From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 9e78ce6142549d6d786fe97c56bf58df6b81e80f
Date: Sun, 11 Aug 2013 11:52:24 +0200 [thread overview]
Message-ID: <20130811095234.F15E420310@argus.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 137420 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 9e78ce6142549d6d786fe97c56bf58df6b81e80f (commit)
via 028c88f46f5db2c466e77122914b5aa134286859 (commit)
via 0251dca9e865ca677aedc613e90c2a1ef96d2b0b (commit)
via bdc9033f08bce0c76f7d134de4a21e2b11f3671e (commit)
via 9d838dad03acbe38447df8db970bc472f3abe584 (commit)
via 93443c472f1e7f8bf9df4f5daa3cbc16ac20e182 (commit)
via b9c6c0ecd3b2eb67025dcfcc7ae5a2920c7440c8 (commit)
via f2665db1adb48ecbdfc59619c4693525be21974a (commit)
via 7bcfd0dd83873ac476cb49caceb753abb64dfc7f (commit)
via ba47633494e56d63a23ee54377007772aa59cbfb (commit)
via 919a50208bc63214cda9c0cab7845c8f9391b8c2 (commit)
via bfcb3212dc3f316368f4632b1adf4579b586200f (commit)
via 7323724196db7b63d83bea9774e2b1356b1854aa (commit)
via 726a85b8c10d4b991c7944b19a1f4c54621c5079 (commit)
via dfdda7588d53a32a007ad2be47fe9aa67141d962 (commit)
via a03547fe5e83a7118db21ad0ef782e5ef96478e7 (commit)
via 56bf9f21747cc68a954048cb88f4ddfd79f7a0fa (commit)
via bd8b033078e3a255285c56e4056083bf6108ebaf (commit)
via 818f47d06f0b2126428e8702c5930b9b44c73cc1 (commit)
via b0449403e6fc144b8ada72153e97091a8444a9f1 (commit)
via 3308f8d09f5518c5f4654f5fe4b35d62eeee6642 (commit)
via 6eb9c49d605918cbdb54cac58c08e909ff04efd1 (commit)
via 9e4cb00b428f8ff8a1e9f85c8cbb2451d732846d (commit)
via 52a2f02f41d362b84d294a0b3239d93cd2010a14 (commit)
via 45aef0dd284b7dc7bdab4f26862446ece460b8f2 (commit)
via 426270e7301d06a3076aa9142c32e145f8cd4454 (commit)
via 592efb85b898498361bd0b698cee18ec8dd35041 (commit)
via 7f532e3725cba38c96a1cc0d0bd75802f8732994 (commit)
via ae99d423b9ed13c2b7960833b81becd781a1ac58 (commit)
via 80002fe433b0a983fbee13c1f4ad6760596531f9 (commit)
via d154ab5899fc6f380be7d42148c2803e7dc3017f (commit)
via f16bcc3e310ef5118dfbf3258306ab20d6b93916 (commit)
via cee75a0d96e33b04764d121f43bedeb64b8623f6 (commit)
via 0830129a3c5065be7d3af416de16481f2d5a612f (commit)
via 005db20668d04046ad4a9b256fa17dc961258977 (commit)
via 6869929e9ac66287494e2da14b0634036d25e588 (commit)
via ae4bf64b6af924b6cace4515daca3e1eeca8184c (commit)
via d3f2ac3f5d591aa7b78d198feeea75f693ba4910 (commit)
via 9e7591e7256f69f80325cf851cbeb0730fa5d5b9 (commit)
via c60301c06a340cdd7a1bc619a3fa081d4771fc76 (commit)
via 27cb780589dd7436f16f68b12694898a171b3829 (commit)
via 13b5ce6e4068de1719ba69b67ea5b96291b7fe71 (commit)
via 295649ff27854d6899dd72f4dd587dbee45d74ff (commit)
via ce33eb3e3b2422954081bdf7c8cfd3fc8af8ede0 (commit)
via b312967ce3f9d66dbc6b8521d70725eafd1b68e3 (commit)
via aea35c5aca126e10d6aeb803b5c929b136ca9f97 (commit)
via 8e2683f70da85bd099fdbdb70d47facac5246606 (commit)
via 463f9edeb2034b0e0a360f372b9752cc1a0540cf (commit)
via 72417e2f7bdffa0c53510215f7dfd866a9da2f38 (commit)
via 6ab7955c31ab01cf8fcac874fd5553bc9da89049 (commit)
via 6cdde6c0bb08508cbbbc9fe430421098e1e1999f (commit)
via 26dfc86a7be473138c60e1a869e51b30db346a0f (commit)
via 6b0a04c0f81ff33793783752aa8275974b12fdd5 (commit)
via e877f684918ff5007d8b441736ecad3012829529 (commit)
via 4f64e2090f61fd68dadbaec989b6cb38ba9d9604 (commit)
via 05f4061d10a1bacb9a3c60205d8d88b84f216d29 (commit)
via 83803caf386c3a7fd55215ecad348131be56bba6 (commit)
via c125d8a2b4770e3cd63ef18ae720dd6e5fb8576c (commit)
via 6666897c5c4f6e328e56e66e53750a906ef04ee6 (commit)
via c92602f1615b9d1073de93e8653a743bc2d5bf81 (commit)
via 0d33245b56127b333fd4cc63f9abbc09cab42116 (commit)
via 1892a329f652188544a70ec0c614ef81c4f44acc (commit)
via 3d454690b7e4a8b4b17b8db38a21a88c407de3e3 (commit)
via 92b87e17f1497be27cc61038b4852b00e84f5d15 (commit)
via f48074bacbf1e3835ca8975d82e5dd2dc514bcb1 (commit)
via cdbe35044232c89db38f045c70b1ef1948f4d6e4 (commit)
via 15fbfae62747088414e48ad0bc380a488265af1f (commit)
via b5c00b8654ccbe438d6d38d29859c67fbf0a6cc7 (commit)
via 5e9b7dd2c3c0d242c06a48450fef81fcfb5fa29a (commit)
via e0cdf670a3d79b6d607f7eade6d99743f5cd5769 (commit)
via 15be554282c3c424d5d9eab9de62f6fde4203585 (commit)
via f4dd02f2b6b5b74ca71160d76039c06af7b1992f (commit)
via 82efdd4f22af3a3f37c99444c1ee65934920ea24 (commit)
via bf9a484fb83ecf2e5d9d67f6f58d48b6b262fc67 (commit)
via 3f7ae7b7158e6d15a273815c676e63794346fffe (commit)
via d1347595abe451baa2ad4b1a81c15e160135ecf0 (commit)
from 7b1db453c034fd88217f2f9b38ff1c57a9ec1f52 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9e78ce6142549d6d786fe97c56bf58df6b81e80f
Merge: 7b1db45 028c88f
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Aug 11 11:51:40 2013 +0200
Merge remote-tracking branch 'origin/next'
-----------------------------------------------------------------------
Summary of changes:
config/backup/includes/tor | 4 +
config/backup/includes/vdr | 1 +
config/menu/EX-tor.menu | 6 +
config/ovpn/verify | 2 +-
config/rootfiles/common/armv5tel/initscripts | 1 +
config/rootfiles/common/configroot | 1 +
config/rootfiles/common/daq | 2 +-
config/rootfiles/common/gperf | 4 +
config/rootfiles/common/i586/initscripts | 1 +
config/rootfiles/common/misc-progs | 1 +
config/rootfiles/common/strongswan | 14 +
config/rootfiles/{oldcore/68 => core/72}/exclude | 2 +-
.../{oldcore/44 => core/72}/filelists/daq | 0
config/rootfiles/core/72/filelists/files | 11 +
.../72}/filelists/i586/strongswan-padlock | 0
config/rootfiles/core/{71 => 72}/filelists/snort | 0
config/rootfiles/core/{71 => 72}/filelists/squid | 0
.../{oldcore/38 => core/72}/filelists/strongswan | 0
config/rootfiles/core/{70 => 72}/meta | 0
config/rootfiles/{oldcore/68 => core/72}/update.sh | 18 +-
config/rootfiles/packages/arm | 166 ++++
config/rootfiles/packages/tor | 31 +
config/tor/defaults-torrc | 3 +
config/tor/tor.logrotate | 13 +
config/vdr/vdr.sysconfig | 2 +-
doc/language_issues.de | 4 +
doc/language_issues.en | 6 +
doc/language_issues.es | 51 ++
doc/language_issues.fr | 51 ++
doc/language_issues.nl | 51 ++
doc/language_issues.pl | 51 ++
doc/language_issues.ru | 51 ++
doc/language_issues.tr | 51 ++
doc/language_missings | 220 +++++
html/cgi-bin/ddns.cgi | 2 +
html/cgi-bin/ids.cgi | 2 +-
html/cgi-bin/ovpnmain.cgi | 67 +-
html/cgi-bin/tor.cgi | 902 +++++++++++++++++++++
html/cgi-bin/vpnmain.cgi | 30 +-
html/cgi-bin/wirelessclient.cgi | 0
langs/de/cgi-bin/de.pl | 48 ++
langs/en/cgi-bin/en.pl | 50 ++
lfs/{libexif => arm} | 17 +-
lfs/daq | 6 +-
lfs/{nasm => gperf} | 11 +-
lfs/samba | 6 +-
lfs/snort | 5 +-
lfs/squid | 3 +
lfs/strongswan | 17 +-
lfs/{keepalived => tor} | 46 +-
lfs/transmission | 6 +-
lfs/vdr | 2 +-
make.sh | 7 +-
src/initscripts/init.d/firewall | 4 +
src/initscripts/init.d/tor | 82 ++
src/misc-progs/Makefile | 5 +-
src/misc-progs/ipsecctrl.c | 16 +-
src/misc-progs/openvpnctrl.c | 15 +-
src/misc-progs/{dnsmasqctrl.c => torctrl.c} | 12 +-
src/patches/arm-dont-require-distutils.patch | 20 +
src/patches/squid-3.1-10486.patch | 54 ++
src/patches/squid-3.1-10487.patch | 73 ++
src/scripts/setddns.pl | 21 +
63 files changed, 2233 insertions(+), 115 deletions(-)
create mode 100644 config/backup/includes/tor
create mode 100644 config/menu/EX-tor.menu
create mode 100644 config/rootfiles/common/gperf
copy config/rootfiles/{oldcore/68 => core/72}/exclude (94%)
copy config/rootfiles/{oldcore/44 => core/72}/filelists/daq (100%)
create mode 100644 config/rootfiles/core/72/filelists/files
copy config/rootfiles/{oldcore/66 => core/72}/filelists/i586/strongswan-padlock (100%)
copy config/rootfiles/core/{71 => 72}/filelists/snort (100%)
copy config/rootfiles/core/{71 => 72}/filelists/squid (100%)
copy config/rootfiles/{oldcore/38 => core/72}/filelists/strongswan (100%)
copy config/rootfiles/core/{70 => 72}/meta (100%)
copy config/rootfiles/{oldcore/68 => core/72}/update.sh (90%)
create mode 100644 config/rootfiles/packages/arm
create mode 100644 config/rootfiles/packages/tor
create mode 100644 config/tor/defaults-torrc
create mode 100644 config/tor/tor.logrotate
create mode 100644 html/cgi-bin/tor.cgi
mode change 100755 => 100644 html/cgi-bin/wirelessclient.cgi
copy lfs/{libexif => arm} (90%)
copy lfs/{nasm => gperf} (93%)
copy lfs/{keepalived => tor} (74%)
create mode 100644 src/initscripts/init.d/tor
copy src/misc-progs/{dnsmasqctrl.c => torctrl.c} (63%)
create mode 100644 src/patches/arm-dont-require-distutils.patch
create mode 100644 src/patches/squid-3.1-10486.patch
create mode 100644 src/patches/squid-3.1-10487.patch
Difference in files:
diff --git a/config/backup/includes/tor b/config/backup/includes/tor
new file mode 100644
index 0000000..bff4956
--- /dev/null
+++ b/config/backup/includes/tor
@@ -0,0 +1,4 @@
+/etc/tor
+/var/ipfire/tor
+/var/lib/tor/fingerprint
+/var/lib/tor/keys
diff --git a/config/backup/includes/vdr b/config/backup/includes/vdr
index 38bd82a..a2b5d83 100644
--- a/config/backup/includes/vdr
+++ b/config/backup/includes/vdr
@@ -1 +1,2 @@
/etc/vdr
+/etc/sysconfig/vdr
diff --git a/config/menu/EX-tor.menu b/config/menu/EX-tor.menu
new file mode 100644
index 0000000..00ddffe
--- /dev/null
+++ b/config/menu/EX-tor.menu
@@ -0,0 +1,6 @@
+$subipfire->{'50.tor'} = {
+ 'caption' => $Lang::tr{'tor'},
+ 'uri' => '/cgi-bin/tor.cgi',
+ 'title' => $Lang::tr{'tor'},
+ 'enabled' => 1,
+};
diff --git a/config/ovpn/verify b/config/ovpn/verify
index 7233429..44ed110 100644
--- a/config/ovpn/verify
+++ b/config/ovpn/verify
@@ -49,7 +49,7 @@ if (-f "${General::swroot}/ovpn/ovpnconfig"){
exit 0 if ($cn eq $CN);
