[git.ipfire.org] IPFire 2.x development tree branch, master, updated. a7f578e949a385e79f1b39f5ac19d7fea32f4bed

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. a7f578e949a385e79f1b39f5ac19d7fea32f4bed
@ 2026-04-20 10:25 Michael Tremer
  0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-04-20 10:25 UTC (permalink / raw)
  To: ipfire-scm

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  a7f578e949a385e79f1b39f5ac19d7fea32f4bed (commit)
       via  fb248260597a1734a2c32137615a1e74fe536c05 (commit)
       via  171f4e965cc2419a584a0b7abfdc0b8a4087462c (commit)
       via  4d482385bcb91537003c54c081afc3ed1ad75f4f (commit)
      from  d3b06186321fb4a1315bb0fa39645f12b97dfe43 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a7f578e949a385e79f1b39f5ac19d7fea32f4bed
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Mon Apr 20 11:19:54 2026 +0100

    dnsbl.cgi: Check if domain names are valid
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit fb248260597a1734a2c32137615a1e74fe536c05
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Mon Apr 20 11:10:48 2026 +0100

    network-functions.pl: Convert IP addresses into networks on normalize
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 171f4e965cc2419a584a0b7abfdc0b8a4087462c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Mon Apr 20 10:59:49 2026 +0100

    dnsbl.cgi: Normalize all custom networks on the ACL
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 4d482385bcb91537003c54c081afc3ed1ad75f4f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Mon Apr 20 10:59:24 2026 +0100

    unbound: Fix typo in variable name
    
    This resulted in the ACLs not being properly split.
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/cfgroot/network-functions.pl | 17 +++++++++++++++++
 html/cgi-bin/dnsbl.cgi              | 17 +++++++++++++++++
 src/initscripts/system/unbound      |  2 +-
 3 files changed, 35 insertions(+), 1 deletion(-)

Difference in files:
diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl
index ad89fc777..6716cfe4b 100644
--- a/config/cfgroot/network-functions.pl
+++ b/config/cfgroot/network-functions.pl
@@ -344,6 +344,23 @@ sub normalize_network($) {
 	return "${address}/${prefix}";
 }
 
+sub normalize_networks($) {
+	my @networks = ();
+
+	foreach my $network (@_) {
+		# Convert any IP addresses to networks
+		if (&check_ip_address($network)) {
+			push(@networks, "${network}/32");
+			next;
+		}
+
+		$network = &normalize_network($network);
+		push(@networks, $network);
+	}
+
+	return @networks;
+}
+
 # Returns True if $address is in $network.
 sub ip_address_in_network($$) {
 	my $address = shift;
diff --git a/html/cgi-bin/dnsbl.cgi b/html/cgi-bin/dnsbl.cgi
index 9b4e8dcab..c2f48381e 100644
--- a/html/cgi-bin/dnsbl.cgi
+++ b/html/cgi-bin/dnsbl.cgi
@@ -139,6 +139,9 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
 		}
 	}
 
+	# Normalize all networks
+	@custom_acl = &Network::normalize_networks(@custom_acl);
+
 	# Only go further, if there was no error message.
 	unless (scalar @errormessages) {
 		# Read-in settings file.
@@ -203,6 +206,20 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
 		push(@errormessages, "$dup - $Lang::tr{'dnsbl error domain specified twice'}");
 	}
 
+	# Check allowed domains
+	foreach my $domain (@ascii_allowed_domains) {
+		unless (&General::validfqdn($domain)) {
+			push(@errormessages, "$Lang::tr{'invalid domain name'}: ${domain}");
+		}
+	}
+
+	# Check blocked domains
+	foreach my $domain (@ascii_blocked_domains) {
+		unless (&General::validfqdn($domain)) {
+			push(@errormessages, "$Lang::tr{'invalid domain name'}: ${domain}");
+		}
+	}
+
 	# Check if a domain from the posted blocked domains array is allready part of
 	# the saved allowed domains array
 	$dup = &compare_arrays(\@custom_allowed_domains, \@ascii_blocked_domains);
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index cc658432a..2be3b81f1 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -265,7 +265,7 @@ write_dnsbl_zones() {
 
 			# Add any custom ACL
 			if [ -n "${custom_acls}" ]; then
-				IFS='|' read -r -a custom_acl <<< "${custom_acls}"
+				IFS='|' read -r -a custom_acls <<< "${custom_acls}"
 
 				local custom_acl
 				for custom_acl in ${custom_acls[@]}; do


hooks/post-receive
--
IPFire 2.x development tree


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-04-20 10:25 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-20 10:25 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. a7f578e949a385e79f1b39f5ac19d7fea32f4bed Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox