From b3f401fba4b69ea06a1987a971f8f7ff59b3ee33 Mon Sep 17 00:00:00 2001 From: Erik Kapfer Date: Tue, 29 Jul 2014 22:29:28 +0200 Subject: [PATCH 01/18] ids.cgi fix snort rules download url. fixes: 10579 --- config/rootfiles/core/80/filelists/files | 1 + html/cgi-bin/ids.cgi | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files index a12048d7b..cdddaac16 100644 --- a/config/rootfiles/core/80/filelists/files +++ b/config/rootfiles/core/80/filelists/files @@ -8,6 +8,7 @@ etc/rc.d/init.d/firewall etc/rc.d/init.d/networking/red.up/30-ddns etc/rc.d/init.d/rngd srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat srv/web/ipfire/cgi-bin/logs.cgi/log.dat srv/web/ipfire/cgi-bin/netexternal.cgi diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 5a28daaed..ff72b7894 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -263,11 +263,11 @@ if (-e "/etc/snort/snort.conf") { ####################### End added for snort rules control ################################# if ($snortsettings{'RULES'} eq 'subscripted') { - $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2961.tar.gz/$snortsettings{'OINKCODE'}"; + $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snortsettings{'OINKCODE'}"; } elsif ($snortsettings{'RULES'} eq 'registered') { - $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/$snortsettings{'OINKCODE'}"; + $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snortsettings{'OINKCODE'}"; } elsif ($snortsettings{'RULES'} eq 'community') { - $url=" http://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz"; + $url=" https://www.snort.org/rules/community"; } else { $url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz"; } From 5fe185f83c98d86cdbca470ecbea5c1365cae3f9 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Fri, 1 Aug 2014 19:56:52 +0200 Subject: [PATCH 02/18] ddns.cgi: Fix token auth for provider regfish.com. In the past the regfish.com auth token was stored as username similar than freedns.afraid.com. We now expected the token key stored as password, to keep compatiblity with old installations I've added some compatible code to prevent users from various issues. --- html/cgi-bin/ddns.cgi | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 7be9a50f0..3072a8b76 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -187,7 +187,7 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Check if a password has been typed in. # freedns.afraid.org does not require this field. - if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org')) { + if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) { $errormessage = $Lang::tr{'password not set'}; } @@ -650,8 +650,8 @@ sub GenerateDDNSConfigFile { if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com"] && $username eq "token") { $use_token = 1; - # Handle token auth for freedns.afraid.org. - } elsif ($provider eq "freedns.afraid.org" && $password eq "") { + # Handle token auth for freedns.afraid.org and regfish.com. + } elsif ($provider ~~ ["freedns.afraid.org", "regfish.com"] && $password eq "") { $use_token = 1; $password = $username; From 1f080b34bac4fbaa88d2b460ece53d460fff6ec5 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Thu, 31 Jul 2014 21:45:38 +0200 Subject: [PATCH 03/18] ddns.cgi: Check for valid FQDN before doing nslookup. We now check if the used hostname is a valid FQDN before doing the nslookup to determine if a DDNS host is up do date. --- html/cgi-bin/ddns.cgi | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 3072a8b76..65e3bee39 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -507,17 +507,32 @@ END chomp(@current); my @temp = split(/\,/,$line); + # Handle hostname details. Only connect the values with a dott if both are available. + my $hostname=""; + + if (($temp[1]) && ($temp[2])) { + $hostname="$temp[1].$temp[2]"; + } else { + $hostname="$temp[1]"; + } + # Generate value for enable/disable checkbox. - my $sync = ""; + my $sync = ''; my $gif = ''; my $gdesc = ''; if ($temp[7] eq "on") { $gif = 'on.gif'; $gdesc = $Lang::tr{'click to disable'}; - $sync = (&General::DyndnsServiceSync ($ip,$temp[1], $temp[2]) ? "": "") ; + + # Check if the given hostname is a FQDN before doing a nslookup. + if (&General::validfqdn($hostname)) { + $sync = (&General::DyndnsServiceSync ($ip,$temp[1], $temp[2]) ? "": "") ; + } + $toggle_enabled = 'off'; } else { + $sync = ""; $gif = 'off.gif'; $gdesc = $Lang::tr{'click to enable'}; $toggle_enabled = 'on'; From 06dbe99dbb1c37de8fc94b6f2dc6e53ef1d7d022 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 4 Aug 2014 19:39:16 +0200 Subject: [PATCH 04/18] tor: Update to 0.2.4.23 http://www.heise.de/security/meldung/Erfolgreicher-Angriff-auf-Tor-Anonymisierung-2278774.html --- lfs/tor | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/tor b/lfs/tor index 6f9e50289..0cc2957ed 100644 --- a/lfs/tor +++ b/lfs/tor @@ -24,7 +24,7 @@ include Config -VER = 0.2.4.22 +VER = 0.2.4.23 THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 7 +PAK_VER = 8 DEPS = "libevent2" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 5a7eee0d9df87233255d78b25c6f8270 +$(DL_FILE)_MD5 = 9e39928e310612c3bffee727f554c63f install : $(TARGET) From 156311fbcd67f00002fe658e1ee4b20154bf014a Mon Sep 17 00:00:00 2001 From: Erik Kapfer Date: Thu, 31 Jul 2014 08:43:24 +0200 Subject: [PATCH 05/18] OpenVPN: Added a check for empty 'CERT_NAME' field. Fixes: #10581 --- html/cgi-bin/ovpnmain.cgi | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 927616a55..14308e549 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -3968,10 +3968,8 @@ if ($cgiparams{'TYPE'} eq 'net') { $errormessage = $Lang::tr{'name too long'}; goto VPNCONF_ERROR; } - if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) { + if ($cgiparams{'CERT_NAME'} eq '' || $cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) { $errormessage = $Lang::tr{'invalid input for name'}; - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) { From 93899a216f7f03b8e1d5092fdd20afd07b0bedae Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 29 Jul 2014 21:57:07 +0200 Subject: [PATCH 06/18] firewall: add more pscan matches and filter INVALID conntrack packages. --- src/initscripts/init.d/firewall | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 97186c399..23d0c23ff 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -64,16 +64,20 @@ iptables_init() { iptables -A BADTCP -i lo -j RETURN # Disallow packets frequently used by port-scanners - # nmap xmas - iptables -A BADTCP -p tcp --tcp-flags ALL FIN,URG,PSH -j PSCAN - # Null - iptables -A BADTCP -p tcp --tcp-flags ALL NONE -j PSCAN - # FIN + # NMAP FIN/URG/PSH (XMAS scan) + iptables -A BADTCP -p tcp --tcp-flags ALL FIN,URG,PSH -j PSCAN + # SYN/RST/ACK/FIN/URG + iptables -A BADTCP -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j PSCAN + # ALL/ALL + iptables -A BADTCP -p tcp --tcp-flags ALL ALL -j PSCAN + # FIN Stealth iptables -A BADTCP -p tcp --tcp-flags ALL FIN -j PSCAN # SYN/RST (also catches xmas variants that set SYN+RST+...) iptables -A BADTCP -p tcp --tcp-flags SYN,RST SYN,RST -j PSCAN # SYN/FIN (QueSO or nmap OS probe) iptables -A BADTCP -p tcp --tcp-flags SYN,FIN SYN,FIN -j PSCAN + # Null + iptables -A BADTCP -p tcp --tcp-flags ALL NONE -j PSCAN # NEW TCP without SYN iptables -A BADTCP -p tcp ! --syn -m conntrack --ctstate NEW -j NEWNOTSYN @@ -83,6 +87,7 @@ iptables_init() { # Connection tracking chain iptables -N CONNTRACK iptables -A CONNTRACK -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT + iptables -A CONNTRACK -m conntrack --ctstate INVALID -j DROP # Fix for braindead ISP's iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu From 5354d0f5c902f208d755b3b8a06f5896d4d2c975 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 5 Aug 2014 19:49:28 +0200 Subject: [PATCH 07/18] ddns: Update to 004. --- lfs/ddns | 6 ++--- ...