# Compatibility code for incorrectly saved CNs.
- $cn =~ s/\ /_/;
+ $cn =~ s/\ /_/g;
exit 0 if ($cn eq $CN);
}
}
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index ff6d731..25fca8d 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -126,6 +126,7 @@ etc/rc.d/init.d/teamspeak
etc/rc.d/init.d/template
#etc/rc.d/init.d/tftpd
etc/rc.d/init.d/tmpfs
+#etc/rc.d/init.d/tor
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/upnpd
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index cd33ec4..8965ff7 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -91,6 +91,7 @@ var/ipfire/menu.d/70-log.menu
#var/ipfire/menu.d/EX-imspector.menu
#var/ipfire/menu.d/EX-mpfire.menu
#var/ipfire/menu.d/EX-samba.menu
+#var/ipfire/menu.d/EX-tor.menu
#var/ipfire/menu.d/EX-tripwire.menu
#var/ipfire/menu.d/EX-wlanap.menu
var/ipfire/modem
diff --git a/config/rootfiles/common/daq b/config/rootfiles/common/daq
index 10ec777..4467545 100644
--- a/config/rootfiles/common/daq
+++ b/config/rootfiles/common/daq
@@ -21,7 +21,7 @@ usr/lib/daq
#usr/lib/libdaq.la
#usr/lib/libdaq.so
usr/lib/libdaq.so.2
-usr/lib/libdaq.so.2.0.0
+usr/lib/libdaq.so.2.0.1
#usr/lib/libdaq_static.a
#usr/lib/libdaq_static.la
#usr/lib/libdaq_static_modules.a
diff --git a/config/rootfiles/common/gperf b/config/rootfiles/common/gperf
new file mode 100644
index 0000000..7c3a1cb
--- /dev/null
+++ b/config/rootfiles/common/gperf
@@ -0,0 +1,4 @@
+#usr/bin/gperf
+#usr/share/doc/gperf.html
+#usr/share/info/gperf.info
+#usr/share/man/man1/gperf.1
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 55cee86..3aca59e 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -128,6 +128,7 @@ etc/rc.d/init.d/teamspeak
etc/rc.d/init.d/template
#etc/rc.d/init.d/tftpd
etc/rc.d/init.d/tmpfs
+#etc/rc.d/init.d/tor
#etc/rc.d/init.d/transmission
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index a8dac59..8fd9b0b 100644
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -32,6 +32,7 @@ usr/local/bin/squidctrl
usr/local/bin/sshctrl
usr/local/bin/syslogdctrl
usr/local/bin/timectrl
+#usr/local/bin/torctrl
#usr/local/bin/tripwirectrl
usr/local/bin/updxlratorctrl
usr/local/bin/upnpctrl
diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index 2d5d42b..5d61ec1 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -31,6 +31,11 @@ usr/lib/ipsec/libradius.so.0.0.0
usr/lib/ipsec/libstrongswan.so
usr/lib/ipsec/libstrongswan.so.0
usr/lib/ipsec/libstrongswan.so.0.0.0
+#usr/lib/ipsec/libtls.a
+#usr/lib/ipsec/libtls.la
+usr/lib/ipsec/libtls.so
+usr/lib/ipsec/libtls.so.0
+usr/lib/ipsec/libtls.so.0.0.0
#usr/lib/ipsec/plugins
usr/lib/ipsec/plugins/libstrongswan-aes.so
usr/lib/ipsec/plugins/libstrongswan-attr.so
@@ -39,7 +44,12 @@ usr/lib/ipsec/plugins/libstrongswan-constraints.so
usr/lib/ipsec/plugins/libstrongswan-curl.so
usr/lib/ipsec/plugins/libstrongswan-des.so
usr/lib/ipsec/plugins/libstrongswan-dnskey.so
+usr/lib/ipsec/plugins/libstrongswan-eap-identity.so
+usr/lib/ipsec/plugins/libstrongswan-eap-mschapv2.so
+usr/lib/ipsec/plugins/libstrongswan-eap-peap.so
usr/lib/ipsec/plugins/libstrongswan-eap-radius.so
+usr/lib/ipsec/plugins/libstrongswan-eap-tls.so
+usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so
usr/lib/ipsec/plugins/libstrongswan-fips-prf.so
usr/lib/ipsec/plugins/libstrongswan-gmp.so
usr/lib/ipsec/plugins/libstrongswan-hmac.so
@@ -51,18 +61,22 @@ usr/lib/ipsec/plugins/libstrongswan-openssl.so
usr/lib/ipsec/plugins/libstrongswan-pem.so
usr/lib/ipsec/plugins/libstrongswan-pgp.so
usr/lib/ipsec/plugins/libstrongswan-pkcs1.so
+usr/lib/ipsec/plugins/libstrongswan-pkcs12.so
usr/lib/ipsec/plugins/libstrongswan-pkcs7.so
usr/lib/ipsec/plugins/libstrongswan-pkcs8.so
usr/lib/ipsec/plugins/libstrongswan-pubkey.so
usr/lib/ipsec/plugins/libstrongswan-random.so
+usr/lib/ipsec/plugins/libstrongswan-rc2.so
usr/lib/ipsec/plugins/libstrongswan-resolve.so
usr/lib/ipsec/plugins/libstrongswan-revocation.so
usr/lib/ipsec/plugins/libstrongswan-sha1.so
usr/lib/ipsec/plugins/libstrongswan-sha2.so
usr/lib/ipsec/plugins/libstrongswan-socket-default.so
+usr/lib/ipsec/plugins/libstrongswan-sshkey.so
usr/lib/ipsec/plugins/libstrongswan-stroke.so
usr/lib/ipsec/plugins/libstrongswan-updown.so
usr/lib/ipsec/plugins/libstrongswan-x509.so
+usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
usr/lib/ipsec/plugins/libstrongswan-xauth-generic.so
usr/lib/ipsec/plugins/libstrongswan-xcbc.so
#usr/libexec/ipsec
diff --git a/config/rootfiles/core/72/exclude b/config/rootfiles/core/72/exclude
new file mode 100644
index 0000000..e8ae55d
--- /dev/null
+++ b/config/rootfiles/core/72/exclude
@@ -0,0 +1,17 @@
+srv/web/ipfire/html/proxy.pac
+boot/config.txt
+etc/udev/rules.d/30-persistent-network.rules
+etc/collectd.custom
+etc/shadow
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+var/log/cache
+var/updatecache
+etc/localtime
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+var/state/dhcp/dhcpd.leases
+etc/snort/snort.conf
diff --git a/config/rootfiles/core/72/filelists/daq b/config/rootfiles/core/72/filelists/daq
new file mode 120000
index 0000000..d0e0956
--- /dev/null
+++ b/config/rootfiles/core/72/filelists/daq
@@ -0,0 +1 @@
+../../../common/daq
\ No newline at end of file
diff --git a/config/rootfiles/core/72/filelists/files b/config/rootfiles/core/72/filelists/files
new file mode 100644
index 0000000..e8f90a1
--- /dev/null
+++ b/config/rootfiles/core/72/filelists/files
@@ -0,0 +1,11 @@
+etc/system-release
+etc/issue
+etc/rc.d/init.d/firewall
+srv/web/ipfire/cgi-bin/ddns.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+usr/local/bin/openvpnctrl
+usr/local/bin/setddns.pl
+var/ipfire/langs
+var/ipfire/ovpn/verify
diff --git a/config/rootfiles/core/72/filelists/i586/strongswan-padlock b/config/rootfiles/core/72/filelists/i586/strongswan-padlock
new file mode 120000
index 0000000..2412824
--- /dev/null
+++ b/config/rootfiles/core/72/filelists/i586/strongswan-padlock
@@ -0,0 +1 @@
+../../../../common/i586/strongswan-padlock
\ No newline at end of file
diff --git a/config/rootfiles/core/72/filelists/snort b/config/rootfiles/core/72/filelists/snort
new file mode 120000
index 0000000..9406ce0
--- /dev/null
+++ b/config/rootfiles/core/72/filelists/snort
@@ -0,0 +1 @@
+../../../common/snort
\ No newline at end of file
diff --git a/config/rootfiles/core/72/filelists/squid b/config/rootfiles/core/72/filelists/squid
new file mode 120000
index 0000000..2dc8372
--- /dev/null
+++ b/config/rootfiles/core/72/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/core/72/filelists/strongswan b/config/rootfiles/core/72/filelists/strongswan
new file mode 120000
index 0000000..90c727e
--- /dev/null
+++ b/config/rootfiles/core/72/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/config/rootfiles/core/72/meta b/config/rootfiles/core/72/meta
new file mode 100644
index 0000000..d547fa8
--- /dev/null
+++ b/config/rootfiles/core/72/meta
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/core/72/update.sh b/config/rootfiles/core/72/update.sh
new file mode 100644
index 0000000..c3dc20a
--- /dev/null
+++ b/config/rootfiles/core/72/update.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2013 IPFire-Team <info(a)ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+#
+# Remove old core updates from pakfire cache to save space...
+core=72
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+#
+#Stop services
+/etc/init.d/ipsec stop
+/etc/init.d/snort stop
+/etc/init.d/squid stop
+
+#
+#Extract files
+extract_files
+
+
+#
+#Start services
+/etc/init.d/squid start
+/etc/init.d/snort start
+if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
+ /etc/init.d/ipsec start
+fi
+
+
+#
+#Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+sync
+
+# This update need a reboot...
+#touch /var/run/need_reboot
+
+#
+#Finish
+/etc/init.d/fireinfo start
+sendprofile
+#Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/packages/arm b/config/rootfiles/packages/arm
new file mode 100644
index 0000000..eb9d128
--- /dev/null
+++ b/config/rootfiles/packages/arm
@@ -0,0 +1,166 @@
+usr/bin/arm
+#usr/share/arm
+#usr/share/arm-1.4.5.0-py2.7.egg-info
+usr/share/arm/TorCtl
+usr/share/arm/TorCtl/GeoIPSupport.py
+usr/share/arm/TorCtl/GeoIPSupport.pyc
+usr/share/arm/TorCtl/PathSupport.py
+usr/share/arm/TorCtl/PathSupport.pyc
+usr/share/arm/TorCtl/SQLSupport.py
+usr/share/arm/TorCtl/SQLSupport.pyc
+usr/share/arm/TorCtl/ScanSupport.py
+usr/share/arm/TorCtl/ScanSupport.pyc
+usr/share/arm/TorCtl/StatsSupport.py
+usr/share/arm/TorCtl/StatsSupport.pyc
+usr/share/arm/TorCtl/TorCtl.py
+usr/share/arm/TorCtl/TorCtl.pyc
+usr/share/arm/TorCtl/TorUtil.py
+usr/share/arm/TorCtl/TorUtil.pyc
+usr/share/arm/TorCtl/__init__.py
+usr/share/arm/TorCtl/__init__.pyc
+usr/share/arm/TorCtl/example.py
+usr/share/arm/TorCtl/example.pyc
+usr/share/arm/__init__.py
+usr/share/arm/__init__.pyc
+usr/share/arm/cli
+usr/share/arm/cli/__init__.py
+usr/share/arm/cli/__init__.pyc
+usr/share/arm/cli/configPanel.py
+usr/share/arm/cli/configPanel.pyc
+usr/share/arm/cli/connections
+usr/share/arm/cli/connections/__init__.py
+usr/share/arm/cli/connections/__init__.pyc
+usr/share/arm/cli/connections/circEntry.py
+usr/share/arm/cli/connections/circEntry.pyc
+usr/share/arm/cli/connections/connEntry.py
+usr/share/arm/cli/connections/connEntry.pyc
+usr/share/arm/cli/connections/connPanel.py
+usr/share/arm/cli/connections/connPanel.pyc
+usr/share/arm/cli/connections/countPopup.py
+usr/share/arm/cli/connections/countPopup.pyc
+usr/share/arm/cli/connections/descriptorPopup.py
+usr/share/arm/cli/connections/descriptorPopup.pyc
+usr/share/arm/cli/connections/entries.py
+usr/share/arm/cli/connections/entries.pyc
+usr/share/arm/cli/controller.py
+usr/share/arm/cli/controller.pyc
+usr/share/arm/cli/graphing
+usr/share/arm/cli/graphing/__init__.py
+usr/share/arm/cli/graphing/__init__.pyc
+usr/share/arm/cli/graphing/bandwidthStats.py
+usr/share/arm/cli/graphing/bandwidthStats.pyc
+usr/share/arm/cli/graphing/connStats.py
+usr/share/arm/cli/graphing/connStats.pyc
+usr/share/arm/cli/graphing/graphPanel.py
+usr/share/arm/cli/graphing/graphPanel.pyc
+usr/share/arm/cli/graphing/resourceStats.py
+usr/share/arm/cli/graphing/resourceStats.pyc
+usr/share/arm/cli/headerPanel.py
+usr/share/arm/cli/headerPanel.pyc
+usr/share/arm/cli/interpretorPanel.py
+usr/share/arm/cli/interpretorPanel.pyc
+usr/share/arm/cli/logPanel.py
+usr/share/arm/cli/logPanel.pyc
+usr/share/arm/cli/menu
+usr/share/arm/cli/menu/__init__.py
+usr/share/arm/cli/menu/__init__.pyc
+usr/share/arm/cli/menu/actions.py
+usr/share/arm/cli/menu/actions.pyc
+usr/share/arm/cli/menu/item.py
+usr/share/arm/cli/menu/item.pyc
+usr/share/arm/cli/menu/menu.py
+usr/share/arm/cli/menu/menu.pyc
+usr/share/arm/cli/popups.py
+usr/share/arm/cli/popups.pyc
+usr/share/arm/cli/torrcPanel.py
+usr/share/arm/cli/torrcPanel.pyc
+usr/share/arm/cli/wizard.py
+usr/share/arm/cli/wizard.pyc
+usr/share/arm/gui
+usr/share/arm/gui/__init__.py
+usr/share/arm/gui/__init__.pyc
+usr/share/arm/gui/arm.xml
+usr/share/arm/gui/configPanel.py
+usr/share/arm/gui/configPanel.pyc
+usr/share/arm/gui/connections
+usr/share/arm/gui/connections/__init__.py
+usr/share/arm/gui/connections/__init__.pyc
+usr/share/arm/gui/connections/circEntry.py
+usr/share/arm/gui/connections/circEntry.pyc
+usr/share/arm/gui/connections/connEntry.py
+usr/share/arm/gui/connections/connEntry.pyc
+usr/share/arm/gui/connections/connPanel.py
+usr/share/arm/gui/connections/connPanel.pyc
+usr/share/arm/gui/controller.py
+usr/share/arm/gui/controller.pyc
+usr/share/arm/gui/generalPanel.py
+usr/share/arm/gui/generalPanel.pyc
+usr/share/arm/gui/graphing
+usr/share/arm/gui/graphing/__init__.py
+usr/share/arm/gui/graphing/__init__.pyc
+usr/share/arm/gui/graphing/bandwidthStats.py
+usr/share/arm/gui/graphing/bandwidthStats.pyc
+usr/share/arm/gui/graphing/graphPanel.py
+usr/share/arm/gui/graphing/graphPanel.pyc
+usr/share/arm/gui/logPanel.py
+usr/share/arm/gui/logPanel.pyc
+usr/share/arm/prereq.py
+usr/share/arm/prereq.pyc
+#usr/share/arm/resources
+#usr/share/arm/resources/arm.1
+#usr/share/arm/resources/exitNotice
+#usr/share/arm/resources/exitNotice/how_tor_works_thumb.png
+#usr/share/arm/resources/exitNotice/index.html
+#usr/share/arm/resources/startTor
+#usr/share/arm/resources/tor-arm.desktop
+#usr/share/arm/resources/tor-arm.svg
+#usr/share/arm/resources/torConfigDesc.txt
+#usr/share/arm/resources/torrcOverride
+#usr/share/arm/resources/torrcOverride/override.c
+#usr/share/arm/resources/torrcOverride/override.h
+#usr/share/arm/resources/torrcOverride/override.py
+#usr/share/arm/resources/torrcTemplate.txt
+usr/share/arm/settings.cfg
+usr/share/arm/starter.py
+usr/share/arm/starter.pyc
+usr/share/arm/test.py
+usr/share/arm/test.pyc
+#usr/share/arm/uninstall
+usr/share/arm/util
+usr/share/arm/util/__init__.py
+usr/share/arm/util/__init__.pyc
+usr/share/arm/util/conf.py
+usr/share/arm/util/conf.pyc
+usr/share/arm/util/connections.py
+usr/share/arm/util/connections.pyc
+usr/share/arm/util/enum.py
+usr/share/arm/util/enum.pyc
+usr/share/arm/util/gtkTools.py
+usr/share/arm/util/gtkTools.pyc
+usr/share/arm/util/hostnames.py
+usr/share/arm/util/hostnames.pyc
+usr/share/arm/util/log.py
+usr/share/arm/util/log.pyc
+usr/share/arm/util/panel.py
+usr/share/arm/util/panel.pyc
+usr/share/arm/util/procName.py
+usr/share/arm/util/procName.pyc
+usr/share/arm/util/procTools.py
+usr/share/arm/util/procTools.pyc
+usr/share/arm/util/sysTools.py
+usr/share/arm/util/sysTools.pyc
+usr/share/arm/util/textInput.py
+usr/share/arm/util/textInput.pyc
+usr/share/arm/util/torConfig.py
+usr/share/arm/util/torConfig.pyc
+usr/share/arm/util/torInterpretor.py
+usr/share/arm/util/torInterpretor.pyc
+usr/share/arm/util/torTools.py
+usr/share/arm/util/torTools.pyc
+usr/share/arm/util/uiTools.py
+usr/share/arm/util/uiTools.pyc
+usr/share/arm/version.py
+usr/share/arm/version.pyc
+#usr/share/doc/arm
+#usr/share/doc/arm/armrc.sample
+#usr/share/man/man1/arm.1.gz
diff --git a/config/rootfiles/packages/tor b/config/rootfiles/packages/tor
new file mode 100644
index 0000000..8eb6dad
--- /dev/null
+++ b/config/rootfiles/packages/tor
@@ -0,0 +1,31 @@
+#etc/logrotate.d
+etc/logrotate.d/tor
+etc/rc.d/init.d/tor
+#etc/tor
+etc/tor/tor-tsocks.conf
+etc/tor/torrc
+srv/web/ipfire/cgi-bin/tor.cgi
+usr/bin/tor
+usr/bin/tor-gencert
+usr/bin/tor-resolve
+#usr/bin/torify
+usr/local/bin/torctrl
+#usr/share/doc/tor
+#usr/share/doc/tor/tor-gencert.html
+#usr/share/doc/tor/tor-resolve.html
+#usr/share/doc/tor/tor.html
+#usr/share/doc/tor/torify.html
+#usr/share/man/man1/tor-gencert.1
+#usr/share/man/man1/tor-resolve.1
+#usr/share/man/man1/tor.1
+#usr/share/man/man1/torify.1
+usr/share/tor
+usr/share/tor/defaults-torrc
+usr/share/tor/geoip
+var/ipfire/backup/addons/includes/tor
+var/ipfire/menu.d/EX-tor.menu
+var/ipfire/tor
+var/ipfire/tor/settings
+var/ipfire/tor/torrc
+var/lib/tor
+var/log/tor
diff --git a/config/tor/defaults-torrc b/config/tor/defaults-torrc
new file mode 100644
index 0000000..703d821
--- /dev/null
+++ b/config/tor/defaults-torrc
@@ -0,0 +1,3 @@
+DataDirectory /var/lib/tor
+User nobody
+Log notice syslog
diff --git a/config/tor/tor.logrotate b/config/tor/tor.logrotate
new file mode 100644
index 0000000..49fe002
--- /dev/null
+++ b/config/tor/tor.logrotate
@@ -0,0 +1,13 @@
+/var/log/tor/*.log {
+ daily
+ rotate 5
+ compress
+ delaycompress
+ missingok
+ notifempty
+ create 0640 nobody nobody
+ sharedscripts
+ postrotate
+ /etc/init.d/tor reload >/dev/null 2>&1 || :
+ endscript
+}
diff --git a/config/vdr/vdr.sysconfig b/config/vdr/vdr.sysconfig
index a1cebf1..9c79069 100644
--- a/config/vdr/vdr.sysconfig
+++ b/config/vdr/vdr.sysconfig
@@ -3,7 +3,7 @@
# The "master" options. Some examples of options you may want to set
# here are -r, -t, and --rcu. See the vdr(1) man page for more info.
#
-VDR_OPTIONS=(--vfat)
+VDR_OPTIONS=(--vfat --log=1)
# VDR_PLUGIN_ORDER is a space separated list of plugins that should be
# loaded in a specific order. This affects eg. the order the plugins'
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 3b6e117..bbe5e1d 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -406,6 +406,10 @@ WARNING: translation string unused: to email adr
WARNING: translation string unused: to install an update
WARNING: translation string unused: to warn email bad
WARNING: translation string unused: too long 80 char max
+WARNING: translation string unused: tor accounting period daily
+WARNING: translation string unused: tor accounting period monthly
+WARNING: translation string unused: tor accounting period weekly
+WARNING: translation string unused: tor exit country
WARNING: translation string unused: traffic back
WARNING: translation string unused: traffic calc time
WARNING: translation string unused: traffic calc time bad
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 8f530a3..1248957 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -437,6 +437,12 @@ WARNING: translation string unused: to email adr
WARNING: translation string unused: to install an update
WARNING: translation string unused: to warn email bad
WARNING: translation string unused: too long 80 char max
+WARNING: translation string unused: tor accounting period daily
+WARNING: translation string unused: tor accounting period monthly
+WARNING: translation string unused: tor accounting period weekly
+WARNING: translation string unused: tor bridge enabled
+WARNING: translation string unused: tor errmsg invalid node id
+WARNING: translation string unused: tor exit country
WARNING: translation string unused: traffic back
WARNING: translation string unused: traffic calc time
WARNING: translation string unused: traffic calc time bad
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 2258d1b..790ce1a 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -549,6 +549,13 @@ WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
@@ -618,6 +625,50 @@ WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
WARNING: untranslated string: static routes
WARNING: untranslated string: system information
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uptime load average
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 58f4454..41d8d9d 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -549,6 +549,13 @@ WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: dns address deleted txt
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
@@ -603,6 +610,50 @@ WARNING: untranslated string: server restart
WARNING: untranslated string: snort working
WARNING: untranslated string: static routes
WARNING: untranslated string: system information
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: upload new ruleset
WARNING: untranslated string: uptime load average
WARNING: untranslated string: urlfilter file ext block
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index d7a7ff7..46838b0 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -513,6 +513,13 @@ WARNING: untranslated string: age sminute
WARNING: untranslated string: age ssecond
WARNING: untranslated string: bytes
WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: qos enter bandwidths
@@ -520,6 +527,50 @@ WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uptime load average
WARNING: untranslated string: wlan client
WARNING: untranslated string: wlan client advanced settings
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 2258d1b..790ce1a 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -549,6 +549,13 @@ WARNING: untranslated string: ccd routes
WARNING: untranslated string: ccd subnet
WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: emerging rules
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
@@ -618,6 +625,50 @@ WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
WARNING: untranslated string: static routes
WARNING: untranslated string: system information
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uptime load average
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 7b83295..6700696 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -542,6 +542,13 @@ WARNING: untranslated string: ccd used
WARNING: untranslated string: community rules
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: disk access per
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: emerging rules
WARNING: untranslated string: extrahd because there is already a device mounted
WARNING: untranslated string: extrahd cant umount
@@ -583,6 +590,50 @@ WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
WARNING: untranslated string: server restart
WARNING: untranslated string: static routes
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: uptime load average
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 1756840..6c4502f 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -510,12 +510,63 @@ WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
+WARNING: untranslated string: dnsforward
+WARNING: untranslated string: dnsforward add a new entry
+WARNING: untranslated string: dnsforward configuration
+WARNING: untranslated string: dnsforward edit an entry
+WARNING: untranslated string: dnsforward entries
+WARNING: untranslated string: dnsforward forward_server
+WARNING: untranslated string: dnsforward zone
WARNING: untranslated string: new
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: tor
+WARNING: untranslated string: tor accounting
+WARNING: untranslated string: tor accounting bytes
+WARNING: untranslated string: tor accounting bytes left
+WARNING: untranslated string: tor accounting interval
+WARNING: untranslated string: tor accounting limit
+WARNING: untranslated string: tor accounting period
+WARNING: untranslated string: tor acls
+WARNING: untranslated string: tor allowed subnets
+WARNING: untranslated string: tor bandwidth burst
+WARNING: untranslated string: tor bandwidth rate
+WARNING: untranslated string: tor bandwidth settings
+WARNING: untranslated string: tor bandwidth unlimited
+WARNING: untranslated string: tor common settings
+WARNING: untranslated string: tor configuration
+WARNING: untranslated string: tor connected relays
+WARNING: untranslated string: tor contact info
+WARNING: untranslated string: tor enabled
+WARNING: untranslated string: tor errmsg invalid accounting limit
+WARNING: untranslated string: tor errmsg invalid ip or mask
+WARNING: untranslated string: tor errmsg invalid relay address
+WARNING: untranslated string: tor errmsg invalid relay name
+WARNING: untranslated string: tor errmsg invalid relay port
+WARNING: untranslated string: tor errmsg invalid socks port
+WARNING: untranslated string: tor exit country any
+WARNING: untranslated string: tor exit nodes
+WARNING: untranslated string: tor relay address
+WARNING: untranslated string: tor relay configuration
+WARNING: untranslated string: tor relay enabled
+WARNING: untranslated string: tor relay external address
+WARNING: untranslated string: tor relay fingerprint
+WARNING: untranslated string: tor relay mode
+WARNING: untranslated string: tor relay mode bridge
+WARNING: untranslated string: tor relay mode exit
+WARNING: untranslated string: tor relay mode private bridge
+WARNING: untranslated string: tor relay mode relay
+WARNING: untranslated string: tor relay nickname
+WARNING: untranslated string: tor relay port
+WARNING: untranslated string: tor socks port
+WARNING: untranslated string: tor stats
+WARNING: untranslated string: tor traffic limit hard
+WARNING: untranslated string: tor traffic limit soft
+WARNING: untranslated string: tor traffic read written
+WARNING: untranslated string: tor use exit nodes
WARNING: untranslated string: wlan client
WARNING: untranslated string: wlan client advanced settings
WARNING: untranslated string: wlan client and
diff --git a/doc/language_missings b/doc/language_missings
index b78b367..3c611e6 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -60,6 +60,13 @@
< ccd used
< deprecated fs warn
< dns address deleted txt
+< dnsforward
+< dnsforward add a new entry
+< dnsforward configuration
+< dnsforward edit an entry
+< dnsforward entries
+< dnsforward forward_server
+< dnsforward zone
< fireinfo ipfire version
< fireinfo is disabled
< fireinfo is enabled
@@ -109,6 +116,54 @@
< snort working
< static routes
< system information
+< tor
+< tor accounting
+< tor accounting bytes
+< tor accounting bytes left
+< tor accounting interval
+< tor accounting limit
+< tor accounting period
+< tor accounting period daily
+< tor accounting period monthly
+< tor accounting period weekly
+< tor acls
+< tor allowed subnets
+< tor bandwidth burst
+< tor bandwidth rate
+< tor bandwidth settings
+< tor bandwidth unlimited
+< tor common settings
+< tor configuration
+< tor connected relays
+< tor contact info
+< tor enabled
+< tor errmsg invalid accounting limit
+< tor errmsg invalid ip or mask
+< tor errmsg invalid relay address
+< tor errmsg invalid relay name
+< tor errmsg invalid relay port
+< tor errmsg invalid socks port
+< tor exit country
+< tor exit country any
+< tor exit nodes
+< tor relay address
+< tor relay configuration
+< tor relay enabled
+< tor relay external address
+< tor relay fingerprint
+< tor relay mode
+< tor relay mode bridge
+< tor relay mode exit
+< tor relay mode private bridge
+< tor relay mode relay
+< tor relay nickname
+< tor relay port
+< tor socks port
+< tor stats
+< tor traffic limit hard
+< tor traffic limit soft
+< tor traffic read written
+< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
< upload new ruleset
@@ -224,6 +279,13 @@
< ccd subnet
< ccd used
< deprecated fs warn
+< dnsforward
+< dnsforward add a new entry
+< dnsforward configuration
+< dnsforward edit an entry
+< dnsforward entries
+< dnsforward forward_server
+< dnsforward zone
< fireinfo ipfire version
< fireinfo is disabled
< fireinfo is enabled
@@ -289,6 +351,54 @@
< Set time on boot
< static routes
< system information
+< tor
+< tor accounting
+< tor accounting bytes
+< tor accounting bytes left
+< tor accounting interval
+< tor accounting limit
+< tor accounting period
+< tor accounting period daily
+< tor accounting period monthly
+< tor accounting period weekly
+< tor acls
+< tor allowed subnets
+< tor bandwidth burst
+< tor bandwidth rate
+< tor bandwidth settings
+< tor bandwidth unlimited
+< tor common settings
+< tor configuration
+< tor connected relays
+< tor contact info
+< tor enabled
+< tor errmsg invalid accounting limit
+< tor errmsg invalid ip or mask
+< tor errmsg invalid relay address
+< tor errmsg invalid relay name
+< tor errmsg invalid relay port
+< tor errmsg invalid socks port
+< tor exit country
+< tor exit country any
+< tor exit nodes
+< tor relay address
+< tor relay configuration
+< tor relay enabled
+< tor relay external address
+< tor relay fingerprint
+< tor relay mode
+< tor relay mode bridge
+< tor relay mode exit
+< tor relay mode private bridge
+< tor relay mode relay
+< tor relay nickname
+< tor relay port
+< tor socks port
+< tor stats
+< tor traffic limit hard
+< tor traffic limit soft
+< tor traffic read written
+< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
< uptime
@@ -380,6 +490,13 @@
< ccd subnet
< ccd used
< deprecated fs warn
+< dnsforward
+< dnsforward add a new entry
+< dnsforward configuration
+< dnsforward edit an entry
+< dnsforward entries
+< dnsforward forward_server
+< dnsforward zone
< extrahd because there is already a device mounted
< extrahd cant umount
< extrahd install or load driver
@@ -421,6 +538,54 @@
< qos enter bandwidths
< server restart
< static routes
+< tor
+< tor accounting
+< tor accounting bytes
+< tor accounting bytes left
+< tor accounting interval
+< tor accounting limit
+< tor accounting period
+< tor accounting period daily
+< tor accounting period monthly
+< tor accounting period weekly
+< tor acls
+< tor allowed subnets
+< tor bandwidth burst
+< tor bandwidth rate
+< tor bandwidth settings
+< tor bandwidth unlimited
+< tor common settings
+< tor configuration
+< tor connected relays
+< tor contact info
+< tor enabled
+< tor errmsg invalid accounting limit
+< tor errmsg invalid ip or mask
+< tor errmsg invalid relay address
+< tor errmsg invalid relay name
+< tor errmsg invalid relay port
+< tor errmsg invalid socks port
+< tor exit country
+< tor exit country any
+< tor exit nodes
+< tor relay address
+< tor relay configuration
+< tor relay enabled
+< tor relay external address
+< tor relay fingerprint
+< tor relay mode
+< tor relay mode bridge
+< tor relay mode exit
+< tor relay mode private bridge
+< tor relay mode relay
+< tor relay nickname
+< tor relay port
+< tor socks port
+< tor stats
+< tor traffic limit hard
+< tor traffic limit soft
+< tor traffic read written
+< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
< uptime
@@ -515,6 +680,13 @@
< day-graph
< deprecated fs warn
< disk access per
+< dnsforward
+< dnsforward add a new entry
+< dnsforward configuration
+< dnsforward edit an entry
+< dnsforward entries
+< dnsforward forward_server
+< dnsforward zone
< Edit an existing route
< extrahd because there is already a device mounted
< extrahd cant umount
@@ -558,6 +730,54 @@
< qos enter bandwidths
< server restart
< static routes
+< tor
+< tor accounting
+< tor accounting bytes
+< tor accounting bytes left
+< tor accounting interval
+< tor accounting limit
+< tor accounting period
+< tor accounting period daily
+< tor accounting period monthly
+< tor accounting period weekly
+< tor acls
+< tor allowed subnets
+< tor bandwidth burst
+< tor bandwidth rate
+< tor bandwidth settings
+< tor bandwidth unlimited
+< tor common settings
+< tor configuration
+< tor connected relays
+< tor contact info
+< tor enabled
+< tor errmsg invalid accounting limit
+< tor errmsg invalid ip or mask
+< tor errmsg invalid relay address
+< tor errmsg invalid relay name
+< tor errmsg invalid relay port
+< tor errmsg invalid socks port
+< tor exit country
+< tor exit country any
+< tor exit nodes
+< tor relay address
+< tor relay configuration
+< tor relay enabled
+< tor relay external address
+< tor relay fingerprint
+< tor relay mode
+< tor relay mode bridge
+< tor relay mode exit
+< tor relay mode private bridge
+< tor relay mode relay
+< tor relay nickname
+< tor relay port
+< tor socks port
+< tor stats
+< tor traffic limit hard
+< tor traffic limit soft
+< tor traffic read written
+< tor use exit nodes
< updxlrtr sources
< updxlrtr standard view
< uptime
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi
index d840d39..88847a0 100644
--- a/html/cgi-bin/ddns.cgi
+++ b/html/cgi-bin/ddns.cgi
@@ -232,6 +232,7 @@ if ($settings{'ACTION'} eq '')
&Header::openbigbox('100%', 'left', '', $errormessage);
my %checked =(); # Checkbox manipulations
+$checked{'SERVICE'}{'all-inkl.com'} = '';
$checked{'SERVICE'}{'cjb.net'} = '';
$checked{'SERVICE'}{'dhs.org'} = '';
$checked{'SERVICE'}{'dnspark.com'} = '';
@@ -327,6 +328,7 @@ print <<END
<tr>
<td width='25%' class='base'>$Lang::tr{'service'}:</td>
<td width='25%'><select size='1' name='SERVICE'>
+ <option $checked{'SERVICE'}{'all-inkl.com'}>all-inkl.com</option>
<option $checked{'SERVICE'}{'cjb.net'}>cjb.net</option>
<option $checked{'SERVICE'}{'dhs.org'}>dhs.org</option>
<option $checked{'SERVICE'}{'dnspark.com'}>dnspark.com</option>
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 62bb03a..4bd0128 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -263,7 +263,7 @@ if (-e "/etc/snort/snort.conf") {
####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') {
- $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
+ $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2953.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'registered') {
$url=" http://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz/$snortsettings{'OINKCODE'}";
} elsif ($snortsettings{'RULES'} eq 'community') {
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index a4953ff..5e18d3c 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -127,21 +127,6 @@ sub sizeformat{
return("$newsize $units[$i]");
}
-sub valid_dns_host {
- my $hostname = $_[0];
- unless ($hostname) { return "No hostname"};
- my $res = new Net::DNS::Resolver;
- my $query = $res->search("$hostname");
- if ($query) {
- foreach my $rr ($query->answer) {
- ## Potential bug - we are only looking at A records:
- return 0 if $rr->type eq "A";
- }
- } else {
- return $res->errorstring;
- }
-}
-
sub cleanssldatabase
{
if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
@@ -982,7 +967,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
print SERVERCONF "persist-key\n";
print SERVERCONF "script-security 2\n";
print SERVERCONF "# IP/DNS for remote Server Gateway\n";
+
+ if ($cgiparams{'REMOTE'} ne '') {
print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
+ }
+
print SERVERCONF "float\n";
print SERVERCONF "# IP adresses of the VPN Subnet\n";
print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
@@ -2339,6 +2328,9 @@ ADV_ERROR:
if ($cgiparams{'LOG_VERB'} eq '') {
$cgiparams{'LOG_VERB'} = '3';
}
+ if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ }
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
$checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
@@ -3520,6 +3512,14 @@ if ($cgiparams{'TYPE'} eq 'net') {
goto VPNCONF_ERROR;
}
+ # Check if the input for the transfer net is valid.
+ if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
+ $errormessage = $Lang::tr{'ccd err invalidnet'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+
if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
$errormessage = $Lang::tr{'openvpn subnet is used'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
@@ -3603,34 +3603,38 @@ if ($cgiparams{'TYPE'} eq 'net') {
}
}
- if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
+ # Check if a remote host/IP has been set for the client.
+ if ($cgiparams{'REMOTE'} eq '' && $cgiparams{'SIDE'} ne 'server') {
$errormessage = $Lang::tr{'invalid input for remote host/ip'};
+
+ # Check if this is a N2N connection and drop temporary config.
if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ }
goto VPNCONF_ERROR;
}
- if ($cgiparams{'REMOTE'}) {
+ # Check if a remote host/IP has been configured - the field can be empty on the server side.
+ if ($cgiparams{'REMOTE'} ne '') {
+
+ # Check if the given IP is valid - otherwise check if it is a valid domain.
if (! &General::validip($cgiparams{'REMOTE'})) {
+
+ # Check for a valid domain.
if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
$errormessage = $Lang::tr{'invalid input for remote host/ip'};
+
+ # Check if this is a N2N connection and drop temporary config.
if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ }
goto VPNCONF_ERROR;
- } else {
- if (&valid_dns_host($cgiparams{'REMOTE'})) {
- $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}";
- if ($cgiparams{'TYPE'} eq 'net') {
-
- }
- }
}
}
}
+
if ($cgiparams{'TYPE'} ne 'host') {
unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
$errormessage = $Lang::tr{'local subnet is invalid'};
@@ -4147,6 +4151,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+ if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ }
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
new file mode 100644
index 0000000..2a31dd4
--- /dev/null
+++ b/html/cgi-bin/tor.cgi
@@ -0,0 +1,902 @@
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+use Locale::Country;
+
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+#workaround to suppress a warning when a variable is used only once
+my @dummy = ( ${Header::colouryellow} );
+undef (@dummy);
+
+my @bandwidth_limits = (
+ 1000 * 1024, # 1G
+ 500 * 1024,
+ 200 * 1024,
+ 100 * 1024, # 100M
+ 64 * 1024,
+ 50 * 1024,
+ 25 * 1024,
+ 20 * 1024,
+ 16 * 1024,
+ 10 * 1024,
+ 8 * 1024,
+ 4 * 1024,
+ 2 * 1024,
+ 1024, # 1M
+ 512,
+ 256,
+ 160
+);
+my @accounting_periods = ('daily', 'weekly', 'monthly');
+
+my $TOR_CONTROL_PORT = 9051;
+
+our %netsettings = ();
+&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+our %settings = ();
+
+$settings{'TOR_ENABLED'} = 'off';
+$settings{'TOR_SOCKS_PORT'} = 9050;
+$settings{'TOR_EXIT_COUNTRY'} = '';
+$settings{'TOR_USE_EXIT_NODES'} = '';
+$settings{'TOR_ALLOWED_SUBNETS'} = "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}";
+if (&Header::blue_used()) {
+ $settings{'TOR_ALLOWED_SUBNETS'} .= ",$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}";
+}
+
+$settings{'TOR_RELAY_ENABLED'} = 'off';
+$settings{'TOR_RELAY_MODE'} = 'exit';
+$settings{'TOR_RELAY_ADDRESS'} = '';
+$settings{'TOR_RELAY_PORT'} = 9001;
+$settings{'TOR_RELAY_NICKNAME'} = '';
+$settings{'TOR_RELAY_CONTACT_INFO'} = '';
+$settings{'TOR_RELAY_BANDWIDTH_RATE'} = 0;
+$settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
+$settings{'TOR_RELAY_ACCOUNTING_LIMIT'} = 0;
+$settings{'TOR_RELAY_ACCOUNTING_PERIOD'} = 'daily';
+
+$settings{'ACTION'} = '';
+
+my $errormessage = '';
+my $warnmessage = '';
+
+&Header::showhttpheaders();
+
+# Get GUI values.
+&Header::getcgihash(\%settings);
+
+# Create tor command connection.
+our $torctrl = &TorConnect();
+
+# Toggle enable/disable field.
+if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
+ if ($settings{'TOR_RELAY_NICKNAME'} ne '') {
+ if ($settings{'TOR_RELAY_NICKNAME'} !~ /^[a-zA-Z0-9]+$/) {
+ $errormessage = "$Lang::tr{'tor errmsg invalid relay name'}: $settings{'TOR_RELAY_NICKNAME'}";
+ }
+ }
+
+ if (!&General::validport($settings{'TOR_SOCKS_PORT'})) {
+ $errormessage = "$Lang::tr{'tor errmsg invalid socks port'}: $settings{'TOR_SOCKS_PORT'}";
+ }
+
+ if (!&General::validport($settings{'TOR_RELAY_PORT'})) {
+ $errormessage = "$Lang::tr{'tor errmsg invalid relay port'}: $settings{'TOR_RELAY_PORT'}";
+ }
+
+ if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
+ if ((!&General::validfqdn($settings{'TOR_RELAY_ADDRESS'})) && (!&General::validip($settings{'TOR_RELAY_ADDRESS'}))) {
+ $errormessage = "$Lang::tr{'tor errmsg invalid relay address'}: $settings{'TOR_RELAY_ADDRESS'}";
+ }
+ }
+
+ if ($settings{'TOR_RELAY_ACCOUNTING_LIMIT'} !~ /^\d+$/) {
+ $errormessage = "$Lang::tr{'tor errmsg invalid accounting limit'}: $settings{'TOR_RELAY_ACCOUNTING_LIMIT'}";
+ }
+
+ my @temp = split(/[\n,]/,$settings{'TOR_ALLOWED_SUBNETS'});
+ $settings{'TOR_ALLOWED_SUBNETS'} = "";
+ foreach (@temp) {
+ s/^\s+//g; s/\s+$//g;
+ if ($_) {
+ unless (&General::validipandmask($_)) {
+ $errormessage = "$Lang::tr{'tor errmsg invalid ip or mask'}: $_";
+ }
+ $settings{'TOR_ALLOWED_SUBNETS'} .= $_.",";
+ }
+ }
+
+ @temp = split(/[\n,]/,$settings{'TOR_USE_EXIT_NODES'});
+ $settings{'TOR_USE_EXIT_NODES'} = "";
+ foreach (@temp) {
+ s/^\s+//g; s/\s+$//g;
+ if ($_) {
+ $settings{'TOR_USE_EXIT_NODES'} .= $_.",";
+ }
+ }
+
+ # Burst bandwidth must be less or equal to bandwidth rate.
