ $IPSEC_POLICY_IN -j RETURN ++ iptables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_MY_CLIENT $S_MY_PORT \ + -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ +- $IPSEC_POLICY_OUT -j ACCEPT ++ $IPSEC_POLICY_OUT -j MARK --set-mark 50 + fi + # + # IPIP exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then +- iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \ ++ iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p 4 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # +@@ -382,12 +444,51 @@ + if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] + then + logger -t $TAG -p $FAC_PRIO -- \ +- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" ++ "client- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" + else + logger -t $TAG -p $FAC_PRIO -- \ +- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" ++ "client- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" + fi + fi ++ ++ # ++ # Close Firewall for IPinIP + AH + ESP Traffic ++ iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p IP \ ++ -s $PLUTO_PEER $S_PEER_PORT \ ++ -d $PLUTO_ME $D_MY_PORT -j ACCEPT ++ iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p AH \ ++ -s $PLUTO_PEER $S_PEER_PORT \ ++ -d $PLUTO_ME $D_MY_PORT -j ACCEPT ++ iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p ESP \ ++ -s $PLUTO_PEER $S_PEER_PORT \ ++ -d $PLUTO_ME $D_MY_PORT -j ACCEPT ++ if [ $VPN_LOGGING ] ++ then ++ logger -t $TAG -p $FAC_PRIO \ ++ "tunnel- $PLUTO_PEER -- $PLUTO_ME" ++ fi ++ ++ # remove source nat ++ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) ++ for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do ++ ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}" ++ if [ $? -eq 0 ]; then ++ src=${_src} ++ break ++ fi ++ done ++ ++ if [ -n "${src}" ]; then ++ iptables --wait -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src ++ logger -t $TAG -p $FAC_PRIO \ ++ "snat- $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src" ++ else ++ logger -t $TAG -p $FAC_PRIO \ ++ "Cannot remove NAT rule because no IP of the IPFire does match the subnet." ++ fi ++ ++ # Flush routing cache ++ ip route flush cache + ;; + # + # IPv6 +@@ -412,10 +513,10 @@ + # connection to me, with (left/right)firewall=yes, coming up + # This is used only by the default updown script, not by your custom + # ones, so do not mess with it; see CAUTION comment up at top. +- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ ip6tables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ + -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT +- ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ ip6tables --wait -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ + -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT + # +@@ -436,10 +537,10 @@ + # connection to me, with (left/right)firewall=yes, going down + # This is used only by the default updown script, not by your custom + # ones, so do not mess with it; see CAUTION comment up at top. +- ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ ip6tables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ + -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT +- ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ ip6tables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ + -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT + # +@@ -462,10 +563,10 @@ + # ones, so do not mess with it; see CAUTION comment up at top. + if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ] + then +- ip6tables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ ip6tables --wait -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_MY_CLIENT $S_MY_PORT \ + -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT +- ip6tables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ ip6tables --wait -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ + -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT + fi +@@ -474,10 +575,10 @@ + # or sometimes host access via the internal IP is needed + if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] + then +- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ ip6tables --wait -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ + -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT +- ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ ip6tables --wait -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_MY_CLIENT $S_MY_PORT \ + -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT + fi +@@ -501,11 +602,11 @@ + # ones, so do not mess with it; see CAUTION comment up at top. + if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ] + then +- ip6tables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ ip6tables --wait -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_MY_CLIENT $S_MY_PORT \ + -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ + $IPSEC_POLICY_OUT -j ACCEPT +- ip6tables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ ip6tables --wait -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ + -d $PLUTO_MY_CLIENT $D_MY_PORT \ + $IPSEC_POLICY_IN -j ACCEPT +@@ -515,11 +616,11 @@ + # or sometimes host access via the internal IP is needed + if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] + then +- ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ ++ ip6tables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ + -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ + -d $PLUTO_MY_CLIENT $D_MY_PORT \ + $IPSEC_POLICY_IN -j ACCEPT +- ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ ++ ip6tables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ + -s $PLUTO_MY_CLIENT $S_MY_PORT \ + -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ + $IPSEC_POLICY_OUT -j ACCEPT diff --git a/src/scripts/ovpn-ccd-convert b/src/scripts/ovpn-ccd-convert index 7aa8cf1..f496706 100644 --- a/src/scripts/ovpn-ccd-convert +++ b/src/scripts/ovpn-ccd-convert @@ -42,7 +42,7 @@ foreach my $key (keys %ovpnconfig){ }else{ print "Client $ovpnconfig{$key}[2] NOT converted!\n"; } - $ovpnconfig{$key}[32] = 'dynamic'; + $ovpnconfig{$key}[32] = 'dynamic' if ($ovpnconfig{$key}[32] eq ''); } &General::writehasharray("/var/ipfire/ovpn/ovpnconfig", %ovpnconfig); if ($running eq 'on') diff --git a/src/scripts/xt_geoip_build b/src/scripts/xt_geoip_build new file mode 100644 index 0000000..202156f --- /dev/null +++ b/src/scripts/xt_geoip_build @@ -0,0 +1,89 @@ +#!/usr/bin/perl +# +# Converter for MaxMind CSV database to binary, for xt_geoip +# Copyright © Jan Engelhardt, 2008-2011 +# +use Getopt::Long; +use IO::Handle; +use Text::CSV_XS; # or trade for Text::CSV +use strict; + +my $csv = Text::CSV_XS->new({ + allow_whitespace => 1, + binary => 1, + eol => $/, +}); # or Text::CSV +my $target_dir = "."; + +&Getopt::Long::Configure(qw(bundling)); +&GetOptions( + "D=s" => $target_dir, +); + +if (!-d $target_dir) { + print STDERR "Target directory $target_dir does not exist.\n"; + exit 1; +} + +my $dir = "$target_dir/LE"; +if (!-e $dir && !mkdir($dir)) { + print STDERR "Could not mkdir $dir: $!\n"; + exit 1; +} + +&dump(&collect()); + +sub collect +{ + my %country; + + while (my $row = $csv->getline(*ARGV)) { + if (!defined($country{$row->[4]})) { + $country{$row->[4]} = { + name => $row->[5], + pool_v4 => [], + pool_v6 => [], + }; + } + my $c = $country{$row->[4]}; + + push(@{$c->{pool_v4}}, [$row->[2], $row->[3]]); + + if ($. % 4096 == 0) { + print STDERR "\r\e[2K$. entries"; + } + } + + print STDERR "\r\e[2K$. entries total\n"; + return %country; +} + +sub dump +{ + my $country = shift @_; + + foreach my $iso_code (sort keys %$country) { + &dump_one($iso_code, $country->{$iso_code}); + } +} + +sub dump_one +{ + my($iso_code, $country) = @_; + my($file, $fh_le, $fh_be); + + printf "%5u IPv4 ranges for %s %s\n", + scalar(@{$country->{pool_v4}}), + $iso_code, $country->{name}; + + $file = "$target_dir/LE/".uc($iso_code).".iv4"; + if (!open($fh_le, "> $file")) { + print STDERR "Error opening $file: $!\n"; + exit 1; + } + foreach my $range (@{$country->{pool_v4}}) { + print $fh_le pack("VV", $range->[0], $range->[1]); + #print $fh_be pack("NN", $range->[0], $range->[1]); + } + close $fh_le; +} diff --git a/src/scripts/xt_geoip_update b/src/scripts/xt_geoip_update new file mode 100644 index 0000000..0ee7744 --- /dev/null +++ b/src/scripts/xt_geoip_update @@ -0,0 +1,137 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2014 IPFire Development Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +TMP_PATH=$(mktemp -d) +TMP_FILE=$(mktemp -p $TMP_PATH) + +SCRIPT_PATH=/usr/local/bin +DEST_PATH=/usr/share/xt_geoip + +DL_URL=http://geolite.maxmind.com/download/geoip/database +DL_FILE=GeoIPCountryCSV.zip + +CSV_FILE=GeoIPCountryWhois.csv + +ARCH=LE + +eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings) + +function download() { + echo "Downloading latest GeoIP ruleset..." + + # Create temporary directory. + mkdir -pv $TMP_PATH + + # Proxy settings. + # Check if a proxy should be used. + if [[ $UPSTREAM_PROXY ]]; then + PROXYSETTINGS="-e http_proxy=http://" + + # Check if authentication against the proxy is configured. + if [[ $UPSTREAM_USER && $UPSTREAM_PASSWORD ]]; then + PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_USER:$UPSTREAM_PASSWORD@" + fi + + # Add proxy server. + PROXYSETTINGS="$PROXYSETTINGS$UPSTREAM_PROXY" + fi + + # Get the latest GeoIP database from server. + wget $DL_URL/$DL_FILE $PROXYSETTINGS -O $TMP_FILE + + # Extract files. + unzip $TMP_FILE -d $TMP_PATH + + return 0 +} + +function build() { + echo "Convert database..." + + # Check if the csv file exists. + if [ ! -e $TMP_PATH/$CSV_FILE ]; then + echo "$TMP_PATH/$CSV_FILE not found. Exiting." + return 1 + fi + + # Run script to convert the CSV file into several xtables + # compatible binary files. + if ! $SCRIPT_PATH/xt_geoip_build $TMP_PATH/$CSV_FILE -D $TMP_PATH; then + echo "Could not convert ruleset. Aborting." >&2 + return 1 + fi + + return 0 +} + +function install() { + echo "Install databases..." + + # Check if our destination exist. + if [ ! -e "$DEST_PATH" ]; then + mkdir -p $DEST_PATH &>/dev/null + fi + + # Install databases. + if ! cp -af $TMP_PATH/$ARCH $DEST_PATH &>/dev/null; then + echo "Could not copy files. Aborting." >&2 + return 1 + fi + + return 0 +} + +function cleanup() { + echo "Cleaning up temporary files..." + if ! rm -rf $TMP_PATH &>/dev/null; then + echo "Could not remove files. Aborting." >&2 + return 1 + fi + + return 0 +} + +function main() { + # Download ruleset. + download || exit $? + + # Convert the ruleset. + if ! build; then + # Do cleanup. + cleanup || exit $? + exit 1 + fi + + # Install the converted ruleset. + if ! install; then + # Do cleanup. + cleanup || exit $? + exit 1 + fi + + # Finaly remove temporary files. + cleanup || exit $? + + return 0 +} + +# Run the main function. +main diff --git a/src/setup/netstuff.c b/src/setup/netstuff.c index a656e9f..f5b3849 100644 --- a/src/setup/netstuff.c +++ b/src/setup/netstuff.c @@ -527,27 +527,6 @@ int rename_nics(void) { } }
-int create_udev(void) -{ - #define UDEV_NET_CONF "/etc/udev/rules.d/30-persistent-network.rules" - FILE *fp; - int i; - - if ( (fp = fopen(UDEV_NET_CONF, "w")) == NULL ) { - fprintf(stderr,"Couldn't open" UDEV_NET_CONF); - return 1; - } - - for (i = 0 ; i < 4 ; i++) - { - if (strcmp(knics[i].macaddr, "")) { - fprintf(fp,"\n# %s\nACTION=="add", SUBSYSTEM=="net", ATTR{type}=="1", ATTR{address}=="%s", NAME="%s0"\n", knics[i].description, knics[i].macaddr, lcolourcard[i]); - } - } - fclose(fp); - return 0; -} - int write_configs_netudev(int card , int colour) { char commandstring[STRING_SIZE]; diff --git a/src/setup/networking.c b/src/setup/networking.c index df4f00f..0791764 100644 --- a/src/setup/networking.c +++ b/src/setup/networking.c @@ -117,7 +117,6 @@ int handlenetworking(void) } else { rename_nics(); } - create_udev(); return 1; }
diff --git a/src/setup/po/pt_BR.po b/src/setup/po/pt_BR.po index b1ea09c..eb408ed 100644 --- a/src/setup/po/pt_BR.po +++ b/src/setup/po/pt_BR.po @@ -5,14 +5,15 @@ # Translators: # douglasdiasn douglasdiasn@gmail.com, 2015 # Evertton de Lima e.everttonlima@gmail.com, 2015 +# Moisés Bites Borges de Castro moisesbites@gmail.com, 2015 # Rafael Tavares rafael@ibinetwork.com.br, 2015 msgid "" msgstr "" "Project-Id-Version: IPFire Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2014-08-21 15:12+0000\n" -"PO-Revision-Date: 2015-02-16 23:15+0000\n" -"Last-Translator: Evertton de Lima e.everttonlima@gmail.com\n" +"PO-Revision-Date: 2015-03-24 21:31+0000\n" +"Last-Translator: Moisés Bites Borges de Castro moisesbites@gmail.com\n" "Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/ipfire/language/pt_BR/)%5Cn" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -22,7 +23,7 @@ msgstr ""
#: dhcp.c:50 msgid "Start address:" -msgstr "Endereço de Inicial:" +msgstr "Endereço inicial:"
#: dhcp.c:51 msgid "End address:" @@ -38,15 +39,15 @@ msgstr "DNS Secundário:"
#: dhcp.c:54 msgid "Default lease (mins):" -msgstr "Tempo padrão (mins):" +msgstr "Concessão padrão (min):"
#: dhcp.c:55 msgid "Max lease (mins):" -msgstr "Tempo máximo (mins)" +msgstr "Concessão máxima (min)"
#: dhcp.c:56 msgid "Domain name suffix:" -msgstr "" +msgstr "Sufixo do nome de Domínio:"
#: dhcp.c:86 dhcp.c:93 dhcp.c:101 domainname.c:34 hostname.c:37 keymap.c:70 #: misc.c:40 misc.c:52 netstuff.c:377 netstuff.c:566 netstuff.c:704 @@ -58,7 +59,7 @@ msgstr "Não foi possível abrir o arquivo de configurações"
#: dhcp.c:111 msgid "DHCP server configuration" -msgstr "Configurar servidor DHCP" +msgstr "Configuração do servidor DHCP"
#: dhcp.c:116 msgid "Configure the DHCP server by entering the settings information." @@ -87,11 +88,11 @@ msgstr "Cancelar" msgid "" "The following fields are invalid:\n" "\n" -msgstr "Os campos a seguir são inválidos: \n" +msgstr "Os campos a seguir são inválidos: \n\n"
#: dhcp.c:159 msgid "Start address" -msgstr "Endereço de Inicial" +msgstr "Endereço inicial"
#: dhcp.c:165 msgid "End address" @@ -107,19 +108,19 @@ msgstr "DNS Secundário"
#: dhcp.c:189 msgid "Default lease time" -msgstr "Tempo padrão" +msgstr "Tempo de concessão padrão"
#: dhcp.c:195 msgid "Max. lease time" -msgstr "Tempo máximo padrão" +msgstr "Tempo de concessão máximo"
#: domainname.c:42 main.c:70 msgid "Domain name" -msgstr "Domínio " +msgstr "Nome de Domínio "
#: domainname.c:42 msgid "Enter Domain name" -msgstr "Entre com o nome do Domínio" +msgstr "Digite o nome do Domínio"
#: domainname.c:48 msgid "Domain name cannot be empty." @@ -135,11 +136,11 @@ msgstr "O nome de Domínio pode conter somente letras, números, hífens e ponto
#: hostname.c:46 main.c:69 msgid "Hostname" -msgstr "Hostname" +msgstr "Nome do Host"
#: hostname.c:46 msgid "Enter the machine's hostname." -msgstr "Entre com o nome do host." +msgstr "Entre com o nome de Host da máquina."
#: hostname.c:53 msgid "Hostname cannot be empty." @@ -260,7 +261,7 @@ msgstr "Estático "
#: netstuff.c:104 msgid "DHCP" -msgstr "Automático " +msgstr "DHCP"
#: netstuff.c:105 msgid "PPP DIALUP (PPPoE, modem, ATM ...)" @@ -300,7 +301,7 @@ msgstr "Nome do Host DHCP:"
#: netstuff.c:396 netstuff.c:709 msgid "Unset" -msgstr "" +msgstr "Desativado"
#: netstuff.c:669 #, c-format @@ -342,11 +343,11 @@ msgstr "Você realmente quer remover a interface %s associada?"
#: netstuff.c:755 msgid "Select network driver" -msgstr "Selecionar driver de rede" +msgstr "Selecionar o driver de rede"
#: netstuff.c:755 msgid "Set additional module parameters" -msgstr "" +msgstr "Especifique os parâmetros adicionais"
#: netstuff.c:762 msgid "Loading module..." @@ -354,11 +355,11 @@ msgstr "Carregando modulo..."
#: netstuff.c:777 msgid "Unable to load driver module." -msgstr "" +msgstr "Não foi possível carregar o driver."
#: netstuff.c:780 msgid "Module name cannot be blank." -msgstr "" +msgstr "O nome do módulo não pode ficar vazio."
#: networking.c:110 msgid "Stopping network..." @@ -459,7 +460,7 @@ msgid "" "list those interfaces which have ethernet attached. If you change this " "setting, a network restart will be required, and you will have to " "reconfigure the network driver assignments." -msgstr "" +msgstr "Selecione a configuração de rede para %s. Os tipos de configuração seguintes lista as interfaces cabo Ethernet. Se você alterar estas configurações, uma reinicialização de rede será exigida, e você terá que reconfigurar os drivers de rede especificados."
#: networking.c:307 #, c-format @@ -467,13 +468,13 @@ msgid "" "Not enough netcards for your choice.\n" "\n" "Needed: %d - Available: %d\n" -msgstr "" +msgstr "Não há dispositivos de rede suficientes para sua escolha.\n\nNecessárias: %d - Disponíveis: %d\n"
#: networking.c:359 msgid "" "Configure network drivers, and which interface each card is assigned to. The current configuration is as follows:\n" "\n" -msgstr "" +msgstr "Configure os drivers de rede, e a placa de rede que a interface está relacionada. A configuração atual é a seguinte:\n\n"
#: networking.c:408 msgid "Do you wish to change these settings?" @@ -487,7 +488,7 @@ msgstr "Reiniciando rede non-local..." msgid "" "Please choose the interface you wish to change.\n" "\n" -msgstr "" +msgstr "Por favor, escolha a interface de rede que quer alterar.\n\n"
#: networking.c:519 msgid "Assigned Cards" @@ -504,11 +505,11 @@ msgid "" "connection to the %s machine will be broken, and you will have to reconnect " "on the new IP. This is a risky operation, and should only be attempted if " "you have physical access to the machine, should something go wrong." -msgstr "" +msgstr "Se você alterar o endereço IP, e você estiver logado remotamente, sua conexão com a máquina %s cairá, e você terá que reconectar através do novo IP. Esta é uma operação arriscada, e somente deve ser feita se você tem acesso físico à máquina, caso algo errado aconteça."
#: networking.c:641 msgid "Select the interface you wish to reconfigure." -msgstr "" +msgstr "Selecione a interface que deseja reconfigurar."
#: networking.c:729 msgid "Default gateway:" @@ -518,7 +519,7 @@ msgstr "Gateway padrão:" msgid "" "Enter the DNS and gateway information. These settings are used only with " "Static IP (and DHCP if DNS set) on the RED interface." -msgstr "" +msgstr "Digite as informações de DNS e roteador. Estas configurações são usada somente com IP estático (e DHCP se o DNS está habilitado) para a inerface VERMELHA."
#: networking.c:773 msgid "Default gateway" @@ -531,7 +532,7 @@ msgstr "DNS secundário especificado sem um DNS primário" #: passwords.c:33 msgid "" "Enter the 'root' user password. Login as this user for commandline access." -msgstr "" +msgstr "Digite a senha do usuário 'root'. Autentique com este usuário para acesso à linha de comando."
#: passwords.c:38 passwords.c:61 msgid "Setting password" @@ -550,17 +551,17 @@ msgstr "Problema ao configurar senha 'root'" msgid "" "Enter %s 'admin' user password. This is the user to use for logging into the" " %s web administration pages." -msgstr "" +msgstr "Digite a senha do usuário 'admin' do %s. Este é o usuário para autenticação na interface web de administração do %s."
#: passwords.c:60 #, c-format msgid "Setting %s 'admin' user password..." -msgstr "" +msgstr "Especificando a senha do usuário 'admin' do %s..."
#: passwords.c:62 #, c-format msgid "Problem setting %s 'admin' user password." -msgstr "" +msgstr "Tem um problema ao gravar senha do usuário 'admin' do %s."
#: passwords.c:76 msgid "Password:" diff --git a/src/setup/po/tr.po b/src/setup/po/tr.po index 4e68418..9e52d07 100644 --- a/src/setup/po/tr.po +++ b/src/setup/po/tr.po @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: IPFire Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2014-08-21 15:12+0000\n" -"PO-Revision-Date: 2015-02-28 22:59+0000\n" +"PO-Revision-Date: 2015-03-20 15:05+0000\n" "Last-Translator: Ersan YILDIRIM ersan73@gmail.com\n" "Language-Team: Turkish (http://www.transifex.com/projects/p/ipfire/language/tr/)%5Cn" "MIME-Version: 1.0\n" @@ -503,7 +503,7 @@ msgid "" "connection to the %s machine will be broken, and you will have to reconnect " "on the new IP. This is a risky operation, and should only be attempted if " "you have physical access to the machine, should something go wrong." -msgstr "Eğer bu IP adresini değiştirirseniz, ve uzaktan oturum açmışsanız, %s makinesine olan bağlantınız kopacaktır ve yeni IP adresine tekrar bağlanmanız gerekecektir. Bu riskli bir işlemdir ve bir şeylerin ters gitmesi durumunda makineye fiziksel erişiminiz varsa kullanmalısınız." +msgstr "Uzaktan oturum açtığınızda bu IP adresini değiştirirseniz %s makinesine olan bağlantınız kopacaktır ve yeni IP adresine tekrar bağlanmanız gerekecektir. Bu riskli bir işlemdir ve bir şeylerin ters gitmesi durumunda makineye fiziksel erişiminiz varsa kullanmalısınız."
#: networking.c:641 msgid "Select the interface you wish to reconfigure." diff --git a/src/setup/setup.h b/src/setup/setup.h index 388d2ed..14fd646 100644 --- a/src/setup/setup.h +++ b/src/setup/setup.h @@ -79,7 +79,6 @@ void networkdialogcallbacktype(newtComponent cm, void *data); int interfacecheck(struct keyvalue *kv, char *colour); int rename_nics(void); int init_knics(void); -int create_udev(void); int scan_network_cards(void); int nicmenu(int colour); int clear_card_entry(int cards); diff --git a/src/squid-accounting/accounting.cgi b/src/squid-accounting/accounting.cgi index eabb0c2..1ec9849 100755 --- a/src/squid-accounting/accounting.cgi +++ b/src/squid-accounting/accounting.cgi @@ -907,7 +907,7 @@ sub generatemonthgraph{ my $sth; my $cnt=0; #If we want to show Data from within last 2 months, get DATA from ACCT - if ( ! $grmon < ($mon+1) && $gryear == ($year+1900)){ + if ( $grmon == ($mon)+1 && $gryear == ($year+1900)){ $sth=&ACCT::getmonthgraphdata("ACCT",$from,$till,$grhost); }else{ #If we want to show data from a date older than last two months, use ACCT_HIST @@ -1959,9 +1959,9 @@ END sub viewtablehosts{ $dbh=&ACCT::connectdb; &Header::openbox('100%', 'left', $Lang::tr{'acct hosts'}); - my $mon=$_[0]; - my $year=$_[1]; - my ($from,$till)=&ACCT::getmonth($mon,$year); + my $mon1=$_[0]; + my $year1=$_[1]; + my ($from,$till)=&ACCT::getmonth($mon1,$year1); $count=0; #Menu to display another month print<<END; @@ -1986,7 +1986,7 @@ END </select></td> <td style='text-align: center;'><select name='year'> END - for (my $j=2014;$j<=($year);$j++){ + for (my $j=2014;$j<=($year1);$j++){ if(($_[1]) eq $j){ print"<option selected>$j</option>"; }else{ @@ -2011,7 +2011,12 @@ END <th></th> </tr> END - my $res = $dbh->selectall_arrayref("SELECT SUM(BYTES),min(TIME_RUN),max(TIME_RUN),NAME from ACCT where TIME_RUN between ".$from." and ".$till." group by NAME;"); + my $res; + if (($mon)+1 == $mon1 && ($year)+1900 == $year1){ + $res = $dbh->selectall_arrayref("SELECT SUM(BYTES),min(TIME_RUN),max(TIME_RUN),NAME from ACCT where TIME_RUN between ".$from." and ".$till." group by NAME;"); + }else{ + $res = $dbh->selectall_arrayref("SELECT SUM(BYTES),min(strftime('%s',TIME_RUN)),max(strftime('%s',TIME_RUN)),NAME from ACCT_HIST where date(TIME_RUN) > date($from,'unixepoch') and date(TIME_RUN) < date($till,'unixepoch') group by NAME;"); + } my $sumbytes; my $type; my $lineval; @@ -2036,8 +2041,8 @@ END <input type='image' src='/images/utilities-system-monitor.png' alt="$Lang::tr{'status'}" title="$Lang::tr{'status'}" /> <input type='hidden' name='ACTION' value='viewgraph'> <input type='hidden' name='host' value='$name'> - <input type='hidden' name='month' value='$mon'> - <input type='hidden' name='year' value='$year'> + <input type='hidden' name='month' value='$mon1'> + <input type='hidden' name='year' value='$year1'> <input type='hidden' name='traffic' value="$Lang::tr{'acct sum'} $Lang::tr{'acct traffic'} $lineval $type"> </form> diff --git a/src/squid-accounting/acct-lib.pl b/src/squid-accounting/acct-lib.pl index 7969a50..58b154a 100644 --- a/src/squid-accounting/acct-lib.pl +++ b/src/squid-accounting/acct-lib.pl @@ -93,8 +93,10 @@ sub delbefore { }
sub movedbdata { - $dbh->do("insert into ACCT_HIST select datetime(TIME_RUN,'unixepoch'),NAME,SUM(BYTES) from ACCT where date(TIME_RUN,'unixepoch') < date('now','-2 months') group by NAME,date(TIME_RUN,'unixepoch');"); - $dbh->do("DELETE FROM ACCT WHERE datetime(TIME_RUN,'unixepoch') < date('now','-2 months');"); + &connectdb; + $dbh->do("insert into ACCT_HIST select datetime(TIME_RUN,'unixepoch'),NAME,SUM(BYTES) from ACCT where datetime(TIME_RUN,'unixepoch') < datetime('now','start of month') group by NAME,datetime(TIME_RUN,'unixepoch');"); + $dbh->do("DELETE FROM ACCT WHERE datetime(TIME_RUN,'unixepoch') < date('now','start of month');"); + &closedb; }
sub gethourgraphdata { @@ -119,10 +121,10 @@ sub getmonthgraphdata { my $name=$_[3]; my $res; $dbh=connectdb; - if ($table eq 'ACCT'){ - $res = $dbh->selectall_arrayref( "SELECT strftime('%d.%m.%Y',xx.tag),(SELECT SUM(BYTES)/1024/1024 FROM ACCT WHERE date(TIME_RUN,'unixepoch') <= xx.tag and NAME = '".$name."') kum_bytes FROM (SELECT date(TIME_RUN,'unixepoch') tag,SUM(BYTES)/1024/1024 sbytes FROM ACCT WHERE NAME='".$name."' and TIME_RUN between ".$from." and ".$till." GROUP by date(TIME_RUN,'unixepoch')) xx;"); + if ($table eq 'ACCT_HIST'){ + $res = $dbh->selectall_arrayref( "SELECT strftime('%d.%m.%Y',TIME_RUN),(SELECT SUM(BYTES)/1024/1024 FROM ACCT_HIST WHERE TIME_RUN <= ah.TIME_RUN and TIME_RUN > date($from,'unixepoch') and NAME = '".$name."') kum_bytes FROM ACCT_HIST ah WHERE date(TIME_RUN) > date(".$from.",'unixepoch') AND date(TIME_RUN) < date(".$till.",'unixepoch') AND NAME = '".$name."' group by date(TIME_RUN);"); }else{ - $res = $dbh->selectall_arrayref( "SELECT TIME_RUN, (SELECT SUM(BYTES)/1024/1024 FROM ACCT_HIST WHERE TIME_RUN <= ah.TIME_RUN and NAME = '".$name."') kum_bytes FROM ACCT_HIST ah WHERE TIME_RUN BETWEEN date(".$from.",'unixepoch') AND date(".$till.",'unixepoch') AND NAME = '".$name."' group by TIME_RUN;"); + $res = $dbh->selectall_arrayref( "SELECT strftime('%d.%m.%Y',xx.tag),(SELECT SUM(BYTES)/1024/1024 FROM ACCT WHERE date(TIME_RUN,'unixepoch') <= xx.tag and TIME_RUN > ".$from." and NAME = '".$name."') kum_bytes FROM (SELECT NAME,date(TIME_RUN,'unixepoch') tag,SUM(BYTES)/1024/1024 sbytes FROM ACCT WHERE NAME='".$name."' and TIME_RUN between ".$from." and ".$till." GROUP by NAME,date(TIME_RUN,'unixepoch')) xx;"); } $dbh=closedb; return $res; diff --git a/src/squid-accounting/acct.pl b/src/squid-accounting/acct.pl index 79fc7ba..7222689 100755 --- a/src/squid-accounting/acct.pl +++ b/src/squid-accounting/acct.pl @@ -100,7 +100,7 @@ if (-f $proxyenabled && $proxylog eq $Lang::tr{'running'}){ open (FH,">/var/log/accounting.log"); close (FH); chmod 0755, "/var/log/accounting.log"; - #move all db entries older than 2 months to second table and cumulate them hourly + #move all db entries older than this month to second table and cumulate them daily &ACCT::movedbdata; &ACCT::logger($settings{'LOG'},"New Month. Old trafficvalues moved to ACCT_HIST Table\n"); if ($settings{'USEMAIL'} eq 'on'){ diff --git a/tools/checkrootfiles b/tools/checkrootfiles new file mode 100755 index 0000000..74fab3e --- /dev/null +++ b/tools/checkrootfiles @@ -0,0 +1,48 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2015 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +grep -r "^etc/init.d//*" ./config/rootfiles/ >/dev/null 2>&1 +if [ "${?}" == "0" ]; then + echo "Error! 'etc/init.d/...' in rootfiles files found!" + grep -r "^etc/init.d//*" ./config/rootfiles/ + echo "Change this to 'etc/rc.d/init.d/...' !" +fi + +grep -r "^var/run//*" ./config/rootfiles/ >/dev/null 2>&1 +if [ "${?}" == "0" ]; then + echo "Error! 'var/run/...' in rootfiles files found!" + grep -r "^var/run//*" ./config/rootfiles/ + echo "Comment this and create it at initskript if needed !" +fi + +grep -r "/i586" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore >/dev/null 2>&1 +if [ "${?}" == "0" ]; then + echo "Error! '/i586' in rootfiles files found!" + grep -r "/i586" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore + echo "Replace by MACHINE !" +fi + +grep -r "/armv5tel" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore >/dev/null 2>&1 +if [ "${?}" == "0" ]; then + echo "Error! '/armv5tel' in rootfiles files found!" + grep -r "/armv5tel" ./config/rootfiles/ --exclude gcc --exclude-dir oldcore + echo "Replace by MACHINE !" +fi diff --git a/tools/checkwronginitlinks b/tools/checkwronginitlinks deleted file mode 100755 index 65fc946..0000000 --- a/tools/checkwronginitlinks +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2013 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -grep -r "^etc/init.d//*" ./config/rootfiles/ >/dev/null 2>&1 -if [ "${?}" == "0" ]; then - echo "Error! 'etc/init.d/...' in rootfiles files found!" - grep -r "^etc/init.d//*" ./config/rootfiles/ - echo "Change this to 'etc/rc.d/init.d/...' !" -fi - -grep -r "^var/run//*" ./config/rootfiles/ >/dev/null 2>&1 -if [ "${?}" == "0" ]; then - echo "Error! 'var/run/...' in rootfiles files found!" - grep -r "^var/run//*" ./config/rootfiles/ - echo "Comment this and create it at initskript if needed !" -fi
hooks/post-receive -- IPFire 2.x development tree