-a-program-prefix-to-syslog-messages.patch | 25 ------------------- 2 files changed, 2 insertions(+), 29 deletions(-) delete mode 100644 src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch diff --git a/lfs/ddns b/lfs/ddns index 975c8c3ab..b94b3a124 100644 --- a/lfs/ddns +++ b/lfs/ddns @@ -24,7 +24,7 @@ include Config -VER = 003 +VER = 004 THISAPP = ddns-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 9ff8ab5fa716859b51f63b0a241f1337 +$(DL_FILE)_MD5 = ff77cb72d0cb06c73bde70419b15bae8 install : $(TARGET) @@ -71,8 +71,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch - cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/var/ipfire cd $(DIR_APP) && make $(MAKETUNING) diff --git a/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch b/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch deleted file mode 100644 index 978db85fc..000000000 --- a/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 21fd4b8d26d01d622185ab8de971a9ee934220a3 Mon Sep 17 00:00:00 2001 -From: Michael Tremer -Date: Thu, 24 Jul 2014 13:23:36 +0200 -Subject: [PATCH] Add a program prefix to syslog messages. - ---- - src/ddns/__init__.py | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/ddns/__init__.py b/src/ddns/__init__.py -index 22764e6..6fe3a33 100644 ---- a/src/ddns/__init__.py -+++ b/src/ddns/__init__.py -@@ -42,6 +42,8 @@ def setup_logging(): - handler = logging.handlers.SysLogHandler(address="/dev/log", - facility=logging.handlers.SysLogHandler.LOG_DAEMON - ) -+ formatter = logging.Formatter("ddns[%(process)d]: %(message)s") -+ handler.setFormatter(formatter) - handler.setLevel(logging.INFO) - rootlogger.addHandler(handler) - --- -1.9.3 - From c2f80e67a711eee43dd5c815defc689fc7604b64 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Tue, 5 Aug 2014 21:24:44 +0200 Subject: [PATCH 08/18] ddns.cgi: Fix enable/disable handling of entries. When the "enabled" checkbox is checked a "on" will be returned, if the box is unchecked checkboxes will return nothing. As a result of this behaviour the ddns.conf contained entries which have been disabled in the WUI. We now check if the checkbox returns a "on", otherwise we will set the "enabled" value to "off" to prevent from this problem. --- html/cgi-bin/ddns.cgi | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 65e3bee39..dc5dacc24 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -197,6 +197,12 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Splitt hostname field into 2 parts for storrage. my($hostname, $domain) = split(/\./, $settings{'HOSTNAME'}, 2); + # Handle enabled checkbox. When the checkbox is selected a "on" will be returned, + # if the checkbox is not checked nothing is returned in this case we set the value to "off". + if ($settings{'ENABLED'} ne 'on') { + $settings{'ENABLED'} = 'off'; + } + # Handle adding new accounts. if ($settings{'ACTION'} eq $Lang::tr{'add'}) { @@ -215,8 +221,6 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Write out notice to logfile. &General::log($Lang::tr{'ddns hostname added'}); - # Update ddns config file. - # Handle account edditing. } elsif ($settings{'ACTION'} eq $Lang::tr{'update'}) { @@ -354,7 +358,9 @@ $checked{'BEHINDROUTER'}{'RED_IP'} = ''; $checked{'BEHINDROUTER'}{'FETCH_IP'} = ''; $checked{'BEHINDROUTER'}{$settings{'BEHINDROUTER'}} = "checked='checked'"; -$checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq '' ) ? '' : "checked='checked'"; +$checked{'ENABLED'}{'on'} = ''; +$checked{'ENABLED'}{'off'} = ''; +$checked{'ENABLED'}{$settings{'ENABLED'}} = "checked='checked'"; # Show box for errormessages.. if ($errormessage) { @@ -451,7 +457,7 @@ print < $Lang::tr{'enabled'} - + $Lang::tr{'username'} From b283b2cf8ffbeea1ab19237ca82db95a45efbb47 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 6 Aug 2014 09:30:13 +0200 Subject: [PATCH 09/18] lzo: Downgrade to 2.0.6 (CVE-2014-4607 patched). openvpn fails at lzo_init with lzo-2.07 and 2.08 on armv5tel. --- lfs/lzo | 5 +- src/patches/lzo-2.06-CVE-2014-4607.patch | 245 +++++++++++++++++++++++ 2 files changed, 248 insertions(+), 2 deletions(-) create mode 100755 src/patches/lzo-2.06-CVE-2014-4607.patch diff --git a/lfs/lzo b/lfs/lzo index 1745f4cca..19ad0909c 100644 --- a/lfs/lzo +++ b/lfs/lzo @@ -24,7 +24,7 @@ include Config -VER = 2.08 +VER = 2.06 