Merge branch 'master' into kernel-test

config/firewall/firewall-lib.pl

@@ -238,8 +238,8 @@ sub get_interface
 	if($net eq "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"){
 		return "$netsettings{'BLUE_DEV'}";
 	}
-	if($net eq "0.0.0.0/0"){
-		return "$netsettings{'RED_DEV'}";
+	if($net eq "0.0.0.0/0") {
+		return &get_external_interface();
 	}
 	return "";
 }

config/firewall/rules.pl

@@ -554,29 +554,19 @@ sub time_convert_to_minutes {
 }
 
 sub p2pblock {
-	my $search_action;
-	my $target;
-
-	if ($fwdfwsettings{"POLICY"} eq "MODE1") {
-		$search_action = "on";
-		$target = "ACCEPT";
-	} else {
-		$search_action = "off";
-		$target = "DROP";
-	}
-
 	open(FILE, "<$p2pfile") or die "Unable to read $p2pfile";
 	my @protocols = ();
 	foreach my $p2pentry (<FILE>) {
 		my @p2pline = split(/\;/, $p2pentry);
-		next unless ($p2pline[2] eq $search_action);
+		next unless ($p2pline[2] eq "off");
 
 		push(@protocols, "--$p2pline[1]");
 	}
 	close(FILE);
 
+	run("$IPTABLES -F P2PBLOCK");
 	if (@protocols) {
-		run("$IPTABLES -A FORWARDFW -m ipp2p @protocols -j $target");
+		run("$IPTABLES -A P2PBLOCK -m ipp2p @protocols -j DROP");
 	}
 }
 

config/rootfiles/core/84/filelists/files

@@ -7,4 +7,5 @@ srv/web/ipfire/cgi-bin/fwhosts.cgi
 srv/web/ipfire/cgi-bin/urlfilter.cgi
 usr/lib/firewall/firewall-lib.pl
 usr/lib/firewall/rules.pl
+usr/local/bin/update-lang-cache
 var/ipfire/langs

lfs/bash

@@ -87,7 +87,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	sed -e "s/filename, RTLD_LAZY/filename, RTLD_NOW/" \
 		-i $(DIR_APP)/builtins/enable.def
 
-	for i in $$(seq 1 27); do \
+	for i in $$(seq 1 30); do \
 		cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash/bash43-$$(printf "%03d" "$${i}") || exit 1; \
 	done
 

src/initscripts/init.d/firewall

@@ -104,6 +104,12 @@ iptables_init() {
 	iptables -t nat -N CUSTOMPOSTROUTING
 	iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
 
+	# P2PBLOCK
+	iptables -N P2PBLOCK
+	iptables -A INPUT -j P2PBLOCK
+	iptables -A FORWARD -j P2PBLOCK
+	iptables -A OUTPUT -j P2PBLOCK
+	
 	# Guardian (IPS) chains
 	iptables -N GUARDIAN
 	iptables -A INPUT -j GUARDIAN

src/patches/bash/bash43-029

@@ -0,0 +1,59 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-029
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+When bash is parsing a function definition that contains a here-document
+delimited by end-of-file (or end-of-string), it leaves the closing delimiter
+uninitialized.  This can result in an invalid memory access when the parsed
+function is later copied.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3.28/make_cmd.c	2011-12-16 08:08:01.000000000 -0500
+--- make_cmd.c	2014-10-02 11:24:23.000000000 -0400
+***************
+*** 693,696 ****
+--- 693,697 ----
+    temp->redirector = source;
+    temp->redirectee = dest_and_filename;
++   temp->here_doc_eof = 0;
+    temp->instruction = instruction;
+    temp->flags = 0;
+*** ../bash-4.3.28/copy_cmd.c	2009-09-11 16:28:02.000000000 -0400
+--- copy_cmd.c	2014-10-02 11:24:23.000000000 -0400
+***************
+*** 127,131 ****
+      case r_reading_until:
+      case r_deblank_reading_until:
+!       new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
+        /*FALLTHROUGH*/
+      case r_reading_string:
+--- 127,131 ----
+      case r_reading_until:
+      case r_deblank_reading_until:
+!       new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
+        /*FALLTHROUGH*/
+      case r_reading_string:
+*** ../bash-4.3/patchlevel.h	2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h	2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 28
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 29
+  
+  #endif /* _PATCHLEVEL_H_ */