webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into next

Browse Source
This commit is contained in:
Michael Tremer
2013-11-09 14:33:16 +01:00
parent ec985733a5 33590570fb
commit 34daf4dbf8
7 changed files with 163 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/rootfiles/core/73/filelists/files
View File

@@ -3,9 +3,11 @@ etc/issue
etc/rc.d/init.d/dnsmasq
etc/rc.d/init.d/squid
srv/web/ipfire/cgi-bin/logs.cgi/proxylog.dat
srv/web/ipfire/cgi-bin/netinternal.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/routing.cgi
srv/web/ipfire/cgi-bin/wirelessclient.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
srv/web/ipfire/html/redirect.cgi
srv/web/ipfire/html/redirect-templates/
var/ipfire/header.pl

4
html/cgi-bin/netinternal.cgi
View File

@@ -61,8 +61,8 @@ if ( $querry[0] =~ /wireless/ ){
&Header::openbigbox('100%', 'left');
push (@graphs, ($netsettings{'GREEN_DEV'}));
if ($netsettings{'BLUE_DEV'}) {push (@graphs, ($netsettings{'BLUE_DEV'})); }
if ($netsettings{'ORANGE_DEV'}) {push (@graphs, ($netsettings{'ORANGE_DEV'})); }
if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {push (@graphs, ($netsettings{'BLUE_DEV'})); }
if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {push (@graphs, ($netsettings{'ORANGE_DEV'})); }
my @wirelessgraphs = `ls -dA /var/log/rrd/collectd/localhost/wireless* 2>/dev/null`;
foreach (@wirelessgraphs){

4
html/cgi-bin/proxy.cgi
View File

@@ -180,8 +180,8 @@ close(FILE);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
my $blue_cidr = "# Blue not defined";
if ($netsettings{'BLUE_DEV'}) {
my $blue_cidr = "";
if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
$blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
}

4
html/cgi-bin/vpnmain.cgi
View File

@@ -61,11 +61,11 @@ my %mainsettings = ();
my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
my $blue_cidr = "# Blue not defined";
if ($netsettings{'BLUE_DEV'}) {
if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
$blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
}
my $orange_cidr = "# Orange not defined";
if ($netsettings{'ORANGE_DEV'}) {
if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
$orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
}

4
lfs/openssh
View File

@@ -24,7 +24,7 @@
include Config
VER = 6.2p2
VER = 6.4p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = be46174dcbb77ebb4ea88ef140685de1
$(DL_FILE)_MD5 = a62b88b884df0b09b8a8c5789ac9e51b
install : $(TARGET)

7
lfs/squid
View File

@@ -24,7 +24,7 @@
include Config
VER = 3.3.9
VER = 3.3.10
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 6c4ba0d63c3a6d94de2da689f361cdab
$(DL_FILE)_MD5 = 28058812d722cac303517a643e28bcb0
install : $(TARGET)
@@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-optional-ssl-options.patch
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--sysconfdir=/etc/squid \

148
src/patches/squid-3.3.10-optional-ssl-options.patch Normal file
View File

@@ -0,0 +1,148 @@
From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115
Committer: Christos Tsantilas
Date: 2013-11-07 10:46:14 UTC
Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf
http://bugs.squid-cache.org/show_bug.cgi?id=3936
Bug 3936: error-details.txt parse error
Squid fails parsing error-details.txt template when one or more listed OpenSSL
errors are not supported on running platform.
This patch add a hardcoded list of OpenSSL errors wich can be optional.
This is a Measurement Factory project
=== modified file 'src/ssl/ErrorDetail.cc'
--- src/ssl/ErrorDetail.cc 2013-07-31 00:13:04 +0000
+++ src/ssl/ErrorDetail.cc 2013-11-07 10:46:14 +0000
@@ -221,6 +221,31 @@
{SSL_ERROR_NONE, NULL}
};
+static const char *OptionalSslErrors[] = {
+ "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
+ "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
+ "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
+ "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
+ "X509_V_ERR_INVALID_NON_CA",
+ "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
+ "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
+ "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
+ "X509_V_ERR_INVALID_EXTENSION",
+ "X509_V_ERR_INVALID_POLICY_EXTENSION",
+ "X509_V_ERR_NO_EXPLICIT_POLICY",
+ "X509_V_ERR_DIFFERENT_CRL_SCOPE",
+ "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
+ "X509_V_ERR_UNNESTED_RESOURCE",
+ "X509_V_ERR_PERMITTED_VIOLATION",
+ "X509_V_ERR_EXCLUDED_VIOLATION",
+ "X509_V_ERR_SUBTREE_MINMAX",
+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
+ "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
+ "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
+ NULL
+};
+
struct SslErrorAlias {
const char *name;
const Ssl::ssl_error_t *errors;
@@ -331,6 +356,16 @@
return NULL;
}
+bool
+Ssl::ErrorIsOptional(const char *name)
+{
+ for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
+ if (strcmp(name, OptionalSslErrors[i]) == 0)
+ return true;
+ }
+ return false;
+}
+
const char *
Ssl::GetErrorDescr(Ssl::ssl_error_t value)
{
=== modified file 'src/ssl/ErrorDetail.h'
--- src/ssl/ErrorDetail.h 2013-05-30 10:10:29 +0000
+++ src/ssl/ErrorDetail.h 2013-11-07 10:46:14 +0000
@@ -40,6 +40,14 @@
/**
\ingroup ServerProtocolSSLAPI
+ * Return true if the SSL error is optional and may not supported
+ * by current squid version
+ */
+
+bool ErrorIsOptional(const char *name);
+
+/**
+ \ingroup ServerProtocolSSLAPI
* Used to pass SSL error details to the error pages returned to the
* end user.
*/
=== modified file 'src/ssl/ErrorDetailManager.cc'
--- src/ssl/ErrorDetailManager.cc 2013-10-25 00:13:46 +0000
+++ src/ssl/ErrorDetailManager.cc 2013-11-07 10:46:14 +0000
@@ -218,32 +218,35 @@
}
Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
- if (ssl_error == SSL_ERROR_NONE) {
+ if (ssl_error != SSL_ERROR_NONE) {
+
+ if (theDetails->getErrorDetail(ssl_error)) {
+ debugs(83, DBG_IMPORTANT, HERE <<
+ "WARNING! duplicate entry: " << errorName);
+ return false;
+ }
+
+ ErrorDetailEntry &entry = theDetails->theList[ssl_error];
+ entry.error_no = ssl_error;
+ entry.name = errorName;
+ String tmp = parser.getByName("detail");
+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
+ tmp = parser.getByName("descr");
+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
+ bool parseOK = entry.descr.defined() && entry.detail.defined();
+
+ if (!parseOK) {
+ debugs(83, DBG_IMPORTANT, HERE <<
+ "WARNING! missing important field for detail error: " << errorName);
+ return false;
+ }
+
+ } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
debugs(83, DBG_IMPORTANT, HERE <<
"WARNING! invalid error detail name: " << errorName);
return false;
}
- if (theDetails->getErrorDetail(ssl_error)) {
- debugs(83, DBG_IMPORTANT, HERE <<
- "WARNING! duplicate entry: " << errorName);
- return false;
- }
-
- ErrorDetailEntry &entry = theDetails->theList[ssl_error];
- entry.error_no = ssl_error;
- entry.name = errorName;
- String tmp = parser.getByName("detail");
- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
- tmp = parser.getByName("descr");
- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
- bool parseOK = entry.descr.defined() && entry.detail.defined();
-
- if (!parseOK) {
- debugs(83, DBG_IMPORTANT, HERE <<
- "WARNING! missing imporant field for detail error: " << errorName);
- return false;
- }
}// else {only spaces and black lines; just ignore}
buf.consume(size);