THISAPP = lzo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = fcec64c26a0f4f4901468f360029678f +$(DL_FILE)_MD5 = 95380bd4081f85ef08c5209f4107e9f8 install : $(TARGET) @@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lzo-2.06-CVE-2014-4607.patch cd $(DIR_APP) && ./configure --prefix=/usr --enable-shared cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/src/patches/lzo-2.06-CVE-2014-4607.patch b/src/patches/lzo-2.06-CVE-2014-4607.patch new file mode 100755 index 000000000..d22c406e0 --- /dev/null +++ b/src/patches/lzo-2.06-CVE-2014-4607.patch @@ -0,0 +1,245 @@ +diff --git a/minilzo/minilzo.c b/minilzo/minilzo.c +index 34ce0f0..ecfdf66 100644 +--- a/minilzo/minilzo.c ++++ b/minilzo/minilzo.c +@@ -3547,6 +3547,8 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -3561,6 +3563,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -3572,6 +3575,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # undef TEST_OP + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + +@@ -3602,11 +3606,13 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +@@ -3687,6 +3693,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; +@@ -3835,6 +3842,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -3879,6 +3887,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; +@@ -4073,6 +4082,8 @@ lookbehind_overrun: + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -4087,6 +4098,7 @@ lookbehind_overrun: + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -4098,6 +4110,7 @@ lookbehind_overrun: + # undef TEST_OP + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + +@@ -4128,11 +4141,13 @@ lookbehind_overrun: + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +@@ -4213,6 +4228,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; +@@ -4361,6 +4377,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -4405,6 +4422,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; +diff --git a/src/lzo1_d.ch b/src/lzo1_d.ch +index 40a5bfd..c442d9c 100644 +--- a/src/lzo1_d.ch ++++ b/src/lzo1_d.ch +@@ -76,6 +76,8 @@ + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -91,6 +93,7 @@ + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -102,6 +105,7 @@ + # undef TEST_OP /* don't need both of the tests here */ + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + +@@ -135,11 +139,13 @@ + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + +diff --git a/src/lzo1b_d.ch b/src/lzo1b_d.ch +index fe5f361..36b4b6b 100644 +--- a/src/lzo1b_d.ch ++++ b/src/lzo1b_d.ch +@@ -187,6 +187,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += (M4_MIN_LEN - M3_MIN_LEN) + *ip++; +diff --git a/src/lzo1f_d.ch b/src/lzo1f_d.ch +index 9e942f5..0c2199e 100644 +--- a/src/lzo1f_d.ch ++++ b/src/lzo1f_d.ch +@@ -84,6 +84,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -138,6 +139,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +diff --git a/src/lzo1x_d.ch b/src/lzo1x_d.ch +index 49cf326..c804cc7 100644 +--- a/src/lzo1x_d.ch ++++ b/src/lzo1x_d.ch +@@ -120,6 +120,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; +@@ -273,6 +274,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -317,6 +319,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; +diff --git a/src/lzo2a_d.ch b/src/lzo2a_d.ch +index 48e51ca..954f07e 100644 +--- a/src/lzo2a_d.ch ++++ b/src/lzo2a_d.ch +@@ -131,6 +131,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += *ip++; From 9188f6142c7681ad46cf9acbfc42c2780f951f6c Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 6 Aug 2014 10:30:44 +0200 Subject: [PATCH 10/18] check_mk_agent: Bump release version to 4. --- lfs/check_mk_agent | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/check_mk_agent b/lfs/check_mk_agent index 541d7d6a0..532647111 100644 --- a/lfs/check_mk_agent +++ b/lfs/check_mk_agent @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/check_mk-${VER} TARGET = $(DIR_INFO)/$(THISAPP) PROG = check_mk_agent -PAK_VER = 3 +PAK_VER = 4 DEPS = "" From 4c658a270eca30cc9b91dc639da5c69326013045 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 6 Aug 2014 18:05:14 +0200 Subject: [PATCH 11/18] check_mk_agent: extract backup include before uninstall. --- src/paks/check_mk_agent/uninstall.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/src/paks/check_mk_agent/uninstall.sh b/src/paks/check_mk_agent/uninstall.sh index 3a0860afe..51449f55b 100644 --- a/src/paks/check_mk_agent/uninstall.sh +++ b/src/paks/check_mk_agent/uninstall.sh @@ -22,6 +22,7 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh +extract_backup_includes make_backup ${NAME} remove_files From b0507bff11ae99438291e35d1d36096b1cf9c008 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 6 Aug 2014 20:26:08 +0200 Subject: [PATCH 12/18] ddns: rootfile update. --- config/rootfiles/common/ddns | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/rootfiles/common/ddns b/config/rootfiles/common/ddns index 2f0bdf741..f93965cea 100644 --- a/config/rootfiles/common/ddns +++ b/config/rootfiles/common/ddns @@ -60,4 +60,7 @@ usr/lib/python2.7/site-packages/ddns/system.pyo #usr/share/locale/uz@Latn/LC_MESSAGES #usr/share/locale/uz@Latn/LC_MESSAGES/ddns.mo #usr/share/locale/vi/LC_MESSAGES/ddns.mo +#usr/share/locale/zh +#usr/share/locale/zh/LC_MESSAGES +#usr/share/locale/zh/LC_MESSAGES/ddns.mo #var/ipfire/ddns/ddns.conf.sample From 5ecf77e7305d72db7c1e6d617d0317b161f25267 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 7 Aug 2014 00:57:23 +0200 Subject: [PATCH 13/18] openssl: update to 1.0.1i. --- lfs/openssl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/openssl b/lfs/openssl index 12cea68b2..0f0b823a9 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ include Config -VER = 1.0.1h +VER = 1.0.1i THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -51,7 +51,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 8d6d684a9430d5cc98a62a5d8fbda8cf +$(DL_FILE)_MD5 = c8dc151a671b9b92ff3e4c118b174972 install : $(TARGET) From a0e747dafc027d57976c799e23c17f5825a9739a Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 7 Aug 2014 00:58:21 +0200 Subject: [PATCH 14/18] core81: add changes to core81 updater. --- config/rootfiles/core/81/exclude | 20 ++++ config/rootfiles/core/81/filelists/ddns | 1 + config/rootfiles/core/81/filelists/files | 5 + config/rootfiles/core/81/filelists/lzo | 1 + config/rootfiles/core/81/filelists/openssh | 1 + config/rootfiles/core/81/filelists/openssl | 1 + config/rootfiles/core/81/meta | 1 + config/rootfiles/core/81/update.sh | 101 +++++++++++++++++++++ make.sh | 4 +- 9 files changed, 133 insertions(+), 2 deletions(-) create mode 100644 config/rootfiles/core/81/exclude create mode 120000 config/rootfiles/core/81/filelists/ddns create mode 100644 config/rootfiles/core/81/filelists/files create mode 120000 config/rootfiles/core/81/filelists/lzo create mode 120000 config/rootfiles/core/81/filelists/openssh create mode 120000 config/rootfiles/core/81/filelists/openssl create mode 100644 config/rootfiles/core/81/meta create mode 100644 config/rootfiles/core/81/update.sh diff --git a/config/rootfiles/core/81/exclude b/config/rootfiles/core/81/exclude new file mode 100644 index 000000000..18e9b4d24 --- /dev/null +++ b/config/rootfiles/core/81/exclude @@ -0,0 +1,20 @@ +boot/config.txt +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/ovpn +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/81/filelists/ddns b/config/rootfiles/core/81/filelists/ddns new file mode 120000 index 000000000..739516420 --- /dev/null +++ b/config/rootfiles/core/81/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/81/filelists/files b/config/rootfiles/core/81/filelists/files new file mode 100644 index 000000000..4b0ae1e75 --- /dev/null +++ b/config/rootfiles/core/81/filelists/files @@ -0,0 +1,5 @@ +etc/system-release +etc/issue +etc/rc.d/init.d/firewall +srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi diff --git a/config/rootfiles/core/81/filelists/lzo b/config/rootfiles/core/81/filelists/lzo new file mode 120000 index 000000000..8e11e78d3 --- /dev/null +++ b/config/rootfiles/core/81/filelists/lzo @@ -0,0 +1 @@ +../../../common/lzo \ No