+ if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} == 0) {
+ $settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
+
+ } elsif ($settings{'TOR_RELAY_BANDWIDTH_BURST'} < $settings{'TOR_RELAY_BANDWIDTH_RATE'}) {
+ $settings{'TOR_RELAY_BANDWIDTH_BURST'} = $settings{'TOR_RELAY_BANDWIDTH_RATE'};
+ }
+
+ if ($errormessage eq '') {
+ # Write configuration settings to file.
+ &General::writehash("${General::swroot}/tor/settings", \%settings);
+
+ # Update configuration files.
+ &BuildConfiguration();
+ }
+} else {
+ # Load settings from file.
+ &General::readhash("${General::swroot}/tor/settings", \%settings);
+}
+
+&showMainBox();
+
+# Close Tor control connection.
+&TorClose($torctrl);
+
+# Functions
+
+sub showMainBox() {
+ my %checked = ();
+ my %selected = ();
+
+ $checked{'TOR_ENABLED'}{'on'} = '';
+ $checked{'TOR_ENABLED'}{'off'} = '';
+ $checked{'TOR_ENABLED'}{$settings{'TOR_ENABLED'}} = 'checked';
+
+ $checked{'TOR_RELAY_ENABLED'}{'on'} = '';
+ $checked{'TOR_RELAY_ENABLED'}{'off'} = '';
+ $checked{'TOR_RELAY_ENABLED'}{$settings{'TOR_RELAY_ENABLED'}} = 'checked';
+
+ &Header::openpage($Lang::tr{'tor configuration'}, 1, '');
+ &Header::openbigbox('100%', 'left', '', $errormessage);
+
+ if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<font class='base'>$errormessage </font>\n";
+ &Header::closebox();
+ }
+
+ print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
+
+ &Header::openbox('100%', 'left', $Lang::tr{'tor configuration'});
+
+ print <<END;
+ <table width='100%'>
+ <tr>
+ <td colspan='4' class='base'><b>$Lang::tr{'tor common settings'}</b></td>
+ </tr>
+ <tr>
+ <td width='25%' class='base'>$Lang::tr{'tor enabled'}:</td>
+ <td width='30%'><input type='checkbox' name='TOR_ENABLED' $checked{'TOR_ENABLED'}{'on'} /></td>
+ <td width='25%' class='base'>$Lang::tr{'tor socks port'}:</td>
+ <td width='20%'><input type='text' name='TOR_SOCKS_PORT' value='$settings{'TOR_SOCKS_PORT'}' size='5' /></td>
+ </tr>
+ <tr>
+ <td width='25%' class='base'>$Lang::tr{'tor relay enabled'}:</td>
+ <td width='30%'><input type='checkbox' name='TOR_RELAY_ENABLED' $checked{'TOR_RELAY_ENABLED'}{'on'} /></td>
+ <td width='25%' class='base'></td>
+ <td width='20%'></td>
+ </tr>
+ </table>
+END
+
+ my @temp = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
+ $settings{'TOR_ALLOWED_SUBNETS'} = join("\n", @temp);
+
+ @temp = split(",", $settings{'TOR_USE_EXIT_NODES'});
+ $settings{'TOR_USE_EXIT_NODES'} = join("\n", @temp);
+
+ print <<END;
+ <br>
+ <hr size='1'>
+ <br>
+
+ <table width='100%'>
+ <tr>
+ <td colspan='4' class='base'><b>$Lang::tr{'tor acls'}</b></td>
+ </tr>
+ <tr>
+ <td colspan='2' class='base' width='55%'>
+ $Lang::tr{'tor allowed subnets'}:
+ </td>
+ <td colspan='2' width='45%'></td>
+ </tr>
+ <tr>
+ <td colspan='2' class='base' width='55%'>
+ <textarea name='TOR_ALLOWED_SUBNETS' cols='32' rows='3' wrap='off'>$settings{'TOR_ALLOWED_SUBNETS'}</textarea>
+ </td>
+ <td colspan='2' width='45%'></td>
+ </tr>
+ </table>
+
+ <br>
+ <hr size='1'>
+ <br>
+
+ <table width='100%'>
+ <tr>
+ <td colspan='4' class='base'><b>$Lang::tr{'tor exit nodes'}</b></td>
+ </tr>
+ <tr>
+ <td colspan='2' class='base' width='55%'></td>
+ <td colspan='2' class='base' width='45%'>$Lang::tr{'tor use exit nodes'}:</td>
+ </tr>
+ <tr>
+ <td width='50%' colspan='2'>
+ <select name='TOR_EXIT_COUNTRY'>
+ <option value=''>- $Lang::tr{'tor exit country any'} -</option>
+END
+
+ my @country_names = Locale::Country::all_country_names();
+ foreach my $country_name (sort @country_names) {
+ my $country_code = Locale::Country::country2code($country_name);
+ $country_code = uc($country_code);
+ print "<option value='$country_code'>$country_name ($country_code)</option>\n";
+ }
+
+ print <<END;
+ </select>
+ </td>
+ <td width='50%' colspan='2'>
+ <textarea name='TOR_USE_EXIT_NODES' cols='32' rows='3' wrap='off'>$settings{'TOR_USE_EXIT_NODES'}</textarea>
+ </td>
+ </tr>
+ </table>
+ <br><br>
+END
+
+ &Header::closebox();
+
+ # Tor relay box
+ $selected{'TOR_RELAY_MODE'}{'bridge'} = '';
+ $selected{'TOR_RELAY_MODE'}{'exit'} = '';
+ $selected{'TOR_RELAY_MODE'}{'private-bridge'} = '';
+ $selected{'TOR_RELAY_MODE'}{'relay'} = '';
+ $selected{'TOR_RELAY_MODE'}{$settings{'TOR_RELAY_MODE'}} = 'selected';
+
+ $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'} = '';
+ foreach (@bandwidth_limits) {
+ $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_} = '';
+ }
+ $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$settings{'TOR_RELAY_BANDWIDTH_RATE'}} = 'selected';
+
+ $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'} = '';
+ foreach (@bandwidth_limits) {
+ $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_} = '';
+ }
+ $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$settings{'TOR_RELAY_BANDWIDTH_BURST'}} = 'selected';
+
+ foreach (@accounting_periods) {
+ $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_} = '';
+ }
+ $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$settings{'TOR_RELAY_ACCOUNTING_PERIOD'}} = 'selected';
+
+ &Header::openbox('100%', 'left', $Lang::tr{'tor relay configuration'});
+
+ print <<END;
+ <table width='100%'>
+ <tr>
+ <td width='25%' class='base'>$Lang::tr{'tor relay mode'}:</td>
+ <td width='30%'>
+ <select name='TOR_RELAY_MODE'>
+ <option value='exit' $selected{'TOR_RELAY_MODE'}{'exit'}>$Lang::tr{'tor relay mode exit'}</option>
+ <option value='relay' $selected{'TOR_RELAY_MODE'}{'relay'}>$Lang::tr{'tor relay mode relay'}</option>
+ <option value='bridge' $selected{'TOR_RELAY_MODE'}{'bridge'}>$Lang::tr{'tor relay mode bridge'}</option>
+ <option value='private-bridge' $selected{'TOR_RELAY_MODE'}{'private-bridge'}>$Lang::tr{'tor relay mode private bridge'}</option>
+ </select>
+ </td>
+ <td width='25%' class='base'>$Lang::tr{'tor relay nickname'}: <img src='/blob.gif' alt='*' /></td>
+ <td width='20%'>
+ <input type='text' name='TOR_RELAY_NICKNAME' value='$settings{'TOR_RELAY_NICKNAME'}' />
+ </td>
+ </tr>
+ <tr>
+ <td width='25%' class='base'>$Lang::tr{'tor relay address'}: <img src='/blob.gif' alt='*' /></td>
+ <td width='30%'>
+ <input type='text' name='TOR_RELAY_ADDRESS' value='$settings{'TOR_RELAY_ADDRESS'}' />
+ </td>
+ <td width='25%' class='base'>$Lang::tr{'tor relay port'}:</td>
+ <td width='20%'>
+ <input type='text' name='TOR_RELAY_PORT' value='$settings{'TOR_RELAY_PORT'}' size='5' />
+ </td>
+ </tr>
+ <tr>
+ <td width='25%' class='base'>$Lang::tr{'tor contact info'}: <img src='/blob.gif' alt='*' /></td>
+ <td width='75%' colspan='3'>
+ <input type='text' name='TOR_RELAY_CONTACT_INFO' value='$settings{'TOR_RELAY_CONTACT_INFO'}' style='width: 98%;' />
+ </td>
+ </tr>
+ </table>
+
+ <hr size='1'>
+
+ <table width='100%'>
+ <tr>
+ <td colspan='4' class='base'><b>$Lang::tr{'tor bandwidth settings'}</b></td>
+ </tr>
+ <tr>
+ <td width='25%' class='base'>$Lang::tr{'tor bandwidth rate'}:</td>
+ <td width='30%' class='base'>
+ <select name='TOR_RELAY_BANDWIDTH_RATE'>
+END
+
+ foreach (@bandwidth_limits) {
+ if ($_ >= 1024) {
+ print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
+ } else {
+ print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>$_ kBit/s</option>\n";
+ }
+ }
+
+ print <<END;
+ <option value='0' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
+ </select>
+ </td>
+ <td width='25%' class='base'>$Lang::tr{'tor accounting limit'}:</td>
+ <td width='20%'>
+ <input type='text' name='TOR_RELAY_ACCOUNTING_LIMIT' value='$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}' size='12' />
+ </td>
+ </tr>
+ <tr>
+ <td width='25%' class='base'>$Lang::tr{'tor bandwidth burst'}:</td>
+ <td width='20%' class='base'>
+ <select name='TOR_RELAY_BANDWIDTH_BURST'>
+END
+
+ foreach (@bandwidth_limits) {
+ if ($_ >= 1024) {
+ print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>". $_ / 1024 ." MBit/s</option>\n";
+ } else {
+ print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>$_ kBit/s</option>\n";
+ }
+ }
+ print <<END;
+ <option value='0' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{'0'}>$Lang::tr{'tor bandwidth unlimited'}</option>
+ </select>
+ </td>
+ <td width='25%' class='base'>$Lang::tr{'tor accounting period'}:</td>
+ <td width='20%'>
+ <select name='TOR_RELAY_ACCOUNTING_PERIOD'>
+END
+
+ foreach (@accounting_periods) {
+ print "<option value='$_' $selected{'TOR_RELAY_ACCOUNTING_PERIOD'}{$_}>$Lang::tr{'tor accounting period '.$_}</option>";
+ }
+
+ print <<END;
+ </select>
+ </td>
+ </tr>
+ </table>
+END
+
+ &Header::closebox();
+
+ print <<END;
+ <table width='100%'>
+ <tr>
+ <td>
+ <img src='/blob.gif' align='top' alt='*' /> <font class='base'>$Lang::tr{'this field may be blank'}</font>
+ </td>
+ <td align='right'> </td>
+ </tr>
+ </table>
+
+ <hr>
+
+ <table width='100%'>
+ <tr>
+ <td> </td>
+ <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+ <td> </td>
+ </tr>
+ </table>
+END
+
+ # If we have a control connection, show the stats.
+ if ($torctrl) {
+ &Header::openbox('100%', 'left', $Lang::tr{'tor stats'});
+
+ my @traffic = &TorTrafficStats($torctrl);
+
+ if (@traffic) {
+ print <<END;
+ <table width='100%'>
+END
+
+ if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
+ my $fingerprint = &TorRelayFingerprint($torctrl);
+ if ($fingerprint) {
+ print <<END;
+ <tr>
+ <td width='40%' class='base'>$Lang::tr{'tor relay fingerprint'}:</td>
+ <td width='60%'>
+ <a href='https://atlas.torproject.org/#details/$fingerprint' target='_blank'>$fingerprint</a>
+ </td>
+ </tr>
+END
+ }
+ }
+
+ my $address = TorGetInfo($torctrl, "address");
+ if ($address) {
+ print <<END;
+ <tr>
+ <td width='40%' class='base'>$Lang::tr{'tor relay external address'}:</td>
+ <td width='60%'>$address</td>
+ </tr>
+END
+ }
+
+ print <<END;
+ <tr>
+ <td width='40%'>$Lang::tr{'tor traffic read written'}:</td>
+END
+ print "<td width='60%'>" . &FormatBytes($traffic[0]) ."/". &FormatBytes($traffic[1]) . "</td>";
+ print <<END;
+ </tr>
+ </table>
+END
+ }
+
+ my $accounting = &TorAccountingStats($torctrl);
+ if ($accounting) {
+ print <<END;
+ <table width='100%'>
+ <tr>
+ <td colspan='2' class='base'><b>$Lang::tr{'tor accounting'}</b></td>
+ </tr>
+END
+
+ if ($accounting->{'hibernating'} eq "hard") {
+ print <<END;
+ <tr>
+ <td class='base' colspan='2' bgcolor="$Header::colourred" align='center'>
+ <font color='white'>$Lang::tr{'tor traffic limit hard'}</font>
+ </td>
+ </tr>
+END
+ } elsif ($accounting->{'hibernating'} eq "soft") {
+ print <<END;
+ <tr>
+ <td class='base' colspan='2' bgcolor="$Header::colourorange" align='center'>
+ <font color='white'>$Lang::tr{'tor traffic limit soft'}</font>
+ </td>
+ </tr>
+END
+ }
+
+ print <<END;
+ <tr>
+ <td width='40%' class='base'>$Lang::tr{'tor accounting interval'}</td>
+ <td width='60%'>
+ $accounting->{'interval-start'} - $accounting->{'interval-end'}
+ </td>
+ </tr>
+ <tr>
+ <td width='40%' class='base'>$Lang::tr{'tor accounting bytes'}</td>
+ <td width='60%'>
+END
+
+ print &FormatBytes($accounting->{'bytes_read'}) . "/" . &FormatBytes($accounting->{'bytes_written'});
+ print " (" . &FormatBytes($accounting->{'bytes-left_read'}) . "/" . &FormatBytes($accounting->{'bytes-left_written'});
+ print " $Lang::tr{'tor accounting bytes left'})";
+
+ print <<END;
+ </td>
+ </tr>
+ </table>
+END
+ }
+
+ my @nodes = &TorORConnStatus($torctrl);
+ if (@nodes) {
+ my $nodes_length = scalar @nodes;
+ print <<END;
+ <table width='100%'>
+ <tr>
+ <td width='40%' class='base'><b>$Lang::tr{'tor connected relays'}</b></td>
+ <td width='60%' colspan='2'>($nodes_length)</td>
+ </tr>
+END
+
+ foreach my $node (@nodes) {
+ print <<END;
+ <tr>
+ <td width='40%'>
+ <a href='https://atlas.torproject.org/#details/$node->{'fingerprint'}' target='_blank'>
+ $node->{'name'}
+ </a>
+ </td>
+ <td width='30%'>
+END
+
+ if (exists($node->{'country_code'})) {
+ print "<a href='country.cgi#$node->{'country_code'}'><img src='/images/flags/$node->{'country_code'}.png' border='0' align='absmiddle' alt='$node->{'country_code'}'></a>";
+ }
+
+ print <<END;
+ <a href='ipinfo.cgi?ip=$node->{'address'}'>$node->{'address'}</a>:$node->{'port'}
+ </td>
+ <td width='30%' align='right'>
+ ~$node->{'bandwidth_string'}
+ </td>
+ </tr>
+END
+ }
+ print "</table>";
+ }
+
+ &Header::closebox();
+ }
+
+ print "</form>\n";
+
+ &Header::closebigbox();
+ &Header::closepage();
+}
+
+sub BuildConfiguration() {
+ my %settings = ();
+ &General::readhash("${General::swroot}/tor/settings", \%settings);
+
+ my $torrc = "${General::swroot}/tor/torrc";
+
+ open(FILE, ">$torrc");
+
+ # Global settings.
