webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 21:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/next' into install-raid

Browse Source 
Conflicts:
	lfs/bash
This commit is contained in:
Arne Fitzenreiter
2014-09-29 22:02:42 +02:00
parent a704312d72 801dcd70b0
commit d6f003e1e9
72 changed files with 1893 additions and 1488 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
config/firewall/firewall-lib.pl
View File

@@ -217,7 +217,7 @@ sub get_std_net_ip
}elsif($val eq 'BLUE'){
return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
}elsif($val eq 'RED'){
return "0.0.0.0/0 -o $con";
return "0.0.0.0/0";
}elsif($val =~ /OpenVPN/i){
return "$ovpnsettings{'DOVPN_SUBNET'}";
}elsif($val =~ /IPsec/i){
@@ -226,6 +226,23 @@ sub get_std_net_ip
return ;
}
}
sub get_interface
{
my $net=shift;
if($net eq "$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"){
return "$netsettings{'GREEN_DEV'}";
}
if($net eq "$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"){
return "$netsettings{'ORANGE_DEV'}";
}
if($net eq "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"){
return "$netsettings{'BLUE_DEV'}";
}
if($net eq "0.0.0.0/0"){
return "$netsettings{'RED_DEV'}";
}
return "";
}
sub get_net_ip
{
my $val=shift;
@@ -305,9 +322,9 @@ sub get_address
# address. Otherwise, we assume that it is an IP address.
if ($key ~~ ["src_addr", "tgt_addr"]) {
if (&General::validmac($value)) {
push(@ret, "-m mac --mac-source $value");
push(@ret, ["-m mac --mac-source $value", ""]);
} else {
push(@ret, $value);
push(@ret, [$value, ""]);
}
# If a default network interface (GREEN, BLUE, etc.) is selected, we
@@ -316,88 +333,90 @@ sub get_address
my $external_interface = &get_external_interface();
my $network_address = &get_std_net_ip($value, $external_interface);
if ($network_address) {
push(@ret, $network_address);
my $interface = &get_interface($network_address);
push(@ret, [$network_address, $interface]);
}
# Custom networks.
} elsif ($key ~~ ["cust_net_src", "cust_net_tgt", "Custom Network"]) {
my $network_address = &get_net_ip($value);
if ($network_address) {
push(@ret, $network_address);
push(@ret, [$network_address, ""]);
}
# Custom hosts.
} elsif ($key ~~ ["cust_host_src", "cust_host_tgt", "Custom Host"]) {
my $host_address = &get_host_ip($value, $type);
if ($host_address) {
push(@ret, $host_address);
push(@ret, [$host_address, ""]);
}
# OpenVPN networks.
} elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) {
my $network_address = &get_ovpn_net_ip($value, 1);
if ($network_address) {
push(@ret, $network_address);
push(@ret, [$network_address, ""]);
}
# OpenVPN hosts.
} elsif ($key ~~ ["ovpn_host_src", "ovpn_host_tgt", "OpenVPN static host"]) {
my $host_address = &get_ovpn_host_ip($value, 33);
if ($host_address) {
push(@ret, $host_address);
push(@ret, [$host_address, ""]);
}
# OpenVPN N2N.
} elsif ($key ~~ ["ovpn_n2n_src", "ovpn_n2n_tgt", "OpenVPN N-2-N"]) {
my $network_address = &get_ovpn_n2n_ip($value, 11);
if ($network_address) {
push(@ret, $network_address);
push(@ret, [$network_address, ""]);
}
# IPsec networks.
} elsif ($key ~~ ["ipsec_net_src", "ipsec_net_tgt", "IpSec Network"]) {
my $network_address = &get_ipsec_net_ip($value, 11);
if ($network_address) {
push(@ret, $network_address);
push(@ret, [$network_address, ""]);
}
# The firewall's own IP addresses.
} elsif ($key ~~ ["ipfire", "ipfire_src"]) {
# ALL
if ($value eq "ALL") {
push(@ret, "0/0");
push(@ret, ["0/0", ""]);
# GREEN
} elsif ($value eq "GREEN") {
push(@ret, $netsettings{"GREEN_ADDRESS"});
push(@ret, [$netsettings{"GREEN_ADDRESS"}, ""]);
# BLUE
} elsif ($value eq "BLUE") {
push(@ret, $netsettings{"BLUE_ADDRESS"});
push(@ret, [$netsettings{"BLUE_ADDRESS"}, ""]);
# ORANGE
} elsif ($value eq "ORANGE") {
push(@ret, $netsettings{"ORANGE_ADDRESS"});
push(@ret, [$netsettings{"ORANGE_ADDRESS"}, ""]);
# RED
} elsif ($value ~~ ["RED", "RED1"]) {
my $address = &get_external_address();
if ($address) {
push(@ret, $address);
push(@ret, [$address, ""]);
}
# Aliases
} else {
my $alias = &get_alias($value);
if ($alias) {
push(@ret, $alias);
push(@ret, [$alias, ""]);
}
}
# If nothing was selected, we assume "any".
} else {
push(@ret, "0/0");
push(@ret, ["0/0", ""]);
}
return @ret;

55
config/firewall/rules.pl
View File

@@ -268,6 +268,33 @@ sub buildrules {
}
}
# Concurrent connection limit
my @ratelimit_options = ();
if ($$hash{$key}[32] eq 'ON') {
my $conn_limit = $$hash{$key}[33];
if ($conn_limit ge 1) {
push(@ratelimit_options, ("-m", "connlimit"));
# Use the the entire source IP address
push(@ratelimit_options, "--connlimit-saddr");
push(@ratelimit_options, ("--connlimit-mask", "32"));
# Apply the limit
push(@ratelimit_options, ("--connlimit-upto", $conn_limit));
}
}
# Ratelimit
if ($$hash{$key}[34] eq 'ON') {
my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
if ($rate_limit) {
push(@ratelimit_options, ("-m", "limit"));
push(@ratelimit_options, ("--limit", $rate_limit));
}
}
# Check which protocols are used in this rule and so that we can
# later group rules by protocols.
my @protocols = &get_protocols($hash, $key);
@@ -295,22 +322,26 @@ sub buildrules {
next unless ($src);
# Sanitize source.
my $source = $src;
my $source = @$src[0];
if ($source ~~ @ANY_ADDRESSES) {
$source = "";
}
my $source_intf = @$src[1];
foreach my $dst (@destinations) {
# Skip invalid rules.
next unless (defined $dst);
next if (!$dst || ($dst eq "none"));
# Sanitize destination.
my $destination = $dst;
my $destination = @$dst[0];
if ($destination ~~ @ANY_ADDRESSES) {
$destination = "";
}
my $destination_intf = @$dst[1];
# Array with iptables arguments.
my @options = ();
@@ -327,15 +358,26 @@ sub buildrules {
push(@source_options, ("-s", $source));
}
if ($source_intf) {
push(@source_options, ("-i", $source_intf));
}
# Prepare destination options.
my @destination_options = ();
if ($destination) {
push(@destination_options, ("-d", $destination));
}
if ($destination_intf) {
push(@destination_options, ("-o", $destination_intf));
}
# Add time constraint options.
push(@options, @time_options);
# Add ratelimiting option
push(@options, @ratelimit_options);
my $firewall_is_in_source_subnet = 1;
if ($source) {
$firewall_is_in_source_subnet = &firewall_is_in_subnet($source);
@@ -366,7 +408,7 @@ sub buildrules {
# Make port-forwardings useable from the internal networks.
my @internal_addresses = &fwlib::get_internal_firewall_ip_addresses(1);
unless ($nat_address ~~ @internal_addresses) {
&add_dnat_mangle_rules($nat_address, @nat_options);
&add_dnat_mangle_rules($nat_address, $source_intf, @nat_options);
}
push(@nat_options, @source_options);
@@ -457,6 +499,10 @@ sub buildrules {
}
}
}
#Reload firewall.local if present
if ( -f '/etc/sysconfig/firewall.local'){
run("/etc/sysconfig/firewall.local reload");
}
}
# Formats the given timestamp into the iptables format which is "hh:mm" UTC.
@@ -683,6 +729,7 @@ sub get_dnat_target_port {
sub add_dnat_mangle_rules {
my $nat_address = shift;
my $interface = shift;
my @options = @_;
my $mark = 0;
@@ -693,6 +740,8 @@ sub add_dnat_mangle_rules {
next unless (exists $defaultNetworks{$zone . "_NETADDRESS"});
next unless (exists $defaultNetworks{$zone . "_NETMASK"});
next if ($interface && $interface ne $defaultNetworks{$zone . "_DEV"});
my @mangle_options = @options;
my $netaddress = $defaultNetworks{$zone . "_NETADDRESS"};

39
config/rootfiles/common/bash
View File

@@ -57,3 +57,42 @@ bin/bash
#usr/share/locale/zh_TW/LC_MESSAGES/bash.mo
#usr/share/man/man1/bash.1
#usr/share/man/man1/bashbug.1
#usr/share/locale/af
#usr/share/locale/af/LC_MESSAGES
#usr/share/locale/af/LC_MESSAGES/bash.mo
#usr/share/locale/bg/LC_MESSAGES/bash.mo
#usr/share/locale/ca/LC_MESSAGES/bash.mo
#usr/share/locale/cs/LC_MESSAGES/bash.mo
#usr/share/locale/da/LC_MESSAGES/bash.mo
#usr/share/locale/de/LC_MESSAGES/bash.mo
#usr/share/locale/el/LC_MESSAGES/bash.mo
#usr/share/locale/en@boldquot
#usr/share/locale/en@boldquot/LC_MESSAGES
#usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo
#usr/share/locale/en@quot/LC_MESSAGES/bash.mo
#usr/share/locale/eo/LC_MESSAGES/bash.mo
#usr/share/locale/es/LC_MESSAGES/bash.mo
#usr/share/locale/et/LC_MESSAGES/bash.mo
#usr/share/locale/fi/LC_MESSAGES/bash.mo
#usr/share/locale/fr/LC_MESSAGES/bash.mo
#usr/share/locale/ga/LC_MESSAGES/bash.mo
#usr/share/locale/gl/LC_MESSAGES/bash.mo
#usr/share/locale/hr/LC_MESSAGES/bash.mo
#usr/share/locale/hu/LC_MESSAGES/bash.mo
#usr/share/locale/id/LC_MESSAGES/bash.mo
#usr/share/locale/it/LC_MESSAGES/bash.mo
#usr/share/locale/ja/LC_MESSAGES/bash.mo
#usr/share/locale/lt/LC_MESSAGES/bash.mo
#usr/share/locale/nl/LC_MESSAGES/bash.mo
#usr/share/locale/pl/LC_MESSAGES/bash.mo
#usr/share/locale/pt_BR/LC_MESSAGES/bash.mo
#usr/share/locale/ro/LC_MESSAGES/bash.mo
#usr/share/locale/ru/LC_MESSAGES/bash.mo
#usr/share/locale/sk/LC_MESSAGES/bash.mo
#usr/share/locale/sl/LC_MESSAGES/bash.mo
#usr/share/locale/sr
#usr/share/locale/sr/LC_MESSAGES
#usr/share/locale/sr/LC_MESSAGES/bash.mo
#usr/share/locale/sv/LC_MESSAGES/bash.mo
#usr/share/locale/tr/LC_MESSAGES/bash.mo
#usr/share/locale/uk/LC_MESSAGES/bash.mo

0
config/rootfiles/core/82/exclude → config/rootfiles/core/84/exclude
View File

1
config/rootfiles/core/84/filelists/bash Symbolic link
View File

@@ -0,0 +1 @@
../../../common/bash

1
config/rootfiles/core/84/filelists/dnsmasq Symbolic link
View File

@@ -0,0 +1 @@
../../../common/dnsmasq

10
config/rootfiles/core/84/filelists/files Normal file
View File

@@ -0,0 +1,10 @@
etc/system-release
etc/issue
etc/rc.d/init.d/firewall
etc/rc.d/init.d/network
srv/web/ipfire/cgi-bin/firewall.cgi
srv/web/ipfire/cgi-bin/fwhosts.cgi
srv/web/ipfire/cgi-bin/urlfilter.cgi
usr/lib/firewall/firewall-lib.pl
usr/lib/firewall/rules.pl
var/ipfire/langs

1
config/rootfiles/core/84/filelists/readline Symbolic link
View File

@@ -0,0 +1 @@
../../../common/readline

0
config/rootfiles/core/82/meta → config/rootfiles/core/84/meta
View File

58
config/rootfiles/core/84/update.sh Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 3 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
# Remove old core updates from pakfire cache to save space...
core=84
for (( i=1; i<=$core; i++ ))
do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done
# Stop services
/etc/init.d/dnsmasq stop
# Remove old files
# Extract files
extract_files
# Start services
/etc/init.d/dnsmasq start
# Update Language cache
perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
sync
# This update need a reboot...
touch /var/run/need_reboot
# Finish
/etc/init.d/fireinfo start
sendprofile
# Don't report the exitcode last command
exit 0

20
config/rootfiles/oldcore/82/exclude Normal file
View File

@@ -0,0 +1,20 @@
boot/config.txt
etc/collectd.custom
etc/ipsec.conf
etc/ipsec.secrets
etc/ipsec.user.conf
etc/ipsec.user.secrets
etc/localtime
etc/shadow
etc/ssh/ssh_config
etc/ssh/sshd_config
etc/ssl/openssl.cnf
etc/sudoers
etc/sysconfig/firewall.local
etc/sysconfig/rc.local
etc/udev/rules.d/30-persistent-network.rules
srv/web/ipfire/html/proxy.pac
var/ipfire/ovpn
var/log/cache
var/state/dhcp/dhcpd.leases
var/updatecache

0
config/rootfiles/core/82/filelists/armv5tel/gmp → config/rootfiles/oldcore/82/filelists/armv5tel/gmp
View File

0
config/rootfiles/core/82/filelists/batctl → config/rootfiles/oldcore/82/filelists/batctl
View File

0
config/rootfiles/core/82/filelists/boost → config/rootfiles/oldcore/82/filelists/boost
View File

0
config/rootfiles/core/82/filelists/files → config/rootfiles/oldcore/82/filelists/files
View File

0
config/rootfiles/core/82/filelists/i586/gmp → config/rootfiles/oldcore/82/filelists/i586/gmp
View File

