Merge branch 'next' into temp-c171-development

config/cfgroot/general-functions.pl

@@ -756,6 +756,17 @@ sub validdomainname
 	return 1;
 }
 
+sub validwildcarddomainname($) {
+	my $domainname = shift;
+
+	# Ignore any leading dots
+	if ($domainname =~ m/^\*\.(.*)/) {
+		$domainname = $1;
+	}
+
+	return &validdomainname($domainname);
+}
+
 sub validfqdn
 {
 	# Checks a fully qualified domain name against RFC1035 and RFC2181

config/rootfiles/common/configroot

@@ -83,6 +83,7 @@ var/ipfire/location-functions.pl
 var/ipfire/ids-functions.pl
 var/ipfire/ipblocklist-functions.pl
 var/ipfire/ipblocklist
+#var/ipfire/ipblocklist/modified
 #var/ipfire/ipblocklist/settings
 var/ipfire/isdn
 #var/ipfire/isdn/settings

config/rootfiles/oldcore/170/filelists/files

@@ -4,7 +4,9 @@ opt/pakfire/pakfire
 srv/web/ipfire/cgi-bin/aliases.cgi
 srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/ipblocklist.cgi
+srv/web/ipfire/cgi-bin/mail.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
 srv/web/ipfire/cgi-bin/services.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
 srv/web/ipfire/cgi-bin/vulnerabilities.cgi
@@ -22,6 +24,7 @@ usr/share/terminfo/t/tmux-256color
 usr/share/terminfo/t/tmux-direct
 var/ipfire/backup/bin/backup.pl
 var/ipfire/backup/include
+var/ipfire/general-functions.pl
 var/ipfire/ipblocklist-functions.pl
 var/ipfire/menu.d/50-firewall.menu
 var/ipfire/menu.d/70-log.menu

config/rootfiles/oldcore/170/update.sh

@@ -164,6 +164,10 @@ ldconfig
 mkdir -pv /var/lib/ipblocklist
 chown nobody:nobody /var/lib/ipblocklist
 
+# Create necessary files for IPBlocklist and set their ownership accordingly (#12917)
+touch /var/ipfire/ipblocklist/{settings,modified}
+chown nobody:nobody /var/ipfire/ipblocklist/{settings,modified}
+
 # Rebuild fcrontab from scratch
 /usr/bin/fcrontab -z
 

html/cgi-bin/mail.cgi

@@ -283,6 +283,10 @@ sub checkmailsettings {
 			$errormessage .= "$Lang::tr{'email invalid'} $Lang::tr{'email mailsender'}<br>";
 		}
 	}
+	# Check for a valid recipient
+	if (!&General::validemail($cgiparams{'txt_recipient'})) {
+		$errormessage .= $Lang::tr{'email recipient invalid'} . "<br>";
+	}
 	return $errormessage;
 }
 

html/cgi-bin/proxy.cgi

@@ -2506,6 +2506,7 @@ sub check_acls
 		if ($_)
 		{
 			if (/^\./) { $_ = '*'.$_; }
+			unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
 			$proxysettings{'DST_NOCACHE'} .= $_."\n";
 		}
 	}
@@ -2604,6 +2605,7 @@ sub check_acls
 			if ($_)
 			{
 					if (/^\./) { $_ = '*'.$_; }
+					unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
 					$proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
 			}
 	}

langs/de/cgi-bin/de.pl

@@ -301,6 +301,7 @@
 'advproxy errmsg invalid proxy port' => 'Ungültiger Proxyport',
 'advproxy errmsg invalid upstream proxy' => 'Ungültige IP/Hostname für vorgelagerten Proxy',
 'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für vorgelagerten Proxy',
+'advproxy errmsg invalid url' => 'Ungültige URL',
 'advproxy errmsg invalid user' => 'Benutzername existiert nicht',
 'advproxy errmsg ldap base dn' => 'LDAP Base DN erforderlich',
 'advproxy errmsg ldap bind dn' => 'LDAP Bind DN Benutzername und Passwort erforderlich',
@@ -963,6 +964,7 @@
 'email mailrcpt' => 'E-Mail-Empfänger',
 'email mailsender' => 'E-Mail-Absender',
 'email mailuser' => 'Benutzername',
+'email recipient invalid' => 'Ungültiger Emailempfänger',
 'email server can not be empty' => 'E-Mail-Server darf nicht leer sein',
 'email settings' => 'Mailversand',
 'email subject' => 'IPFire Test-E-Mail',

langs/en/cgi-bin/en.pl

@@ -298,6 +298,7 @@
 'advproxy errmsg invalid proxy port' => 'Invalid proxy port',
 'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP/hostname',
 'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting',
+'advproxy errmsg invalid url' => 'Invalid URL',
 'advproxy errmsg invalid user' => 'Username does not exist',
 'advproxy errmsg ldap base dn' => 'LDAP base DN required',
 'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required',
@@ -1004,6 +1005,7 @@
 'email mailrcpt' => 'Mail Recipient',
 'email mailsender' => 'Mail Sender',
 'email mailuser' => 'Username',
+'email recipient invalid' => 'Invalid email recipient',
 'email server can not be empty' => 'E-mail server can not be empty',
 'email settings' => 'Mail Service',
 'email subject' => 'IPFire Test Mail',

lfs/configroot

@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -65,8 +65,8 @@ $(TARGET) :
 	    captive/settings captive/agb.txt captive/clients captive/voucher_out certs/index.txt certs/index.txt.attr ddns/config ddns/settings ddns/ipcache dhcp/settings \
 	    dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dns/servers dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
 	    ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/locationblock firewall/input firewall/outgoing \
-	    fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings ipblocklist/settings \
-	    isdn/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
+	    fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings ipblocklist/modified \
+	    ipblocklist/settings isdn/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
 	    ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
 	    ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
 	    qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \

src/misc-progs/setaliases.c

@@ -28,8 +28,6 @@
 struct keyvalue *kv = NULL;
 FILE *file = NULL;
 
-#define SCOPE 128
-
 void exithandler(void)
 {
 	if (kv) freekeyvalues(kv);
@@ -125,7 +123,7 @@ int main(void)
 	alias = 0;
 	do {
 		snprintf(command, STRING_SIZE - 1,
-			"ip addr flush dev red%d scope %d 2>/dev/null", alias++, SCOPE);
+			"ip addr flush secondary dev red%d 2>/dev/null", alias++);
 	} while (safe_system(command) == 0);
 
 	/* Now set up the new aliases from the config file */
@@ -184,8 +182,8 @@ int main(void)
 		if (!intf)
 			intf = red_dev;
 
-		snprintf(command, STRING_SIZE - 1, "ip addr add %s/%s dev %s scope %d",
-			aliasip, red_netmask, intf, SCOPE);
+		snprintf(command, STRING_SIZE - 1, "ip addr add %s/%s secondary dev %s 2>/dev/null",
+			aliasip, red_netmask, intf);
 		safe_system(command);
 
 		alias++;