+ print FILE "ControlPort $TOR_CONTROL_PORT\n";
+
+ if ($settings{'TOR_ENABLED'} eq 'on') {
+ my $strict_nodes = 0;
+
+ print FILE "SocksPort 0.0.0.0:$settings{'TOR_SOCKS_PORT'}\n";
+
+ my @subnets = split(",", $settings{'TOR_ALLOWED_SUBNETS'});
+ foreach (@subnets) {
+ print FILE "SocksPolicy accept $_\n" if (&General::validipandmask($_));
+ }
+ print FILE "SocksPolicy reject *\n" if (@subnets);
+
+ if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
+ $strict_nodes = 1;
+
+ print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n";
+ }
+
+ if ($settings{'TOR_USE_EXIT_NODES'} ne '') {
+ $strict_nodes = 1;
+
+ my @nodes = split(",", $settings{'TOR_USE_EXIT_NODES'});
+ foreach (@nodes) {
+ print FILE "ExitNode $_\n";
+ }
+ }
+
+ if ($strict_nodes > 0) {
+ print FILE "StrictNodes 1\n";
+ }
+ }
+
+ if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
+ # Reject access to private networks.
+ print FILE "ExitPolicyRejectPrivate 1\n";
+
+ print FILE "ORPort $settings{'TOR_RELAY_PORT'}\n";
+
+ if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
+ print FILE "Address $settings{'TOR_RELAY_ADDRESS'}\n";
+ }
+
+ if ($settings{'TOR_RELAY_NICKNAME'} ne '') {
+ print FILE "Nickname $settings{'TOR_RELAY_NICKNAME'}\n";
+ }
+
+ if ($settings{'TOR_RELAY_CONTACT_INFO'} ne '') {
+ print FILE "ContactInfo $settings{'TOR_RELAY_CONTACT_INFO'}\n";
+ }
+
+ # Limit to bridge mode.
+ my $is_bridge = 0;
+
+ if ($settings{'TOR_RELAY_MODE'} eq 'bridge') {
+ $is_bridge++;
+
+ # Private bridge.
+ } elsif ($settings{'TOR_RELAY_MODE'} eq 'private-bridge') {
+ $is_bridge++;
+
+ print FILE "PublishServerDescriptor 0\n";
+
+ # Exit node.
+ } elsif ($settings{'TOR_RELAY_MODE'} eq 'exit') {
+ print FILE "ExitPolicy accept *:*\n";
+
+ # Relay only.
+ } elsif ($settings{'TOR_RELAY_MODE'} eq 'relay') {
+ print FILE "ExitPolicy reject *:*\n";
+ }
+
+ if ($is_bridge > 0) {
+ print FILE "BridgeRelay 1\n";
+ print FILE "Exitpolicy reject *:*\n";
+ }
+
+ if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} > 0) {
+ print FILE "RelayBandwidthRate ";
+ print FILE $settings{'TOR_RELAY_BANDWIDTH_RATE'} / 8;
+ print FILE " KB\n";
+
+ if ($settings{'TOR_RELAY_BANDWIDTH_BURST'} > 0) {
+ print FILE "RelayBandwidthBurst ";
+ print FILE $settings{'TOR_RELAY_BANDWIDTH_BURST'} / 8;
+ print FILE " KB\n";
+ }
+ }
+
+ if ($settings{'TOR_RELAY_ACCOUNTING_LIMIT'} > 0) {
+ print FILE "AccountingMax ".$settings{'TOR_RELAY_ACCOUNTING_LIMIT'}." MB\n";
+
+ if ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'daily') {
+ print FILE "AccountingStart day 00:00\n";
+ } elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'weekly') {
+ print FILE "AccountingStart week 1 00:00\n";
+ } elsif ($settings{'TOR_RELAY_ACCOUNTING_PERIOD'} eq 'monthly') {
+ print FILE "AccountingStart month 1 00:00\n";
+ }
+ }
+ }
+
+ close(FILE);
+
+ # Restart the service.
+ if (($settings{'TOR_ENABLED'} eq 'on') || ($settings{'TOR_RELAY_ENABLED'} eq 'on')) {
+ system("/usr/local/bin/torctrl restart &>/dev/null");
+ } else {
+ system("/usr/local/bin/torctrl stop &>/dev/null");
+ }
+}
+
+sub TorConnect() {
+ my $socket = new IO::Socket::INET(
+ Proto => 'tcp', PeerAddr => '127.0.0.1', PeerPort => $TOR_CONTROL_PORT,
+ ) or return;
+
+ $socket->autoflush(1);
+
+ # Authenticate.
+ &TorSendCommand($socket, "AUTHENTICATE");
+
+ return $socket;
+}
+
+sub TorSendCommand() {
+ my ($socket, $cmd) = @_;
+
+ # Replace line ending with \r\n.
+ chomp $cmd;
+ $cmd .= "\r\n";
+
+ $socket->send($cmd);
+
+ my @output = ();
+ while (my $line = <$socket>) {
+ # Skip empty lines.
+ if ($line =~ /^.\r\n$/) {
+ next;
+ }
+
+ # Command has been successfully executed.
+ if ($line =~ /250 OK/) {
+ last;
+
+ # Error.
+ } elsif ($line =~ /^5\d+/) {
+ last;
+
+ } else {
+ # Remove line endings.
+ $line =~ s/\r\n$//;
+
+ push(@output, $line);
+ }
+ }
+
+ return @output;
+}
+
+sub TorSendCommandOneLine() {
+ my ($tor, $cmd) = @_;
+
+ my @output = &TorSendCommand($tor, $cmd);
+ return $output[0];
+}
+
+sub TorGetInfo() {
+ my ($tor, $cmd) = @_;
+
+ my $output = &TorSendCommandOneLine($tor, "GETINFO ".$cmd);
+
+ my ($key, $value) = split("=", $output);
+ return $value;
+}
+
+sub TorClose() {
+ my $socket = shift;
+
+ if ($socket) {
+ $socket->shutdown(2);
+ }
+}
+
+sub TorTrafficStats() {
+ my $tor = shift;
+
+ my $output_read = &TorGetInfo($tor, "traffic/read");
+ my $output_written = &TorGetInfo($tor, "traffic/written");
+
+ return ($output_read, $output_written);
+}
+
+sub TorRelayFingerprint() {
+ my $tor = shift;
+
+ return &TorGetInfo($tor, "fingerprint");
+}
+
+sub TorORConnStatus() {
+ my $tor = shift;
+ my @nodes = ();
+
+ my @output = &TorSendCommand($tor, "GETINFO orconn-status");
+ foreach (@output) {
+ $_ =~ s/^250[\+-]orconn-status=//;
+ next if ($_ eq "");
+ last if ($_ eq ".");
+ next unless ($_ =~ /^\$/);
+
+ my @line = split(" ", $_);
+ my @node = split(/[=~]/, $line[0]);
+
+ my $node = &TorNodeDescription($tor, $node[0]);
+ if ($node) {
+ push(@nodes, $node);
+ }
+ }
+
+ # Sort by names.
+ @nodes = sort { $a->{'name'} cmp $b->{'name'} } @nodes;
+
+ return @nodes;
+}
+
+sub TorNodeDescription() {
+ my ($tor, $fingerprint) = @_;
+ $fingerprint =~ s/\$//;
+
+ my $node = {
+ fingerprint => $fingerprint,
+ exit_node => 0,
+ };
+
+ my @output = &TorSendCommand($tor, "GETINFO ns/id/$node->{'fingerprint'}");
+
+ foreach (@output) {
+ # Router
+ if ($_ =~ /^r (\w+) (.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\d+)/) {
+ $node->{'name'} = $1;
+ $node->{'address'} = $3;
+ $node->{'port'} = $4;
+
+ my $country_code = &TorGetInfo($tor, "ip-to-country/$node->{'address'}");
+ $node->{'country_code'} = $country_code;
+
+ # Flags
+ } elsif ($_ =~ /^s (.*)$/) {
+ $node->{'flags'} = split(" ", $1);
+
+ foreach my $flag ($node->{'flags'}) {
+ if ($flag eq "Exit") {
+ $node->{'exit_node'}++;
+ }
+ }
+
+ # Bandwidth
+ } elsif ($_ =~ /^w Bandwidth=(\d+)/) {
+ $node->{'bandwidth'} = $1 * 8;
+ $node->{'bandwidth_string'} = &FormatBitsPerSecond($node->{'bandwidth'});
+ }
+ }
+
+ if (exists($node->{'name'})) {
+ return $node;
+ }
+}
+
+sub TorAccountingStats() {
+ my $tor = shift;
+ my $ret = {};
+
+ my $enabled = &TorGetInfo($tor, "accounting/enabled");
+ if ($enabled ne '1') {
+ return;
+ }
+
+ my @cmds = ("hibernating", "interval-start", "interval-end");
+ foreach (@cmds) {
+ $ret->{$_} = &TorGetInfo($tor, "accounting/$_");
+ }
+
+ my @cmds = ("bytes", "bytes-left");
+ foreach (@cmds) {
+ my $output = &TorGetInfo($tor, "accounting/$_");
+ my @bytes = split(" ", $output);
+
+ $ret->{$_."_read"} = $bytes[0];
+ $ret->{$_."_written"} = $bytes[1];
+ }
+
+ return $ret;
+}
+
+sub FormatBytes() {
+ my $bytes = shift;
+
+ my @units = ("B", "KB", "MB", "GB", "TB");
+ my $units_index = 0;
+
+ while (($units_index <= $#units) && ($bytes >= 1024)) {
+ $units_index++;
+ $bytes /= 1024;
+ }
+
+ return sprintf("%.2f %s", $bytes, $units[$units_index]);
+}
+
+sub FormatBitsPerSecond() {
+ my $bits = shift;
+
+ my @units = ("Bit/s", "KBit/s", "MBit/s", "GBit/s", "TBit/s");
+ my $units_index = 0;
+
+ while (($units_index <= $#units) && ($bits >= 1024)) {
+ $units_index++;
+ $bits /= 1024;
+ }
+
+ return sprintf("%.2f %s", $bits, $units[$units_index]);
+}
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 26f1793..58645c3 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -316,9 +316,16 @@ sub writeipsecfiles {
foreach my $j (@ints) {
foreach my $k (@groups) {
if ($comma != 0) { print CONF ","; } else { $comma = 1; }
- print CONF "$i-$j-modp$k";
- }
+
+ my @l = split("", $k);
+ if ($l[0] eq "e") {
+ shift @l;
+ print CONF "$i-$j-ecp".join("", @l);
+ } else {
+ print CONF "$i-$j-modp$k";
+ }
}
+ }
}
if ($lconfighash{$key}[24] eq 'on') { #only proposed algorythms?
print CONF "!\n";
@@ -339,7 +346,12 @@ sub writeipsecfiles {
foreach my $k (@groups) {
if ($comma != 0) { print CONF ","; } else { $comma = 1; }
if ($pfs eq "on") {
- $modp = "-modp$k";
+ my @l = split("", $k);
+ if ($l[0] eq "e") {
+ $modp = "";
+ } else {
+ $modp = "-modp$k";
+ }
} else {
$modp = "";
}
@@ -411,7 +423,7 @@ sub writeipsecfiles {
# Hook to regenerate the configuration files.
if ($ENV{"REMOTE_ADDR"} eq "") {
- writeipsecfiles;
+ writeipsecfiles();
exit(0);
}
@@ -1828,7 +1840,7 @@ END
#use default advanced value
$cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[18];
$cgiparams{'IKE_INTEGRITY'} = 'sha2_256|sha|md5'; #[19];
- $cgiparams{'IKE_GROUPTYPE'} = '8192|6144|4096|3072|2048|1536|1024'; #[20];
+ $cgiparams{'IKE_GROUPTYPE'} = '4096|3072|2048|1536|1024'; #[20];
$cgiparams{'IKE_LIFETIME'} = '3'; #[16];
$cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des'; #[21];
$cgiparams{'ESP_INTEGRITY'} = 'sha2_256|sha1|md5'; #[22];
@@ -2111,7 +2123,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
+ if ($val !~ /^(e521|e384|e256|e224|e192|1024|1536|2048|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2147,6 +2159,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
}
}
if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
+ $cgiparams{'ESP_GROUPTYPE'} !~ /^ecp(192|224|256|384|512)$/ &&
$cgiparams{'ESP_GROUPTYPE'} !~ /^modp(1024|1536|2048|3072|4096|6144|8192)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
@@ -2305,6 +2318,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<td class='boldbase' align='right' valign='top'>$Lang::tr{'ike grouptype'}</td><td class='boldbase' valign='top'>
<select name='IKE_GROUPTYPE' multiple='multiple' size='4'>
+ <option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521</option>
+ <option value='e384' $checked{'IKE_GROUPTYPE'}{'e384'}>ECP-384</option>
+ <option value='e256' $checked{'IKE_GROUPTYPE'}{'e256'}>ECP-256</option>
+ <option value='e224' $checked{'IKE_GROUPTYPE'}{'e224'}>ECP-224</option>
+ <option value='e192' $checked{'IKE_GROUPTYPE'}{'e192'}>ECP-192</option>
<option value='8192' $checked{'IKE_GROUPTYPE'}{'8192'}>MODP-8192</option>
<option value='6144' $checked{'IKE_GROUPTYPE'}{'6144'}>MODP-6144</option>
<option value='4096' $checked{'IKE_GROUPTYPE'}{'4096'}>MODP-4096</option>
diff --git a/html/cgi-bin/wirelessclient.cgi b/html/cgi-bin/wirelessclient.cgi
old mode 100755
new mode 100644
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index d1ad7b0..a0c426f 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1797,6 +1797,54 @@
'tone' => 'Ton',
'tone dial' => 'Tonwahl:',
'too long 80 char max' => ' ist zu lang, es sind maximal 80 Zeichen erlaubt',
+'tor' => 'Tor',
+'tor accounting' => 'Accounting',
+'tor accounting bytes' => 'Traffic (empfangen/gesendet)',
+'tor accounting bytes left' => 'übrig',
+'tor accounting interval' => 'Intervall (UTC)',
+'tor accounting limit' => 'Übertragungslimit (MB)',
+'tor accounting period' => 'Accounting-Periode',
+'tor accounting period daily' => 'täglich',
+'tor accounting period monthly' => 'monatlich',
+'tor accounting period weekly' => 'wöchentlich',
+'tor acls' => 'Zugriffskontrolle',
+'tor allowed subnets' => 'Erlaubte Subnetze (eins pro Zeile)',
+'tor bandwidth burst' => 'Max. Spitzenwert (Burst)',
+'tor bandwidth rate' => 'Max. Bandbreite',
+'tor bandwidth settings' => 'Bandbreiteneinstellungen',
+'tor bandwidth unlimited' => 'unlimitiert',
+'tor common settings' => 'Einstellungen',
+'tor configuration' => 'Tor-Konfiguration',
+'tor connected relays' => 'Verbundene Relays',
+'tor contact info' => 'Kontaktinformationen',
+'tor enabled' => 'Tor einschalten',
+'tor errmsg invalid accounting limit' => 'Ungültiges Accounting-Limit',
+'tor errmsg invalid ip or mask' => 'Ungültiges IP-Subnetz',
+'tor errmsg invalid relay address' => 'Ungültige Relay-Adresse',
+'tor errmsg invalid relay name' => 'Ungültiger Relay-Nickname.',
+'tor errmsg invalid relay port' => 'Ungültiger Relay-Port',
+'tor errmsg invalid socks port' => 'Ungültiger SOCKS-Port',
+'tor exit country' => 'Exit-Land',
+'tor exit country any' => 'Beliebig',
+'tor exit nodes' => 'Exit-Nodes',
+'tor relay address' => 'Relay-Adresse',
+'tor relay configuration' => 'Tor-Relay-Konfiguration',
+'tor relay enabled' => 'Tor-Relay einschalten',
+'tor relay external address' => 'Externe Relay-Adresse',
+'tor relay fingerprint' => 'Relay-Fingerabdruck',
+'tor relay mode' => 'Relay-Modues',
+'tor relay mode bridge' => 'Bridge',
+'tor relay mode exit' => 'Exit-Node',
+'tor relay mode private bridge' => 'private Bridge',
+'tor relay mode relay' => 'Nur Relay',
+'tor relay nickname' => 'Relay-Nickname',
+'tor relay port' => 'Relay-Port',
+'tor socks port' => 'SOCKS-Port',
+'tor stats' => 'Statistiken',
+'tor traffic limit hard' => 'Das Übertragungslimit wurde erreicht.',
+'tor traffic limit soft' => 'Das Übertragungslimit wurde fast erreicht. Es werden keine neuen Verbindungen akzeptiert.',
+'tor traffic read written' => 'Gesamter Traffic (empfangen/gesendet)',
+'tor use exit nodes' => 'Nur diese Exit-Nodes benutzen (eins pro Zeile)',
'total connection time' => 'Verbindungszeit',
'total hits for log section' => 'Gesamte Treffer für Log Sektion',
'traffic back' => 'Zurück',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 30d0734..b12ae7d 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1831,6 +1831,56 @@
'tone' => 'Tone',
'tone dial' => 'Tone dial:',
'too long 80 char max' => ' is too long, maximum allowed is 80 characters',
+'tor' => 'Tor',
+'tor accounting' => 'Accounting',
+'tor accounting bytes' => 'Traffic (read/written)',
+'tor accounting bytes left' => 'left',
+'tor accounting interval' => 'Interval (UTC)',
+'tor accounting limit' => 'Accounting limit (MB)',
+'tor accounting period' => 'Accounting period',
+'tor accounting period daily' => 'daily',
+'tor accounting period monthly' => 'monthly',
+'tor accounting period weekly' => 'weekly',
+'tor acls' => 'Access Control',
+'tor allowed subnets' => 'Allowed subnets (one per line)',
+'tor bandwidth burst' => 'Max. burst',
+'tor bandwidth rate' => 'Max. rate',
+'tor bandwidth settings' => 'Bandwidth Settings',
+'tor bandwidth unlimited' => 'unlimited',
+'tor bridge enabled' => 'Enable Tor bridge',
+'tor common settings' => 'Common Settings',
+'tor configuration' => 'Tor Configuration',
+'tor connected relays' => 'Connected relays',
+'tor contact info' => 'Contact Info',
+'tor enabled' => 'Enable Tor',
+'tor errmsg invalid accounting limit' => 'Invalid accounting limit',
+'tor errmsg invalid ip or mask' => 'Invalid IP subnet',
+'tor errmsg invalid node id' => 'Invalid node ID',
+'tor errmsg invalid relay address' => 'Invalid relay address',
+'tor errmsg invalid relay name' => 'Invalid relay nickname',
+'tor errmsg invalid relay port' => 'Invalid relay port',
+'tor errmsg invalid socks port' => 'Invalid SOCKS port',
+'tor exit country' => 'Exit country',
+'tor exit country any' => 'Any country',
+'tor exit nodes' => 'Exit Nodes',
+'tor relay address' => 'Relay address',
+'tor relay configuration' => 'Tor Relay Configuration',
+'tor relay enabled' => 'Enable Tor Relay',
+'tor relay external address' => 'Relay external address',
+'tor relay fingerprint' => 'Relay fingerprint',
+'tor relay mode' => 'Relay mode',
+'tor relay mode bridge' => 'Bridge',
+'tor relay mode exit' => 'Exit-Node',
+'tor relay mode private bridge' => 'Private bridge',
+'tor relay mode relay' => 'Relay only',
+'tor relay nickname' => 'Relay nickname',
+'tor relay port' => 'Relay port',
+'tor socks port' => 'SOCKS port',
+'tor stats' => 'Statistics',
+'tor traffic limit hard' => 'Traffic limit has been reached.',
+'tor traffic limit soft' => 'Traffic limit almost reached. Not accepting any new connections.',
+'tor traffic read written' => 'Total traffic (read/written)',
+'tor use exit nodes' => 'Use only these exit nodes (one per line)',
'total connection time' => 'Total connection time',
'total hits for log section' => 'Total hits for log section',
'traffic back' => 'Back',
diff --git a/lfs/arm b/lfs/arm
new file mode 100644
index 0000000..2fbf65e
--- /dev/null
+++ b/lfs/arm
@@ -0,0 +1,83 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.4.5.0
+
+THISAPP = arm-$(VER)
+DL_FILE = $(THISAPP).tar.bz2
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/arm
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = arm
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = f85f306e50b90796ab7097d948e8fcf2
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/arm-dont-require-distutils.patch
+ cd $(DIR_APP) && ./install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/daq b/lfs/daq
index cac012b..e6fd8fb 100644
--- a/lfs/daq
+++ b/lfs/daq
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2013 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.0.0
+VER = 2.0.1
THISAPP = daq-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a00855a153647df76d47f1ea454f74ae
+$(DL_FILE)_MD5 = 044aa3663d44580d005293eeb8ccf175
install : $(TARGET)
diff --git a/lfs/gperf b/lfs/gperf
new file mode 100644
index 0000000..ac33857
--- /dev/null
+++ b/lfs/gperf
@@ -0,0 +1,76 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 IPFire Development Team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 3.0.4
+
+THISAPP = gperf-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = c1f1db32fb6598d6a93e6e88796a8632
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/samba b/lfs/samba
index cf7b4b9..b598008 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
include Config
-VER = 3.6.16
+VER = 3.6.17
THISAPP = samba-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
-PAK_VER = 50
+PAK_VER = 51
DEPS = "cups"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 12c6785802813c2c5bf66e5c4c4e1d93
+$(DL_FILE)_MD5 = c67c3330545c8f1f7ee26e017c28439b
install : $(TARGET)
diff --git a/lfs/snort b/lfs/snort
index daec621..2d5d04a 100644
--- a/lfs/snort
+++ b/lfs/snort
@@ -24,7 +24,7 @@
include Config
-VER = 2.9.5
+VER = 2.9.5.3
THISAPP = snort-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f5fc0e176afca5989d47509478758fc7
+$(DL_FILE)_MD5 = f99465c0734a6173bfca899dcb72266b
install : $(TARGET)
@@ -75,6 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--enable-linux-smp-stats --enable-smb-alerts \
--enable-gre --enable-mpls --enable-targetbased \
--enable-decoder-preprocessor-rules --enable-ppm \
+ --enable-non-ether-decoders \
--enable-perfprofiling --enable-zlib --enable-active-response \
--enable-normalizer --enable-reload --enable-react --enable-flexresp3
cd $(DIR_APP) && make
diff --git a/lfs/squid b/lfs/squid
index fde8606..81118c2 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -71,6 +71,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xjf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.1-10486.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.1-10487.patch
+
cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls \
--datadir=/usr/lib/squid \
--mandir=/usr/share/man --libexecdir=/usr/lib/squid \
diff --git a/lfs/strongswan b/lfs/strongswan
index b3ce846..4701f34 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,12 +24,12 @@
include Config
-VER = 5.0.4
+VER = 5.1.0
THISAPP = strongswan-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
+DIR_APP = $(DIR_SRC)/strongswan-$(VER)
TARGET = $(DIR_INFO)/$(THISAPP)
ifeq "$(MACHINE)" "i586"
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7085ac1d28dcc250096553fa51c3a4ea
+$(DL_FILE)_MD5 = c1cd0a3ba9960f590cae28c8470800e8
install : $(TARGET)
@@ -79,15 +79,22 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.5.3_ipfire.patch
+ cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
cd $(DIR_APP) && ./configure \
--prefix="/usr" \
--sysconfdir="/etc" \
--enable-curl \
--enable-openssl \
+ --enable-xauth-eap \
--enable-eap-radius \
+ --enable-eap-tls \
+ --enable-eap-ttls \
+ --enable-eap-peap \
+ --enable-eap-mschapv2 \
+ --enable-eap-identity \
$(PADLOCK)
- cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt"
cd $(DIR_APP) && make install
# Remove all library files we don't want or need.
diff --git a/lfs/tor b/lfs/tor
new file mode 100644
index 0000000..8bce4be
--- /dev/null
+++ b/lfs/tor
@@ -0,0 +1,113 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2013 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.2.3.25
+
+THISAPP = tor-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = tor
+PAK_VER = 1
+
+DEPS = "libevent2"
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = a1c364189a9a66ed9daa8e6436489daf
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && \
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --with-tor-user=nobody \
+ --with-tor-group=nobody
+
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+
+ # Install configuration files.
+ mkdir -pv /var/ipfire/tor /var/lib/tor /var/log/tor
+ touch /var/ipfire/tor/settings
+ mv /etc/tor/torrc.sample /var/ipfire/tor/torrc
+ ln -svf /var/ipfire/tor/torrc /etc/tor/torrc
+
+ # Adjust ownerships.
+ chown -R nobody:nobody /var/lib/tor /var/ipfire/tor
+
+ # Logrotate
+ mkdir -pv /etc/logrotate.d
+ install -v -m 644 $(DIR_SRC)/config/tor/tor.logrotate \
+ /etc/logrotate.d/tor
+
+ # Defaults
+ mkdir -pv /usr/share/tor
+ install -v -m 644 $(DIR_SRC)/config/tor/defaults-torrc \
+ /usr/share/tor/defaults-torrc
+
+ install -v -m 644 $(DIR_SRC)/config/backup/includes/tor \
+ /var/ipfire/backup/addons/includes/tor
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/transmission b/lfs/transmission
index b20ae88..9d5dfa5 100644
--- a/lfs/transmission
+++ b/lfs/transmission
@@ -24,7 +24,7 @@
include Config
-VER = 2.80
+VER = 2.81
THISAPP = transmission-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = transmission
-PAK_VER = 7
+PAK_VER = 8
DEPS = "libevent2"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2bde600d4b0a75d0bd3784550d59a8af
+$(DL_FILE)_MD5 = db1ad10ecff07150486dab2365ccb3a8
install : $(TARGET)
diff --git a/lfs/vdr b/lfs/vdr
index 0dd2c0f..b1feb01 100644
--- a/lfs/vdr
+++ b/lfs/vdr
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = vdr
-PAK_VER = 6
+PAK_VER = 7
DEPS = "vdr_streamdev"
diff --git a/make.sh b/make.sh
index 88af898..eb9421c 100755
--- a/make.sh
+++ b/make.sh
@@ -25,8 +25,8 @@
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.13" # Version number
-CORE="71" # Core Level (Filename)
-PAKFIRE_CORE="71" # Core Level (PAKFIRE)
+CORE="72" # Core Level (Filename)
+PAKFIRE_CORE="72" # Core Level (PAKFIRE)
GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
@@ -333,6 +333,7 @@ buildbase() {
lfsmake2 gettext
lfsmake2 grep
lfsmake2 groff
+ lfsmake2 gperf
lfsmake2 gzip
lfsmake2 inetutils
lfsmake2 iproute2
@@ -779,6 +780,8 @@ buildipfire() {
ipfiremake perl-File-Tail
ipfiremake perl-TimeDate
ipfiremake swatch
+ ipfiremake tor
+ ipfiremake arm
echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
echo >> $BASEDIR/build/var/ipfire/firebuild
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 844618a..0237297 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -188,6 +188,10 @@ case "$1" in
/sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
+ # TOR
+ /sbin/iptables -N TOR_INPUT
+ /sbin/iptables -A INPUT -j TOR_INPUT
+
# Outgoing Firewall
/sbin/iptables -A FORWARD -j OUTGOINGFWMAC
diff --git a/src/initscripts/init.d/tor b/src/initscripts/init.d/tor
new file mode 100644
index 0000000..e27241f
--- /dev/null
+++ b/src/initscripts/init.d/tor
@@ -0,0 +1,82 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/tor
+#
+# Description : Anonymizing overlay network for TCP
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+function setup_firewall() {
+ eval $(/usr/local/bin/readhash /var/ipfire/tor/settings)
+
+ # Flush all rules.
+ flush_firewall
+
+ if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
+ iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_PORT}" -j ACCEPT
+ fi
+}
+
+function flush_firewall() {
+ # Flush all rules.
+ iptables -F TOR_INPUT
+}
+
+case "${1}" in
+ start)
+ # Setup firewall.
+ setup_firewall
+
+ boot_mesg "Starting tor..."
+ loadproc /usr/bin/tor \
+ --runasdaemon 1 \
+ --defaults-torrc /usr/share/tor/defaults-torrc \
+ -f /etc/tor/torrc \
+ --quiet
+ ;;
+
+ stop)
+ # Flush firewall.
+ flush_firewall
+
+ boot_mesg "Stopping tor..."
+ killproc /usr/bin/tor
+ ;;
+
+ reload)
+ # Setup firewall.
+ setup_firewall
+
+ boot_mesg "Reloading tor..."
+ reloadproc /usr/bin/tor
+ ;;
+
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
+
+ reload-or-restart)
+ # Reload the process if it is already running. Otherwise, restart.
+ if pidofproc -s /usr/bin/tor; then
+ $0 reload
+ else
+ $0 restart
+ fi
+ ;;
+
+ status)
+ statusproc /usr/bin/tor
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|reload|restart|reload-or-restart|status}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/tor
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index 2ec7878..4d09fbf 100644
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -33,7 +33,7 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
- getconntracktable wirelessclient dnsmasqctrl
+ getconntracktable wirelessclient dnsmasqctrl torctrl
SUID_UPDX = updxsetperms
install : all
@@ -164,3 +164,6 @@ wirelessclient: wirelessclient.c setuid.o ../install+setup/libsmooth/varval.o
dnsmasqctrl: dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ dnsmasqctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
+
+torctrl: torctrl.c setuid.o ../install+setup/libsmooth/varval.o
+ $(COMPILE) -I../install+setup/libsmooth/ torctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index 633004e..365807c 100644
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -144,8 +144,8 @@ void turn_connection_on(char *name, char *type) {
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
- // Reload the configuration into the daemon.
- safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+ // Reload the configuration into the daemon (#10339).
+ ipsec_reload();
// Bring the connection up again.
snprintf(command, STRING_SIZE - 1,
@@ -169,7 +169,15 @@ void turn_connection_off (char *name) {
safe_system(command);
// Reload, so the connection is dropped.
- safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+ ipsec_reload();
+}
+
+void ipsec_reload() {
+ /* Re-read all configuration files and secrets and
+ * reload the daemon (#10339).
+ */
+ safe_system("/usr/sbin/ipsec rereadall >/dev/null 2>&1");
+ safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
}
int main(int argc, char *argv[]) {
@@ -193,7 +201,7 @@ int main(int argc, char *argv[]) {
}
if (strcmp(argv[1], "R") == 0) {
- safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+ ipsec_reload();
exit(0);
}
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index e366294..76916f1 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -362,6 +362,10 @@ char* calcTransferNetAddress(const connection* conn) {
char *subnetmask = strdup(conn->transfer_subnet);
char *address = strsep(&subnetmask, "/");
+ if ((address == NULL) || (subnetmask == NULL)) {
+ goto ERROR;
+ }
+
in_addr_t _address = inet_addr(address);
in_addr_t _subnetmask = inet_addr(subnetmask);
_address &= _subnetmask;
@@ -496,12 +500,11 @@ void setFirewallRules(void) {
local_subnet_address = getLocalSubnetAddress(conn);
transfer_subnet_address = calcTransferNetAddress(conn);
- if ((!local_subnet_address) || (!transfer_subnet_address))
- continue;
-
- snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
- OVPNNAT, transfer_subnet_address, local_subnet_address);
- executeCommand(command);
+ if ((local_subnet_address) && (transfer_subnet_address)) {
+ snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
+ OVPNNAT, transfer_subnet_address, local_subnet_address);
+ executeCommand(command);
+ }
}
conn = conn->next;
diff --git a/src/misc-progs/torctrl.c b/src/misc-progs/torctrl.c
new file mode 100644
index 0000000..39d4956
--- /dev/null
+++ b/src/misc-progs/torctrl.c
@@ -0,0 +1,36 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence. See the file COPYING for details.
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[]) {
+ if (!(initsetuid()))
+ exit(1);
+
+ if (argc < 2) {
+ fprintf(stderr, "\nNo argument given.\n\ntorctrl (restart|stop)\n\n");
+ exit(1);
+ }
+
+ if (strcmp(argv[1], "restart") == 0) {
+ safe_system("/etc/rc.d/init.d/tor reload-or-restart");
+
+ } else if (strcmp(argv[1], "stop") == 0) {
+ safe_system("/etc/rc.d/init.d/tor stop");
+
+ } else {
+ fprintf(stderr, "\nBad argument given.\n\ntorctrl (restart|stop)\n\n");
+ exit(1);
+ }
+
+ return 0;
+}
diff --git a/src/patches/arm-dont-require-distutils.patch b/src/patches/arm-dont-require-distutils.patch
new file mode 100644
index 0000000..1fe2b8a
--- /dev/null
+++ b/src/patches/arm-dont-require-distutils.patch
@@ -0,0 +1,20 @@
+diff -Nur arm.vanilla/src/util/hostnames.py arm/src/util/hostnames.py
+--- arm.vanilla/src/util/hostnames.py 2012-04-29 05:59:24.000000000 +0200
++++ arm/src/util/hostnames.py 2013-07-31 17:59:19.245591564 +0200
+@@ -30,7 +30,6 @@
+ import threading
+ import itertools
+ import Queue
+-import distutils.sysconfig
+
+ from util import log, sysTools
+
+@@ -264,7 +263,7 @@
+ # 'socket.gethostbyaddr'. The following checks if the system has the
+ # gethostbyname_r function, which determines if python resolutions can be
+ # done in parallel or not. If so, this is preferable.
+- isSocketResolutionParallel = distutils.sysconfig.get_config_var("HAVE_GETHOSTBYNAME_R")
++ isSocketResolutionParallel = True #distutils.sysconfig.get_config_var("HAVE_GETHOSTBYNAME_R")
+ self.useSocketResolution = CONFIG["queries.hostnames.useSocketModule"] and isSocketResolutionParallel
+
+ for _ in range(CONFIG["queries.hostnames.poolSize"]):
diff --git a/src/patches/squid-3.1-10486.patch b/src/patches/squid-3.1-10486.patch
new file mode 100644
index 0000000..6a0388e
--- /dev/null
+++ b/src/patches/squid-3.1-10486.patch
@@ -0,0 +1,54 @@
+------------------------------------------------------------
+revno: 10486
+revision-id: squid3(a)treenet.co.nz-20130222111325-zizr296kq3te4g7h
+parent: squid3(a)treenet.co.nz-20130109021503-hqg7ufldrudpzr9l
+fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3790
+author: Reinhard Sojka <reinhard.sojka(a)parlament.gv.at>
+committer: Amos Jeffries <squid3(a)treenet.co.nz>
+branch nick: SQUID_3_1
+timestamp: Fri 2013-02-22 04:13:25 -0700
+message:
+ Bug 3790: cachemgr.cgi crash with authentication
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3(a)treenet.co.nz-20130222111325-zizr296kq3te4g7h
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b
+# timestamp: 2013-02-22 11:17:18 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# base_revision_id: squid3(a)treenet.co.nz-20130109021503-\
+# hqg7ufldrudpzr9l
+#
+# Begin patch
+=== modified file 'tools/cachemgr.cc'
+--- tools/cachemgr.cc 2013-01-08 23:11:51 +0000
++++ tools/cachemgr.cc 2013-02-22 11:13:25 +0000
+@@ -1162,7 +1162,6 @@
+ {
+ static char buf[1024];
+ size_t stringLength = 0;
+- const char *str64;
+
+ if (!req->passwd)
+ return "";
+@@ -1171,15 +1170,12 @@
+ req->user_name ? req->user_name : "",
+ req->passwd);
+
+- str64 = base64_encode(buf);
+-
+- stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64);
++ stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf));
+
+ assert(stringLength < sizeof(buf));
+
+- snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64);
++ snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf));
+
+- xxfree(str64);
+ return buf;
+ }
+
+
diff --git a/src/patches/squid-3.1-10487.patch b/src/patches/squid-3.1-10487.patch
new file mode 100644
index 0000000..2ca4848
--- /dev/null
+++ b/src/patches/squid-3.1-10487.patch
@@ -0,0 +1,73 @@
+------------------------------------------------------------
+revno: 10487
+revision-id: squid3(a)treenet.co.nz-20130710124748-2n6111r04xsi71vx
+parent: squid3(a)treenet.co.nz-20130222111325-zizr296kq3te4g7h
+author: Nathan Hoad <nathan(a)getoffmalawn.com>
+committer: Amos Jeffries <squid3(a)treenet.co.nz>
+branch nick: SQUID_3_1
+timestamp: Wed 2013-07-10 06:47:48 -0600
+message:
+ Protect against buffer overrun in DNS query generation
+
+ see SQUID-2013:2.
+
+ This bug has been present as long as the internal DNS component however
+ most code reaching this point is passing through URL validation first.
+ With Squid-3.2 Host header verification using DNS directly we may have
+ problems.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3(a)treenet.co.nz-20130710124748-2n6111r04xsi71vx
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0
+# timestamp: 2013-07-10 12:48:57 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# base_revision_id: squid3(a)treenet.co.nz-20130222111325-\
+# zizr296kq3te4g7h
+#
+# Begin patch
+=== modified file 'src/dns_internal.cc'
+--- src/dns_internal.cc 2011-10-11 02:12:56 +0000
++++ src/dns_internal.cc 2013-07-10 12:47:48 +0000
+@@ -1532,22 +1532,26 @@
+ void
+ idnsALookup(const char *name, IDNSCB * callback, void *data)
+ {
+- unsigned int i;
++ size_t nameLength = strlen(name);
++
++ // Prevent buffer overflow on q->name
++ if (nameLength > NS_MAXDNAME) {
++ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details.");
++ callback(data, NULL, 0, "Internal error");
++ return;
++ }
++
++ if (idnsCachedLookup(name, callback, data))
++ return;
++
++ idns_query *q = cbdataAlloc(idns_query);
++ q->id = idnsQueryID();
+ int nd = 0;
+- idns_query *q;
+-
+- if (idnsCachedLookup(name, callback, data))
+- return;
+-
+- q = cbdataAlloc(idns_query);
+-
+- q->id = idnsQueryID();
+-
+- for (i = 0; i < strlen(name); i++)
++ for (unsigned int i = 0; i < nameLength; ++i)
+ if (name[i] == '.')
+ nd++;
+
+- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
++ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
+ q->do_searchpath = 1;
+ } else {
+ q->do_searchpath = 0;
+
diff --git a/src/scripts/setddns.pl b/src/scripts/setddns.pl
index 6c4c369..f943ac8 100644
--- a/src/scripts/setddns.pl
+++ b/src/scripts/setddns.pl
@@ -150,6 +150,27 @@ if ($ip ne $ipcache) {
}
}
+ elsif ($settings{'SERVICE'} eq 'all-inkl') {
+ my %proxysettings;
+ &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
+ if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
+ my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
+ Net::SSLeay::set_proxy($peer,$peerport,$proxysettings{'UPSTREAM_USER'},$proxysettings{'UPSTREAM_PASSWORD'} );
+ }
+
+ my ($out, $response) = Net::SSLeay::get_https("dyndns.kasserver.com", 443, "/", Net::SSLeay::make_headers(
+ 'User-Agent' => 'IPFire', 'Authorization' => 'Basic ' . encode_base64("$settings{'LOGIN'}:$settings{'PASSWORD'}")
+ ));
+
+ # Valid response are 'ok' 'nochange'
+ if ($response =~ m%HTTP/1\.. 200 OK%) {
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTNAME'}.$settings{'DOMAIN'} : success");
+ $success++;
+ } else {
+ &General::log("Dynamic DNS ip-update for $settings{'HOSTNAME'}.$settings{'DOMAIN'} : failure (could not connect to server, check your credentials)");
+ }
+ }
+
elsif ($settings{'SERVICE'} eq 'cjb') {
# use proxy ?
my %proxysettings;
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2013-08-11 9:52 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130811095234.F15E420310@argus.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox