[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 0b075172af1ae899337e7f072fc8490ae57e5501

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 0b075172af1ae899337e7f072fc8490ae57e5501

[git]

[-- Attachment #1: Type: text/plain, Size: 8823 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  0b075172af1ae899337e7f072fc8490ae57e5501 (commit)
       via  0cf6bacad2cafcacdee5810c2a4080cb19aa85ae (commit)
       via  b00797e260bc84be15cea26a144f560244be4c6e (commit)
       via  915c88931a2c5c4cd34ece5dc754cb8da984d2e3 (commit)
      from  06988eaf4961be6c74a9aefb8203eb7b53157bd6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0b075172af1ae899337e7f072fc8490ae57e5501
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Nov 19 12:54:41 2015 +0000

    core96: Ship changed files
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 0cf6bacad2cafcacdee5810c2a4080cb19aa85ae
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date:   Mon Nov 16 12:01:07 2015 +0100

    BUG10984: Fix portforwardconverter for upgrades before core 77
    
    When upgrading from a post core-77 installation, the portforwarding
    rules seem to get broken. With this patch the sourceports and the
    subnetmasks from the rules are converted correctly.
    
    Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit b00797e260bc84be15cea26a144f560244be4c6e
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date:   Thu Nov 19 11:09:49 2015 +0100

    BUG10963: implement a better email verification
    
    We now check all allowed chars in the address before the @ sign.
    The domainpart after the '@' sign is just checked for valid chars, so that user(a)ipfire is valid, too
    
    Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 915c88931a2c5c4cd34ece5dc754cb8da984d2e3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Nov 19 12:52:31 2015 +0000

    strongswan: Update to 5.3.4
    
    Fixes a security vulnerability in the EAP-MSCHAPv2 plugin
    that is filed under CVE-2015-8023.
    
    https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/cfgroot/general-functions.pl                | 29 +++++++++++++++-------
 config/firewall/convert-portfw                     | 29 +++++++++++++---------
 config/rootfiles/core/96/filelists/files           |  2 ++
 .../96}/filelists/i586/strongswan-padlock          |  0
 .../{oldcore/95 => core/96}/filelists/strongswan   |  0
 lfs/strongswan                                     |  4 +--
 6 files changed, 41 insertions(+), 23 deletions(-)
 copy config/rootfiles/{oldcore/95 => core/96}/filelists/i586/strongswan-padlock (100%)
 copy config/rootfiles/{oldcore/95 => core/96}/filelists/strongswan (100%)

Difference in files:
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 2b5cd19..f3a2e47 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -655,7 +655,7 @@ sub validfqdn
 	my @parts = split (/\./, $fqdn);	# Split hostname at the '.'
 	if (scalar(@parts) < 2) {		# At least two parts should
 		return 0;}			# exist in a FQDN
-						# (i.e. hostname.domain)
+						# (i.e.hostname.domain)
 	foreach $part (@parts) {
 		# Each part should be at least one character in length
 		# but no more than 63 characters
@@ -747,14 +747,25 @@ sub ipcidr2msk {
 }
 
 sub validemail {
-    my $mail = shift;
-    return 0 if ( $mail !~ /^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$/ );
-    return 0 if ( $mail =~ /^[^0-9a-zA-Z]|[^0-9a-zA-Z]$/);
-    return 0 if ( $mail !~ /([0-9a-zA-Z]{1})\@./ );
-    return 0 if ( $mail !~ /.\@([0-9a-zA-Z]{1})/ );
-    return 0 if ( $mail =~ /.\.\-.|.\-\..|.\.\..|.\-\-./g );
-    return 0 if ( $mail =~ /.\.\_.|.\-\_.|.\_\..|.\_\-.|.\_\_./g );
-    return 0 if ( $mail !~ /\.([a-zA-Z]{2,4})$/ );
+    my $address = shift;
+    my @parts = split( /\@/, $address );
+    my $count=@parts;
+
+    #check if we have one part before and after '@'
+    return 0 if ( $count != 2 );
+
+    #check if one of the parts starts or ends with a dot
+    return 0 if ( substr($parts[0],0,1) eq '.' );
+    return 0 if ( substr($parts[0],-1,1) eq '.' );
+    return 0 if ( substr($parts[1],0,1) eq '.' );
+    return 0 if ( substr($parts[1],-1,1) eq '.' );
+
+    #check first addresspart (before '@' sign)
+    return 0 if  ( $parts[0] !~ m/^[a-zA-Z0-9\.!\-\+#]+$/ );
+
+    #check second addresspart (after '@' sign)
+    return 0 if  ( $parts[1] !~ m/^[a-zA-Z0-9\.\-]+$/ );
+
     return 1;
 }
 
diff --git a/config/firewall/convert-portfw b/config/firewall/convert-portfw
index 8660e7c..8383b5a 100755
--- a/config/firewall/convert-portfw
+++ b/config/firewall/convert-portfw
@@ -60,24 +60,24 @@ close(ALIAS);
 &write_rules;
 sub get_config
 {
+	my $baseipfireport;
+	my $basesource;
 	print LOG "STEP 1:   Get config from old portforward\n#########################################\n";
 	foreach my $line (@current){
-		if($jump eq '1'){
-			$jump='';
-			$count++;
-			next;
-		}
 		my $u=$count+1;
 		($key,$flag,$prot,$ipfireport,$target,$targetport,$active,$alias,$source,$remark) = split(",",$line);
 		($key1,$flag1,$prot1,$ipfireport1,$target1,$targetport1,$active1,$alias1,$source1,$remark1) = split(",",$current[$u]);
-		if ($flag1 eq '1'){
-			$source=$source1;
-			$jump='1';
+		if ($key == $key1 && $flag == '0'){
+			$baseipfireport = $ipfireport;
+		}
+		if ($key == $key1 && $flag1 == '1'){
+			$count++;
+			next;
 		}
 		my $now=localtime;
 		chomp($remark);
-		print LOG "$now   processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT: $ipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $alias SOURCE: $source REM: $remark Doublerule: $jump\n";
-		push (@values,$prot.",".$ipfireport.",".$target.",".$targetport.",".$active.",".$alias.",".$source.",".$remark);
+		print LOG "$now   processing-> KEY: $key FLAG: $flag PROT: $prot FIREPORT: $baseipfireport TARGET: $target TGTPORT: $targetport ACTIVE: $active ALIAS: $alias SOURCE: $source REM: $remark Doublerule: $jump\n";
+		push (@values,$prot.",".$baseipfireport.",".$target.",".$targetport.",".$active.",".$alias.",".$source.",".$remark);
 		$count++;
 	}
 }
@@ -101,10 +101,15 @@ sub build_rules
 		}else{
 			$src  = 'src_addr';
 			my ($a,$b) = split("/",$source);
-			$src1 = $a."/32";
+			if ($b != ''){
+				$b = &General::iporsubtocidr($b);
+			}else{
+				$b = "32";
+			}
+			$src1 = $a."/".$b;
 		}
 		#get ipfire ip
-		if($alias eq '0.0.0.0'){
+		if($alias eq '0.0.0.0' || $alias eq '0'){
 			$alias='Default IP';
 		}else{
 			foreach my $ali (@alias){
diff --git a/config/rootfiles/core/96/filelists/files b/config/rootfiles/core/96/filelists/files
index 9e120af..9e64edc 100644
--- a/config/rootfiles/core/96/filelists/files
+++ b/config/rootfiles/core/96/filelists/files
@@ -2,3 +2,5 @@ etc/system-release
 etc/issue
 etc/rc.d/init.d/snort
 opt/pakfire/lib/functions.pl
+usr/sbin/convert-portfw
+var/ipfire/general-functions.pl
diff --git a/config/rootfiles/core/96/filelists/i586/strongswan-padlock b/config/rootfiles/core/96/filelists/i586/strongswan-padlock
new file mode 120000
index 0000000..2412824
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/i586/strongswan-padlock
@@ -0,0 +1 @@
+../../../../common/i586/strongswan-padlock
\ No newline at end of file
diff --git a/config/rootfiles/core/96/filelists/strongswan b/config/rootfiles/core/96/filelists/strongswan
new file mode 120000
index 0000000..90c727e
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/lfs/strongswan b/lfs/strongswan
index 2a181a3..566f1af 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.3.3
+VER        = 5.3.4
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 5a25f3d1c31a77ef44d14a2e7b3eaad0
+$(DL_FILE)_MD5 = 655a632a515c74a99f2e9cc337ab2f33
 
 install : $(TARGET)
 


hooks/post-receive
--
IPFire 2.x development tree