This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 7e8d00649625a1f8f77e086d402e02b2ab2dce79 (commit) via 6fde3230a88f633ec6358959626ca90c1ae3e1a3 (commit) via a50dadc229a4ad34be60e9fa24cf20c33e9d96c2 (commit) via f527e53f54c8d908340e2102d983297392db1938 (commit) via b7ca4506502a50776ddfb65b446ac73c85797cc3 (commit) via cf910b536ade7b4bc03267d0d04cb4ddda815d5f (commit) via d3782f77ba9f3d4ead14cf22ac4ffe608e3114d7 (commit) via 28f44b83c32f72074bc75817698a2958119020bd (commit) via 172c1f72c4034419063589ab83fa95df5e48ef70 (commit) via 0a511b76938a036a46446ca5cf35a47482c39382 (commit) via 6e8089a94f5cb8b9baafa1afd8dc01d3baa9fd6d (commit) via 03fa5cba13c77b0a4ee8a1e84bf895af113ecb26 (commit) from aab13a8d9d873c2ad83bb2454ca03d90bfecfd53 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 7e8d00649625a1f8f77e086d402e02b2ab2dce79 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 14 21:32:04 2014 +0200
core78: Add updated theme functions.pl.
commit 6fde3230a88f633ec6358959626ca90c1ae3e1a3 Merge: a50dadc 6e8089a Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 14 21:30:50 2014 +0200
Merge branch 'master' into next
commit a50dadc229a4ad34be60e9fa24cf20c33e9d96c2 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 14 21:28:45 2014 +0200
openvpn: Remove RC2 as a cipher option.
commit f527e53f54c8d908340e2102d983297392db1938 Author: Erik Kapfer erik.kapfer@ipfire.org Date: Wed May 14 19:37:15 2014 +0200
ovpn_fixes: Fixed some typos and strcture.
Fixes #10462#c21.
Conflicts: html/cgi-bin/ovpnmain.cgi langs/de/cgi-bin/de.pl langs/en/cgi-bin/en.pl
commit b7ca4506502a50776ddfb65b446ac73c85797cc3 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 14 20:42:41 2014 +0200
core78: Add OpenVPN changes.
commit cf910b536ade7b4bc03267d0d04cb4ddda815d5f Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 14 20:39:36 2014 +0200
daq: Update to version 2.0.2.
commit d3782f77ba9f3d4ead14cf22ac4ffe608e3114d7 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 14 20:33:33 2014 +0200
core78: Add all recently changes files and packages.
commit 28f44b83c32f72074bc75817698a2958119020bd Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 14 20:31:12 2014 +0200
core78: Don't remove the ipfire theme.
commit 172c1f72c4034419063589ab83fa95df5e48ef70 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 14 20:20:36 2014 +0200
ppp: Import some more patches from Fedora.
commit 0a511b76938a036a46446ca5cf35a47482c39382 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed May 14 20:02:55 2014 +0200
ppp: Try longer to connect via PPPoE (60 seconds).
commit 6e8089a94f5cb8b9baafa1afd8dc01d3baa9fd6d Author: Michael Tremer michael.tremer@ipfire.org Date: Sat May 10 14:25:36 2014 +0200
theme: Fix spacing of version string in footer.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/daq | 2 +- .../{oldcore/44 => core/78}/filelists/daq | 0 config/rootfiles/core/78/filelists/files | 10 + config/rootfiles/core/{77 => 78}/filelists/openvpn | 0 .../{oldcore/39 => core/78}/filelists/ppp | 0 .../{oldcore/28 => core/78}/filelists/snort | 0 .../{oldcore/32 => core/78}/filelists/squid | 0 config/rootfiles/core/78/filelists/vnstat | 1 + config/rootfiles/core/78/update.sh | 3 - doc/language_issues.de | 1 + doc/language_issues.en | 1 + doc/language_issues.es | 4 +- doc/language_issues.fr | 4 +- doc/language_issues.nl | 4 +- doc/language_issues.pl | 4 +- doc/language_issues.ru | 4 +- doc/language_issues.tr | 4 +- doc/language_missings | 12 + html/cgi-bin/ovpnmain.cgi | 275 +++++++++------------ html/html/themes/ipfire/include/functions.pl | 2 +- langs/de/cgi-bin/de.pl | 7 +- langs/en/cgi-bin/en.pl | 7 +- langs/tr/install/lang_tr.c | 22 +- lfs/daq | 4 +- lfs/ppp | 7 +- ...tilize-compiler-flags-handed-to-us-by-rpm.patch | 121 +++++++++ ...pd-we-don-t-want-to-accidentally-leak-fds.patch | 143 +++++++++++ .../ppp/0013-everywhere-O_CLOEXEC-harder.patch | 241 ++++++++++++++++++ ...ere-use-SOCK_CLOEXEC-when-creating-socket.patch | 174 +++++++++++++ .../ppp/ppp-2.4.6-increase-max-padi-attempts.patch | 13 + 30 files changed, 877 insertions(+), 193 deletions(-) copy config/rootfiles/{oldcore/44 => core/78}/filelists/daq (100%) copy config/rootfiles/core/{77 => 78}/filelists/openvpn (100%) copy config/rootfiles/{oldcore/39 => core/78}/filelists/ppp (100%) copy config/rootfiles/{oldcore/28 => core/78}/filelists/snort (100%) copy config/rootfiles/{oldcore/32 => core/78}/filelists/squid (100%) create mode 120000 config/rootfiles/core/78/filelists/vnstat create mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch create mode 100644 src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch create mode 100644 src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch create mode 100644 src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch create mode 100644 src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
Difference in files: diff --git a/config/rootfiles/common/daq b/config/rootfiles/common/daq index 4467545..b8a9fd4 100644 --- a/config/rootfiles/common/daq +++ b/config/rootfiles/common/daq @@ -21,7 +21,7 @@ usr/lib/daq #usr/lib/libdaq.la #usr/lib/libdaq.so usr/lib/libdaq.so.2 -usr/lib/libdaq.so.2.0.1 +usr/lib/libdaq.so.2.0.2 #usr/lib/libdaq_static.a #usr/lib/libdaq_static.la #usr/lib/libdaq_static_modules.a diff --git a/config/rootfiles/core/78/filelists/daq b/config/rootfiles/core/78/filelists/daq new file mode 120000 index 0000000..d0e0956 --- /dev/null +++ b/config/rootfiles/core/78/filelists/daq @@ -0,0 +1 @@ +../../../common/daq \ No newline at end of file diff --git a/config/rootfiles/core/78/filelists/files b/config/rootfiles/core/78/filelists/files index 409e5fe..91b624e 100644 --- a/config/rootfiles/core/78/filelists/files +++ b/config/rootfiles/core/78/filelists/files @@ -1,2 +1,12 @@ etc/system-release etc/issue +srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat +srv/web/ipfire/cgi-bin/logs.cgi/showrequestfromcountry.dat +srv/web/ipfire/cgi-bin/modem-status.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/proxy.cgi +srv/web/ipfire/html/themes/ipfire/include/functions.pl +var/ipfire/langs +var/ipfire/menu.d/20-status.menu +var/ipfire/menu.d/70-log.menu +var/ipfire/ovpn/openssl/ovpn.cnf diff --git a/config/rootfiles/core/78/filelists/openvpn b/config/rootfiles/core/78/filelists/openvpn new file mode 120000 index 0000000..493f3f7 --- /dev/null +++ b/config/rootfiles/core/78/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/78/filelists/ppp b/config/rootfiles/core/78/filelists/ppp new file mode 120000 index 0000000..4844a9b --- /dev/null +++ b/config/rootfiles/core/78/filelists/ppp @@ -0,0 +1 @@ +../../../common/ppp \ No newline at end of file diff --git a/config/rootfiles/core/78/filelists/snort b/config/rootfiles/core/78/filelists/snort new file mode 120000 index 0000000..9406ce0 --- /dev/null +++ b/config/rootfiles/core/78/filelists/snort @@ -0,0 +1 @@ +../../../common/snort \ No newline at end of file diff --git a/config/rootfiles/core/78/filelists/squid b/config/rootfiles/core/78/filelists/squid new file mode 120000 index 0000000..2dc8372 --- /dev/null +++ b/config/rootfiles/core/78/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/78/filelists/vnstat b/config/rootfiles/core/78/filelists/vnstat new file mode 120000 index 0000000..2e2e610 --- /dev/null +++ b/config/rootfiles/core/78/filelists/vnstat @@ -0,0 +1 @@ +../../../common/vnstat \ No newline at end of file diff --git a/config/rootfiles/core/78/update.sh b/config/rootfiles/core/78/update.sh index 0d59761..cb9af9f 100644 --- a/config/rootfiles/core/78/update.sh +++ b/config/rootfiles/core/78/update.sh @@ -135,9 +135,6 @@ esac /etc/init.d/ipsec stop /etc/init.d/apache stop
