webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-13 20:42:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into kernel-4.14

Browse Source
This commit is contained in:
Arne Fitzenreiter
2018-03-30 10:26:01 +02:00
parent 018a19af64 36600cef36
commit 302dba205b
158 changed files with 10487 additions and 913 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/initscripts/system/dhcp
View File

@@ -8,6 +8,8 @@
. /etc/sysconfig/rc
. $rc_functions
[ -e "/etc/sysconfig/dhcpd" ] && . /etc/sysconfig/dhcpd
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
@@ -23,20 +25,20 @@ case "$1" in
flush_chains
if [ -n "${GREEN_DEV}" -a -e "/var/ipfire/dhcp/enable_green" ]; then
devices="${GREEN_DEV}"
LISTEN_INTERFACES+=" ${GREEN_DEV}"
iptables -A DHCPGREENINPUT -i "${GREEN_DEV}" -j DHCPINPUT
iptables -A DHCPGREENOUTPUT -o "${GREEN_DEV}" -j DHCPOUTPUT
fi
if [ -n "${BLUE_DEV}" -a -e "/var/ipfire/dhcp/enable_blue" ]; then
devices+=" ${BLUE_DEV}"
LISTEN_INTERFACES+=" ${BLUE_DEV}"
iptables -A DHCPBLUEINPUT -i "${BLUE_DEV}" -j DHCPINPUT
iptables -A DHCPBLUEOUTPUT -o "${BLUE_DEV}" -j DHCPOUTPUT
fi
boot_mesg "Starting DHCP Server..."
loadproc /usr/sbin/dhcpd -q ${devices}
loadproc /usr/sbin/dhcpd -q ${LISTEN_INTERFACES}
# Start Unbound DHCP Lease Bridge unless RFC2136 is used
if [ "${DNS_UPDATE_ENABLED}" != on ]; then

25
src/initscripts/system/pakfire Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/sh
########################################################################
# Begin $rc_base/init.d/pakfire
#
# Description : Imports the keyring to make Pakfire operational
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
case "${1}" in
start)
boot_mesg "Setting up Pakfire Package Manager..."
gpg --import /opt/pakfire/pakfire.key &>/dev/null
evaluate_retval
;;
*)
echo "Usage: ${0} {start}"
exit 1
;;
esac
# End $rc_base/init.d/pakfire

13
src/initscripts/system/unbound
View File

@@ -214,16 +214,16 @@ write_forward_conf() {
case "${zone}" in
*.in-addr.arpa)
echo "stub-zone:"
echo " name: ${zone}."
echo " name: ${zone}"
echo " stub-addr: ${server}"
echo
echo "server:"
echo " local-zone: \"${zone}.\" transparent"
echo " local-zone: \"${zone}\" transparent"
echo
;;
*)
echo "forward-zone:"
echo " name: ${zone}."
echo " name: ${zone}"
echo " forward-addr: ${server}"
echo
;;
@@ -378,7 +378,12 @@ ns_is_validating() {
local ns=${1}
shift
dig @${ns} A ${TEST_DOMAIN_FAIL} $@ | grep -q SERVFAIL
if ! dig @${ns} A ${TEST_DOMAIN_FAIL} $@ | grep -q SERVFAIL; then
return 1
else
# Determine if NS replies with "ad" data flag if DNSSEC enabled
dig @${ns} +dnssec SOA ${TEST_DOMAIN} $@ | awk -F: '/\;\;\ flags\:/ { s=1; if (/\ ad/) s=0; exit s }'
fi
}
# Checks if we can retrieve the DNSKEY for this domain.

2
src/misc-progs/wiohelper.c
View File

@@ -8,7 +8,7 @@
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
* IPFire.org - A linux based firewall
* Copyright (C) 2017 Stephan Feddersen <addons@h-loit.de>
* Copyright (C) 2017-2018 Stephan Feddersen <sfeddersen@ipfire.org>
*
* All Rights Reserved.
*

35
src/pakfire/lib/functions.pl
View File

@@ -31,10 +31,9 @@ use HTTP::Message;
use HTTP::Request;
use Net::Ping;
package Pakfire;
use Switch;
# GPG Keys
my $myid = "179740DC4D8C47DC63C099C74BDE364C64D96617"; # Our own gpg-key paks@ipfire.org
package Pakfire;
# A small color-hash :D
my %color;
@@ -167,15 +166,26 @@ sub fetchfile {
if ($proxysettings{'UPSTREAM_PROXY'}) {
logger("DOWNLOAD INFO: Upstream proxy: \"$proxysettings{'UPSTREAM_PROXY'}\"") unless ($bfile =~ /^counter.py\?.*/);
if ($proxysettings{'UPSTREAM_USER'}) {
$ua->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$proxysettings{'UPSTREAM_PROXY'}/");
$ua->proxy([["http", "https"] => "http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$proxysettings{'UPSTREAM_PROXY'}/"]);
logger("DOWNLOAD INFO: Logging in with: \"$proxysettings{'UPSTREAM_USER'}\" - \"$proxysettings{'UPSTREAM_PASSWORD'}\"") unless ($bfile =~ /^counter.py\?.*/);
} else {
$ua->proxy("http","http://$proxysettings{'UPSTREAM_PROXY'}/");
$ua->proxy([["http", "https"] => "http://$proxysettings{'UPSTREAM_PROXY'}/"]);
}
}
$final_data = undef;
my $url = "http://$host/$file";
my $url;
switch ($proto) {
case "HTTP" { $url = "http://$host/$file"; }
case "HTTPS" { $url = "https://$host/$file"; }
else {
# skip all lines with unknown protocols
logger("DOWNLOAD WARNING: Skipping Host: $host due to unknown protocol ($proto) in mirror database");
next;
}
}
my $response;
unless ($bfile =~ /^counter.py\?.*/) {
@@ -899,19 +909,6 @@ sub senduuid {
}
}
sub checkcryptodb {
logger("CRYPTO INFO: Checking GnuPG Database");
system("gpg --fingerprint $myid >/dev/null");
return if ($? == 0);
message("CRYPTO WARN: The GnuPG isn't configured correctly. Trying now to fix this.");
message("CRYPTO WARN: It's normal to see this on first execution.");
message("CRYPTO WARN: If this message is being shown repeatedly, check if time and date are set correctly, and if IPFire can connect via port 11371 TCP.");
my $command = "gpg --keyserver pgp.ipfire.org --always-trust --status-fd 2";
system("$command --recv-key $myid >> $Conf::logdir/gnupg-database.log 2>&1");
}
sub callback {
my ($data, $response, $protocol) = @_;
$final_data .= $data;

1
src/pakfire/pakfire
View File

@@ -30,7 +30,6 @@
my $force = "noforce";
&Pakfire::logger("PAKFIRE INFO: IPFire Pakfire $Conf::version started!");
&Pakfire::checkcryptodb;
### Check if we are running as root
#

29
src/pakfire/pakfire.key Normal file
View File

@@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFqr0AoBEACeW1ClMLQyZ/67c7u5FTDbOfe3212rdXzjojDOjQepAIKErS06
2rOGwurGu8cy39RJOBCR2VT6ai6mVejJnLm0j/3FL4df8tEhhtBNE9BhJriS5mIt
qoiR2zjR/ldEyLSiCfUprkAAX75vl7nqua2esHs1XnXykGoj7U/qRbu0jyavUJJx
i0/XSRjbEo6GB9tk7taGFFBNxTpWTaJBR9fhjLN4tUL5rYB5CXwBvgkl1WHQSpYW
sCIdF8l1mMuNLhzaZsq+lt8hMPKBM7TsdQtfOwYzV6mROJYeHDVSsrLYoDoYdW/o
vGV7758alxiMVNv5VI5hENofxriwlhZZOHKie9b9m6rCJ39qSsG1f1HwVa5ab33l
ktVdWmsqsvuF+kZL5K19tFScR4e1tpT+2xM7NT4SLlgsG0YXRVCA3fjis3P2Qft8
turBMOayyrJqnqQTHTk9eNpWDJ6Tg2ZhJ7uR79vrdsqcfnL71D/CeUgD0xekZIys
MG7sqF6ApZXf1jvubD8Jw00EwrvZFRhIkiP6NxZjP4yA5YeUA1KHohVegIuTZLmT
t74PMqpYh/j/ixa7m0Ja/vyqwXGqJVdAuded+zmCPw0NRvdoGkMPlgYlgKzVDTF6
gXgsr+yT+hFSfHWwCFrEgrv1JQsac5P7iCRB8PS9FWs6+vnoOlzZrGoI/wARAQAB
tDdJUEZpcmUgUGFrZmlyZSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxwYWtmaXJlQGlw
ZmlyZS5vcmc+iQI5BBMBAgAjBQJaq9AKAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQb+96jtcTWUsx8BAAmkZ2rg/PQkXgqENhoJuoT93bKmu2Ng4DLKGc
JyGAd+PPan70jX9xAs/QMuEXbPwNnZUZCpMfDvOrf6FRoc651whJvp3h1dluMNBD
gsSwX7CgpLPaPxqthPLaN239b02GLJs/J6IiyTqS3QsBcJqvdWmcGqHZEiCjDTri
e0kQIXyjCEXQnnsTKZL/sa8KQTOAHsF81iYB2DqOWFZsQ9iJKjTCPlo5eOsZTJGt
XKQlmAIeACN6YfSBMGK24t4cyvUOcklVFHri+EVCYPMdxT96Wsfa4rFOnMwD1Ggx
b42KTRMK3awN8b91/gg6Oay+WDEGPJSnUsu04WoMzhQ0jwmu1i0O1OdKPshNE/7n
Eu/YggBqRy/ClyPbX1+9nfOE4ldUnRPSWTwtVpbPoAWDM+WYdo7mFVi7un9y7F8J
YOZRGkhar3KlfrkiXx6pD/rARj5bi3LcWXwEDT/ZdDd+h9lZtfLcCQe9lqqUcxCM
xWUXnH87svNCZMS/AEkVHDmKNtx6hsYFqwXgExExqH3uMmwQwwcL8rv9M2c/LLZQ
RFTSj/vhEzJY4nqS/m5dgWfwPYBleM6UwCHVWxP0uI18et739pMzTxaL+Q/uGXNP
42f4CPSnb3EbtCelUMfO2JQkhNGBL7SqoOmtykSmCykAWaSnGYhI1frQDcBvNao+
xPvh/8Y=
=y1gn
-----END PGP PUBLIC KEY BLOCK-----

84
src/patches/clamav/clamav-0.99.3-gcc-6.patch
View File

@@ -1,84 +0,0 @@
diff --git a/libclamav/c++/llvm/include/llvm/ADT/StringMap.h b/libclamav/c++/llvm/include/llvm/ADT/StringMap.h
index 59ff6aa..1325394 100644
--- a/libclamav/c++/llvm/include/llvm/ADT/StringMap.h
+++ b/libclamav/c++/llvm/include/llvm/ADT/StringMap.h
@@ -169,3 +169,3 @@ public:
KeyLength+1;
- unsigned Alignment = alignof<StringMapEntry>();
+ unsigned Alignment = alignOf<StringMapEntry>();
diff --git a/libclamav/c++/llvm/include/llvm/CodeGen/SlotIndexes.h b/libclamav/c++/llvm/include/llvm/CodeGen/SlotIndexes.h
index 88044c7..86b0f40 100644
--- a/libclamav/c++/llvm/include/llvm/CodeGen/SlotIndexes.h
+++ b/libclamav/c++/llvm/include/llvm/CodeGen/SlotIndexes.h
@@ -417,3 +417,3 @@ namespace llvm {
ileAllocator.Allocate(sizeof(IndexListEntry),
- alignof<IndexListEntry>()));
+ alignOf<IndexListEntry>()));
diff --git a/libclamav/c++/llvm/include/llvm/Support/AlignOf.h b/libclamav/c++/llvm/include/llvm/Support/AlignOf.h
index 6a7a1a6..979e597 100644
--- a/libclamav/c++/llvm/include/llvm/Support/AlignOf.h
+++ b/libclamav/c++/llvm/include/llvm/Support/AlignOf.h
@@ -51,8 +51,8 @@ struct AlignOf {
-/// alignof - A templated function that returns the mininum alignment of
+/// alignOf - A templated function that returns the mininum alignment of
/// of a type. This provides no extra functionality beyond the AlignOf
/// class besides some cosmetic cleanliness. Example usage:
-/// alignof<int>() returns the alignment of an int.
+/// alignOf<int>() returns the alignment of an int.
template <typename T>
-static inline unsigned alignof() { return AlignOf<T>::Alignment; }
+static inline unsigned alignOf() { return AlignOf<T>::Alignment; }
diff --git a/libclamav/c++/llvm/include/llvm/Support/Allocator.h b/libclamav/c++/llvm/include/llvm/Support/Allocator.h
index 4a7251f..17caf5e 100644
--- a/libclamav/c++/llvm/include/llvm/Support/Allocator.h
+++ b/libclamav/c++/llvm/include/llvm/Support/Allocator.h
@@ -203,3 +203,3 @@ public:
for (char *Ptr = (char*)(Slab+1); Ptr < End; Ptr += sizeof(T)) {
- Ptr = Allocator.AlignPtr(Ptr, alignof<T>());
+ Ptr = Allocator.AlignPtr(Ptr, alignOf<T>());
if (Ptr + sizeof(T) <= End)
diff --git a/libclamav/c++/llvm/lib/Analysis/ScalarEvolution.cpp b/libclamav/c++/llvm/lib/Analysis/ScalarEvolution.cpp
index b892d85..dc72346 100644
--- a/libclamav/c++/llvm/lib/Analysis/ScalarEvolution.cpp
+++ b/libclamav/c++/llvm/lib/Analysis/ScalarEvolution.cpp
@@ -495,3 +495,3 @@ void SCEVUnknown::print(raw_ostream &OS) const {
if (isAlignOf(AllocTy)) {
- OS << "alignof(" << *AllocTy << ")";
+ OS << "alignOf(" << *AllocTy << ")";
return;
diff --git a/libclamav/c++/llvm/lib/Target/X86/X86CodeEmitter.cpp b/libclamav/c++/llvm/lib/Target/X86/X86CodeEmitter.cpp
index 824021c..757ca50 100644
--- a/libclamav/c++/llvm/lib/Target/X86/X86CodeEmitter.cpp
+++ b/libclamav/c++/llvm/lib/Target/X86/X86CodeEmitter.cpp
@@ -569,3 +569,3 @@ void Emitter<CodeEmitter>::emitMemModRMByte(const MachineInstr &MI,
// Calculate what the SS field value should be...
- static const unsigned SSTable[] = { ~0, 0, 1, ~0, 2, ~0, ~0, ~0, 3 };
+ static const unsigned SSTable[] = { ~0u, 0u, 1u, ~0u, 2u, ~0u, ~0u, ~0u, 3u };
unsigned SS = SSTable[Scale.getImm()];
diff --git a/libclamav/c++/llvm/lib/Target/X86/X86MCCodeEmitter.cpp b/libclamav/c++/llvm/lib/Target/X86/X86MCCodeEmitter.cpp
index 9564fe0..b2b7986 100644
--- a/libclamav/c++/llvm/lib/Target/X86/X86MCCodeEmitter.cpp
+++ b/libclamav/c++/llvm/lib/Target/X86/X86MCCodeEmitter.cpp
@@ -332,3 +332,3 @@ void X86MCCodeEmitter::EmitMemModRMByte(const MCInst &MI, unsigned Op,
// Calculate what the SS field value should be...
- static const unsigned SSTable[] = { ~0, 0, 1, ~0, 2, ~0, ~0, ~0, 3 };
+ static const unsigned SSTable[] = { ~0u, 0u, 1u, ~0u, 2u, ~0u, ~0u, ~0u, 3u };
unsigned SS = SSTable[Scale.getImm()];
diff --git a/libclamav/mpool.c b/libclamav/mpool.c
index cd38e15..b5e537d 100644
--- a/libclamav/mpool.c
+++ b/libclamav/mpool.c
@@ -417,3 +417,3 @@ static size_t from_bits(unsigned int bits) {
-static inline unsigned int alignof(size_t size)
+static inline unsigned int alignOf(size_t size)
{
@@ -609,3 +609,3 @@ static void* allocate_aligned(struct MPMAP *mpm, size_t size, unsigned align, co
void *mpool_malloc(struct MP *mp, size_t size) {
- size_t align = alignof(size);
+ size_t align = alignOf(size);
size_t i, needed = align_increase(size+FRAG_OVERHEAD, align);

30
src/patches/dmidecode/add_support_for_structure_type_43_tpm_device.patch Normal file
View File

@@ -0,0 +1,30 @@
From 174387405e98cd94c627832ae23abcb9be7e5623 Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Wed, 31 Jan 2018 18:52:47 +0100
Subject: dmidecode: Fix firmware version of TPM device
Both the operator (detected by clang, reported by Xorg) and the mask
for the minor firmware version field of TPM devices were wrong.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Fixes: 48a8132058a0 ("dmidecode: Add support for structure type 43 (TPM Device)")
---
dmidecode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dmidecode.c b/dmidecode.c
index 87faaa9..a593170 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -4511,7 +4511,7 @@ static void dmi_decode(const struct dmi_header *h, u16 ver)
case 0x02:
printf("\tFirmware Revision: %u.%u\n",
DWORD(data + 0x0A) >> 16,
- DWORD(data + 0x0A) && 0xFF);
+ DWORD(data + 0x0A) & 0xFFFF);
/*
* We skip the next 4 bytes, as their
* format is not standardized and their
--
cgit v1.0-41-gc330

21
src/patches/elinks-0.11.0-ssl-noegd.patch Normal file
View File

@@ -0,0 +1,21 @@
--- elinks-0.11.0/src/network/ssl/ssl.c.noegd 2006-01-10 09:24:50.000000000 +0100
+++ elinks-0.11.0/src/network/ssl/ssl.c 2006-01-10 09:25:01.000000000 +0100
@@ -44,18 +44,6 @@ SSL_CTX *context = NULL;
static void
init_openssl(struct module *module)
{
- unsigned char f_randfile[PATH_MAX];
-
- /* In a nutshell, on OS's without a /dev/urandom, the OpenSSL library
- * cannot initialize the PRNG and so every attempt to use SSL fails.
- * It's actually an OpenSSL FAQ, and according to them, it's up to the
- * application coders to seed the RNG. -- William Yodlowsky */
- if (RAND_egd(RAND_file_name(f_randfile, sizeof(f_randfile))) < 0) {
- /* Not an EGD, so read and write to it */
- if (RAND_load_file(f_randfile, -1))
- RAND_write_file(f_randfile);
- }
-
SSLeay_add_ssl_algorithms();
context = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(context, SSL_OP_ALL);

73
src/patches/elinks-0.12pre6-openssl11.patch Normal file
View File

@@ -0,0 +1,73 @@
From d83c0edf4c6ae42359ff856d7a879ecba5769595 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Fri, 17 Feb 2017 16:51:41 +0100
Subject: [PATCH 1/2] fix compatibility with OpenSSL 1.1
---
src/network/ssl/socket.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c
index c9e2be4..467fc48 100644
--- a/src/network/ssl/socket.c
+++ b/src/network/ssl/socket.c
@@ -83,7 +83,7 @@ static void
ssl_set_no_tls(struct socket *socket)
{
#ifdef CONFIG_OPENSSL
- ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
+ SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1);
#elif defined(CONFIG_GNUTLS)
{
/* GnuTLS does not support SSLv2 because it is "insecure".
@@ -419,7 +419,7 @@ ssl_connect(struct socket *socket)
}
if (client_cert) {
- SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx;
+ SSL_CTX *ctx = SSL_get_SSL_CTX((SSL *) socket->ssl);
SSL_CTX_use_certificate_chain_file(ctx, client_cert);
SSL_CTX_use_PrivateKey_file(ctx, client_cert,
--
2.7.4
From ec952cc5b79973bee73fcfc813159d40c22b7228 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Fri, 17 Feb 2017 16:44:11 +0100
Subject: [PATCH 2/2] drop disablement of TLS1.0 on second attempt to connect
It would not work correctly anyway and the code does not build
with OpenSSL-1.1.0.
---
src/network/ssl/socket.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c
index 467fc48..b981c1e 100644
--- a/src/network/ssl/socket.c
+++ b/src/network/ssl/socket.c
@@ -82,6 +82,11 @@
static void
ssl_set_no_tls(struct socket *socket)
{
+#if 0
+/* This implements the insecure renegotiation, which should not be used.
+ * The code also would not work on current Fedora (>= Fedora 23) anyway,
+ * because it would just switch off TLS 1.0 keeping TLS 1.1 and 1.2 enabled.
+ */
#ifdef CONFIG_OPENSSL
SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1);
#elif defined(CONFIG_GNUTLS)
@@ -96,6 +101,7 @@ ssl_set_no_tls(struct socket *socket)
gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority);
}
#endif
+#endif
}
#ifdef USE_OPENSSL
--
2.7.4

62
src/patches/fetchmail-6.3.26-permit-build-without-ssl3.patch Normal file
View File

@@ -0,0 +1,62 @@
From a2ae6f8d15d7caf815d7bdd13df833fd1b2af5cc Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Fri, 16 Jan 2015 20:48:46 +0100
Subject: [PATCH] Permit build on SSLv3-disabled OpenSSL,
providing that these also omit the declaration of SSLv3_client_method().
Related to Debian Bug#775255.
Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method().
Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().
diff --git a/configure.ac b/configure.ac
index bdcbb20..9248b26 100644
--- a/configure.ac
+++ b/configure.ac
@@ -803,6 +803,7 @@ fi
case "$LIBS" in *-lssl*)
AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
+ AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>])
;;
esac
diff --git a/fetchmail.c b/fetchmail.c
index 5f31d6e..be0e9ab 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -263,6 +263,12 @@ int main(int argc, char **argv)
#ifdef SSL_ENABLE
"+SSL"
#endif
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0
+ "-SSLv2"
+#endif
+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0
+ "-SSLv3"
+#endif
#ifdef OPIE_ENABLE
"+OPIE"
#endif /* OPIE_ENABLE */
diff --git a/socket.c b/socket.c
index 58a8e15..91a21c2 100644
--- a/socket.c
+++ b/socket.c
@@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
#else
- report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+ report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
return -1;
#endif
} else if(!strcasecmp("ssl3",myproto)) {
+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0
_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
+#else
+ report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
+ return -1;
+#endif
} else if(!strcasecmp("tls1",myproto)) {
_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
} else if (!strcasecmp("ssl23",myproto)) {

303
src/patches/net-snmp-5.7.3-openssl.patch Normal file
View File

@@ -0,0 +1,303 @@
diff -urNp old/apps/snmpusm.c new/apps/snmpusm.c
--- old/apps/snmpusm.c 2014-12-08 21:23:22.000000000 +0100
+++ new/apps/snmpusm.c 2017-02-20 15:20:36.994022905 +0100
@@ -190,7 +190,7 @@ get_USM_DH_key(netsnmp_variable_list *va
oid *keyoid, size_t keyoid_len) {
u_char *dhkeychange;
DH *dh;
- BIGNUM *other_pub;
+ BIGNUM *p, *g, *pub_key, *other_pub;
u_char *key;
size_t key_len;
@@ -205,25 +205,29 @@ get_USM_DH_key(netsnmp_variable_list *va
dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
}
- if (!dh || !dh->g || !dh->p) {
+ if (dh)
+ DH_get0_pqg(dh, &p, NULL, &g);
+
+ if (!dh || !g || !p) {
SNMP_FREE(dhkeychange);
return SNMPERR_GENERR;
}
- DH_generate_key(dh);
- if (!dh->pub_key) {
+ if (!DH_generate_key(dh)) {
SNMP_FREE(dhkeychange);
return SNMPERR_GENERR;
}
- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
+ DH_get0_key(dh, &pub_key, NULL);
+
+ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
SNMP_FREE(dhkeychange);
fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
+ (unsigned long)vars->val_len, BN_num_bytes(pub_key));
return SNMPERR_GENERR;
}
- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
+ BN_bn2bin(pub_key, dhkeychange + vars->val_len);
key_len = DH_size(dh);
if (!key_len) {
diff -urNp old/configure new/configure
--- old/configure 2017-02-20 10:08:16.440396223 +0100
+++ new/configure 2017-02-20 10:57:15.749734281 +0100
@@ -23176,9 +23176,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP
fi
- as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5
-$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; }
+ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5
+$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; }
if eval \${$as_ac_Lib+:} false; then :
$as_echo_n "(cached) " >&6
else
@@ -23193,11 +23193,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
#ifdef __cplusplus
extern "C"
#endif
-char EVP_MD_CTX_create ();
+char EVP_MD_CTX_new ();
int
main ()
{
-return EVP_MD_CTX_create ();
+return EVP_MD_CTX_new ();
;
return 0;
}
@@ -23216,10 +23216,10 @@ eval ac_res=\$$as_ac_Lib
$as_echo "$ac_res" >&6; }
if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
-$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h
+$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h
-$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h
+$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h
fi
@@ -23293,7 +23293,7 @@ char SSL_library_init ();
int
main ()
{
-return SSL_library_init ();
+return OPENSSL_init_ssl(0, NULL);
;
return 0;
}
diff -urNp old/configure.d/config_os_libs2 new/configure.d/config_os_libs2
--- old/configure.d/config_os_libs2 2014-12-08 21:23:22.000000000 +0100
+++ new/configure.d/config_os_libs2 2017-02-20 10:56:21.041616611 +0100
@@ -292,11 +292,11 @@ if test "x$tryopenssl" != "xno" -a "x$tr
AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1,
[Define to 1 if you have the `AES_cfb128_encrypt' function.]))
- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
- [Define to 1 if you have the `EVP_MD_CTX_create' function.])
- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
+ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new,
+ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [],
+ [Define to 1 if you have the `EVP_MD_CTX_new' function.])
+ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [],
+ [Define to 1 if you have the `EVP_MD_CTX_free' function.]))
fi
if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
AC_CHECK_LIB(ssl, DTLSv1_method,
@@ -307,7 +307,7 @@ if test "x$tryopenssl" != "xno" -a "x$tr
TLSPROG=yes
fi
if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then
- AC_CHECK_LIB(ssl, SSL_library_init,
+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl,
AC_DEFINE(HAVE_LIBSSL, 1,
[Define to 1 if you have the `ssl' library (-lssl).])
LIBCRYPTO=" -lssl $LIBCRYPTO",
diff -urNp old/include/net-snmp/net-snmp-config.h.in new/include/net-snmp/net-snmp-config.h.in
--- old/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:08:16.443522417 +0100
+++ new/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:24:05.790584283 +0100
@@ -149,11 +149,11 @@
/* Define to 1 if you have the `eval_pv' function. */
#undef HAVE_EVAL_PV
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#undef HAVE_EVP_MD_CTX_CREATE
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#undef HAVE_EVP_MD_CTX_NEW
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#undef HAVE_EVP_MD_CTX_DESTROY
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#undef HAVE_EVP_MD_CTX_FREE
/* Define if you have EVP_sha224/256 in openssl */
#undef HAVE_EVP_SHA224
diff -urNp old/snmplib/keytools.c new/snmplib/keytools.c
--- old/snmplib/keytools.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/keytools.c 2017-02-20 10:30:27.412068264 +0100
@@ -149,8 +149,8 @@ generate_Ku(const oid * hashtype, u_int
*/
#ifdef NETSNMP_USE_OPENSSL
-#ifdef HAVE_EVP_MD_CTX_CREATE
- ctx = EVP_MD_CTX_create();
+#ifdef HAVE_EVP_MD_CTX_NEW
+ ctx = EVP_MD_CTX_new();
#else
ctx = malloc(sizeof(*ctx));
if (!EVP_MD_CTX_init(ctx))
@@ -259,8 +259,8 @@ generate_Ku(const oid * hashtype, u_int
memset(buf, 0, sizeof(buf));
#ifdef NETSNMP_USE_OPENSSL
if (ctx) {
-#ifdef HAVE_EVP_MD_CTX_DESTROY
- EVP_MD_CTX_destroy(ctx);
+#ifdef HAVE_EVP_MD_CTX_FREE
+ EVP_MD_CTX_free(ctx);
#else
EVP_MD_CTX_cleanup(ctx);
free(ctx);
diff -urNp old/snmplib/scapi.c new/snmplib/scapi.c
--- old/snmplib/scapi.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/scapi.c 2017-02-20 10:27:34.152379515 +0100
@@ -486,14 +486,14 @@ sc_hash(const oid * hashtype, size_t has
}
/** initialize the pointer */
-#ifdef HAVE_EVP_MD_CTX_CREATE
- cptr = EVP_MD_CTX_create();
+#ifdef HAVE_EVP_MD_CTX_NEW
+ cptr = EVP_MD_CTX_new();
#else
cptr = malloc(sizeof(*cptr));
#if defined(OLD_DES)
memset(cptr, 0, sizeof(*cptr));
#else
- EVP_MD_CTX_init(cptr);
+ EVP_MD_CTX_init(&cptr);
#endif
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
@@ -507,11 +507,11 @@ sc_hash(const oid * hashtype, size_t has
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
-#ifdef HAVE_EVP_MD_CTX_DESTROY
- EVP_MD_CTX_destroy(cptr);
+#ifdef HAVE_EVP_MD_CTX_FREE
+ EVP_MD_CTX_free(cptr);
#else
#if !defined(OLD_DES)
- EVP_MD_CTX_cleanup(cptr);
+ EVP_MD_CTX_cleanup(&cptr);
#endif
free(cptr);
#endif
diff -urNp old/snmplib/snmp_openssl.c new/snmplib/snmp_openssl.c
--- old/snmplib/snmp_openssl.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/snmp_openssl.c 2017-02-20 12:46:00.059727928 +0100
@@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) {
DEBUGMSGTL(("snmp_openssl", "initializing\n"));
/* Initializing OpenSSL */
- SSL_library_init();
+ OPENSSL_init_ssl(0, NULL);
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
@@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc
oname_entry = X509_NAME_get_entry(osubj_name, i);
netsnmp_assert(NULL != oname_entry);
- if (oname_entry->value->type != V_ASN1_PRINTABLESTRING)
+ if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING)
continue;
/** get NID */
- onid = OBJ_obj2nid(oname_entry->object);
+ onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry));
if (onid == NID_undef) {
prefix_long = prefix_short = "UNKNOWN";
}
@@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc
DEBUGMSGT(("9:cert:dump:names",
"[%02d] NID type %d, ASN type %d\n", i, onid,
- oname_entry->value->type));
+ X509_NAME_ENTRY_get_data(oname_entry)->type));
DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long,
- prefix_short, ASN1_STRING_data(oname_entry->value)));
+ prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry))));
}
}
#endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */
@@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509
if (NULL == ocert)
return 0;
- return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm));
+ return _nid2ht(X509_get_signature_nid(ocert));
}
/**
@@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50
if (NULL == ocert)
return NULL;
- nid = OBJ_obj2nid(ocert->sig_alg->algorithm);
+ nid = X509_get_signature_nid(ocert);
DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid,
_nid2ht(nid)));
diff -urNp old/win32/net-snmp/net-snmp-config.h new/win32/net-snmp/net-snmp-config.h
--- old/win32/net-snmp/net-snmp-config.h 2014-12-08 21:23:22.000000000 +0100
+++ new/win32/net-snmp/net-snmp-config.h 2017-02-20 10:23:20.796778512 +0100
@@ -1366,11 +1366,11 @@
/* Define to 1 if you have the <openssl/aes.h> header file. */
#define HAVE_OPENSSL_AES_H 1
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#define HAVE_EVP_MD_CTX_CREATE 1
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#define HAVE_EVP_MD_CTX_NEW 1
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#define HAVE_EVP_MD_CTX_DESTROY 1
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#define HAVE_EVP_MD_CTX_FREE 1
/* Define to 1 if you have the `AES_cfb128_encrypt' function. */
#define HAVE_AES_CFB128_ENCRYPT 1
diff -urNp old/win32/net-snmp/net-snmp-config.h.in new/win32/net-snmp/net-snmp-config.h.in
--- old/win32/net-snmp/net-snmp-config.h.in 2014-12-08 21:23:22.000000000 +0100
+++ new/win32/net-snmp/net-snmp-config.h.in 2017-02-20 10:22:51.348367754 +0100
@@ -1366,11 +1366,11 @@
/* Define to 1 if you have the <openssl/aes.h> header file. */
#define HAVE_OPENSSL_AES_H 1
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#define HAVE_EVP_MD_CTX_CREATE 1
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#define HAVE_EVP_MD_CTX_NEW 1
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#define HAVE_EVP_MD_CTX_DESTROY 1
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#define HAVE_EVP_MD_CTX_FREE 1
/* Define to 1 if you have the `AES_cfb128_encrypt' function. */
#define HAVE_AES_CFB128_ENCRYPT 1

1982
src/patches/openssh-7.6p1-openssl-1.1.0.patch Normal file
View File

File diff suppressed because it is too large Load Diff

340
src/patches/openssl-1.0.2-fix_parallel_build-1.patch
View File

@@ -1,340 +0,0 @@
Submitted By: Armin K. <krejzi at email dot com>
Date: 2015-01-23
Initial Package Version: 1.0.1e
Upstream Status: Unknown
Origin: https://github.com/Alexpux/Qt-builds/tree/master/patches/openssl
Description: Fixes build when using more than one make job to build the package.
--- a/crypto/Makefile 2015-01-22 17:12:09.000000000 +0100
+++ b/crypto/Makefile 2015-01-23 16:42:13.460175569 +0100
@@ -85,11 +85,11 @@
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
subdirs:
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
- @target=files; $(RECURSIVE_MAKE)
+ +@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@@ -100,7 +100,7 @@
# lib: $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
@touch lib
-$(LIB): $(LIBOBJ)
+$(LIB): $(LIBOBJ) | subdirs
$(AR) $(LIB) $(LIBOBJ)
test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
@@ -111,7 +111,7 @@
fi
libs:
- @target=lib; $(RECURSIVE_MAKE)
+ +@target=lib; $(RECURSIVE_MAKE)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@@ -120,7 +120,7 @@
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
lint:
@target=lint; $(RECURSIVE_MAKE)
--- a/engines/Makefile 2015-01-22 17:12:24.000000000 +0100
+++ b/engines/Makefile 2015-01-23 16:42:13.461175596 +0100
@@ -72,7 +72,7 @@
all: lib subdirs
-lib: $(LIBOBJ)
+lib: $(LIBOBJ) | subdirs
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
for l in $(LIBNAMES); do \
@@ -89,7 +89,7 @@
subdirs:
echo $(EDIRS)
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -128,7 +128,7 @@
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
tags:
ctags $(SRC)
--- a/Makefile.org 2015-01-22 15:58:06.000000000 +0100
+++ b/Makefile.org 2015-01-23 16:42:13.461175596 +0100
@@ -274,17 +274,17 @@
build_libs: build_crypto build_ssl build_engines
build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
- @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
- @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
- @dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
- @dir=tools; target=all; $(BUILD_ONE_CMD)
+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+ +@dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@@ -536,9 +536,9 @@
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-install: all install_docs install_sw
+install: install_docs install_sw
-install_sw:
+install_dirs:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
@@ -547,12 +547,19 @@
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+
+install_sw: install_dirs
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
@@ -636,12 +643,7 @@
done; \
done
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
+install_docs: install_dirs
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
--- a/Makefile.shared 2015-01-20 13:33:36.000000000 +0100
+++ b/Makefile.shared 2015-01-23 16:42:13.461175596 +0100
@@ -105,6 +105,7 @@
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
@@ -122,6 +123,7 @@
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
--- a/test/Makefile 2015-01-22 17:12:26.000000000 +0100
+++ b/test/Makefile 2015-01-23 16:42:13.461175596 +0100
@@ -132,7 +132,7 @@
tags:
ctags $(SRC)
-tests: exe apps $(TESTS)
+tests: exe $(TESTS)
apps:
@(cd ..; $(MAKE) DIRS=apps all)
@@ -398,109 +398,109 @@
link_app.$${shlib_target}
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
- @target=$(RSATEST); $(BUILD_CMD)
+ +@target=$(RSATEST); $(BUILD_CMD)
$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
- @target=$(BNTEST); $(BUILD_CMD)
+ +@target=$(BNTEST); $(BUILD_CMD)
$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
- @target=$(ECTEST); $(BUILD_CMD)
+ +@target=$(ECTEST); $(BUILD_CMD)
$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
- @target=$(EXPTEST); $(BUILD_CMD)
+ +@target=$(EXPTEST); $(BUILD_CMD)
$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
- @target=$(IDEATEST); $(BUILD_CMD)
+ +@target=$(IDEATEST); $(BUILD_CMD)
$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
- @target=$(MD2TEST); $(BUILD_CMD)
+ +@target=$(MD2TEST); $(BUILD_CMD)
$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
- @target=$(SHATEST); $(BUILD_CMD)
+ +@target=$(SHATEST); $(BUILD_CMD)
$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
- @target=$(SHA1TEST); $(BUILD_CMD)
+ +@target=$(SHA1TEST); $(BUILD_CMD)
$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
- @target=$(SHA256TEST); $(BUILD_CMD)
+ +@target=$(SHA256TEST); $(BUILD_CMD)
$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
- @target=$(SHA512TEST); $(BUILD_CMD)
+ +@target=$(SHA512TEST); $(BUILD_CMD)
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
- @target=$(RMDTEST); $(BUILD_CMD)
+ +@target=$(RMDTEST); $(BUILD_CMD)
$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
- @target=$(MDC2TEST); $(BUILD_CMD)
+ +@target=$(MDC2TEST); $(BUILD_CMD)
$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
- @target=$(MD4TEST); $(BUILD_CMD)
+ +@target=$(MD4TEST); $(BUILD_CMD)
$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
- @target=$(MD5TEST); $(BUILD_CMD)
+ +@target=$(MD5TEST); $(BUILD_CMD)
$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
- @target=$(HMACTEST); $(BUILD_CMD)
+ +@target=$(HMACTEST); $(BUILD_CMD)
$(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
- @target=$(WPTEST); $(BUILD_CMD)
+ +@target=$(WPTEST); $(BUILD_CMD)
$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
- @target=$(RC2TEST); $(BUILD_CMD)
+ +@target=$(RC2TEST); $(BUILD_CMD)
$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
- @target=$(BFTEST); $(BUILD_CMD)
+ +@target=$(BFTEST); $(BUILD_CMD)
$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
- @target=$(CASTTEST); $(BUILD_CMD)
+ +@target=$(CASTTEST); $(BUILD_CMD)
$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
- @target=$(RC4TEST); $(BUILD_CMD)
+ +@target=$(RC4TEST); $(BUILD_CMD)
$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
- @target=$(RC5TEST); $(BUILD_CMD)
+ +@target=$(RC5TEST); $(BUILD_CMD)
$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
- @target=$(DESTEST); $(BUILD_CMD)
+ +@target=$(DESTEST); $(BUILD_CMD)
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
- @target=$(RANDTEST); $(BUILD_CMD)
+ +@target=$(RANDTEST); $(BUILD_CMD)
$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
- @target=$(DHTEST); $(BUILD_CMD)
+ +@target=$(DHTEST); $(BUILD_CMD)
$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
- @target=$(DSATEST); $(BUILD_CMD)
+ +@target=$(DSATEST); $(BUILD_CMD)
$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
- @target=$(METHTEST); $(BUILD_CMD)
+ +@target=$(METHTEST); $(BUILD_CMD)
$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
- @target=$(ENGINETEST); $(BUILD_CMD)
+ +@target=$(ENGINETEST); $(BUILD_CMD)
$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
- @target=$(EVPTEST); $(BUILD_CMD)
+ +@target=$(EVPTEST); $(BUILD_CMD)
$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
- @target=$(ECDSATEST); $(BUILD_CMD)
+ +@target=$(ECDSATEST); $(BUILD_CMD)
$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
- @target=$(ECDHTEST); $(BUILD_CMD)
+ +@target=$(ECDHTEST); $(BUILD_CMD)
$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
- @target=$(IGETEST); $(BUILD_CMD)
+ +@target=$(IGETEST); $(BUILD_CMD)
$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
- @target=$(JPAKETEST); $(BUILD_CMD)
+ +@target=$(JPAKETEST); $(BUILD_CMD)
$(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
- @target=$(ASN1TEST); $(BUILD_CMD)
+ +@target=$(ASN1TEST); $(BUILD_CMD)
$(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
- @target=$(SRPTEST); $(BUILD_CMD)
+ +@target=$(SRPTEST); $(BUILD_CMD)
$(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
@target=$(V3NAMETEST); $(BUILD_CMD)
@@ -522,7 +522,7 @@
# fi
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
- @target=dummytest; $(BUILD_CMD)
+ +@target=dummytest; $(BUILD_CMD)
# DO NOT DELETE THIS LINE -- make depend depends on it.

34
src/patches/openssl-1.0.2a_auto_enable_padlock.patch
View File

@@ -1,34 +0,0 @@
diff -Naur openssl-1.0.2a.org/crypto/engine/eng_all.c openssl-1.0.2a/crypto/engine/eng_all.c
--- openssl-1.0.2a.org/crypto/engine/eng_all.c 2015-03-19 14:30:36.000000000 +0100
+++ openssl-1.0.2a/crypto/engine/eng_all.c 2015-04-27 12:27:05.063569969 +0200
@@ -120,6 +120,14 @@
ENGINE_load_capi();
# endif
#endif
+#ifdef OPENSSL_NO_STATIC_ENGINE
+ ENGINE *e;
+ e = ENGINE_by_id("padlock");
+ if (e != NULL) {
+ ENGINE_add(e);
+ ENGINE_free(e);
+ }
+#endif
ENGINE_register_all_complete();
}
diff -Naur openssl-1.0.2a.org/ssl/ssl_algs.c openssl-1.0.2a/ssl/ssl_algs.c
--- openssl-1.0.2a.org/ssl/ssl_algs.c 2015-03-19 14:30:36.000000000 +0100
+++ openssl-1.0.2a/ssl/ssl_algs.c 2015-04-27 11:04:27.893399695 +0200
@@ -151,5 +151,12 @@
#endif
/* initialize cipher/digest methods table */
ssl_load_ciphers();
+
+ /* Init available hardware crypto engines */
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+ ENGINE * padlock = ENGINE_by_id("padlock");
+ if (padlock) ENGINE_set_default_ciphers(padlock);
+
return (1);
}

11
src/patches/openssl-1.1.0g-weak-ciphers.patch Normal file
View File

@@ -0,0 +1,11 @@
--- openssl-1.1.0g-orig/include/openssl/ssl.h 2017-11-02 15:29:05.000000000 +0100
+++ openssl-1.1.0g/include/openssl/ssl.h 2018-02-27 18:23:43.522649728 +0100
@@ -194,7 +194,7 @@
* The following cipher list is used by default. It also is substituted when
* an application-defined cipher list string starts with 'DEFAULT'.
*/
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+# define SSL_DEFAULT_CIPHER_LIST "kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+kRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!kECDH:!IDEA:!SEED:!RC4:!kDH:!DSS"
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is

261
src/patches/transmission-2.92-openssl-1.1.0.patch Normal file
View File

@@ -0,0 +1,261 @@
From f91cf5ad8c677b61ceb0bf5877b87f9e93256dd7 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Mon, 5 Sep 2016 21:49:07 +0000
Subject: [PATCH] transmission: build against openssl 1.1.0
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
libtransmission/crypto-utils-openssl.c | 73 ++++++++++++++++++++++++++++++++--
1 file changed, 69 insertions(+), 4 deletions(-)
diff --git a/libtransmission/crypto-utils-openssl.c b/libtransmission/crypto-utils-openssl.c
index c4539dc..972e24a 100644
--- a/libtransmission/crypto-utils-openssl.c
+++ b/libtransmission/crypto-utils-openssl.c
@@ -229,6 +229,61 @@ tr_rc4_process (tr_rc4_ctx_t handle,
****
***/
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+static inline int
+DH_set0_pqg (DH * dh,
+ BIGNUM * p,
+ BIGNUM * q,
+ BIGNUM * g)
+{
+ /* If the fields p and g in d are NULL, the corresponding input
+ * parameters MUST be non-NULL. q may remain NULL.
+ */
+ if ((dh->p == NULL && p == NULL)
+ || (dh->g == NULL && g == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free (dh->p);
+ dh->p = p;
+ }
+ if (q != NULL) {
+ BN_free (dh->q);
+ dh->q = q;
+ }
+ if (g != NULL) {
+ BN_free (dh->g);
+ dh->g = g;
+ }
+
+ if (q != NULL) {
+ dh->length = BN_num_bits (q);
+ }
+
+ return 1;
+}
+
+static inline int
+DH_set_length (DH * dh,
+ long length)
+{
+ dh->length = length;
+ return 1;
+}
+
+static inline void
+DH_get0_key(const DH * dh,
+ const BIGNUM ** pub_key,
+ const BIGNUM ** priv_key)
+{
+ if (pub_key != NULL)
+ *pub_key = dh->pub_key;
+ if (priv_key != NULL)
+ *priv_key = dh->priv_key;
+}
+
+#endif
+
tr_dh_ctx_t
tr_dh_new (const uint8_t * prime_num,
size_t prime_num_length,
@@ -236,13 +291,19 @@ tr_dh_new (const uint8_t * prime_num,
size_t generator_num_length)
{
DH * handle = DH_new ();
+ BIGNUM * p, * g;
assert (prime_num != NULL);
assert (generator_num != NULL);
+ p = BN_bin2bn (prime_num, prime_num_length, NULL);
+ g = BN_bin2bn (generator_num, generator_num_length, NULL);
- if (!check_pointer (handle->p = BN_bin2bn (prime_num, prime_num_length, NULL)) ||
- !check_pointer (handle->g = BN_bin2bn (generator_num, generator_num_length, NULL)))
+ if (!check_pointer (p) ||
+ !check_pointer (g) ||
+ !DH_set0_pqg (handle, p, NULL, g))
{
+ BN_free (p);
+ BN_free (g);
DH_free (handle);
handle = NULL;
}
@@ -267,16 +328,20 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle,
{
DH * handle = raw_handle;
int dh_size, my_public_key_length;
+ const BIGNUM * hand_pub_key;
assert (handle != NULL);
assert (public_key != NULL);
- handle->length = private_key_length * 8;
+
+ DH_set_length(handle, private_key_length * 8);
if (!check_result (DH_generate_key (handle)))
return false;
- my_public_key_length = BN_bn2bin (handle->pub_key, public_key);
+ DH_get0_key (handle, &hand_pub_key, NULL);
+
+ my_public_key_length = BN_bn2bin (hand_pub_key, public_key);
dh_size = DH_size (handle);
tr_dh_align_key (public_key, my_public_key_length, dh_size);
From 8c8386a7f3f482a9c917f51d28e0042e55f56b3e Mon Sep 17 00:00:00 2001
From: Mike Gelfand <mikedld@mikedld.com>
Date: Wed, 7 Sep 2016 01:09:04 +0300
Subject: [PATCH] Fix coding style and building with !TR_LIGHTWEIGHT
---
libtransmission/crypto-utils-openssl.c | 60 +++++++++++++++++++---------------
1 file changed, 33 insertions(+), 27 deletions(-)
diff --git a/libtransmission/crypto-utils-openssl.c b/libtransmission/crypto-utils-openssl.c
index 972e24a..9fd2c58 100644
--- a/libtransmission/crypto-utils-openssl.c
+++ b/libtransmission/crypto-utils-openssl.c
@@ -14,6 +14,7 @@
#include <assert.h>
#include <openssl/bn.h>
+#include <openssl/crypto.h>
#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -48,7 +49,12 @@ log_openssl_error (const char * file,
static bool strings_loaded = false;
if (!strings_loaded)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000
ERR_load_crypto_strings ();
+#else
+ OPENSSL_init_crypto (OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#endif
+
strings_loaded = true;
}
#endif
@@ -230,6 +236,7 @@ tr_rc4_process (tr_rc4_ctx_t handle,
***/
#if OPENSSL_VERSION_NUMBER < 0x10100000
+
static inline int
DH_set0_pqg (DH * dh,
BIGNUM * p,
@@ -237,28 +244,29 @@ DH_set0_pqg (DH * dh,
BIGNUM * g)
{
/* If the fields p and g in d are NULL, the corresponding input
- * parameters MUST be non-NULL. q may remain NULL.
+ * parameters MUST be non-NULL. q may remain NULL.
*/
- if ((dh->p == NULL && p == NULL)
- || (dh->g == NULL && g == NULL))
+ if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
return 0;
- if (p != NULL) {
- BN_free (dh->p);
- dh->p = p;
- }
- if (q != NULL) {
- BN_free (dh->q);
- dh->q = q;
- }
- if (g != NULL) {
- BN_free (dh->g);
- dh->g = g;
- }
-
- if (q != NULL) {
+ if (p != NULL)
+ {
+ BN_free (dh->p);
+ dh->p = p;
+ }
+ if (q != NULL)
+ {
+ BN_free (dh->q);
+ dh->q = q;
+ }
+ if (g != NULL)
+ {
+ BN_free (dh->g);
+ dh->g = g;
+ }
+
+ if (q != NULL)
dh->length = BN_num_bits (q);
- }
return 1;
}
@@ -267,8 +275,8 @@ static inline int
DH_set_length (DH * dh,
long length)
{
- dh->length = length;
- return 1;
+ dh->length = length;
+ return 1;
}
static inline void
@@ -295,12 +303,11 @@ tr_dh_new (const uint8_t * prime_num,
assert (prime_num != NULL);
assert (generator_num != NULL);
+
p = BN_bin2bn (prime_num, prime_num_length, NULL);
g = BN_bin2bn (generator_num, generator_num_length, NULL);
- if (!check_pointer (p) ||
- !check_pointer (g) ||
- !DH_set0_pqg (handle, p, NULL, g))
+ if (!check_pointer (p) || !check_pointer (g) || !DH_set0_pqg (handle, p, NULL, g))
{
BN_free (p);
BN_free (g);
@@ -328,20 +335,19 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle,
{
DH * handle = raw_handle;
int dh_size, my_public_key_length;
- const BIGNUM * hand_pub_key;
+ const BIGNUM * my_public_key;
assert (handle != NULL);
assert (public_key != NULL);
-
DH_set_length(handle, private_key_length * 8);
if (!check_result (DH_generate_key (handle)))
return false;
- DH_get0_key (handle, &hand_pub_key, NULL);
+ DH_get0_key (handle, &my_public_key, NULL);
- my_public_key_length = BN_bn2bin (hand_pub_key, public_key);
+ my_public_key_length = BN_bn2bin (my_public_key, public_key);
dh_size = DH_size (handle);
tr_dh_align_key (public_key, my_public_key_length, dh_size);

49
src/wio/lang/wio.de.pl
View File

@@ -1,7 +1,7 @@
%tr = (%tr,
'wio' => 'Who Is Online?',
'wio stat' => 'Status:',
'wio checked' => 'zuletzt überprüft',
'wio checked' => 'Zuletzt überprüft',
'wio name' => 'Hostname / FQDN',
'wio ipadress' => 'IP-Adresse',
'wio image' => 'Zustand',
@@ -12,21 +12,21 @@
'wio_import_csv' => 'CSV Datei',
'wio_import_hosts' => 'Hosts Datei (var/ipfire/main/hosts)',
'wio_import_data' => 'Einstellungen für ',
'wio_import_data1' => ' bearbeiten:',
'wio_import_data2' => ' importieren:',
'wio_import_data1' => ' Bearbeiten:',
'wio_import_data2' => ' Importieren:',
'wio_import' => 'Importieren',
'wio_import_info' => 'Mitteilung:',
'wio_import_file' => 'Client(s) importieren aus:',
'wio_import_info_csv' => 'Es gibt keine neuen Einstellungen zu importieren!',
'wio settings' => 'Konfiguration:',
'wio enabled' => 'aktivieren?',
'wio enabled' => 'Aktivieren?',
'wio min' => 'Minute(n)',
'wio cron' => 'Zeitintervall für die Überprüfung:',
'wio_ovpn_cron' => 'Zeitintervall für die Überprüfung des OpenVPN RW und IPSec Status:',
'wio_save' => 'speichern',
'wio_save' => 'Speichern',
'wio_error' => 'Fehlermeldung:',
'wio_info' => 'Meldung:',
'wio_back' => 'zurück',
'wio_back' => 'Zurück',
'wio_use' => 'Diese Einstellungen importieren?',
'wio_ip_error' => 'Ungültige IP-Adresse!',
'wio_host_error' => 'Ungültiger Hostname!',
@@ -34,7 +34,7 @@
'wio_host_empty' => 'Es wurde kein Hostname eingetragen!',
'wio_ip_exists' => 'IP-Adresse wird schon benutzt!',
'wio_ip_empty' => 'Es wurde keine IP-Adresse eingetragen!',
'wio_import_fixleases' => 'DHCP Datei (var/ipfire/dhcp/fixleases)',
'wio_import_fixleases' => 'DHCP-Datei (var/ipfire/dhcp/fixleases)',
'wio_import_leases' => 'Einstellungen importieren:',
'wio network' => 'Netzwerk',
'wio_refresh' => 'alle Clients aktualisieren',
@@ -55,12 +55,11 @@
'wio_msg' => 'Zustand (aktiv/inaktiv) des Clients / der Clients wird aktualisiert ...',
'wio_lanname' => 'LAN Hostname',
'wio_wanname' => 'WAN Hostname',
'wio_wancheck' => 'verbunden seit',
'wio_sc_refresh' => 'Client aktualisieren',
'wio_edit_settings' => 'Client hinzufügen:',
'wio_edit_client' => 'Client bearbeiten:',
'wio_graphs' => 'Graphen anzeigen',
'wio_no_graphs' => 'keine Graphen vorhanden',
'wio_no_graphs' => 'Keine Graphen vorhanden',
'wio_graphs_stat' => 'Diagramme für',
'wio_vpn_con' => 'VPN - Verbindung(en):',
'wio_wan_con' => 'WAN - Verbindung:',
@@ -74,13 +73,13 @@
'wio_net_scan_green' => 'grünes',
'wio_net_scan_blue' => 'blaues',
'wio_net_scan_orange' => 'oranges',
'wio_net_scan_run' => 'starten',
'wio_sort_host' => 'nach Hostnamen (FQDN) sortieren',
'wio_sort_ip' => 'nach IP Adressen sortieren',
'wio_net_scan_run' => 'Starten',
'wio_sort_host' => 'Nach Hostnamen (FQDN) sortieren',
'wio_sort_ip' => 'Nach IP Adressen sortieren',
'wio_logging' => 'Logging (/var/log/messages) aktivieren?',
'wio_no_image' => 'KEIN STATUS',
'wio_ovpn_con' => 'OpenVPN - Verbindung(en):',
'wio_ovpn_connected' => 'verbunden seit',
'wio_connected' => 'Verbunden seit',
'wio_wan_up' => 'VERBUNDEN',
'wio_wan_down' => 'GETRENNT',
'wio_n2n' => 'Netz-zu-Netz Verbindung',
@@ -96,17 +95,17 @@
'wio_hwaddress' => 'HW-Adresse',
'wio_iface' => 'Schnittstelle',
'wio_client_enable' => 'Client aktivieren?',
'wio_ping_send' => 'überprüfen per',
'wio_ping_send' => 'Überprüfen per',
'wio_link_open' => 'Link öffnen per',
'enable disable client' => 'Client aktivieren oder deaktivieren',
'wio_client_on' => 'Überwachung aktiviert (klicken, um zu deaktivieren)',
'wio_client_off' => 'Überwachung deaktiviert (klicken, um zu aktivieren)',
'wio_webinterface' => 'LINK',
'wio_webinterface_link' => 'Link öffnen',
'wio_ip' => 'überprüfen per IP aktiviert',
'wio_fqdn' => 'überprüfen per FQDN aktiviert',
'wio_ip_on' => 'überprüfen per IP aktiviert (klicken, um per FQDN zu aktivieren)',
'wio_fqdn_on' => 'überprüfen per FQDN aktiviert (klicken, um per IP zu aktivieren)',
'wio_ip' => 'Überprüfen per IP aktiviert',
'wio_fqdn' => 'Überprüfen per FQDN aktiviert',
'wio_ip_on' => 'Überprüfen per IP aktiviert (klicken, um per FQDN zu aktivieren)',
'wio_fqdn_on' => 'Überprüfen per FQDN aktiviert (klicken, um per IP zu aktivieren)',
'wio_client_add' => 'Eingaben anwenden',
'wio_config' => 'Client(s) konfigurieren:',
'wio_settings_msg' => 'Einstellungen bearbeiten:',
@@ -117,8 +116,8 @@
'wio_add' => 'Client hinzufügen:',
'wio_no_add' => 'Client ist vorhanden',
'wio_id' => '#',
'wio_online' => 'online',
'wio_offline' => 'offline',
'wio_online' => 'Online',
'wio_offline' => 'Offline',
'wio_status' => 'WIO Client-Status',
'wio_mail_style' => 'WIO Client Statusmails versenden als',
'wio_mail_smail' => 'Sammelmail',
@@ -127,13 +126,13 @@
'wio_edit_set' => 'Konfiguration',
'wio_service' => 'Service:',
'wio_dyndns_success' => 'DynDNS IP ermittelt und eingetragen!',
'wio_remove_all' => 'alle Clients löschen',
'wio_remove_all' => 'Alle Clients löschen',
'wio_remove_all_hint' => 'Möchten Sie wirklich alle Clients löschen?',
'wio_remove_client' => 'Client löschen',
'wio_remove_client_hint' => 'Möchten Sie den Client wirklich löschen?',
'wio_arp_table_entries' => 'Client aus der ARP-Tabelle hinzufügen:',
'wio_activ' => 'aktiv',
'wio_check' => 'prüfen',
'wio_activ' => 'Aktiv',
'wio_check' => 'Prüfen',
'wio_common_name' => 'Remote Host / IP',
'wio_msg_left' => 'Das',
'wio_msg_green' => 'grüne',
@@ -142,7 +141,7 @@
'wio_msg_center' => 'Netzwerk an',
'wio_msg_right' => 'wird durchsucht.',
'wio_msg_hint' => 'Einen Moment bitte ...',
'wio_last_update' => 'zuletzt aktualisiert',
'wio_last_update' => 'Zuletzt aktualisiert',
'wio_disable_hint' => 'Achtung! Es werden alle Einstellungen incl. der zu überprüfenden Clients zurückgesetzt!',
'wio_clientremark' => 'Anmerkung anzeigen?',
'wio_already_running' => 'Die Prüfung wird bereits durchgeführt!',
@@ -154,4 +153,6 @@
'wio_answer' => 'Antwort',
'wio_answer_time' => 'Antwortzeit',
'wio_scriptruntime' => 'Scriptlaufzeit',
'wio_show_table_off' => 'Tabelle ausblenden',
'wio_show_table_on' => 'Tabelle einblenden',
);

125
src/wio/lang/wio.en.pl
View File

@@ -10,23 +10,23 @@
'wio err' => 'Error',
'wio warn' => 'Warning',
'wio_import_csv' => 'CSV file:',
'wio_import_hosts' => 'hosts configuration (var/ipfire/main/hosts) ?',
'wio_import_data' => 'import settings for ',
'wio_import_hosts' => 'Hosts configuration (var/ipfire/main/hosts)?',
'wio_import_data' => 'Import settings for ',
'wio_import_data1' => ' correct:',
'wio_import_data2' => ' import:',
'wio_import' => 'Importing',
'wio_import_info' => 'message:',
'wio_import_file' => 'Import settings from:',
'wio_import_file' => 'Import client(s) from:',
'wio_import_info_csv' => 'There are no new settings to import!',
'wio settings' => 'configuration:',
'wio enabled' => 'enable ?',
'wio settings' => 'Configuration:',
'wio enabled' => 'Enable?',
'wio min' => 'Minute(s)',
'wio cron' => 'Time interval for checking:',
'wio_ovpn_cron' => 'Time interval for checking the OpenVPN RW and IPSec Status:',
'wio_save' => 'save',
'wio_save' => 'Save',
'wio_error' => 'errormessage:',
'wio_info' => 'message:',
'wio_back' => 'back',
'wio_back' => 'Back',
'wio_use' => 'Import these settings ?',
'wio_ip_error' => 'Invalid IP Address.',
'wio_host_error' => 'Invalid Hostname.',
@@ -34,106 +34,105 @@
'wio_host_empty' => 'No Hostname was registered!',
'wio_ip_exists' => 'IP Address is already used.',
'wio_ip_empty' => 'No IP Address was registered!',
'wio_import_fixleases' => 'DHCP configuration (var/ipfire/dhcp/fixleases) ?',
'wio_import_fixleases' => 'DHCP configuration (var/ipfire/dhcp/fixleases)?',
'wio_import_leases' => 'Import settings:',
'wio network' => 'Network',
'wio_refresh' => 'update all clients now',
'wio_refresh' => 'Update all clients now',
'wio_fqdn_error' => 'Invalid Fully Qualified Domain Name (FQDN)! Please do not use special characters or blanks in the FQDN.',
'wio_edit' => 'change settings:',
'wio_edit' => 'Change settings:',
'wio_dyndns' => 'DynDNS',
'wio_dyndns_hosts' => 'DynDNS Name(s)',
'wio_dyndns_refresh' => 'DynDNS Host IP update',
'wio_dyndns_on' => 'DynDNS Host enabled (click to disable)',
'wio_dyndns_off' => 'DynDNS Host disabled (click to enable)',
'wio_dyndns_info' => 'None IP registered, since apparently no connection exists in Internet. With the next connection in Internet is accomplished an actualization of the IP of the DynDNS Hostes.',
'wio_dyndns_info' => 'No IP registered, since apparently no connection exists in Internet. With the next connection in Internet is accomplished an actualization of the IP of the DynDNS Hostes.',
'wio_no_csv' => 'File has not the extension .csv',
'wio_no_csv_error' => 'Please do not use special characters or blanks in the filename.',
'wio_no_file_selected' => 'No File selected!',
'wio_import_infos' => 'Import settings:',
'wio_import_infos_csv' => 'NOTE: Only Data records with marked "Import these settings ?" are considered by importing! If data records with double IP-Addresses or Hostnames should occur, only the first data record will be imported and the other data records (with the double IP-Addresses or Hostnames) will not be considered!',
'wio_import_infos_csv' => 'NOTE: Only Data records with marked "Import these settings?" are considered by importing! If data records with double IP-Addresses or Hostnames should occur, only the first data record will be imported and the other data records (with the double IP-Addresses or Hostnames) will not be considered!',
'enable disable dyndns' => 'enable or disable DynDNS Host',
'wio_msg' => 'Condition of the examining Client(s) are updated ...',
'wio_msg' => 'Condition of the examining client(s) are updated ...',
'wio_lanname' => 'LAN Hostname',
'wio_wanname' => 'WAN Hostname',
'wio_wancheck' => 'connected since',
'wio_sc_refresh' => 'update client now',
'wio_edit_settings' => 'add client:',
'wio_edit_client' => 'edit client:',
'wio_graphs' => 'show graphs',
'wio_no_graphs' => 'no graphs available',
'wio_graphs_stat' => 'Diagramm for',
'wio_sc_refresh' => 'Update client now',
'wio_edit_settings' => 'Add client:',
'wio_edit_client' => 'Edit client:',
'wio_graphs' => 'Show graphs',
'wio_no_graphs' => 'No graphs available',
'wio_graphs_stat' => 'Diagram for',
'wio_vpn_con' => 'VPN - Connection(s):',
'wio_wan_con' => 'WAN - Connection:',
'wio_clients' => 'clients:',
'wio click to disable' => 'Activated',
'wio click to enable' => 'Deactivated',
'wio_net_scan' => 'Scan Network(s):',
'wio_net_scan_vl' => 'scan',
'wio_net_scan_l' => 'Network on',
'wio_net_scan' => 'Scan network(s):',
'wio_net_scan_vl' => 'Scan',
'wio_net_scan_l' => 'network on',
'wio_net_scan_r' => '',
'wio_net_scan_green' => 'green',
'wio_net_scan_blue' => 'blue',
'wio_net_scan_orange' => 'orange',
'wio_net_scan_run' => 'start',
'wio_sort_host' => 'sort Hostnames (FQDN)',
'wio_sort_ip' => 'sort IP-Adresses',
'wio_logging' => 'activate Logging (/var/log/messages) ?',
'wio_net_scan_run' => 'Start',
'wio_sort_host' => 'Sort Hostnames (FQDN)',
'wio_sort_ip' => 'Sort IP-Adresses',
'wio_logging' => 'Activate logging (/var/log/messages)?',
'wio_no_image' => 'NO STATUS',
'wio_ovpn_con' => 'OpenVPN - Connection(s):',
'wio_ovpn_connected' => 'connected since',
'wio_connected' => 'Connected since',
'wio_wan_up' => 'CONNECTED',
'wio_wan_down' => 'NOT CONNECTED',
'wio_n2n' => 'Net-to-Net Connection',
'wio_rw' => 'Host-to-Net Connection',
'wio_mailremark_enabled' => 'Add Remark from client to mailbody ?',
'wio_mail_online_on' => 'online email enabled (click to disable)',
'wio_mail_online_off' => 'online email disabled (click to enable)',
'wio_mail_offline_on' => 'offline email enabled (click to disable)',
'wio_mail_offline_off' => 'offline emaildisabled (click to enable)',
'wio_mail_online' => 'enable or disable online email',
'wio_mail_offline' => 'enable or disable offline email',
'wio_sendemail' => 'send email',
'wio_mailremark_enabled' => 'Add Remark from client to mailbody?',
'wio_mail_online_on' => 'Online email enabled (click to disable)',
'wio_mail_online_off' => 'Online email disabled (click to enable)',
'wio_mail_offline_on' => 'Offline email enabled (click to disable)',
'wio_mail_offline_off' => 'Offline email disabled (click to enable)',
'wio_mail_online' => 'Enable or disable online email',
'wio_mail_offline' => 'Enable or disable offline email',
'wio_sendemail' => 'Send email',
'wio_hwaddress' => 'HW-Adresse',
'wio_iface' => 'Interface',
'wio_client_enable' => 'enable Host ?',
'wio_ping_send' => 'send ping to',
'wio_link_open' => 'open link via',
'enable disable client' => 'enable or disable client',
'wio_client_enable' => 'Enable Host?',
'wio_ping_send' => 'Send ping to',
'wio_link_open' => 'Open link via',
'enable disable client' => 'Enable or disable client',
'wio_client_on' => 'Client enabled (click to disable)',
'wio_client_off' => 'Client disabled (click to enable)',
'wio_webinterface' => 'LINK',
'wio_webinterface_link' => 'follow link',
'wio_ip' => 'send ping to IP enabled',
'wio_fqdn' => 'send ping to FQDN enabled',
'wio_ip_on' => 'send ping to IP enabled (click to enable FQDN)',
'wio_fqdn_on' => 'send ping to FQDN enabled (click to enable IP)',
'wio_client_add' => 'use settings',
'wio_config' => 'configurate Client(s):',
'wio_settings_msg' => 'configurate settings:',
'wio_webinterface_link' => 'Follow link',
'wio_ip' => 'Send ping to IP enabled',
'wio_fqdn' => 'Send ping to FQDN enabled',
'wio_ip_on' => 'Send ping to IP enabled (click to enable FQDN)',
'wio_fqdn_on' => 'Send ping to FQDN enabled (click to enable IP)',
'wio_client_add' => 'Use settings',
'wio_config' => 'Configure Client(s):',
'wio_settings_msg' => 'Configure settings:',
'wio_settings_msg_hint' => 'Here you have to set some values to get the addon started.',
'wio_sub' => 'WIO Client-Status-Mail',
'wio timeout' => 'Ping Timeout:',
'wio sec' => 'Second(s)',
'wio_add' => 'add Client:',
'wio_add' => 'Add Client:',
'wio_no_add' => 'Client is available',
'wio_id' => '#',
'wio_online' => 'online',
'wio_offline' => 'offline',
'wio_online' => 'Online',
'wio_offline' => 'Offline',
'wio_status' => 'WIO Client-Status',
'wio_mail_style' => 'send WIO Client Statusmails as',
'wio_mail_smail' => 'collected mail',
'wio_mail_email' => 'single mails',
'wio_mail_ovpnrw' => 'enable OpenVPN RW and IPSec Statusmails ?',
'wio_mail_style' => 'Send WIO client statusmails as',
'wio_mail_smail' => 'Collected mail',
'wio_mail_email' => 'Single mails',
'wio_mail_ovpnrw' => 'Enable OpenVPN RW and IPSec Statusmails?',
'wio_edit_set' => 'Configuration',
'wio_service' => 'Service:',
'wio_dyndns_success' => 'DynDNS IP identified and registered!',
'wio_remove_all' => 'remove all clients',
'wio_remove_all' => 'Remove all clients',
'wio_remove_all_hint' => 'Are you sure to delete all the clients?',
'wio_remove_client' => 'remove client',
'wio_remove_client' => 'Remove client',
'wio_remove_client_hint' => 'Are you sure to delete the client?',
'wio_arp_table_entries' => 'add client from ARP-Table:',
'wio_activ' => 'activ',
'wio_check' => 'check',
'wio_arp_table_entries' => 'Add client from ARP-Table:',
'wio_activ' => 'Active',
'wio_check' => 'Check',
'wio_common_name' => 'Remote Host/IP',
'wio_msg_left' => 'Searching on the',
'wio_msg_green' => 'green',
@@ -142,9 +141,9 @@
'wio_msg_center' => 'Interface on',
'wio_msg_right' => 'is being examined.',
'wio_msg_hint' => 'One moment please ...',
'wio_last_update' => 'last update',
'wio_last_update' => 'Last update',
'wio_disable_hint' => 'Attention! It will reset all settings including the client to be checked!',
'wio_clientremark' => 'show remark?',
'wio_clientremark' => 'Show remark?',
'wio_already_running' => 'This check is already running!',
'wio_error_function' => 'This function is temporarily unavailable, because in the background client states are being updated (active/inactive).',
'wio_shutdown' => 'Shutdown when all clients are "offline"?',
@@ -154,4 +153,6 @@
'wio_answer' => 'Answer',
'wio_answer_time' => 'Response Time',
'wio_scriptruntime' => 'Script Execution Time',
'wio_show_table_off' => 'Hide table',
'wio_show_table_on' => 'Show table',
);

4
src/wio/main/wio.pl
View File

@@ -3,7 +3,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2017 Stephan Feddersen <addons@h-loit.de> #
# Copyright (C) 2017-2018 Stephan Feddersen <sfeddersen@ipfire.org> #
# All Rights Reserved. #
# #
# This program is free software: you can redistribute it and/or modify #
@@ -21,7 +21,7 @@
# #
###############################################################################
#
# id: wio.pl, v1.3.1 2017/07/11 21:31:16 sfeddersen
# Version: 2017/08/04 18:55:23
#
# This wio.pl is based on the Code from the IPCop WIO Addon
# and is extremly adapted to work with IPFire.

59
src/wio/main/wiovpn.pl
View File

@@ -3,7 +3,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2017 Stephan Feddersen <addons@h-loit.de> #
# Copyright (C) 2017-2018 Stephan Feddersen <sfeddersen@ipfire.org> #
# All Rights Reserved. #
# #
# This program is free software: you can redistribute it and/or modify #
@@ -21,7 +21,7 @@
# #
###############################################################################
#
# id: wioovpn.pl, v1.3.1 2017/07/11 21:31:16 sfeddersen
# Version: 2018/01/05 12:32:23
#
# This wioovpn.pl is based on the Code from the IPCop WIO Addon
# and is extremly adapted to work with IPFire.
@@ -93,8 +93,7 @@ else {
close (FILE);
}
foreach (@ovpncfg)
{
foreach (@ovpncfg) {
chomp;
if ( $_ =~ "server" ) { next; }
@@ -106,8 +105,7 @@ foreach (@ovpncfg)
unless ( grep (/$name/, @ovpncache) ) { push (@ovpncache, "$name,$remark,$status\n"); }
}
foreach (@ovpncache)
{
foreach (@ovpncache) {
chomp;
( $name, $remark, $status ) = split (/\,/, $_);
@@ -115,18 +113,16 @@ foreach (@ovpncache)
if ( grep (/,$name,/, @ovpncfg) ) { push (@ovpnarray, "$name,$remark,$status\n"); }
}
foreach (@ovpnarray)
{
foreach (@ovpnarray) {
chomp;
( $name, $remark, $status ) = split (/\,/, $_);
if ( $name =~ m/_/ ) { $nameul = $name; }
else { ($nameul = $name) =~ s/ /_/g; }
if ( grep (/$name/, @ovpnstatus) || grep (/$nameul/, @ovpnstatus) )
{
foreach (@ovpnstatus)
{
if ( grep (/$name/, @ovpnstatus) || grep (/$nameul/, @ovpnstatus) ) {
foreach (@ovpnstatus) {
chomp;
if ( $_ =~ "ROUTING TABLE" ) { last; }
@@ -151,8 +147,7 @@ foreach (@ovpnarray)
if ( $nameul eq $ovpnclt || $name eq $ovpnclt ) { push (@ovpnwrite, "$name,$remark,$status\n"); }
if ( $togglestat == 1 && ($name eq $ovpnclt || $nameul eq $ovpnclt) )
{
if ( $togglestat == 1 && ($name eq $ovpnclt || $nameul eq $ovpnclt) ) {
$ovpnmailsub = "WIO OVPN - $name - $ovpnrwstatus - $now";
$logmsg = "Client: WIO OVPN $name - IP: $ovpncltip - Status: $ovpnrwstatus";
$ovpnmailmsg = "Client : $name\nLogin : $ovpnrwlogin\nIP : $ovpncltip\nStatus : $ovpnrwstatus\n";
@@ -177,11 +172,10 @@ foreach (@ovpnarray)
$logmsg = "Client: WIO OVPN $name - Status: $ovpnrwstatus";
$ovpnmailmsg = "Client : $name\nLogout : $now\nStatus : $ovpnrwstatus\n";
if ( $mailremark eq 'on' ) {
$ovpnmailmsg .= "Remark : $remark\n\n";
}
if ( $mailremark eq 'on' ) { $ovpnmailmsg .= "Remark : $remark\n\n"; }
&WIO::mailsender($ovpnmailsub, $ovpnmailmsg);
if ( $logging eq 'on' ) { &General::log("wio","$logmsg"); }
undef ($ovpnmailsub);
undef ($ovpnmailmsg);
@@ -220,11 +214,10 @@ else {
close (FILE);
}
foreach (@vpncfg)
{
foreach (@vpncfg) {
chomp;
( $activ, $name, $remark ) = (split (/\,/, $_))[1, 2, 25];
( $activ, $name, $remark ) = (split (/\,/, $_))[1, 2, 26];
if ( $remark eq 'off' ) { $remark = '-'; }
@@ -235,8 +228,7 @@ foreach (@vpncfg)
unless ( grep (/$name/, @vpncache) ) { push (@vpncache, "$name,$remark,$status\n"); }
}
foreach (@vpncache)
{
foreach (@vpncache) {
chomp;
( $name, $remark, $status ) = split (/\,/, $_);
@@ -244,14 +236,12 @@ foreach (@vpncache)
if ( grep (/,$name,/, @vpncfg) ) { push (@vpnarray, "$name,$remark,$status\n"); }
}
foreach (@vpnarray)
{
foreach (@vpnarray) {
chomp;
( $name, $remark, $status ) = split (/\,/, $_);
if ( grep (/$name\{.*INSTALLED/ , @vpnstatus) )
{
if ( grep (/$name\{.*INSTALLED/ , @vpnstatus) ) {
$vpnrwstatus = "$Lang::tr{'wio up'}";
$togglestat = ( $status ne 'on' ) ? 1 : 0;
$status = 'on';
@@ -264,21 +254,24 @@ foreach (@vpnarray)
push (@vpnwrite, "$name,$remark,$status\n");
if ( $togglestat == 1 )
{
if ( $togglestat == 1 ) {
$vpnmailsub = "WIO VPN - $name - $vpnrwstatus - $now";
$logmsg = "Client: WIO VPN $name - Status: $vpnrwstatus $now";
$vpnmailmsg = "Client : $name\n";
if ( $mailremark eq 'on' ) {
if ( $status eq 'on' ) { $vpnmailmsg = "Client : $name\nLogin : $now\nStatus : $vpnrwstatus\nRemark : $remark\n"; }
else { $vpnmailmsg = "Client : $name\nLogout : $now\nStatus : $vpnrwstatus\nRemark : $remark\n"; }
if ( $status eq 'on' ) {
$vpnmailmsg .= "Login : $now\n";
}
else {
if ( $status eq 'on' ) { $vpnmailmsg = "Client : $name\nLogin : $now\nStatus : $vpnrwstatus\n"; }
else { $vpnmailmsg = "Client : $name\nLogout : $now\nStatus : $vpnrwstatus\n"; }
$vpnmailmsg .= "Logout : $now\n";
}
$vpnmailmsg .= "Status : $vpnrwstatus\n";
if ( $mailremark eq 'on' ) { $vpnmailmsg .= "Remark : $remark\n\n"; }
&WIO::mailsender($vpnmailsub, $vpnmailmsg);
if ( $logging eq 'on' ) { &General::log("wio","$logmsg"); }
undef ($vpnmailsub);
undef ($vpnmailmsg);

4
src/wio/wio-graphs.pl
View File

@@ -3,7 +3,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2017 Stephan Feddersen <addons@h-loit.de> #
# Copyright (C) 2017-2018 Stephan Feddersen <sfeddersen@ipfire.org> #
# All Rights Reserved. #
# #
# This program is free software: you can redistribute it and/or modify #
@@ -21,7 +21,7 @@
# #
###############################################################################
#
# id: wio-graphs.pl, v1.3.1 2017/07/11 21:31:16 sfeddersen
# Version: 2017/07/11 21:32:23
#
# This wio-graphs.pl is based on the Code from the IPCop WIO Addon
# and is extremly adapted to work with IPFire.

4
src/wio/wio-lib.pl
View File

@@ -3,7 +3,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2017 Stephan Feddersen <addons@h-loit.de> #
# Copyright (C) 2017-2018 Stephan Feddersen <sfeddersen@ipfire.org> #
# All Rights Reserved. #
# #
# This program is free software: you can redistribute it and/or modify #
@@ -21,7 +21,7 @@
# #
###############################################################################
#
# id: wio-lib.pl, v1.3.1 2017/07/11 21:31:16 sfeddersen
# Version: 2017/07/11 21:32:23
#
# This wio-lib.pl is based on the Code from the IPCop WIO Addon
# and is extremly adapted to work with IPFire.

212
src/wio/wio.cgi
View File

@@ -3,7 +3,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2017 Stephan Feddersen <addons@h-loit.de> #
# Copyright (C) 2017-2018 Stephan Feddersen <sfeddersen@ipfire.org> #
# All Rights Reserved. #
# #
# This program is free software: you can redistribute it and/or modify #
@@ -21,7 +21,7 @@
# #
###############################################################################
#
# id: wio.cgi, v1.3.2 2017/08/27 14:11:16 sfeddersen
# Version: 2018/02/27 16:54:23
#
# This wio.cgi is based on the Code from the IPCop WIO Addon
# and is extremly adapted to work with IPFire.
@@ -105,7 +105,11 @@ my $nr = 0;
my $count = 0;
my $showcount = 0;
my ( $infomessage, $errormessage, $importmessage, $message ) = '';
my $arpbuttontext = "$Lang::tr{'wio_show_table_on'}";
my $clientimportbuttontext = "$Lang::tr{'wio_show_table_on'}";
my $networksearchbuttontext = "$Lang::tr{'wio_show_table_on'}";
my ( $message, $infomessage, $errormessage, $importmessage ) = '';
my ( $buttontext, $host, $timestamp, $ipadr, $on, $remark, $dyndns, $dyndnsip, $sendemailon, $net, $dev, $iprange, $output, $write, $webinterface,
$sendemailoff, $pingmethode, $online, $color, $bgcolor, $exitcode, $id, $line, $interface, $counter, $vpnn2nip, $vpnn2nmask, $ddns, $edc,
@@ -153,6 +157,9 @@ $wiosettings{'MAILREMARK'} = 'off';
$wiosettings{'MAILSTYLE'} = 'email';
$wiosettings{'OVPNRWMAIL'} = 'off';
$wiosettings{'SHUTDOWN'} = 'off';
$wiosettings{'WIOGUISHOWARPTABLE'} = '';
$wiosettings{'WIOGUISHOWCLIENTIMPORTTABLE'} = '';
$wiosettings{'WIOGUISHOWNETWORKSEARCHTABLE'} = '';
&Header::getcgihash(\%wiosettings);
&Header::getcgihash(\%mainsettings);
@@ -219,7 +226,6 @@ if ( $wiosettings{'ACTION'} eq $Lang::tr{'wio_save'}.'2' ) {
$wiosettings{'SENDEMAILOFF'} = $wiosettings{"SENDEMAILOFF$count"};
$wiosettings{'PINGMETHODE'} = $wiosettings{"PINGMETHODE$count"};
$wiosettings{'ONLINE'} = $wiosettings{"ONLINE$count"};
$wiosettings{'WEBINTERFACE'} = $wiosettings{"WEBINTERFACE$count"};
&validSave();
@@ -272,6 +278,45 @@ if ( $wiosettings{'ACTION'} eq $Lang::tr{'wio_client_add'} ) {
}
}
## show / hide arptable
if ( $wiosettings{'WIOGUISHOWARPTABLE'} eq 'arptable' ) {
if ( $wiosettings{'ACTION'} eq $Lang::tr{'wio_show_table_off'} ) {
$wiosettings{'WIOGUISHOWARPTABLE'} = 'off';
$arpbuttontext = "$Lang::tr{'wio_show_table_on'}";
}
else {
$wiosettings{'WIOGUISHOWARPTABLE'} = 'on';
$arpbuttontext = "$Lang::tr{'wio_show_table_off'}";
}
}
## show / hide clientimporttable
if ( $wiosettings{'WIOGUISHOWCLIENTIMPORTTABLE'} eq 'clientimport' ) {
if ( $wiosettings{'ACTION'} eq $Lang::tr{'wio_show_table_off'} ) {
$wiosettings{'WIOGUISHOWCLIENTIMPORTTABLE'} = 'off';
$clientimportbuttontext = "$Lang::tr{'wio_show_table_on'}";
}
else {
$wiosettings{'WIOGUISHOWCLIENTIMPORTTABLE'} = 'on';
$clientimportbuttontext = "$Lang::tr{'wio_show_table_off'}";
}
}
## show / hide networksearchtable
if ( $wiosettings{'WIOGUISHOWNETWORKSEARCHTABLE'} eq 'networksearch' ) {
if ( $wiosettings{'ACTION'} eq $Lang::tr{'wio_show_table_off'} ) {
$wiosettings{'WIOGUISHOWNETWORKSEARCHTABLE'} = 'off';
$networksearchbuttontext = "$Lang::tr{'wio_show_table_on'}";
}
else {
$wiosettings{'WIOGUISHOWNETWORKSEARCHTABLE'} = 'on';
$networksearchbuttontext = "$Lang::tr{'wio_show_table_off'}";
}
}
## add arp client
if ( $wiosettings{'ACTION'} eq $Lang::tr{'wio_add'} ) {
@@ -303,7 +348,7 @@ if ( $wiosettings{'ACTION'} eq $Lang::tr{'wio_add'} ) {
}
}
## enable / disabel client || enable / disable dyndns || enable / disable sendemailon || enable / disable sendemailoff || change ip / fqdn
## enable / disable client || enable / disable dyndns || enable / disable sendemailon || enable / disable sendemailoff || change ip / fqdn
if ( $wiosettings{'ACTION'} eq $Lang::tr{'enable disable client'} ) { $edc = 'on'; }
if ( $wiosettings{'ACTION'} eq $Lang::tr{'enable disable dyndns'} ) { $edd = 'on'; }
@@ -376,6 +421,7 @@ exit 0;
}
else {
$infomessage = "$Lang::tr{'wio_already_running'}";
unlink($onoffip);
}
}
@@ -842,7 +888,7 @@ if ( $debug ) {
print"infomessage: $infomessage<br />\n";
&hrline();
my $wiodebug = 0;
foreach (sort keys %wiosettings) {
print"$_ = $wiosettings{$_}<br />\n";
@@ -881,9 +927,9 @@ print"
<form method='post' action='$ENV{'SCRIPT_NAME'}' enctype='multipart/form-data'>
<table width='100%'>
<tr>
<td width='45%' bgcolor='$color{'color20'}' align='left' height='20'><b>&nbsp;$Lang::tr{'wio_settings_msg'}</b></td>
<td width='55%' bgcolor='$color{'color20'}' align='left' height='20'><b>&nbsp;$Lang::tr{'wio_settings_msg'}</b></td>
<td width='2%'>&nbsp;</td>
<td width='53%'>&nbsp;</td>
<td width='43%'>&nbsp;</td>
</tr>
<tr><td colspan='3'>&nbsp;</td></tr>
<tr>
@@ -937,7 +983,7 @@ for ($i=1; $i<=15; $i++) {
print "<option $selected{'TIMEOUT'}{$_}>$_</option>\n";
}
print"
print"
</select>&nbsp;$Lang::tr{'wio sec'}</td>
</tr>
<tr><td colspan='3'>&nbsp;</td></tr>
@@ -953,7 +999,6 @@ print"
<td align='left'><input type='checkbox' name='CLIENTREMARK' $checked{'CLIENTREMARK'}{'on'} /></td>
</tr>
<tr><td colspan='3'>&nbsp;</td></tr>
";
if ( $wiosettings{'SENDEMAIL'} eq 'on' ) {
@@ -1062,9 +1107,9 @@ if ( $wiosettings{'ENABLE'} eq 'on') {
print"
<table border='0' width='100%' bordercolor='$Header::bordercolour' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr height='20'>
<td width='28%' bgcolor='$color{'color20'}' align='left'><b>&nbsp;$Lang::tr{'wio_wan_con'}</b></td>
<td width='72%' align='right'>&nbsp;</td>
<tr height='25'>
<td width='33%' bgcolor='$color{'color20'}' align='left'><b>&nbsp;$Lang::tr{'wio_wan_con'}</b></td>
<td width='67%' align='right'>&nbsp;</td>
</tr>
<tr><td colspan='2'>&nbsp;</td></tr>
</table>
@@ -1078,7 +1123,7 @@ print"
<td width='15%' align='center'><b>$Lang::tr{'wio_wanname'}</b></td>
<td width='24%' align='center'><b>$Lang::tr{'wio_dyndns_hosts'}</b></td>
<td width='11%' align='center'><b>$Lang::tr{'wio image'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'wio_wancheck'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'wio_connected'}</b></td>
</tr>
<tr bgcolor='$color{'color22'}' height='20'>
<td align='center'>01</td>
@@ -1137,9 +1182,9 @@ if ( -e "$vpnpid" ) {
print"
<table border='0' width='100%' bordercolor='$Header::bordercolour' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr height='20'>
<td width='28%' bgcolor='$color{'color20'}' align='left'><b>&nbsp;$Lang::tr{'wio_vpn_con'}</b></td>
<td width='72%'>&nbsp;</td>
<tr height='25'>
<td width='33%' bgcolor='$color{'color20'}' align='left'><b>&nbsp;$Lang::tr{'wio_vpn_con'}</b></td>
<td width='67%'>&nbsp;</td>
</tr>
<tr><td colspan='2'>&nbsp;</td></tr>
</table>
@@ -1151,7 +1196,7 @@ print"
<td width='8%' align='center'><b>$Lang::tr{'type'}</b></td>
<td width='25%' align='center'><b>$Lang::tr{'wio_common_name'}</b></td>
<td width='11%' align='center'><b>$Lang::tr{'wio image'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'wio_ovpn_connected'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'wio_connected'}</b></td>
</tr>
";
@@ -1199,7 +1244,7 @@ $statustxt = "$Lang::tr{'capsclosed'}";
<td align='center' height='20'>&nbsp;</td>
</tr>
";
if ($vpnconfighash{$key}[25] && $wiosettings{'CLIENTREMARK'} eq 'on') {
print"<tr".($idvpn % 2?" bgcolor='$color{'color20'}'":" bgcolor='$color{'color22'}'")." height='20'><td>&nbsp;</td><td colspan='16' align='left'>$vpnconfighash{$key}[25]</td></tr>";
}
@@ -1219,9 +1264,9 @@ if ( -e "$ovpnpid" ) {
print"
<table border='0' width='100%' bordercolor='$Header::bordercolour' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr height='20'>
<td width='28%' bgcolor='$color{'color20'}' align='left'><b>&nbsp;$Lang::tr{'wio_ovpn_con'}</b></td>
<td width='72%'>&nbsp;</td>
<tr height='25'>
<td width='33%' bgcolor='$color{'color20'}' align='left'><b>&nbsp;$Lang::tr{'wio_ovpn_con'}</b></td>
<td width='67%'>&nbsp;</td>
</tr>
<tr><td colspan='2'>&nbsp;</td></tr>
</table>
@@ -1233,7 +1278,7 @@ print"
<td width='8%' align='center'><b>$Lang::tr{'type'}</b></td>
<td width='25%' align='center'><b>$Lang::tr{'common name'}</b></td>
<td width='11%' align='center'><b>$Lang::tr{'wio image'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'wio_ovpn_connected'}</b></td>
<td width='14%' align='center'><b>$Lang::tr{'wio_connected'}</b></td>
</tr>
";
@@ -1265,7 +1310,6 @@ print"
$statustxt = "$Lang::tr{'capsclosed'}";
}
else {
if ($ovpnconfighash{$key}[3] eq 'net') {
if (-e "/var/run/$ovpnconfighash{$key}[1]n2n.pid") {
my @output = "";
@@ -1333,7 +1377,7 @@ print"
if ($ovpnconfighash{$key}[25] && $wiosettings{'CLIENTREMARK'} eq 'on') {
print"<tr".($idovpn % 2?" bgcolor='$color{'color20'}'":" bgcolor='$color{'color22'}'")." height='20'><td>&nbsp;</td><td colspan='16' align='left'>$ovpnconfighash{$key}[25]</td></tr>";
}
print"<tr height='1'><td colspan='17' bgcolor='#696565'></td></tr>";
$idovpn++
}
@@ -1346,9 +1390,9 @@ print"
print"
<table border='0' width='100%' bordercolor='$Header::bordercolour' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr height='20'>
<td width='28%' bgcolor='$color{'color20'}' align='left'><b>&nbsp;$Lang::tr{'wio_clients'}</b></td>
<td width='72%'>&nbsp;</td>
<tr height='25'>
<td width='33%' bgcolor='$color{'color20'}' align='left'><b>&nbsp;$Lang::tr{'wio_clients'}</b></td>
<td width='67%'>&nbsp;</td>
</tr>
<tr><td colspan='2'>&nbsp;</td></tr>
</table>
@@ -1471,29 +1515,12 @@ my $dotip = length($ipaddresses[$a]) - rindex($ipaddresses[$a],'.');
}
}
if ($netsettings{"RED_TYPE"} eq 'DHCP' || $netsettings{"RED_TYPE"} eq 'PPPOE') {
my $redipadr = qx'ip addr | grep red0 | grep inet | awk "{print \$2}"';
my @rednet = split ("/", $redipadr);
chomp ($rednet[1]);
my $red_netmask = General::iporsubtodec($rednet[1]);
my $red_netaddress = Network::get_netaddress("$rednet[0]/$red_netmask");
if ( &General::IpInSubnet($ipaddresses[$a], $red_netaddress, $red_netmask) ) {
print"<td align='center' height='20'><img src='$imgstatic/red.png' alt='$Lang::tr{'wio_red_lan'}' title='$Lang::tr{'wio_red_lan'}' /></td>";
last SWITCH;
}
else {
print"<td align='center'><img align='middle' src='$imgstatic/white.png' alt='$Lang::tr{'wio_unknown_lan'}' title='$Lang::tr{'wio_unknown_lan'}' /></td>";
last SWITCH;
}
}
if ( -e "$vpnpid" ) {
foreach $key (keys(%vpnconfighash)) {
next unless ($vpnconfighash{$key}[3] eq 'net');
my $convertip = &General::ipcidr2msk($vpnconfighash{$key}[11]);
my @net = split ("/", $convertip);
$vpnn2nip = $net[0];
@@ -1510,16 +1537,15 @@ my $dotip = length($ipaddresses[$a]) - rindex($ipaddresses[$a],'.');
@match = split ("/", $ovpnsettings{'DOVPN_SUBNET'});
if ( &General::IpInSubnet($ipaddresses[$a], $match[0], $match[1]) ) {
print"<td align='center'><img src='$imgstatic/ovpn.png' alt='OpenVPN' title='OpenVPN' /></td>";
last SWITCH;
print"<td align='center'><img src='$imgstatic/ovpn.png' alt='OpenVPN' title='OpenVPN' /></td>";
last SWITCH;
}
}
if ( %ovpnccdconfhash ne '' ) {
foreach $key (keys(%ovpnccdconfhash)) {
my $convertip = &General::ipcidr2msk($ovpnccdconfhash{$key}[1]);
my @net = split ("/", $convertip);
$vpnn2nip = $net[0];
@@ -1529,7 +1555,23 @@ my $dotip = length($ipaddresses[$a]) - rindex($ipaddresses[$a],'.');
print"<td align='center'><img align='middle' src='$imgstatic/ovpn.png' alt='OpenVPN' title='OpenVPN' /></td>";
last SWITCH;
}
}
}
if ($netsettings{"RED_TYPE"} eq 'DHCP' || $netsettings{"RED_TYPE"} eq 'PPPOE') {
my $redipadr = qx'ip addr | grep red0 | grep inet | awk "{print \$2}"';
my @rednet = split ("/", $redipadr);
chomp ($rednet[1]);
my $red_netmask = General::iporsubtodec($rednet[1]);
my $red_netaddress = Network::get_netaddress("$rednet[0]/$red_netmask");
if ( &General::IpInSubnet($ipaddresses[$a], $red_netaddress, $red_netmask) ) {
print"<td align='center' height='20'><img src='$imgstatic/red.png' alt='$Lang::tr{'wio_red_lan'}' title='$Lang::tr{'wio_red_lan'}' /></td>";
last SWITCH;
}
else {
print"<td align='center'><img align='middle' src='$imgstatic/white.png' alt='$Lang::tr{'wio_unknown_lan'}' title='$Lang::tr{'wio_unknown_lan'}' /></td>";
last SWITCH;
}
}
}
@@ -1662,8 +1704,8 @@ if (! defined($errormessage) && $wiosettings{'ACTION'} ne $Lang::tr{'edit'} ) {
print"
<table width='100%' border='0' bordercolor='$Header::bordercolour' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr>
<td width='28%' bgcolor='$color{'color20'}' align='left' height='20'><b>&nbsp;$Lang::tr{'wio_add'}</b></td>
<td width='72%' align='right'>&nbsp;</td>
<td width='33%' bgcolor='$color{'color20'}' align='left' height='25'><b>&nbsp;$Lang::tr{'wio_add'}</b></td>
<td width='67%' align='right'>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
@@ -1755,13 +1797,17 @@ if ( $wiosettings{'ENABLE'} eq 'on' && !$errormessage && $wiosettings{'ACTION'}
print"
<table border='0' width='100%' bordercolor='$Header::bordercolour' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr>
<td width='28%' bgcolor='$color{'color20'}' align='left' height='20'><b>&nbsp;$Lang::tr{'wio_arp_table_entries'}</b></td>
<td width='72%'>&nbsp;</td>
<td width='33%' bgcolor='$color{'color20'}' align='left' height='25'><b>&nbsp;$Lang::tr{'wio_arp_table_entries'}</b></td>
<td width='67%' align='right'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='WIOGUISHOWARPTABLE' value='arptable' /><input type='submit' name='ACTION' value='$arpbuttontext' /></form></td>
</tr>
<tr><td colspan='2'>&nbsp;</td></tr>
</table>
";
if ( $wiosettings{'WIOGUISHOWARPTABLE'} eq 'on' ) {
print"
<table border='0' width='100%' bordercolor='$Header::bordercolour' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr><td colspan='2'>&nbsp;</td></tr>
<tr bgcolor='$color{'color20'}'>
<td width='5%' align='center' height='20'><b>$Lang::tr{'wio_id'}</b></td>
<td width='20%' align='center' height='20'><b>$Lang::tr{'wio_hwaddress'}</b></td>
@@ -1865,18 +1911,24 @@ $idarp++
print"
</table>
";
}
&hrline();
print"
<table border='0' width='100%' bordercolor='$Header::bordercolour' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr>
<td width='28%' bgcolor='$color{'color20'}' align='left' height='20'><b>&nbsp;$Lang::tr{'wio_import_file'}</b></td>
<td width='72%'>&nbsp;</td>
<td width='33%' bgcolor='$color{'color20'}' align='left' height='25'><b>&nbsp;$Lang::tr{'wio_import_file'}</b></td>
<td width='67%' align='right'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='WIOGUISHOWCLIENTIMPORTTABLE' value='clientimport' /><input type='submit' name='ACTION' value='$clientimportbuttontext' /></form></td>
</tr>
<tr><td colspan='2'>&nbsp;</td></tr>
</table>
";
if ( $wiosettings{'WIOGUISHOWCLIENTIMPORTTABLE'} eq 'on' ) {
print"
<table width='100%' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr><td colspan='3'>&nbsp;</td></tr>
<tr bgcolor='$color{'color22'}'>
<form method='post' action='/cgi-bin/wio.cgi' enctype='multipart/form-data'>
<td width='35%' align='right'>$Lang::tr{'wio_import_csv'}&nbsp;</td>
@@ -1902,16 +1954,22 @@ print"
</tr>
</table>
";
}
&hrline;
print"
<table border='0' width='100%' bordercolor='$Header::bordercolour' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr>
<td width='28%' bgcolor='$color{'color20'}' align='left' height='20'><b>&nbsp;$Lang::tr{'wio_net_scan'}</b></td>
<td width='72%'>&nbsp;</td>
<td width='33%' bgcolor='$color{'color20'}' align='left' height='25'><b>&nbsp;$Lang::tr{'wio_net_scan'}</b></td>
<td width='67%' align='right'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='WIOGUISHOWNETWORKSEARCHTABLE' value='networksearch' /><input type='submit' name='ACTION' value='$networksearchbuttontext' /></form></td>
</tr>
</table>
";
if ( $wiosettings{'WIOGUISHOWNETWORKSEARCHTABLE'} eq 'on' ) {
print"
<table width='100%' cellspacing='0' cellpadding='0' style='border-collapse: collapse'>
<tr>
<td colspan='3'>&nbsp;</td>
@@ -1944,7 +2002,7 @@ print"
</table>
</form>
";
}
&Header::closebox();
}
@@ -2104,23 +2162,24 @@ close(FILE);
############################################################################################################################
sub SortByTunnelName
{
if ($vpnconfighash{$a}[1] lt $vpnconfighash{$b}[1]) {
return -1;
}
elsif ($vpnconfighash{$a}[1] gt $vpnconfighash{$b}[1]) {
return 1;
}
else {
return 0;
}
sub SortByTunnelName {
if ($vpnconfighash{$a}[1] lt $vpnconfighash{$b}[1]) {
return -1;
}
elsif ($vpnconfighash{$a}[1] gt $vpnconfighash{$b}[1]) {
return 1;
}
else {
return 0;
}
}
############################################################################################################################
sub validSave
{
sub validSave {
if ( $wiosettings{'IPADR'} eq '' && $wiosettings{'PINGMETHODE'} eq 'ip' && $wiosettings{'DYNDNS'} eq '' ) {
$errormessage = $Lang::tr{'wio_ip_empty'};
}
@@ -2146,4 +2205,5 @@ sub validSave
if ( $wiosettings{'ID'} eq '' && ! defined($errormessage) ) { $errormessage = &WIO::checkinto($wiosettings{'IPADR'}, $wiosettings{'HOST'}, @current); }
if ( $wiosettings{'REMARK'} ne '' ) { $wiosettings{'REMARK'} =~ s/,/&#44;/g; }
}

4
src/wio/wiographs.cgi
View File

@@ -3,7 +3,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2017 Stephan Feddersen <addons@h-loit.de> #
# Copyright (C) 2017-2018 Stephan Feddersen <sfeddersen@ipfire.org> #
# All Rights Reserved. #
# #
# This program is free software: you can redistribute it and/or modify #
@@ -21,7 +21,7 @@
# #
###############################################################################
#
# id: wiographs.cgi, v1.3.2 2017/08/27 14:11:16 sfeddersen
# Version: 2017/08/27 14:07:23
#
# This wiographs.cgi is based on the Code from the IPCop WIO Addon
# and is extremly adapted to work with IPFire.