0
config/rootfiles/core/82/filelists/iputils → config/rootfiles/oldcore/82/filelists/iputils
View File

0
config/rootfiles/core/82/filelists/libnl-3 → config/rootfiles/oldcore/82/filelists/libnl-3
View File

0
config/rootfiles/core/82/filelists/mpfr → config/rootfiles/oldcore/82/filelists/mpfr
View File

0
config/rootfiles/core/82/filelists/openssl-compat → config/rootfiles/oldcore/82/filelists/openssl-compat
View File

0
config/rootfiles/core/82/filelists/ppp → config/rootfiles/oldcore/82/filelists/ppp
View File

1
config/rootfiles/oldcore/82/meta Normal file
View File

@@ -0,0 +1 @@
DEPS=""

0
config/rootfiles/core/82/update.sh → config/rootfiles/oldcore/82/update.sh
View File

20
config/rootfiles/oldcore/83/exclude Normal file
View File

@@ -0,0 +1,20 @@
boot/config.txt
etc/collectd.custom
etc/ipsec.conf
etc/ipsec.secrets
etc/ipsec.user.conf
etc/ipsec.user.secrets
etc/localtime
etc/shadow
etc/ssh/ssh_config
etc/ssh/sshd_config
etc/ssl/openssl.cnf
etc/sudoers
etc/sysconfig/firewall.local
etc/sysconfig/rc.local
etc/udev/rules.d/30-persistent-network.rules
srv/web/ipfire/html/proxy.pac
var/ipfire/ovpn
var/log/cache
var/state/dhcp/dhcpd.leases
var/updatecache

1
config/rootfiles/oldcore/83/filelists/bash Symbolic link
View File

@@ -0,0 +1 @@
../../../common/bash

6
config/rootfiles/oldcore/83/filelists/files Normal file
View File

@@ -0,0 +1,6 @@
etc/system-release
etc/issue
srv/web/ipfire/cgi-bin/logs.cgi/ids.dat
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/urlfilter.cgi
var/ipfire/general-functions.pl

1
config/rootfiles/oldcore/83/filelists/findutils Symbolic link
View File

@@ -0,0 +1 @@
../../../common/findutils

1
config/rootfiles/oldcore/83/filelists/squid Symbolic link
View File

@@ -0,0 +1 @@
../../../common/squid

1
config/rootfiles/oldcore/83/meta Normal file
View File

@@ -0,0 +1 @@
DEPS=""

59
config/rootfiles/oldcore/83/update.sh Normal file
View File

@@ -0,0 +1,59 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 3 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
# Remove old core updates from pakfire cache to save space...
core=83
for (( i=1; i<=$core; i++ ))
do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done
# Stop services
# Remove old files
# Extract files
extract_files
# reload init because glibc/linker changed
telinit -u
# Start services
# Update Language cache
perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
sync
# This update need a reboot...
touch /var/run/need_reboot
# Finish
/etc/init.d/fireinfo start
sendprofile
# Don't report the exitcode last command
exit 0