newline at end of file diff --git a/config/rootfiles/core/81/filelists/openssh b/config/rootfiles/core/81/filelists/openssh new file mode 120000 index 000000000..d8c77fd8e --- /dev/null +++ b/config/rootfiles/core/81/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/81/filelists/openssl b/config/rootfiles/core/81/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/81/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/81/meta b/config/rootfiles/core/81/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/core/81/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/81/update.sh b/config/rootfiles/core/81/update.sh new file mode 100644 index 000000000..67244c654 --- /dev/null +++ b/config/rootfiles/core/81/update.sh @@ -0,0 +1,101 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2014 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=80 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services +/etc/init.d/ipsec stop + +# Remove old strongswan files +rm -f \ + /etc/strongswan.d/charon/unity.conf \ + /usr/lib/ipsec/plugins/libstrongswan-unity.so \ + /usr/share/strongswan/templates/config/plugins/unity.conf + +rm -f /usr/local/bin/setddns.pl + +# Extract files +extract_files + +# Start services +/etc/init.d/dnsmasq restart +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi + + +# Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +# Uninstall the libgpg-error package. +rm -f \ + /opt/pakfire/db/installed/meta-libgpg-error \ + /opt/pakfire/db/rootfiles/libgpg-error + +# Fix broken proxy configuration permissions +chown -R nobody.nobody \ + /var/ipfire/proxy/advanced \ + /var/ipfire/proxy/acl-1.4 \ + /var/ipfire/proxy/enable \ + /var/ipfire/proxy/settings \ + /var/ipfire/proxy/squid.conf \ + /var/ipfire/proxy/transparent + +# Regenerate squid configuration file +sudo -u nobody /srv/web/ipfire/cgi-bin/proxy.cgi + +# Generate ddns configuration file +sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi + +# Update crontab +sed -i /var/spool/cron/root.orig -e "/setddns.pl/d" + +grep -q /usr/bin/ddns /var/spool/cron/root.orig || cat <> /var/spool/cron/root.orig + +# Update dynamic DNS records every five minutes. +# Force an update once a month +*/5 * * * * [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all +3 2 1 * * [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all --force +EOF + +fcrontab -z &>/dev/null + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Don't report the exitcode last command +exit 0 diff --git a/make.sh b/make.sh index b50a07b23..bfb936515 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.15" # Version number -CORE="80" # Core Level (Filename) -PAKFIRE_CORE="80" # Core Level (PAKFIRE) +CORE="81" # Core Level (Filename) +PAKFIRE_CORE="81" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir From 458064c5196c7350313ef2753f17210607031c04 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 7 Aug 2014 20:33:10 +0200 Subject: [PATCH 15/18] ddns.cgi: Allow enabling/disabling entries. --- html/cgi-bin/ddns.cgi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index dc5dacc24..80126205e 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -651,6 +651,7 @@ sub GenerateDDNSConfigFile { while () { my $line = $_; + chomp($line); # Generate array based on the line content (seperator is a single or multiple space's) my @settings = split(/,/, $line); @@ -660,7 +661,7 @@ sub GenerateDDNSConfigFile { next unless ($provider ~~ @providers); # Skip disabled entries. - next if ($enabled eq "off"); + next unless ($enabled eq "on"); print FILE "[$hostname.$domain]\n"; print FILE "provider = $provider\n"; From c330d115bf0ab7232679151dd8a79fe59ebe1b27 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 7 Aug 2014 20:40:14 +0200 Subject: [PATCH 16/18] ddns.cgi: Fix coding style. --- html/cgi-bin/ddns.cgi | 30 +++++------------------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 80126205e..05580289d 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -89,7 +89,6 @@ close (FILE); # Save General Settings. # if ($settings{'ACTION'} eq $Lang::tr{'save'}) { - # Open /var/ipfire/ddns/settings for writing. open(FILE, ">$settingsfile") or die "Unable to open $settingsfile."; @@ -115,7 +114,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { # Toggle enable/disable field. Field is in second position # if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">$datafile") or die "Unable to open $datafile."; @@ -127,23 +125,19 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { # Read file line by line. foreach my $line (@current) { - # Remove newlines. chomp($line); if ($settings{'ID'} eq $id) { - # Splitt lines (splitting element is a single ",") and save values into temp array. @temp = split(/\,/,$line); # Check if we want to toggle ENABLED or WILDCARDS. if ($settings{'ENABLED'} ne '') { - # Update ENABLED. print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$settings{'ENABLED'}\n"; } } else { - # Print unmodified line. print FILE "$line\n"; } @@ -155,9 +149,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { # Close file after writing. close(FILE); - # Unset given CGI params. - undef %settings; - # Write out logging notice. &General::log($Lang::tr{'ddns hostname modified'}); @@ -192,8 +183,7 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: } # Go furter if there was no error. - if ( ! $errormessage) { - + if (!$errormessage) { # Splitt hostname field into 2 parts for storrage. my($hostname, $domain) = split(/\./, $settings{'HOSTNAME'}, 2); @@ -205,7 +195,6 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Handle adding new accounts. if ($settings{'ACTION'} eq $Lang::tr{'add'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">>$datafile") or die "Unable to open $datafile."; @@ -223,7 +212,6 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Handle account edditing. } elsif ($settings{'ACTION'} eq $Lang::tr{'update'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">$datafile") or die "Unable to open $datafile."; @@ -234,7 +222,6 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Read file line by line. foreach my $line (@current) { - if ($settings{'ID'} eq $id) { print FILE "$settings{'SERVICE'},$hostname,$domain,$settings{'PROXY'},$settings{'WILDCARDS'},$settings{'LOGIN'},$settings{'PASSWORD'},$settings{'ENABLED'}\n"; } else { @@ -264,7 +251,6 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Remove existing accounts. # if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">$datafile") or die "Unable to open $datafile."; @@ -275,7 +261,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { # Read file line by line. foreach my $line (@current) { - # Write back every line, except the one we want to drop # (identified by the ID) unless ($settings{'ID'} eq $id) { @@ -303,15 +288,12 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { # Read items for editing. # if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { - my $id = 0; my @temp; # Read file line by line. foreach my $line (@current) { - if ($settings{'ID'} eq $id) { - # Remove newlines. chomp($line); @@ -326,10 +308,12 @@ if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { $settings{'PASSWORD'} = $temp[6]; $settings{'ENABLED'} = $temp[7]; } - # Increase $id. - $id++; + # Increase $id. + $id++; } + + &GenerateDDNSConfigFile(); } # @@ -410,18 +394,15 @@ my $buttontext = $Lang::tr{'add'}; # Change buttontext and headline if we edit an account. if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { - # Rename button and print headline for updating. $buttontext = $Lang::tr{'update'}; &Header::openbox('100%', 'left', $Lang::tr{'edit an existing host'}); } else { - # Otherwise use default button text and show headline for adding a new account. &Header::openbox('100%', 'left', $Lang::tr{'add a host'}); } print < @@ -437,7 +418,6 @@ END # Loop to print the providerlist. foreach my $provider (@providers) { - # Check if the current provider needs to be selected. if ($provider eq $settings{'SERVICE'}) { $selected = 'selected'; From a6df80269bb2aaf10c45658d0d2a7058d8456d9a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 