-# Remove the old default theme -rm -rf /srv/web/ipfire/html/themes/ipfire - # rename /etc/modprobe.d files for i in $(find /etc/modprobe.d/* | grep -v ".conf"); do mv $i $i.conf diff --git a/doc/language_issues.de b/doc/language_issues.de index a00e97a..650d415 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -410,6 +410,7 @@ WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl +WARNING: translation string unused: ovpn engines WARNING: translation string unused: ovpn log WARNING: translation string unused: ovpn reneg sec WARNING: translation string unused: ovpn_fastio diff --git a/doc/language_issues.en b/doc/language_issues.en index ba7f030..732e2aa 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -437,6 +437,7 @@ WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl +WARNING: translation string unused: ovpn engines WARNING: translation string unused: ovpn log WARNING: translation string unused: ovpn reneg sec WARNING: translation string unused: ovpn_fastio diff --git a/doc/language_issues.es b/doc/language_issues.es index 54cb32e..e13636b 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -575,6 +575,7 @@ WARNING: untranslated string: ConnSched reboot WARNING: untranslated string: ConnSched shutdown WARNING: untranslated string: MB read WARNING: untranslated string: MB written +WARNING: untranslated string: MTU settings WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot @@ -874,8 +875,9 @@ WARNING: untranslated string: outgoing firewall p2p allow WARNING: untranslated string: outgoing firewall p2p deny WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh new key +WARNING: untranslated string: ovpn dh parameters WARNING: untranslated string: ovpn dh upload -WARNING: untranslated string: ovpn engines WARNING: untranslated string: ovpn errmsg green already pushed WARNING: untranslated string: ovpn errmsg invalid ip or mask WARNING: untranslated string: ovpn generating the root and host certificates diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 0386f24..759c18d 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -586,6 +586,7 @@ WARNING: untranslated string: ConnSched reboot WARNING: untranslated string: ConnSched shutdown WARNING: untranslated string: MB read WARNING: untranslated string: MB written +WARNING: untranslated string: MTU settings WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: addons @@ -885,8 +886,9 @@ WARNING: untranslated string: other WARNING: untranslated string: outgoing firewall access WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh new key +WARNING: untranslated string: ovpn dh parameters WARNING: untranslated string: ovpn dh upload -WARNING: untranslated string: ovpn engines WARNING: untranslated string: ovpn generating the root and host certificates WARNING: untranslated string: ovpn ha WARNING: untranslated string: ovpn hmac diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 7c6f729..c1173f7 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -644,6 +644,7 @@ WARNING: translation string unused: xtaccess all error WARNING: translation string unused: xtaccess bad transfert WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits +WARNING: untranslated string: MTU settings WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: atm device @@ -678,8 +679,9 @@ WARNING: untranslated string: monitor interface WARNING: untranslated string: not a valid dh key WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh new key +WARNING: untranslated string: ovpn dh parameters WARNING: untranslated string: ovpn dh upload -WARNING: untranslated string: ovpn engines WARNING: untranslated string: ovpn generating the root and host certificates WARNING: untranslated string: ovpn ha WARNING: untranslated string: ovpn hmac diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 54cb32e..e13636b 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -575,6 +575,7 @@ WARNING: untranslated string: ConnSched reboot WARNING: untranslated string: ConnSched shutdown WARNING: untranslated string: MB read WARNING: untranslated string: MB written +WARNING: untranslated string: MTU settings WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot @@ -874,8 +875,9 @@ WARNING: untranslated string: outgoing firewall p2p allow WARNING: untranslated string: outgoing firewall p2p deny WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh new key +WARNING: untranslated string: ovpn dh parameters WARNING: untranslated string: ovpn dh upload -WARNING: untranslated string: ovpn engines WARNING: untranslated string: ovpn errmsg green already pushed WARNING: untranslated string: ovpn errmsg invalid ip or mask WARNING: untranslated string: ovpn generating the root and host certificates diff --git a/doc/language_issues.ru b/doc/language_issues.ru index c7c39ec..0589067 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -579,6 +579,7 @@ WARNING: untranslated string: ConnSched shutdown WARNING: untranslated string: Edit an existing route WARNING: untranslated string: MB read WARNING: untranslated string: MB written +WARNING: untranslated string: MTU settings WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: addons @@ -869,8 +870,9 @@ WARNING: untranslated string: outgoing firewall access WARNING: untranslated string: outgoing traffic in bytes per second WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh new key +WARNING: untranslated string: ovpn dh parameters WARNING: untranslated string: ovpn dh upload -WARNING: untranslated string: ovpn engines WARNING: untranslated string: ovpn generating the root and host certificates WARNING: untranslated string: ovpn ha WARNING: untranslated string: ovpn hmac diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 06cacf1..2d9ebf7 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -643,6 +643,7 @@ WARNING: translation string unused: xtaccess all error WARNING: translation string unused: xtaccess bad transfert WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits +WARNING: untranslated string: MTU settings WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes @@ -674,8 +675,9 @@ WARNING: untranslated string: monitor interface WARNING: untranslated string: not a valid dh key WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh new key +WARNING: untranslated string: ovpn dh parameters WARNING: untranslated string: ovpn dh upload -WARNING: untranslated string: ovpn engines WARNING: untranslated string: ovpn generating the root and host certificates WARNING: untranslated string: ovpn ha WARNING: untranslated string: ovpn hmac diff --git a/doc/language_missings b/doc/language_missings index d25ea40..7a55460 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -341,6 +341,7 @@ < modem sim information < modem status < most preferred +< MTU settings < never < no hardware random number generator < not a valid dh key @@ -364,6 +365,8 @@ < outgoing firewall access < ovpn crypt options < ovpn dh +< ovpn dh new key +< ovpn dh parameters < ovpn dh upload < ovpn engines < ovpn generating the root and host certificates @@ -853,6 +856,7 @@ < modem sim information < modem status < most preferred +< MTU settings < never < no hardware random number generator < not a valid dh key @@ -888,6 +892,8 @@ < outgoing firewall view group < ovpn crypt options < ovpn dh +< ovpn dh new key +< ovpn dh parameters < ovpn dh upload < ovpn engines < ovpn errmsg green already pushed @@ -1349,6 +1355,7 @@ < modem sim information < modem status < most preferred +< MTU settings < never < no hardware random number generator < not a valid dh key @@ -1370,6 +1377,8 @@ < outgoing firewall access < ovpn crypt options < ovpn dh +< ovpn dh new key +< ovpn dh parameters < ovpn dh upload < ovpn engines < ovpn errmsg green already pushed @@ -1837,6 +1846,7 @@ < modem status < month-graph < most preferred +< MTU settings < never < no hardware random number generator < not a valid dh key @@ -1859,6 +1869,8 @@ < outgoing traffic in bytes per second < ovpn crypt options < ovpn dh +< ovpn dh new key +< ovpn dh parameters < ovpn dh upload < ovpn engines < ovpn generating the root and host certificates diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index df5f9ec..a051b5d 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -19,6 +19,7 @@ # # ############################################################################### ### +# Based on IPFireCore 77 ### use CGI; use CGI qw/:standard/; @@ -92,7 +93,6 @@ $cgiparams{'PMTU_DISCOVERY'} = ''; $cgiparams{'DCIPHER'} = ''; $cgiparams{'DAUTH'} = ''; $cgiparams{'TLSAUTH'} = ''; -$cgiparams{'ENGINES'} = ''; $routes_push_file = "${General::swroot}/ovpn/routes_push"; unless (-e $routes_push_file) { system("touch $routes_push_file"); } unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); } @@ -371,11 +371,6 @@ sub writeserverconf { if ($sovpnsettings{'TLSAUTH'} eq 'on') { print CONF "tls-auth ${General::swroot}/ovpn/ca/ta.key 0\n"; } - if ($sovpnsettings{ENGINES} eq 'disabled') { - print CONF ""; - } else { - print CONF "engine $sovpnsettings{ENGINES}\n"; - } if ($sovpnsettings{DCOMPLZO} eq 'on') { print CONF "comp-lzo\n"; } @@ -796,7 +791,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'}; $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'}; $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'}; - $vpnsettings{'ENGINES'} = $cgiparams{'ENGINES'}; my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') { @@ -1008,12 +1002,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "# HMAC algorithm\n"; print SERVERCONF "auth $cgiparams{'DAUTH'}\n"; } - if ($cgiparams{'ENGINES'} eq 'disabled') { - print SERVERCONF ""; - } else { - print SERVERCONF "# Crypto engine\n"; - print SERVERCONF "engine $cgiparams{'ENGINES'}\n"; - } if ($cgiparams{'COMPLZO'} eq 'on') { print SERVERCONF "# Enable Compression\n"; print SERVERCONF "comp-lzo\r\n"; @@ -1109,12 +1097,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# HMAC algorithm\n"; print CLIENTCONF "auth $cgiparams{'DAUTH'}\n"; } - if ($cgiparams{'ENGINES'} eq 'disabled') { - print CLIENTCONF ""; - } else { - print CLIENTCONF "# Crypto engine\n"; - print CLIENTCONF "engine $cgiparams{'ENGINES'}\n"; - } if ($cgiparams{'COMPLZO'} eq 'on') { print CLIENTCONF "# Enable Compression\n"; print CLIENTCONF "comp-lzo\r\n"; @@ -1299,7 +1281,6 @@ SETTINGS_ERROR: <tr> <td align='center'> <input type='hidden' name='AREUSURE' value='yes' /> - <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td> </tr> @@ -1343,7 +1324,7 @@ END print <<END; <table width='100%'> <tr> - <td width='15%'> </td> <td width='15%'></td> <td width='65%'></td> + <td width='20%'> </td> <td width='15%'></td> <td width='65%'></td> </tr> <tr> <td class='base'>$Lang::tr{'ovpn dh'}:</td> @@ -2539,6 +2520,12 @@ ADV_ERROR: if ($cgiparams{'TLSAUTH'} eq '') { $cgiparams{'TLSAUTH'} = 'off'; } + if ($cgiparams{'DAUTH'} eq '') { + $cgiparams{'DAUTH'} = 'SHA1'; + } + if ($cgiparams{'TLSAUTH'} eq '') { + $cgiparams{'TLSAUTH'} = 'off'; + } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED'; @@ -2571,13 +2558,7 @@ ADV_ERROR: $checked{'TLSAUTH'}{'off'} = ''; $checked{'TLSAUTH'}{'on'} = ''; $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED'; - $selected{'ENGINES'}{'cryptodev'} = ''; - $selected{'ENGINES'}{'dynamic'} = ''; - $selected{'ENGINES'}{'aesni'} = ''; - $selected{'ENGINES'}{'padlock'} = ''; - $selected{'ENGINES'}{'disabled'} = ''; - $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED'; - + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); @@ -2719,18 +2700,6 @@ print <<END; </td> <td>Default: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td> </tr> - - <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn engines'}</td> - <td><select name='ENGINES'> - <option value='cryptodev' $selected{'ENGINES'}{'cryptodev'}>Cryptodev</option> - <option value='dynamic' $selected{'ENGINES'}{'dynamic'}>Dynamic</option> - <option value='aesni' $selected{'ENGINES'}{'aesni'}>AES-NI</option> - <option value='padlock' $selected{'ENGINES'}{'padlock'}>Padlock</option> - <option value='disabled' $selected{'ENGINES'}{'disabled'}>$Lang::tr{'disabled'}</option> - </select> - </td> - <td>Default: <span class="base">$Lang::tr{'disabled'}</span></td> - </tr> </table>
<table width='100%'> @@ -3301,8 +3270,7 @@ my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]); my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]); my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]); my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]); -my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]); -my @n2nengine = split(/ /, (grep { /^engine/ } @firen2nconf)[0]);; +my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);;
### # m.a.d delete CR and LF from arrays for this chomp doesnt work @@ -3323,7 +3291,6 @@ $n2nmgmt[2] =~ s/\n|\r//g; $n2nmtudisc[1] =~ s/\n|\r//g; $n2ncipher[1] =~ s/\n|\r//g; $n2nauth[1] =~ s/\n|\r//g; -$n2nengine[1] =~ s/\n|\r//g; chomp ($complzoactive); chomp ($mssfixactive);
@@ -3542,7 +3509,6 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39]; $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40]; $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41]; - $cgiparams{'ENGINES'} = $confighash{$cgiparams{'KEY'}}[42]; } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); @@ -4268,7 +4234,6 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; $confighash{$key}[39] = $cgiparams{'DAUTH'}; $confighash{$key}[40] = $cgiparams{'DCIPHER'}; - $confighash{$key}[42] = $cgiparams{'ENGINES'};
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); @@ -4380,7 +4345,6 @@ if ($cgiparams{'TYPE'} eq 'net') { $cgiparams{'FRAGMENT'} = '1300'; $cgiparams{'PMTU_DISCOVERY'} = 'off'; $cgiparams{'DAUTH'} = 'SHA1'; - $cgiparams{'ENGINES'} = 'disabled'; ### # m.a.d n2n end ### @@ -4457,10 +4421,7 @@ if ($cgiparams{'TYPE'} eq 'net') { $selected{'DCIPHER'}{'DES-EDE-CBC'} = ''; $selected{'DCIPHER'}{'CAST5-CBC'} = ''; $selected{'DCIPHER'}{'BF-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-CBC'} = ''; $selected{'DCIPHER'}{'DES-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-64-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-40-CBC'} = ''; # If no cipher has been chossen yet, select # the old default (AES-256-CBC) for compatiblity reasons. if ($cgiparams{'DCIPHER'} eq '') { @@ -4479,18 +4440,6 @@ if ($cgiparams{'TYPE'} eq 'net') { } $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
- $selected{'ENGINES'}{'disabled'} = ''; - $selected{'ENGINES'}{'cryptodev'} = ''; - $selected{'ENGINES'}{'dynamic'} = ''; - $selected{'ENGINES'}{'aesni'} = ''; - $selected{'ENGINES'}{'padlock'} = ''; - # If no engine has been choosen yet, select - # a default one (disabled). - if ($cgiparams{'ENGINES'} eq '') { - $cgiparams{'ENGINES'} = 'disabled'; - } - $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED'; - if (1) { &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ovpn'}, 1, ''); @@ -4547,100 +4496,66 @@ if ($cgiparams{'TYPE'} eq 'net') { } print <<END; <td width='25%'> </td> - <td width='25%'> </td></tr> - - <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td> - <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option> - <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option></select></td> - - <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td> - <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr> - - <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td> - <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td> - - <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td> - <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr> + <td width='25%'> </td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td> + <td><select name='SIDE'> + <option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option> + <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option> + </select> + </td>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td> - <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr> + <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td> + <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td> + </tr>
- - <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td> - <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option> - <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td> + <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
- <td class='boldbase'>$Lang::tr{'destination port'}:</td> - <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td> - </tr> + <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td> + <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td> + </tr>
- <tr><td class='boldbase'>$Lang::tr{'cipher'}</td> - <td><select name='DCIPHER'> - <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> - <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (196 $Lang::tr{'bit'})</option> - <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> - <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option> - <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option> - <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option> - <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option> - <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'})</option> - <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option> - <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option> - <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option> - <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option> - <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC (128 $Lang::tr{'bit'})</option> - <option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC (64 $Lang::tr{'bit'} not recommended)</option> - <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-CBC (64 $Lang::tr{'bit'} not recommended)</option> - <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-CBC (40 $Lang::tr{'bit'} not recommended)</option> - </select> - </td> - - <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td> - <td><select name='DAUTH'> - <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> - <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> - <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> - <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option> - <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'} Default)</option> - </select> - </td> - </tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td> + <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
- <tr> <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn engines'} <img src='/blob.gif'</td> - <td><select name='ENGINES'> - <option value='cryptodev' $selected{'ENGINES'}{'cryptodev'}>Cryptodev</option> - <option value='dynamic' $selected{'ENGINES'}{'dynamic'}>Dynamic</option> - <option value='aesni' $selected{'ENGINES'}{'aesni'}>AES-NI</option> - <option value='padlock' $selected{'ENGINES'}{'padlock'}>Padlock</option> - <option value='disabled' $selected{'ENGINES'}{'disabled'}>$Lang::tr{'disabled'} (Default)</option> - </select> - </td> - </tr> + <td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td> + <td><select name='PROTOCOL'> + <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option> + <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td> + </tr> + + <tr> + <td class='boldbase'>$Lang::tr{'destination port'}:</td> + <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
- <tr><td colspan=2><hr /></td></tr><tr> + <td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}): <img src='/blob.gif' /></td> + <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td> + </tr>
- <tr><td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}): <img src='/blob.gif' /></td> - <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td> - </tr> + <tr><td colspan=4><hr /></td></tr><tr> + + <tr> + <td class'base'><b>$Lang::tr{'MTU settings'}</b></td> + </tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td> - <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td> - <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td> - </tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td> + <td><input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td> + <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td> + </tr>
- <tr><td class='boldbase' nowrap='nowrap'>fragment <img src='/blob.gif' /></td> - <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td> - <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td> - </tr> + <tr><td class='boldbase' nowrap='nowrap'>fragment <img src='/blob.gif' /></td> + <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td> + <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td> + </tr>
- <tr><td class='boldbase' nowrap='nowrap'>mssfix <img src='/blob.gif' /></td> - <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td> - <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td> - </tr> + <tr><td class='boldbase' nowrap='nowrap'>mssfix <img src='/blob.gif' /></td> + <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td> + <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td> + </tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} <img src='/blob.gif'</td> - <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td> - </tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} <img src='/blob.gif'</td> + <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td> + </tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td> <td colspan='3'> @@ -4650,6 +4565,41 @@ if ($cgiparams{'TYPE'} eq 'net') { <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'} </td> </tr> + +<tr><td colspan=4><hr /></td></tr><tr> + <tr> + <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td> + </tr> + + <tr><td class='boldbase'>$Lang::tr{'cipher'}</td> + <td><select name='DCIPHER'> + <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> + <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> + <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> + <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option> + <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option> + <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option> + <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option> + <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'})</option> + <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option> + <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option> + <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option> + <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option> + </select> + </td> + + <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td> + <td><select name='DAUTH'> + <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> + <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> + <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> + <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option> + <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'} Default)</option> + </select> + </td> + </tr> + <tr><td colspan=4><hr /></td></tr><tr> + END ; } @@ -5012,10 +4962,7 @@ END $selected{'DCIPHER'}{'DES-EDE-CBC'} = ''; $selected{'DCIPHER'}{'CAST5-CBC'} = ''; $selected{'DCIPHER'}{'BF-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-CBC'} = ''; $selected{'DCIPHER'}{'DES-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-64-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-40-CBC'} = ''; $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
$selected{'DAUTH'}{'whirlpool'} = ''; @@ -5025,13 +4972,6 @@ END $selected{'DAUTH'}{'SHA1'} = ''; $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
- $selected{'ENGINES'}{'cryptodev'} = ''; - $selected{'ENGINES'}{'dynamic'} = ''; - $selected{'ENGINES'}{'aesni'} = ''; - $selected{'ENGINES'}{'padlock'} = ''; - $selected{'ENGINES'}{'disabled'} = ''; - $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED'; - $checked{'DCOMPLZO'}{'off'} = ''; $checked{'DCOMPLZO'}{'on'} = ''; $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED'; @@ -5107,10 +5047,11 @@ END <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} </td> <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}'size='5' /></td> + <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td> <td><select name='DCIPHER'> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> - <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (196 $Lang::tr{'bit'})</option> + <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option> <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option> @@ -5121,10 +5062,6 @@ END <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'})</option> <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'})</option> <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'})</option> - <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC (128 $Lang::tr{'bit'})</option> - <option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC (64 $Lang::tr{'bit'} not recommended)</option> - <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-CBC (64 $Lang::tr{'bit'} not recommended)</option> - <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-CBC (40 $Lang::tr{'bit'} not recommended)</option> </select> </td> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td> @@ -5519,22 +5456,32 @@ END <td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td> </tr>
+ <tr align='right'> + <td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td> + </tr> + + <tr><td colspan=4><hr /></td></tr><tr> + <tr> + <td class'base'><b>$Lang::tr{'ovpn dh parameters'}:</b></td> + </tr> + <tr> <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh upload'}:</td> <td nowrap='nowrap'><size='15' align='left'/></td> <td nowrap='nowrap'><input type='file' name='FH' size='25' /> <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td> </tr> - <tr><td colspan='4'><br></td></tr> <tr> + <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh new key'}:</td> + <td nowrap='nowrap'><size='15' align='left'/></td> <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td> - <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show dh'}' /></td> </tr> - - <tr align='right'> - <td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td> + <tr> + <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show dh'}' /></td> </tr> </table> + + <tr><td colspan=4><hr /></td></tr><tr> END ;
diff --git a/html/html/themes/ipfire/include/functions.pl b/html/html/themes/ipfire/include/functions.pl index 0c47cd4..63740d4 100644 --- a/html/html/themes/ipfire/include/functions.pl +++ b/html/html/themes/ipfire/include/functions.pl @@ -194,7 +194,7 @@ sub openpagewithoutmenu { sub closepage () { open(FILE, "</etc/system-release"); my $system_release = <FILE>; - $system_release =~ s/core/Core Update/; + $system_release =~ s/core/Core Update /; close(FILE);
print <<END; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index a2cf71a..aee46df 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -39,6 +39,7 @@ 'MB read' => 'MB gelesen', 'MB written' => 'MB geschrieben', 'MTU' => 'MTU-Größe:', +'MTU settings' => 'MTU-Einstellungen:', 'Number of Countries for the pie chart' => 'Anzahl der angezeigten Länder im Diagramm', 'Number of IPs for the pie chart' => 'Anzahl der angezeigten IPs im Diagramm', 'Number of Ports for the pie chart' => 'Anzahl der angezeigten Ports im Diagramm', @@ -1123,7 +1124,7 @@ 'fwhost wo subnet' => '(Ohne Subnetz)', 'gateway' => 'Gateway', 'gateway ip' => 'Gateway-IP', -'gen dh' => 'Diffie-Hellman-Parameter erzeugen', +'gen dh' => 'Neuen Diffie-Hellman-Parameter erzeugen', 'gen static key' => 'Statischen Schlüssel erzeugen', 'generate' => 'Root/Host-Zertifikate generieren', 'generate a certificate' => 'Erzeuge ein Zertifikat:', @@ -1659,7 +1660,9 @@ 'ovpn crypt options' => 'Kryptografieoptionen', 'ovpn device' => 'OpenVPN-Gerät', 'ovpn dh' => 'Diffie-Hellman-Parameter-Länge', -'ovpn dh upload' => 'Diffie-Hellman-Parameter hochladen', +'ovpn dh new key' => 'Neuen Diffie-Hellman Parameter erstellen', +'ovpn dh parameters' => 'Diffie-Hellman-Parameter-Optionen', +'ovpn dh upload' => 'Neuen Diffie-Hellman-Parameter hochladen', 'ovpn dl' => 'OVPN-Konfiguration downloaden', 'ovpn engines' => 'Krypto Engine', 'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 5ccad79..20e9db3 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -39,6 +39,7 @@ 'MB read' => 'MB read', 'MB written' => 'MB written', 'MTU' => 'MTU size:', +'MTU settings' => 'MTU settings:', 'Number of Countries for the pie chart' => 'Number of Countries for the pie chart', 'Number of IPs for the pie chart' => 'Number of IPs for the pie chart', 'Number of Ports for the pie chart' => 'Number of ports for the pie chart', @@ -1152,7 +1153,7 @@ 'g.lite' => 'TO BE REMOVED', 'gateway' => 'Gateway', 'gateway ip' => 'Gateway IP', -'gen dh' => 'Generate Diffie-Hellman parameters', +'gen dh' => 'Generate new Diffie-Hellman parameters', 'gen static key' => 'Generate a static key', 'generate' => 'Generate root/host zertifikate', 'generate a certificate' => 'Generate a certificate:', @@ -1690,7 +1691,9 @@ 'ovpn crypt options' => 'Cryptographic options', 'ovpn device' => 'OpenVPN device:', 'ovpn dh' => 'Diffie-Hellman parameters length', -'ovpn dh upload' => 'Upload Diffie-Hellman parameters', +'ovpn dh new key' => 'Generate new Diffie-Hellman parameters', +'ovpn dh parameters' => 'Diffie-Hellman parameters options', +'ovpn dh upload' => 'Upload new Diffie-Hellman parameters', 'ovpn dl' => 'OVPN-Config Download', 'ovpn engines' => 'Crypto engine', 'ovpn errmsg green already pushed' => 'Route for green network is always set', diff --git a/langs/tr/install/lang_tr.c b/langs/tr/install/lang_tr.c index 3131dd1..814949a 100644 --- a/langs/tr/install/lang_tr.c +++ b/langs/tr/install/lang_tr.c @@ -54,7 +54,7 @@ char *tr_tr[] = { /* TR_JOURNAL_EXT3 */ "Ext3 için günlük oluşturuluyor...", /* TR_CHOOSE_NETCARD */ -"Aşağıdaki ara birim için bir ağ kartı seçin - %s.", +"Aşağıdan şu ara birim için bir ağ kartı seçin - %s", /* TR_NETCARDMENU2 */ "Genişletilmiş Ağ Listesi", /* TR_ERROR_INTERFACES */ @@ -132,7 +132,7 @@ char *tr_tr[] = { /* TR_DNS_AND_GATEWAY_SETTINGS */ "DNS ve Ağ Geçidi ayarları", /* TR_DNS_AND_GATEWAY_SETTINGS_LONG */ -"DNS ve ağ geçidi bilgilerini girin. Bu ayarlar sadece KIRMIZI arabirim adres ayarlarında Sabit seçenği seçilmişse kullanılır. Eğer KIRMIZI arabirim adres ayarlarında DHCP seçeneğini seçtiyseniz bu alanı boş bırakabilirsiniz.", +"DNS ve ağ geçidi bilgilerini girin. Bu ayarlar sadece KIRMIZI ara birim adres ayarlarında Statik seçenği seçilmişse kullanılır. Eğer KIRMIZI ara birim adres ayarlarında DHCP seçeneğini seçtiyseniz bu alanı boş bırakabilirsiniz.", /* TR_DNS_GATEWAY_WITH_GREEN */ "Yapılandırmanız KIRMIZI ara birim için ethernet adaptörünü kullanamaz. DNS ve Çevirmeli ağ kullanıcıları için ağ geçidi bilgisi çevirmeli ağda otomatik olarak yapılandırılır.", /* TR_DOMAINNAME */ @@ -164,7 +164,7 @@ char *tr_tr[] = { /* TR_ENTER_ADDITIONAL_MODULE_PARAMS */ "Bazı ISDN kartları (özellikle ISA olanlar) IRQ ve GÇ adres bilgilerini ayarlamak için ek modül parametrelerine ihtiyaç duyar.Böyle bir ISDN kartınız varsa burada bu ek parametreleri girin. Örneğin: "io = 0x280 irq = 9 ". Bunlar kart algılama sırasında kullanılacaktır.", /* TR_ENTER_ADMIN_PASSWORD */ -"%s 'admin' kullanıcı parolasını giriniz. Bu, %s web yönetimi sayfalarının kayıtlarına erişebilen kullanıcıdır.", +"%s 'admin' kullanıcı parolasını girin. Bu, %s web yönetimi sayfalarının kayıtlarına erişebilen kullanıcıdır.", /* TR_ENTER_DOMAINNAME */ "Alan adını girin", /* TR_ENTER_HOSTNAME */ @@ -228,7 +228,7 @@ char *tr_tr[] = { /* TR_INTERFACE_FAILED_TO_COME_UP */ "Ara birim yükseltmesi başarısız oldu.", /* TR_INVALID_FIELDS */ -"Aşağıdaki alan geçersizdir:\n\n", +"Aşağıdaki alan geçersiz:\n\n", /* TR_INVALID_IO */ "Girilen GÇ bağlantı noktası detayları geçersiz. ", /* TR_INVALID_IRQ */ @@ -354,7 +354,7 @@ char *tr_tr[] = { /* TR_PHONENUMBER_CANNOT_BE_EMPTY */ "Telefon numarası boş olamaz.", /* TR_PREPARE_HARDDISK */ -"Sabit disk kurulum programı /dev/sda üzerindeki %s sabit diski hazırlayacak. İlk olarak diskiniz bölümlendirilir ve daha sonra bu bölüme dosya sistemleri oluşturulur.\n\nDİSKTEKİ TÜM VERİLER SİLİNECEKTİR. Kabul ediyor musunuz?", +"Sabit disk kurulum programı %s üzerindeki sabit diski hazırlayacak. İlk olarak diskiniz bölümlendirilir ve daha sonra bu bölüme dosya sistemleri oluşturulur.\n\nDİSKTEKİ TÜM VERİLER SİLİNECEKTİR. Kabul ediyor musunuz?", /* TR_PRESS_OK_TO_REBOOT */ "Yeniden Başlat", /* TR_PRIMARY_DNS */ @@ -428,7 +428,7 @@ char *tr_tr[] = { /* TR_SETTING_SETUP_PASSWORD */ "KALDIRILACAK", /* TR_SETUP_FINISHED */ -"Kurulum tamamlandı. Tamam tuşuna basın.", +"Kurulum tamamlandı. Tamam seçneği ile ilerleyin.", /* TR_SETUP_NOT_COMPLETE */ "Başlangıç kurulumu tamamlanamadı. Şimdi kurulumu tekrar çalıştırarak ayarlarınızın düzgün yapılmış olduğundan emin olun.", /* TR_SETUP_PASSWORD */ @@ -444,7 +444,7 @@ char *tr_tr[] = { /* TR_START_ADDRESS_CR */ "Başlangıç adresi\n", /* TR_STATIC */ -"Sabit", +"Statik", /* TR_SUGGEST_IO */ "(öneri %x)", /* TR_SUGGEST_IRQ */ @@ -546,7 +546,7 @@ char *tr_tr[] = { /* TR_WARNING */ "UYARI", /* TR_WARNING_LONG */ -"Bu IP adresini değiştiriseniz %s makinesi ile uzak oturum bağlantısı kopar ve yeniden IP adresi girmeniz gerekir. Bu riskli bir işlemdir. Bu işlem sırasında bir şeyler ters giderse düzeltmek için makineye fiziksel erişiminiz varsa denemelisiniz.", +"Bu IP adresini değiştiriseniz %s makinesi ile uzak oturum bağlantısı kopar ve yeniden IP adresi girmeniz gerekir. Bu riskli bir işlemdir. Bu işlem sırasında bir şeyler ters giderse düzeltmek için makineye fiziksel erişiminiz olmalıdır. Makineye fiziksel erişiminiz varsa bu işlemi gerçekleştirin.", /* TR_WELCOME */ "%s kurulum programına hoş geldiniz. Sonraki ekranların herhangi birinde İptal seçeneğini seçtiğinizde bilgisayar yeniden başlatılacaktır.", /* TR_YOUR_CONFIGURATION_IS_SINGLE_GREEN_ALREADY_HAS_DRIVER */ @@ -588,9 +588,9 @@ char *tr_tr[] = { /* TR_DHCP_FORCE_MTU */ "DHCP mtu zorla:", /* TR_IDENTIFY */ -"Identify", +"Belirle", /* TR_IDENTIFY_SHOULD_BLINK */ -"Selected port should blink now ...", +"Seçilen bağlantı noktasının şimdi yanıp sönmesi gerekir...", /* TR_IDENTIFY_NOT_SUPPORTED */ -"Function is not supported by this port.", +"İşlev bu bağlantı noktası tarafından desteklenmiyor.", }; diff --git a/lfs/daq b/lfs/daq index e6fd8fb..fa8f2a8 100644 --- a/lfs/daq +++ b/lfs/daq @@ -24,7 +24,7 @@
include Config
-VER = 2.0.1 +VER = 2.0.2
THISAPP = daq-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 044aa3663d44580d005293eeb8ccf175 +$(DL_FILE)_MD5 = 865bf9b750a2a2ca632591a3c70b0ea0
install : $(TARGET)
diff --git a/lfs/ppp b/lfs/ppp index ba72f4c..3c60938 100644 --- a/lfs/ppp +++ b/lfs/ppp @@ -73,9 +73,14 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls - cd $(DIR_APP) && make $(MAKETUNING) CC="gcc $(CFLAGS)" + cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)" cd $(DIR_APP) && make install cd $(DIR_APP) && make install-etcppp touch /var/log/connect-errors diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch new file mode 100644 index 0000000..4a43d44 --- /dev/null +++ b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch @@ -0,0 +1,121 @@ +From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001 +From: Michal Sekletar msekleta@redhat.com +Date: Fri, 4 Apr 2014 11:29:39 +0200 +Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by + rpmbuild + +--- + chat/Makefile.linux | 2 +- + pppd/Makefile.linux | 3 +-- + pppd/plugins/Makefile.linux | 2 +- + pppd/plugins/pppoatm/Makefile.linux | 2 +- + pppd/plugins/radius/Makefile.linux | 2 +- + pppd/plugins/rp-pppoe/Makefile.linux | 2 +- + pppdump/Makefile.linux | 2 +- + pppstats/Makefile.linux | 2 +- + 8 files changed, 8 insertions(+), 9 deletions(-) + +diff --git a/chat/Makefile.linux b/chat/Makefile.linux +index 1065ac5..848cd8d 100644 +--- a/chat/Makefile.linux ++++ b/chat/Makefile.linux +@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function + CDEF4= -DFNDELAY=O_NDELAY # Old name value + CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) + +-COPTS= -O2 -g -pipe ++COPTS= $(RPM_OPT_FLAGS) + CFLAGS= $(COPTS) $(CDEFS) + + INSTALL= install +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux +index 5a44d30..63872eb 100644 +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -32,8 +32,7 @@ endif + + CC = gcc + # +-COPTS = -O2 -pipe -Wall -g +-LIBS = ++COPTS = -Wall $(RPM_OPT_FLAGS) + + # Uncomment the next 2 lines to include support for Microsoft's + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. +diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux +index 0a7ec7b..e09a369 100644 +--- a/pppd/plugins/Makefile.linux ++++ b/pppd/plugins/Makefile.linux +@@ -1,5 +1,5 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = $(RPM_OPT_FLAGS) + CFLAGS = $(COPTS) -I.. -I../../include -fPIC + LDFLAGS = -shared + INSTALL = install +diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux +index 20f62e6..5a81447 100644 +--- a/pppd/plugins/pppoatm/Makefile.linux ++++ b/pppd/plugins/pppoatm/Makefile.linux +@@ -1,5 +1,5 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = $(RPM_OPT_FLAGS) + CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC + LDFLAGS = -shared + INSTALL = install +diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux +index 24ed3e5..45b3b8d 100644 +--- a/pppd/plugins/radius/Makefile.linux ++++ b/pppd/plugins/radius/Makefile.linux +@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) + INSTALL = install + + PLUGIN=radius.so radattr.so radrealms.so +-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON ++CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON + + # Uncomment the next line to include support for Microsoft's + # MS-CHAP authentication protocol. +diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux +index 5d7a271..352991a 100644 +--- a/pppd/plugins/rp-pppoe/Makefile.linux ++++ b/pppd/plugins/rp-pppoe/Makefile.linux +@@ -25,7 +25,7 @@ INSTALL = install + # Version is set ONLY IN THE MAKEFILE! Don't delete this! + RP_VERSION=3.8p + +-COPTS=-O2 -g ++COPTS=$(RPM_OPT_FLAGS) + CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' + all: rp-pppoe.so pppoe-discovery + +diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux +index ac028f6..d0a5032 100644 +--- a/pppdump/Makefile.linux ++++ b/pppdump/Makefile.linux +@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 + +-CFLAGS= -O -I../include/net ++CFLAGS= $(RPM_OPT_FLAGS) -I../include/net + OBJS = pppdump.o bsd-comp.o deflate.o zlib.o + + INSTALL= install +diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux +index cca6f0f..42aba73 100644 +--- a/pppstats/Makefile.linux ++++ b/pppstats/Makefile.linux +@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c + PPPSTATOBJS = pppstats.o + + #CC = gcc +-COPTS = -O ++COPTS = $(RPM_OPT_FLAGS) + COMPILE_FLAGS = -I../include + LIBS = + +-- +1.8.3.1 + diff --git a/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch b/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch new file mode 100644 index 0000000..90bb2d1 --- /dev/null +++ b/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch @@ -0,0 +1,143 @@ +From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar msekleta@redhat.com +Date: Mon, 7 Apr 2014 12:23:36 +0200 +Subject: [PATCH 12/25] pppd: we don't want to accidentally leak fds + +--- + pppd/auth.c | 20 ++++++++++---------- + pppd/options.c | 2 +- + pppd/sys-linux.c | 4 ++-- + 3 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/pppd/auth.c b/pppd/auth.c +index 4271af6..9e957fa 100644 +--- a/pppd/auth.c ++++ b/pppd/auth.c +@@ -428,7 +428,7 @@ setupapfile(argv) + option_error("unable to reset uid before opening %s: %m", fname); + return 0; + } +- ufile = fopen(fname, "r"); ++ ufile = fopen(fname, "re"); + if (seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); + if (ufile == NULL) { +@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) + filename = _PATH_UPAPFILE; + addrs = opts = NULL; + ret = UPAP_AUTHNAK; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) { + error("Can't open PAP password file %s: %m", filename); + +@@ -1512,7 +1512,7 @@ null_login(unit) + if (ret <= 0) { + filename = _PATH_UPAPFILE; + addrs = NULL; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + check_access(f, filename); +@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd) + } + + filename = _PATH_UPAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + check_access(f, filename); +@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp) + } + + filename = _PATH_UPAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp) + } + + filename = _PATH_CHAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp) + struct wordlist *addrs; + + filename = _PATH_SRPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server) + addrs = NULL; + secbuf[0] = 0; + +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) { + error("Can't open chap secret file %s: %m", filename); + return 0; +@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server) + filename = _PATH_SRPFILE; + addrs = NULL; + +- fp = fopen(filename, "r"); ++ fp = fopen(filename, "re"); + if (fp == NULL) { + error("Can't open srp secret file %s: %m", filename); + return 0; +@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags) + */ + if (word[0] == '@' && word[1] == '/') { + strlcpy(atfile, word+1, sizeof(atfile)); +- if ((sf = fopen(atfile, "r")) == NULL) { ++ if ((sf = fopen(atfile, "re")) == NULL) { + warn("can't open indirect secret file %s", atfile); + continue; + } +diff --git a/pppd/options.c b/pppd/options.c +index 45fa742..1d754ae 100644 +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv) + option_error("unable to drop privileges to open %s: %m", filename); + return 0; + } +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + err = errno; + if (check_prot && seteuid(euid) == -1) + fatal("unable to regain privileges"); +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index 72a7727..8a12fa0 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail) + /* Default the mount location of /proc */ + strlcpy (proc_path, "/proc", sizeof(proc_path)); + proc_path_len = 5; +- fp = fopen(MOUNTED, "r"); ++ fp = fopen(MOUNTED, "re"); + if (fp != NULL) { + while ((mntent = getmntent(fp)) != NULL) { + if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0) +@@ -1472,7 +1472,7 @@ static int open_route_table (void) + close_route_table(); + + path = path_to_procfs("/net/route"); +- route_fd = fopen (path, "r"); ++ route_fd = fopen (path, "re"); + if (route_fd == NULL) { + error("can't open routing table %s: %m", path); + return 0; +-- +1.8.3.1 + diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch new file mode 100644 index 0000000..e3608a0 --- /dev/null +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch @@ -0,0 +1,241 @@ +From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar msekleta@redhat.com +Date: Mon, 7 Apr 2014 13:56:34 +0200 +Subject: [PATCH 13/25] everywhere: O_CLOEXEC harder + +--- + pppd/eap.c | 2 +- + pppd/main.c | 4 ++-- + pppd/options.c | 4 ++-- + pppd/sys-linux.c | 22 +++++++++++----------- + pppd/tdb.c | 4 ++-- + pppd/tty.c | 4 ++-- + pppd/utils.c | 6 +++--- + 7 files changed, 23 insertions(+), 23 deletions(-) + +diff --git a/pppd/eap.c b/pppd/eap.c +index 6ea6c1f..faced53 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1226,7 +1226,7 @@ mode_t modebits; + + if ((path = name_of_pn_file()) == NULL) + return (-1); +- fd = open(path, modebits, S_IRUSR | S_IWUSR); ++ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC); + err = errno; + free(path); + errno = err; +diff --git a/pppd/main.c b/pppd/main.c +index 6d50d1b..4880377 100644 +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -420,7 +420,7 @@ main(argc, argv) + die(0); + + /* Make sure fds 0, 1, 2 are open to somewhere. */ +- fd_devnull = open(_PATH_DEVNULL, O_RDWR); ++ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC); + if (fd_devnull < 0) + fatal("Couldn't open %s: %m", _PATH_DEVNULL); + while (fd_devnull <= 2) { +@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait) + if (log_to_fd >= 0) + errfd = log_to_fd; + else +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); ++ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600); + + ++conn_running; + pid = safe_fork(in, out, errfd); +diff --git a/pppd/options.c b/pppd/options.c +index 1d754ae..8e62635 100644 +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -1544,9 +1544,9 @@ setlogfile(argv) + option_error("unable to drop permissions to open %s: %m", *argv); + return 0; + } +- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); ++ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644); + if (fd < 0 && errno == EEXIST) +- fd = open(*argv, O_WRONLY | O_APPEND); ++ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC); + err = errno; + if (!privileged_option && seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index 8a12fa0..00a2cf5 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd) + goto err; + } + dbglog("using channel %d", chindex); +- fd = open("/dev/ppp", O_RDWR); ++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (fd < 0) { + error("Couldn't reopen /dev/ppp: %m"); + goto err; +@@ -619,7 +619,7 @@ static int make_ppp_unit() + dbglog("in make_ppp_unit, already had /dev/ppp open?"); + close(ppp_dev_fd); + } +- ppp_dev_fd = open("/dev/ppp", O_RDWR); ++ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (ppp_dev_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + flags = fcntl(ppp_dev_fd, F_GETFL); +@@ -693,7 +693,7 @@ int bundle_attach(int ifnum) + if (!new_style_driver) + return -1; + +- master_fd = open("/dev/ppp", O_RDWR); ++ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (master_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { +@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr) + if (tune_kernel) { + forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); + if (forw_path != 0) { +- int fd = open(forw_path, O_WRONLY); ++ int fd = open(forw_path, O_WRONLY | O_CLOEXEC); + if (fd >= 0) { + if (write(fd, "1", 1) != 1) + error("Couldn't enable IP forwarding: %m"); +@@ -2030,7 +2030,7 @@ int ppp_available(void) + sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); + kernel_version = KVERSION(osmaj, osmin, ospatch); + +- fd = open("/dev/ppp", O_RDWR); ++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (fd >= 0) { + new_style_driver = 1; + +@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host) + #if __GLIBC__ >= 2 + updwtmp(_PATH_WTMP, &ut); + #else +- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY); ++ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC); + if (wtmp >= 0) { + flock(wtmp, LOCK_EX); + +@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr, + int fd; + + path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); +- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) { ++ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) { + if (write(fd, "1", 1) != 1) + error("Couldn't enable dynamic IP addressing: %m"); + close(fd); +@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) + /* + * Try the unix98 way first. + */ +- mfd = open("/dev/ptmx", O_RDWR); ++ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC); + if (mfd >= 0) { + int ptn; + if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { +@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) + if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) + warn("Couldn't unlock pty slave %s: %m", pty_name); + #endif +- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) ++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + warn("Couldn't open pty slave %s: %m", pty_name); + } + } +@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) + for (i = 0; i < 64; ++i) { + slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", + 'p' + i / 16, i % 16); +- mfd = open(pty_name, O_RDWR, 0); ++ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0); + if (mfd >= 0) { + pty_name[5] = 't'; +- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); ++ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0); + if (sfd >= 0) { + fchown(sfd, uid, -1); + fchmod(sfd, S_IRUSR | S_IWUSR); +diff --git a/pppd/tdb.c b/pppd/tdb.c +index bdc5828..c7ab71c 100644 +--- a/pppd/tdb.c ++++ b/pppd/tdb.c +@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags, + goto internal; + } + +- if ((tdb->fd = open(name, open_flags, mode)) == -1) { ++ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) { + TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", + name, strerror(errno))); + goto fail; /* errno set by open(2) */ +@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb) + } + if (close(tdb->fd) != 0) + TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); +- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); ++ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0); + if (tdb->fd == -1) { + TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); + goto fail; +diff --git a/pppd/tty.c b/pppd/tty.c +index d571b11..bc96695 100644 +--- a/pppd/tty.c ++++ b/pppd/tty.c +@@ -569,7 +569,7 @@ int connect_tty() + status = EXIT_OPEN_FAILED; + goto errret; + } +- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); ++ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0); + err = errno; + if (prio < OPRIO_ROOT && seteuid(0) == -1) + fatal("Unable to regain privileges"); +@@ -723,7 +723,7 @@ int connect_tty() + if (connector == NULL && modem && devnam[0] != 0) { + int i; + for (;;) { +- if ((i = open(devnam, O_RDWR)) >= 0) ++ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0) + break; + if (errno != EINTR) { + error("Failed to reopen %s: %m", devnam); +diff --git a/pppd/utils.c b/pppd/utils.c +index 29bf970..6051b9a 100644 +--- a/pppd/utils.c ++++ b/pppd/utils.c +@@ -918,14 +918,14 @@ lock(dev) + slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev); + #endif + +- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { ++ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) { + if (errno != EEXIST) { + error("Can't create lock file %s: %m", lock_file); + break; + } + + /* Read the lock file to find out who has the device locked. */ +- fd = open(lock_file, O_RDONLY, 0); ++ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0); + if (fd < 0) { + if (errno == ENOENT) /* This is just a timing problem. */ + continue; +@@ -1004,7 +1004,7 @@ relock(pid) + + if (lock_file[0] == 0) + return -1; +- fd = open(lock_file, O_WRONLY, 0); ++ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0); + if (fd < 0) { + error("Couldn't reopen lock file %s: %m", lock_file); + lock_file[0] = 0; +-- +1.8.3.1 + diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch new file mode 100644 index 0000000..3475f09 --- /dev/null +++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch @@ -0,0 +1,174 @@ +From 2a97ab28ee00586e5f06b3ef3a0e43ea0c7c6499 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar msekleta@redhat.com +Date: Mon, 7 Apr 2014 14:21:41 +0200 +Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket + +--- + pppd/plugins/pppoatm/pppoatm.c | 2 +- + pppd/plugins/pppol2tp/openl2tp.c | 2 +- + pppd/plugins/pppol2tp/pppol2tp.c | 2 +- + pppd/plugins/rp-pppoe/if.c | 2 +- + pppd/plugins/rp-pppoe/plugin.c | 6 +++--- + pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +- + pppd/sys-linux.c | 10 +++++----- + pppd/tty.c | 2 +- + 8 files changed, 14 insertions(+), 14 deletions(-) + +diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c +index d693350..c31bb34 100644 +--- a/pppd/plugins/pppoatm/pppoatm.c ++++ b/pppd/plugins/pppoatm/pppoatm.c +@@ -135,7 +135,7 @@ static int connect_pppoatm(void) + + if (!device_got_set) + no_device_given_pppoatm(); +- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); ++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd < 0) + fatal("failed to create socket: %m"); + memset(&qos, 0, sizeof qos); +diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c +index 9643b96..1099575 100644 +--- a/pppd/plugins/pppol2tp/openl2tp.c ++++ b/pppd/plugins/pppol2tp/openl2tp.c +@@ -83,7 +83,7 @@ static int openl2tp_client_create(void) + int result; + + if (openl2tp_fd < 0) { +- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0); ++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (openl2tp_fd < 0) { + error("openl2tp connection create: %m"); + return -ENOTCONN; +diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c +index a7e3400..e64a778 100644 +--- a/pppd/plugins/pppol2tp/pppol2tp.c ++++ b/pppd/plugins/pppol2tp/pppol2tp.c +@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu, + struct ifreq ifr; + int fd; + +- fd = socket(AF_INET, SOCK_DGRAM, 0); ++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd >= 0) { + memset (&ifr, '\0', sizeof (ifr)); + strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); +diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c +index 91e9a57..72aba41 100644 +--- a/pppd/plugins/rp-pppoe/if.c ++++ b/pppd/plugins/rp-pppoe/if.c +@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) + stype = SOCK_PACKET; + #endif + +- if ((fd = socket(domain, stype, htons(type))) < 0) { ++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { + /* Give a more helpful message for the common error case */ + if (errno == EPERM) { + fatal("Cannot create raw socket -- pppoe must be run as root."); +diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c +index a8c2bb4..24bdf8f 100644 +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -137,7 +137,7 @@ PPPOEConnectDevice(void) + /* server equipment). */ + /* Opening this socket just before waitForPADS in the discovery() */ + /* function would be more appropriate, but it would mess-up the code */ +- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); ++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE); + if (conn->sessionSocket < 0) { + error("Failed to create PPPoE socket: %m"); + return -1; +@@ -148,7 +148,7 @@ PPPOEConnectDevice(void) + lcp_wantoptions[0].mru = conn->mru; + + /* Update maximum MRU */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) { + error("Can't get MTU for %s: %m", conn->ifName); + goto errout; +@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit) + } + + /* Open a socket */ +- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { ++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { + r = 0; + } + +diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c +index 3d3bf4e..c0d927d 100644 +--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c ++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c +@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) + stype = SOCK_PACKET; + #endif + +- if ((fd = socket(domain, stype, htons(type))) < 0) { ++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { + /* Give a more helpful message for the common error case */ + if (errno == EPERM) { + rp_fatal("Cannot create raw socket -- pppoe must be run as root."); +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index 00a2cf5..0690019 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits) + void sys_init(void) + { + /* Get an internet socket for doing socket ioctls. */ +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + fatal("Couldn't create IP socket: %m(%d)", errno); + + #ifdef INET6 +- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); ++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock6_fd < 0) + sock6_fd = -errno; /* save errno for later */ + #endif +@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name) + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return 0; + memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); +@@ -2067,7 +2067,7 @@ int ppp_available(void) + /* + * Open a socket for doing the ioctl operations. + */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) + return 0; + +@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64) + int skfd; + const unsigned char *ptr; + +- skfd = socket(PF_INET6, SOCK_DGRAM, 0); ++ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if(skfd == -1) + { + warn("could not open IPv6 socket"); +diff --git a/pppd/tty.c b/pppd/tty.c +index bc96695..8e76a5d 100644 +--- a/pppd/tty.c ++++ b/pppd/tty.c +@@ -896,7 +896,7 @@ open_socket(dest) + *sep = ':'; + + /* get a socket and connect it to the other end */ +- sock = socket(PF_INET, SOCK_STREAM, 0); ++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); + if (sock < 0) { + error("Can't create socket: %m"); + return -1; +-- +1.8.3.1 + diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch new file mode 100644 index 0000000..b09a9b5 --- /dev/null +++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch @@ -0,0 +1,13 @@ +diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h +index 9ab2eee..86762bd 100644 +--- a/pppd/plugins/rp-pppoe/pppoe.h ++++ b/pppd/plugins/rp-pppoe/pppoe.h +@@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session; + #define STATE_TERMINATED 4 + + /* How many PADI/PADS attempts? */ +-#define MAX_PADI_ATTEMPTS 3 ++#define MAX_PADI_ATTEMPTS 12 + + /* Initial timeout for PADO/PADS */ + #define PADI_TIMEOUT 5
hooks/post-receive -- IPFire 2.x development tree