7 Aug 2014 20:58:33 +0200 Subject: [PATCH 17/18] ddns.cgi: Fix CGI clearing all settings. --- html/cgi-bin/ddns.cgi | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 05580289d..3de8886dd 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -103,9 +103,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { # Close file after writing. close(FILE); - # Unset given CGI parmas. - undef %settings; - # Update ddns config file. &GenerateDDNSConfigFile(); } @@ -145,6 +142,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { # Increase $id. $id++; } + undef $settings{'ID'}; # Close file after writing. close(FILE); @@ -160,7 +158,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { # Add new accounts, or edit existing ones. # if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::tr{'update'})) { - # Check if a hostname has been given. if ($settings{'HOSTNAME'} eq '') { $errormessage = $Lang::tr{'hostname not set'}; @@ -238,9 +235,7 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Write out notice to logfile. &General::log($Lang::tr{'ddns hostname modified'}); } - - # Unset given CGI params. - undef %settings; + undef $settings{'ID'}; # Update ddns config file. &GenerateDDNSConfigFile(); @@ -270,13 +265,11 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { # Increase id. $id++; } + undef $settings{'ID'}; # Close file after writing. close(FILE); - # Unset given CGI params. - undef %settings; - # Write out notice to logfile. &General::log($Lang::tr{'ddns hostname removed'}); @@ -326,9 +319,10 @@ if ($settings{'ACTION'} eq $Lang::tr{'instant update'}) { # # Set default values. # -if (! $settings{'ACTION'}) { +if (!$settings{'ACTION'}) { $settings{'SERVICE'} = 'dyndns.org'; $settings{'ENABLED'} = 'on'; + $settings{'ID'} = ''; } &Header::openpage($Lang::tr{'dynamic dns'}, 1, ''); From 4851bc81f33058d814028ab91f4badf46739f373 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 26 Jul 2014 18:26:37 +0200 Subject: [PATCH 18/18] ddns.cgi: Support hostname details without seperating dots. To keep compatiblity with the settings file of the old DDNS update script (setddns.pl) we keept the storrage of the hostname information in two parts (hostname and domain) and connected both with a dot to get a valid FQDN again. OpenDNS and may some other providers do not use a dotted format for this information, so one of these two values were empty. We now can handle such cases in a right way. --- html/cgi-bin/ddns.cgi | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 3de8886dd..55841b2b9 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -293,8 +293,17 @@ if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { # Splitt lines (splitting element is a single ",") and save values into temp array. @temp = split(/\,/,$line); + # Handle hostname details. Only connect the values with a dott if both are available. + my $hostname; + + if (($temp[1]) && ($temp[2])) { + $hostname = "$temp[1].$temp[2]"; + } else { + $hostname = "$temp[1]"; + } + $settings{'SERVICE'} = $temp[0]; - $settings{'HOSTNAME'} = "$temp[1].$temp[2]"; + $settings{'HOSTNAME'} = $hostname; $settings{'PROXY'} = $temp[3]; $settings{'WILDCARDS'} = $temp[4]; $settings{'LOGIN'} = $temp[5]; @@ -531,11 +540,20 @@ END $col="bgcolor='$color{'color22'}'"; } + # Handle hostname details. Only connect the values with a dott if both are available. + my $hostname=""; + + if (($temp[1]) && ($temp[2])) { + $hostname="$temp[1].$temp[2]"; + } else { + $hostname="$temp[1]"; + } + # The following HTML Code still is part of the loop. print < - +
$temp[0]$sync$temp[1].$sync$temp[2]$sync$hostname
@@ -637,7 +655,13 @@ sub GenerateDDNSConfigFile { # Skip disabled entries. next unless ($enabled eq "on"); - print FILE "[$hostname.$domain]\n"; + # Handle hostname details. Only connect the values with a dott if both are available. + if (($hostname) && ($domain)) { + print FILE "[$hostname.$domain]\n"; + } else { + print FILE "[$hostname]\n"; + } + print FILE "provider = $provider\n"; my $use_token = 0;