126
html/cgi-bin/firewall.cgi
View File

@@ -161,6 +161,22 @@ print<<END;
\$("#TIME_CONSTRAINTS").toggle();
});
// Limit concurrent connections per ip
if(!\$("#USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP").attr("checked")) {
\$("#LIMIT_CON").hide();
}
\$("#USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP").change(function() {
\$("#LIMIT_CON").toggle();
});
// Rate-limit new connections
if(!\$("#USE_RATELIMIT").attr("checked")) {
\$("#RATELIMIT").hide();
}
\$("#USE_RATELIMIT").change(function() {
\$("#RATELIMIT").toggle();
});
// Automatically select radio buttons when corresponding
// dropdown menu changes.
\$("select").change(function() {
@@ -222,8 +238,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
#check if we have an identical rule already
if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
foreach my $key (sort keys %configinputfw){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31],$configinputfw{$key}[32],$configinputfw{$key}[33],$configinputfw{$key}[34],$configinputfw{$key}[35],$configinputfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
@@ -241,14 +257,14 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
$fwdfwsettings{'oldrulenumber'}=$maxkey;
foreach my $key (sort keys %configinputfw){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31]"){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
eq "$configinputfw{$key}[0],$configinputfw{$key}[2],$configinputfw{$key}[3],$configinputfw{$key}[4],$configinputfw{$key}[5],$configinputfw{$key}[6],$configinputfw{$key}[7],$configinputfw{$key}[8],$configinputfw{$key}[9],$configinputfw{$key}[10],$configinputfw{$key}[11],$configinputfw{$key}[12],$configinputfw{$key}[13],$configinputfw{$key}[14],$configinputfw{$key}[15],$configinputfw{$key}[17],$configinputfw{$key}[18],$configinputfw{$key}[19],$configinputfw{$key}[20],$configinputfw{$key}[21],$configinputfw{$key}[22],$configinputfw{$key}[23],$configinputfw{$key}[24],$configinputfw{$key}[25],$configinputfw{$key}[26],$configinputfw{$key}[27],$configinputfw{$key}[28],$configinputfw{$key}[29],$configinputfw{$key}[30],$configinputfw{$key}[31],$configinputfw{$key}[32],$configinputfw{$key}[33],$configinputfw{$key}[34],$configinputfw{$key}[35],$configinputfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
}
}
}
#check if we just close a rule
if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'} ) {
if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$errormessage='';
$fwdfwsettings{'nosave2'} = 'on';
@@ -266,8 +282,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
my $maxkey=&General::findhasharraykey(\%configoutgoingfw);
if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
foreach my $key (sort keys %configoutgoingfw){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31],$configoutgoingfw{$key}[32],$configoutgoingfw{$key}[33],$configoutgoingfw{$key}[34],$configoutgoingfw{$key}[35],$configoutgoingfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
@@ -285,14 +301,14 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
$fwdfwsettings{'oldrulenumber'}=$maxkey;
foreach my $key (sort keys %configoutgoingfw){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31]"){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
eq "$configoutgoingfw{$key}[0],$configoutgoingfw{$key}[2],$configoutgoingfw{$key}[3],$configoutgoingfw{$key}[4],$configoutgoingfw{$key}[5],$configoutgoingfw{$key}[6],$configoutgoingfw{$key}[7],$configoutgoingfw{$key}[8],$configoutgoingfw{$key}[9],$configoutgoingfw{$key}[10],$configoutgoingfw{$key}[11],$configoutgoingfw{$key}[12],$configoutgoingfw{$key}[13],$configoutgoingfw{$key}[14],$configoutgoingfw{$key}[15],$configoutgoingfw{$key}[17],$configoutgoingfw{$key}[18],$configoutgoingfw{$key}[19],$configoutgoingfw{$key}[20],$configoutgoingfw{$key}[21],$configoutgoingfw{$key}[22],$configoutgoingfw{$key}[23],$configoutgoingfw{$key}[24],$configoutgoingfw{$key}[25],$configoutgoingfw{$key}[26],$configoutgoingfw{$key}[27],$configoutgoingfw{$key}[28],$configoutgoingfw{$key}[29],$configoutgoingfw{$key}[30],$configoutgoingfw{$key}[31],$configoutgoingfw{$key}[32],$configoutgoingfw{$key}[33],$configoutgoingfw{$key}[34],$configoutgoingfw{$key}[35],$configoutgoingfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
}
}
}
#check if we just close a rule
if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'} ) {
if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'nosave2'} = 'on';
$errormessage='';
@@ -312,8 +328,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
#check if we have an identical rule already
foreach my $key (sort keys %configfwdfw){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31],$configfwdfw{$key}[32],$configfwdfw{$key}[33],$configfwdfw{$key}[34],$configfwdfw{$key}[35],$configfwdfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
@@ -331,19 +347,35 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
if($fwdfwsettings{'rulepos'} > 0 && !$fwdfwsettings{'oldrulenumber'}){
$fwdfwsettings{'oldrulenumber'}=$maxkey;
foreach my $key (sort keys %configfwdfw){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'}"
eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31]"){
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
eq "$configfwdfw{$key}[0],$configfwdfw{$key}[2],$configfwdfw{$key}[3],$configfwdfw{$key}[4],$configfwdfw{$key}[5],$configfwdfw{$key}[6],$configfwdfw{$key}[7],$configfwdfw{$key}[8],$configfwdfw{$key}[9],$configfwdfw{$key}[10],$configfwdfw{$key}[11],$configfwdfw{$key}[12],$configfwdfw{$key}[13],$configfwdfw{$key}[14],$configfwdfw{$key}[15],$configfwdfw{$key}[18],$configfwdfw{$key}[19],$configfwdfw{$key}[20],$configfwdfw{$key}[21],$configfwdfw{$key}[22],$configfwdfw{$key}[23],$configfwdfw{$key}[24],$configfwdfw{$key}[25],$configfwdfw{$key}[26],$configfwdfw{$key}[27],$configfwdfw{$key}[28],$configfwdfw{$key}[29],$configfwdfw{$key}[30],$configfwdfw{$key}[31],$configfwdfw{$key}[32],$configfwdfw{$key}[33],$configfwdfw{$key}[34],$configfwdfw{$key}[35],$configfwdfw{$key}[36]"){
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
}
}
}
#check if we just close a rule
if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}) {
if( $fwdfwsettings{'oldgrp1a'} eq $fwdfwsettings{'grp1'} && $fwdfwsettings{'oldgrp1b'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'oldgrp2a'} eq $fwdfwsettings{'grp2'} && $fwdfwsettings{'oldgrp2b'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'oldgrp3a'} eq $fwdfwsettings{'grp3'} && $fwdfwsettings{'oldgrp3b'} eq $fwdfwsettings{$fwdfwsettings{'grp3'}} && $fwdfwsettings{'oldusesrv'} eq $fwdfwsettings{'USESRV'} && $fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'oldruletype'} eq $fwdfwsettings{'chain'}){
if($fwdfwsettings{'nosave'} eq 'on' && $fwdfwsettings{'updatefwrule'} eq 'on'){
$fwdfwsettings{'nosave2'} = 'on';
$errormessage='';
}
}
#check max concurrent connections per ip address
if ($fwdfwsettings{'LIMIT_CON_CON'} eq 'ON'){
if (!($fwdfwsettings{'concon'} =~ /^(\d+)$/)) {
$errormessage.=$Lang::tr{'fwdfw err concon'};
}
}else{
$fwdfwsettings{'concon'}='';
}
#check ratelimit value
if ($fwdfwsettings{'RATE_LIMIT'} eq 'ON'){
if (!($fwdfwsettings{'ratecon'} =~ /^(\d+)$/)) {
$errormessage.=$Lang::tr{'fwdfw err ratecon'};
}
}else{
$fwdfwsettings{'ratecon'}='';
}
#increase counters
if (!$errormessage){
if ($fwdfwsettings{'nosave2'} ne 'on'){
@@ -1064,7 +1096,6 @@ print<<END;
END
foreach my $network (sort keys %defaultNetworks)
{
next if($defaultNetworks{$network}{'NAME'} eq "RED" && $srctgt eq 'src');
next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
print "<option value='$defaultNetworks{$network}{'NAME'}'";
print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{$grp}} eq $defaultNetworks{$network}{'NAME'});
@@ -1517,6 +1548,11 @@ sub newrule
$fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order
$fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29];
$fwdfwsettings{'dnatport'} = $hash{$key}[30];
$fwdfwsettings{'LIMIT_CON_CON'} = $hash{$key}[32];
$fwdfwsettings{'concon'} = $hash{$key}[33];
$fwdfwsettings{'RATE_LIMIT'} = $hash{$key}[34];
$fwdfwsettings{'ratecon'} = $hash{$key}[35];
$fwdfwsettings{'RATETIME'} = $hash{$key}[36];
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
@@ -1534,12 +1570,15 @@ sub newrule
$checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
$checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
$checked{'nat'}{$fwdfwsettings{'nat'}} = 'CHECKED';
$checked{'LIMIT_CON_CON'}{$fwdfwsettings{'LIMIT_CON_CON'}} = 'CHECKED';
$checked{'RATE_LIMIT'}{$fwdfwsettings{'RATE_LIMIT'}} = 'CHECKED';
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
$selected{'ipfire_src'}{$fwdfwsettings{$fwdfwsettings{'grp1'}}} ='selected';
$selected{'dnat'}{$fwdfwsettings{'dnat'}} ='selected';
$selected{'snat'}{$fwdfwsettings{'snat'}} ='selected';
$selected{'RATETIME'}{$fwdfwsettings{'RATETIME'}} ='selected';
}
}
$fwdfwsettings{'oldgrp1a'}=$fwdfwsettings{'grp1'};
@@ -1552,6 +1591,11 @@ sub newrule
$fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
$fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
$fwdfwsettings{'oldruletype'}=$fwdfwsettings{'chain'};
$fwdfwsettings{'oldconcon'}=$fwdfwsettings{'LIMIT_CON_CON'};
$fwdfwsettings{'olduseratelimit'}=$fwdfwsettings{'RATE_LIMIT'};
$fwdfwsettings{'olduseratelimitamount'}=$fwdfwsettings{'ratecon'};
$fwdfwsettings{'oldratelimittime'}=$fwdfwsettings{'RATETIME'};
#check if manual ip (source) is orange network
if ($fwdfwsettings{'grp1'} eq 'src_addr'){
my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
@@ -1573,6 +1617,7 @@ sub newrule
$fwdfwsettings{'oldusesrv'}=$fwdfwsettings{'USESRV'};
$fwdfwsettings{'oldruleremark'}=$fwdfwsettings{'ruleremark'};
$fwdfwsettings{'oldnat'}=$fwdfwsettings{'USE_NAT'};
$fwdfwsettings{'oldconcon'}=$fwdfwsettings{'LIMIT_CON_CON'};
#check if manual ip (source) is orange network
if ($fwdfwsettings{'grp1'} eq 'src_addr'){
my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}});
@@ -2012,6 +2057,44 @@ END
</table>
</td>
</tr>
<tr>
<td width='1%'>
<input type='checkbox' name='LIMIT_CON_CON' id="USE_LIMIT_CONCURRENT_CONNECTIONS_PER_IP" value='ON' $checked{'LIMIT_CON_CON'}{'ON'}>
</td>
<td>$Lang::tr{'fwdfw limitconcon'}</td>
</tr>
<tr id="LIMIT_CON">
<td colspan='2'>
<table width='66%' border='0'>
<tr>
<td width="20em">&nbsp;</td>
<td>$Lang::tr{'fwdfw maxconcon'}: <input type='text' name='concon' size='2' value="$fwdfwsettings{'concon'}"></td>
</tr>
</table>
</td>
</tr>
<tr>
<td width='1%'>
<input type='checkbox' name='RATE_LIMIT' id="USE_RATELIMIT" value='ON' $checked{'RATE_LIMIT'}{'ON'}>
</td>
<td>$Lang::tr{'fwdfw ratelimit'}</td>
</tr>
<tr id="RATELIMIT">
<td colspan='2'>
<table width='66%' border='0'>
<tr>
<td width="20em">&nbsp;</td>
<td>$Lang::tr{'fwdfw numcon'}: <input type='text' name='ratecon' size='2' value="$fwdfwsettings{'ratecon'}"> /
<select name='RATETIME' style='width:100px;'>
<option value='second' $selected{'RATETIME'}{'second'}>$Lang::tr{'age second'}</option>
<option value='minute' $selected{'RATETIME'}{'minute'}>$Lang::tr{'minute'}</option>
<option value='hour' $selected{'RATETIME'}{'hour'}>$Lang::tr{'hour'}</option>
</select>
</td>
</tr>
</table>
</td>
</tr>
</table>
<br>
END
@@ -2044,6 +2127,7 @@ END
<input type='hidden' name='oldorange' value='$fwdfwsettings{'oldorange'}' />
<input type='hidden' name='oldnat' value='$fwdfwsettings{'oldnat'}' />
<input type='hidden' name='oldruletype' value='$fwdfwsettings{'oldruletype'}' />
<input type='hidden' name='oldconcon' value='$fwdfwsettings{'oldconcon'}' />
<input type='hidden' name='ACTION' value='saverule' ></form><form method='post' style='display:inline'><input type='submit' value='$Lang::tr{'fwhost back'}' style='min-width:100px;'><input type='hidden' name='ACTION' value'reset'></td></td>
</table></form>
END
@@ -2180,6 +2264,11 @@ sub saverule
$$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
$$hash{$key}[30] = $fwdfwsettings{'dnatport'};
$$hash{$key}[31] = $fwdfwsettings{'nat'};
$$hash{$key}[32] = $fwdfwsettings{'LIMIT_CON_CON'};
$$hash{$key}[33] = $fwdfwsettings{'concon'};
$$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
$$hash{$key}[35] = $fwdfwsettings{'ratecon'};
$$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
&General::writehasharray("$config", $hash);
}else{
foreach my $key (sort {$a <=> $b} keys %$hash){
@@ -2216,6 +2305,11 @@ sub saverule
$$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
$$hash{$key}[30] = $fwdfwsettings{'dnatport'};
$$hash{$key}[31] = $fwdfwsettings{'nat'};
$$hash{$key}[32] = $fwdfwsettings{'LIMIT_CON_CON'};
$$hash{$key}[33] = $fwdfwsettings{'concon'};
$$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
$$hash{$key}[35] = $fwdfwsettings{'ratecon'};
$$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
last;
}
}

49
html/cgi-bin/fwhosts.cgi
View File

@@ -291,42 +291,13 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' )
$errormessage=$errormessage.$Lang::tr{'fwhost err sub32'};
}
if($fwhostsettings{'error'} ne 'on'){
#check if we use one of ipfire's networks (green,orange,blue)
if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && ($fwhostsettings{'IP'} eq $ownnet{'GREEN_NETADDRESS'} && $fwhostsettings{'SUBNET'} eq $ownnet{'GREEN_NETMASK'}))
{
$errormessage=$errormessage.$Lang::tr{'ccd err green'}."<br>";
$fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
}
if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && ($fwhostsettings{'IP'} eq $ownnet{'ORANGE_NETADDRESS'} && $fwhostsettings{'SUBNET'} eq $ownnet{'ORANGE_NETMASK'}))
{
$errormessage=$errormessage.$Lang::tr{'ccd err orange'}."<br>";
$fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
}
if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && ($fwhostsettings{'IP'} eq $ownnet{'BLUE_NETADDRESS'} && $fwhostsettings{'SUBNET'} eq $ownnet{'BLUE_NETMASK'}))
{
$errormessage=$errormessage.$Lang::tr{'ccd err blue'}."<br>";
$fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
}
if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && ($fwhostsettings{'IP'} eq $ownnet{'RED_NETADDRESS'} && $fwhostsettings{'SUBNET'} eq $ownnet{'RED_NETMASK'}))
{
$errormessage=$errormessage.$Lang::tr{'ccd err red'}."<br>";
$fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
if ($fwhostsettings{'update'} eq 'on'){$fwhostsettings{'ACTION'}='editnet';}
}
my $fullip="$fwhostsettings{'IP'}/".&General::iporsubtocidr($fwhostsettings{'SUBNET'});
$errormessage=$errormessage.&General::checksubnets($fwhostsettings{'HOSTNAME'},$fullip,"");
}
#only check plausi when no error till now
if (!$errormessage){
&plausicheck("editnet");
}
#check if network ip is part of an already used one
if(&checksubnet(\%customnetwork))
{
$errormessage=$errormessage.$Lang::tr{'fwhost err partofnet'};
$fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
}
if($fwhostsettings{'actualize'} eq 'on' && $fwhostsettings{'newnet'} ne 'on' && $errormessage)
{
$fwhostsettings{'actualize'} = '';
@@ -338,9 +309,8 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' )
$customnetwork{$key}[3] = $fwhostsettings{'orgnetremark'};
&General::writehasharray("$confignet", \%customnetwork);
undef %customnetwork;
}
}
if (!$errormessage){
&General::readhasharray("$confignet", \%customnetwork);
if ($fwhostsettings{'ACTION'} eq 'updatenet'){
if ($fwhostsettings{'update'} == '0'){
@@ -392,7 +362,7 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' )
&General::writehasharray("$fwconfiginp", \%fwinp);
}
}
}
}
my $key = &General::findhasharraykey (\%customnetwork);
foreach my $i (0 .. 3) { $customnetwork{$key}[$i] = "";}
$fwhostsettings{'SUBNET'} = &General::iporsubtocidr($fwhostsettings{'SUBNET'});
@@ -416,7 +386,8 @@ if ($fwhostsettings{'ACTION'} eq 'savenet' )
}
&addnet;
&viewtablenet;
}else {
}else{
$fwhostsettings{'HOSTNAME'} = $fwhostsettings{'orgname'};
&addnet;
&viewtablenet;
}
@@ -1644,7 +1615,10 @@ sub getcolor
$tdcolor="<font style='color: $Header::colourblue;'>$c</font>";
return $tdcolor;
}
if ("$sip/$scidr" eq "0.0.0.0/0"){
$tdcolor="<font style='color: $Header::colourred;'>$c</font>";
return $tdcolor;
}
#Check if IP is part of OpenVPN N2N subnet
foreach my $key (sort keys %ccdhost){
if ($ccdhost{$key}[3] eq 'net'){
@@ -2501,6 +2475,9 @@ sub getipforgroup
&General::readhash("${General::swroot}/vpn/settings",\%hash);
return $hash{'RW_NET'};
}
if ($name eq 'RED'){
return "0.0.0.0/0";
}
}
}
sub decrease

2
html/cgi-bin/logs.cgi/ids.dat
View File

@@ -336,7 +336,7 @@ print <<END
END
;
if ($sid ne "n/a") {
print "<a href='http://www.snort.org/search/sid/$sid' ";
print "<a href='https://www.snort.org/rule_docs/$sid' ";
print "target='_blank'>$sid</a></td>\n";
} else {
print $sid;

84
html/cgi-bin/proxy.cgi
View File

@@ -3221,6 +3221,48 @@ END
print FILE "\n";
}
open (PORTS,"$acl_ports_ssl");
my @ssl_ports = <PORTS>;
close PORTS;
if (@ssl_ports) {
foreach (@ssl_ports) {
print FILE "acl SSL_ports port $_";
}
}
open (PORTS,"$acl_ports_safe");
my @safe_ports = <PORTS>;
close PORTS;
if (@safe_ports) {
foreach (@safe_ports) {
print FILE "acl Safe_ports port $_";
}
}
print FILE <<END
acl IPFire_http port $http_port
acl IPFire_https port $https_port
acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
acl IPFire_networks src "$acl_src_subnets"
acl IPFire_servers dst "$acl_src_subnets"
acl IPFire_green_network src $green_cidr
acl IPFire_green_servers dst $green_cidr
END
;
if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
print FILE <<END
acl CONNECT method CONNECT
END
;
if ($proxysettings{'CACHE_SIZE'} > 0) {
print FILE <<END
maximum_object_size $proxysettings{'MAX_SIZE'} KB
@@ -3502,48 +3544,6 @@ END
print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
}
open (PORTS,"$acl_ports_ssl");
my @ssl_ports = <PORTS>;
close PORTS;
if (@ssl_ports) {
foreach (@ssl_ports) {
print FILE "acl SSL_ports port $_";
}
}
open (PORTS,"$acl_ports_safe");
my @safe_ports = <PORTS>;
close PORTS;
if (@safe_ports) {
foreach (@safe_ports) {
print FILE "acl Safe_ports port $_";
}
}
print FILE <<END
acl IPFire_http port $http_port
acl IPFire_https port $https_port
acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
acl IPFire_networks src "$acl_src_subnets"
acl IPFire_servers dst "$acl_src_subnets"
acl IPFire_green_network src $green_cidr
acl IPFire_green_servers dst $green_cidr
END
;
if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
print FILE <<END
acl CONNECT method CONNECT
END
;
if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
print FILE <<END

14
html/cgi-bin/urlfilter.cgi
View File

@@ -935,7 +935,7 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
close FILE;
system("rm -f $dbdir/$besettings{'BE_NAME'}/*.db");
system("/usr/sbin/squidGuard -c $editdir/install.conf -C all");
system("/usr/bin/squidGuard -c $editdir/install.conf -C all");
system("chmod a+w $dbdir/$besettings{'BE_NAME'}/*.db");
&readblockcategories;
@@ -2722,9 +2722,9 @@ sub setpermissions
sub writeconfigfile
{
my $executables = "\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
my $audiovideo = "\\.\(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$";
my $archives = "\\.\(bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
my $executables = "/[^/]*\\.\(ade|adp|asx|bas|bat|chm|com|cmd|cpl|crt|dll|eml|exe|hiv|hlp|hta|inc|inf|ins|isp|jse|jtd|lnk|msc|msh|msi|msp|mst|nws|ocx|oft|ops|pcd|pif|plx|reg|scr|sct|sha|shb|shm|shs|sys|tlb|tsp|url|vbe|vbs|vxd|wsc|wsf|wsh\)\$";
my $audiovideo = "/[^/]*\\.\(aiff|asf|avi|dif|divx|flv|mkv|mov|movie|mp3|mp4|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wma|wmf|wmv\)\$";
my $archives = "/[^/]*\\.\(7z|bin|bz2|cab|cdr|dmg|gz|hqx|rar|smi|sit|sea|tar|tgz|zip\)\$";
my $ident = " anonymous";
@@ -2854,11 +2854,13 @@ sub writeconfigfile
if ($filtersettings{'ENABLE_SAFESEARCH'} eq 'on')
{
print FILE " # rewrite safesearch\n";
print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|frghp|froogle)\\?)(.*)(\\bsafe=\\w+)(.*)\@\\1\\3safe=strict\\5\@i\n";
print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|frghp|froogle)\\?)(.*)\@\\1safe=strict\\\&\\3\@i\n";
print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|nwshp|frghp|froogle)\\?)(.*)(\\bsafe=\\w+)(.*)\@\\1\\3safe=strict\\5\@i\n";
print FILE " s@(.*\\Wgoogle\\.\\w+/(webhp|search|imghp|images|grphp|groups|nwshp|frghp|froogle)\\?)(.*)\@\\1safe=strict\\\&\\3\@i\n";
print FILE " s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W)(.*)(\\bvm=\\w+)(.*)\@\\1\\2vm=r\\4\@i\n";
print FILE " s@(.*\\Wsearch\\.yahoo\\.\\w+/search\\W.*)\@\\1\\\&vm=r\@i\n";
print FILE " s@(.*\\Walltheweb\\.com/customize\\?)(.*)(\\bcopt_offensive=\\w+)(.*)\@\\1\\2copt_offensive=on\\4\@i\n";
print FILE " s@(.*\\Wbing\\.\\w+/)(.*)(\\badlt=\\w+)(.*)\@\\1\\2adlt=strict\\4\@i\n";
print FILE " s@(.*\\Wbing\\.\\w+/.*)\@\\1\\\&adlt=strict\@i\n";
}
print FILE "}\n\n";

8
langs/de/cgi-bin/de.pl
View File

@@ -982,12 +982,14 @@
'fwdfw dnat porterr' => 'Für NAT-Regeln muss ein einzelner Port oder Portbereich angegeben werden.',
'fwdfw dnat porterr2' => 'Externer Port (NAT) darf nur angegeben werden, wenn ein Ziel-Port definiert ist.',
'fwdfw edit' => 'Bearbeiten',
'fwdfw err concon' => 'Ungültige Zahl für gleichzeitige Verbindungen',
'fwdfw err nosrc' => 'Keine Quelle ausgewählt',
'fwdfw err nosrcip' => 'Bitte Quell-IP-Adresse angeben',
'fwdfw err notgt' => 'Kein Ziel ausgewählt',
'fwdfw err notgtip' => 'Bitte Ziel-IP-Adresse angeben',
'fwdfw err prot_port' => 'Bei dem gewählten Protokoll sind Quell- und Zielport nicht erlaubt',
'fwdfw err prot_port1' => 'Bei Nutzung von Quell- oder Zielport muss als Protokoll TCP oder UDP gewählt werden.',
'fwdfw err ratecon' => 'Ungültiger Wert bei Anzahl der Verbindungen für Ratenlimitierung',
'fwdfw err remark' => 'Die Bemerkung enthält ungültige Zeichen',
'fwdfw err ruleexists' => 'Eine identische Regel existiert bereits',
'fwdfw err same' => 'Quelle und Ziel sind identisch',
@@ -1006,15 +1008,18 @@
'fwdfw hint mac' => 'Sie nutzen MAC-Adressen in der Zielgruppe. Diese werden bei der Regelerstellung übersprungen.',
'fwdfw iface' => 'Interface',
'fwdfw ipsec network' => 'IPsec-Netzwerke:',
'fwdfw limitconcon' => 'Beschränke gleichzeitige Verbindungen je IP-Adresse',
'fwdfw log' => 'Log',
'fwdfw log rule' => 'Logging aktivieren',
'fwdfw man port' => 'Port(s):',
'fwdfw many' => 'Diverse',
'fwdfw maxconcon' => 'Max. gleichzeitige Verbindungen',
'fwdfw menu' => 'Firewall',
'fwdfw movedown' => 'Herunter',
'fwdfw moveup' => 'Herauf',
'fwdfw natport used' => 'Der eingegebene Port wird bereits von einer anderen DNAT-Regel benutzt.',
'fwdfw newrule' => 'Neue Regel erstellen',
'fwdfw numcon' => 'Anzahl der Verbindungen',
'fwdfw p2p txt' => 'P2P-Netzwerke erlauben/verbieten.',
'fwdfw pol allow' => 'Zugelassen',
'fwdfw pol block' => 'Blockiert',
@@ -1023,6 +1028,7 @@
'fwdfw pol title' => 'Standardverhalten der Firewall',
'fwdfw prot41' => 'IPv6 Encapsulation (Protokoll 41)',
'fwdfw prot41 short' => 'IPv6 Encap',
'fwdfw ratelimit' => 'Ratenlimitierung für neue Verbindungen',
'fwdfw red' => 'ROT',
'fwdfw reread' => 'Änderungen übernehmen',
'fwdfw rule action' => 'Regelaktion:',
@@ -1111,7 +1117,7 @@
'fwhost err remark' => 'Ungültige Bemerkung. Erlaubte Zeichen: Klein- und Großbuchstaben, Bindestrich, Unterstrich, Runde Klammern, Semikolon, Punkt.',
'fwhost err srv exists' => 'Ein Service mit diesem Namen existiert bereits',
'fwhost err srvexist' => 'Dieser Dienst ist bereits in der Gruppe',
'fwhost err sub32' => 'Bitte einen einzelnen Host hinzufügen, keine Netzwerke',
'fwhost err sub32' => 'Bitte Netzwerke hinzufügen, keinen einzelnen Host',
'fwhost green' => 'Grün',
'fwhost hint' => 'Hinweis',
'fwhost hosts' => 'Firewall-Hosts',

12
langs/en/cgi-bin/en.pl
View File

@@ -1009,12 +1009,14 @@
'fwdfw dnat porterr' => 'You have to select a single port or portrange (tcp/udp) for NAT',
'fwdfw dnat porterr2' => 'Cannot use external port (NAT) when no destination port is defined.',
'fwdfw edit' => 'Edit',
'fwdfw err concon' => 'Invalid number for concurrent connections',
'fwdfw err nosrc' => 'No source selected.',
'fwdfw err nosrcip' => 'Please provide a source IP address.',
'fwdfw err notgt' => 'No destination selected.',
'fwdfw err notgtip' => 'Please provide a destination IP address.',
'fwdfw err prot_port' => 'Source- or targetport are not allowed with selected protocol',
'fwdfw err prot_port1' => 'When using Source- or targetport you have to select TCP or UDP for protocol',
'fwdfw err ratecon' => 'Invalid value for connections in Rate-limit',
'fwdfw err remark' => 'Invalid characters in remark.',
'fwdfw err ruleexists' => 'This rule already exists.',
'fwdfw err same' => 'Source and destination are identical.',
@@ -1033,15 +1035,18 @@
'fwdfw hint mac' => 'The destination group contains MAC addresses, which will be skipped during rule creation.',
'fwdfw iface' => 'Interface',
'fwdfw ipsec network' => 'IPsec networks:',
'fwdfw limitconcon' => 'Limit concurrent connections per IP address',
'fwdfw log' => 'Log',
'fwdfw log rule' => 'Log rule',
'fwdfw man port' => 'Port(s):',
'fwdfw many' => 'Many',
'fwdfw maxconcon' => 'Max. concurrent connections',
'fwdfw menu' => 'Firewall',
'fwdfw movedown' => 'Move down',
'fwdfw moveup' => 'Move up',
'fwdfw natport used' => 'The given port for NAPT is already in use by an other DNAT rule.',
'fwdfw newrule' => 'New rule',
'fwdfw numcon' => 'Number of connections',
'fwdfw p2p txt' => 'Grant/deny access to P2P networks.',
'fwdfw pol allow' => 'Allowed',
'fwdfw pol block' => 'Blocked',
@@ -1050,6 +1055,7 @@
'fwdfw pol title' => 'Default firewall behaviour',
'fwdfw prot41' => 'IPv6 Encapsulation (Protocol 41)',
'fwdfw prot41 short' => 'IPv6 Encap',
'fwdfw ratelimit' => 'Rate-limit new connections',
'fwdfw red' => 'RED',
'fwdfw reread' => 'Apply changes',
'fwdfw rule action' => 'Rule action:',
@@ -1138,7 +1144,7 @@
'fwhost err remark' => 'Invalid remark. Allowed characters: Upper- and lowercase letters, digits, space, dash, braces, semicolon, pipe and dot.',
'fwhost err srv exists' => 'A service with the same name already exists',
'fwhost err srvexist' => 'This service already exists in the group',
'fwhost err sub32' => 'Please add a single host, not a network.',
'fwhost err sub32' => 'Please add a network, not a single host',
'fwhost green' => 'Green',
'fwhost hint' => 'Note',
'fwhost hosts' => 'Firewall Hosts',
@@ -2108,8 +2114,8 @@
'swap usage per' => 'Swap usage per',
'system' => 'System',
'system graphs' => 'System Graphs',
'system has hwrng' => 'This system has got a hardware random number generator.',
'system has rdrand' => 'This system has got support for Intel(R) RDRAND.',
'system has hwrng' => 'This system has a hardware random number generator.',
'system has rdrand' => 'This system has support for Intel(R) RDRAND.',
'system information' => 'System Information',
'system log viewer' => 'System Log Viewer',
'system logs' => 'System Logs',

4
lfs/bash
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -87,7 +87,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
sed -e "s/filename, RTLD_LAZY/filename, RTLD_NOW/" \
-i $(DIR_APP)/builtins/enable.def
for i in $$(seq 1 26); do \
for i in $$(seq 1 27); do \
cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash/bash43-$$(printf "%03d" "$${i}") || exit 1; \
done

8
lfs/dnsmasq
View File

@@ -24,7 +24,7 @@
include Config
VER = 2.71
VER = 2.72
THISAPP = dnsmasq-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 9e2e4d59c75e71ee3ca817ff0f9be69e
$(DL_FILE)_MD5 = 0256e0a71e27c8d8a5c89a0d18f3cfe2
install : $(TARGET)
@@ -72,9 +72,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-support-nettle-3.0.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.70-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.72rc2-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \
-e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
-e 's|/\* #define HAVE_DNSSEC \*/|#define HAVE_DNSSEC|g' \

6
lfs/glibc
View File

@@ -268,6 +268,12 @@ endif
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh966775.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh966778.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh970090.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1008310.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1022022.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1091162.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1098050.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1133809-1.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1133809-2.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch

4
lfs/squid
View File

@@ -24,7 +24,7 @@
include Config
VER = 3.4.5
VER = 3.4.7
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = a831efb36cfbaa419f8dc7a43cba72c9
$(DL_FILE)_MD5 = 74677634121649ccb87a5655fcd4298d
install : $(TARGET)

2
lfs/squid-accounting
View File

@@ -15,7 +15,7 @@ THISAPP = squid-accounting-$(VER)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = squid-accounting
PAK_VER = 2
PAK_VER = 3
DEPS = "perl-DBI perl-DBD-SQLite perl-File-ReadBackwards perl-PDF-API2 sendEmail"

4
make.sh
View File

@@ -25,8 +25,8 @@
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.15" # Version number
CORE="82" # Core Level (Filename)
PAKFIRE_CORE="82" # Core Level (PAKFIRE)
CORE="84" # Core Level (Filename)
PAKFIRE_CORE="83" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir

14
src/initscripts/init.d/firewall
View File

@@ -402,21 +402,11 @@ case "$1" in
boot_mesg "Setting up firewall"
iptables_init
evaluate_retval
# run local firewall configuration, if present
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local start
fi
;;
reload|up)
boot_mesg "Reloading firewall"
iptables_red_up
evaluate_retval
# run local firewall configuration, if present
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local reload
fi
;;
down)
boot_mesg "Disabling firewall access to RED"
@@ -424,10 +414,6 @@ case "$1" in
evaluate_retval
;;
restart)
# run local firewall configuration, if present
if [ -x /etc/sysconfig/firewall.local ]; then
/etc/sysconfig/firewall.local stop
fi
$0 start
;;
*)

7
src/initscripts/init.d/network
View File

@@ -18,7 +18,6 @@ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
init_networking() {
/etc/rc.d/init.d/dnsmasq start
/etc/rc.d/init.d/static-routes start
}
DO="${1}"
@@ -26,7 +25,7 @@ shift
if [ -n "${1}" ]; then
ALL=0
for i in green red blue orange; do
for i in green red blue orange; do
eval "${i}=0"
done
else
@@ -68,7 +67,9 @@ case "${DO}" in
rm -f /var/ipfire/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
[ "$AUTOCONNECT" == "off" ] || /etc/rc.d/init.d/networking/red start
fi
fi
fi
/etc/rc.d/init.d/static-routes start
;;
stop)

3
src/paks/squid-accounting/install.sh
View File

@@ -31,5 +31,8 @@ if [ ! -f /var/ipfire/accounting/acct.db ]; then
chmod 644 /var/ipfire/accounting/acct.db
chown nobody.nobody /var/ipfire/accounting/acct.db
fi
#Set right permissions of directory /srv/web/ipfire/html/accounting
chown -R nobody.nobody /srv/web/ipfire/html/accounting
chmod 755 -R /srv/web/ipfire/html/accounting
rm -f /var/ipfire/accounting/dbinstall.pl
/usr/local/bin/update-lang-cache

104
src/patches/bash/bash32-052 Normal file
View File

@@ -0,0 +1,104 @@
BASH PATCH REPORT
=================
Bash-Release: 3.2
Patch-ID: bash32-052
Bug-Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
Bug-Reference-ID:
Bug-Reference-URL:
Bug-Description:
Under certain circumstances, bash will execute user code while processing the
environment for exported function definitions.
Patch (apply with `patch -p0'):
*** ../bash-3.2.51/builtins/common.h 2006-03-06 09:38:44.000000000 -0500
--- builtins/common.h 2014-09-16 19:08:02.000000000 -0400
***************
*** 34,37 ****
--- 34,39 ----
/* Flags for describe_command, shared between type.def and command.def */
+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */
+ #define SEVAL_ONECMD 0x100 /* only allow a single command */
#define CDESC_ALL 0x001 /* type -a */
#define CDESC_SHORTDESC 0x002 /* command -V */
*** ../bash-3.2.51/builtins/evalstring.c 2008-11-15 17:47:04.000000000 -0500
--- builtins/evalstring.c 2014-09-16 19:08:02.000000000 -0400
***************
*** 235,238 ****
--- 235,246 ----
struct fd_bitmap *bitmap;
+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+ {
+ internal_warning ("%s: ignoring function definition attempt", from_file);
+ should_jump_to_top_level = 0;
+ last_result = last_command_exit_value = EX_BADUSAGE;
+ break;
+ }
+
bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
begin_unwind_frame ("pe_dispose");
***************
*** 292,295 ****
--- 300,306 ----
dispose_fd_bitmap (bitmap);
discard_unwind_frame ("pe_dispose");
+
+ if (flags & SEVAL_ONECMD)
+ break;
}
}
*** ../bash-3.2.51/variables.c 2008-11-15 17:15:06.000000000 -0500
--- variables.c 2014-09-16 19:10:39.000000000 -0400
***************
*** 319,328 ****
strcpy (temp_string + char_index + 1, string);
! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
!
! /* Ancient backwards compatibility. Old versions of bash exported
! functions like name()=() {...} */
! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
! name[char_index - 2] = '\0';
if (temp_var = find_function (name))
--- 319,326 ----
strcpy (temp_string + char_index + 1, string);
! /* Don't import function names that are invalid identifiers from the
! environment. */
! if (legal_identifier (name))
! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
if (temp_var = find_function (name))
***************
*** 333,340 ****
else
report_error (_("error importing function definition for `%s'"), name);
-
- /* ( */
- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
- name[char_index - 2] = '('; /* ) */
}
#if defined (ARRAY_VARS)
--- 331,334 ----
*** ../bash-3.2/patchlevel.h Thu Apr 13 08:31:04 2006
--- patchlevel.h Mon Oct 16 14:22:54 2006
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 51
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 52
#endif /* _PATCHLEVEL_H_ */

54
src/patches/bash/bash32-053 Normal file
View File

@@ -0,0 +1,54 @@
BASH PATCH REPORT
=================
Bash-Release: 3.2
Patch-ID: bash32-053
Bug-Reported-by: Tavis Ormandy <taviso () cmpxchg8b com>
Bug-Reference-ID:
Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929
Bug-Description:
Under certain circumstances, bash can incorrectly save a lookahead character and
return it on a subsequent call, even when reading a new line.
Patch:
*** ../bash-3.2.52/parse.y 2008-04-29 21:24:55.000000000 -0400
--- parse.y 2014-09-25 16:18:41.000000000 -0400
***************
*** 2504,2507 ****
--- 2504,2509 ----
word_desc_to_read = (WORD_DESC *)NULL;
+ eol_ungetc_lookahead = 0;
+
last_read_token = '\n';
token_to_read = '\n';
*** ../bash-3.2.52/y.tab.c 2006-09-25 08:15:16.000000000 -0400
--- y.tab.c 2014-09-25 20:28:17.000000000 -0400
***************
*** 3833,3836 ****
--- 3833,3838 ----
word_desc_to_read = (WORD_DESC *)NULL;
+ eol_ungetc_lookahead = 0;
+
last_read_token = '\n';
token_to_read = '\n';
*** ../bash-3.2/patchlevel.h Thu Apr 13 08:31:04 2006
--- patchlevel.h Mon Oct 16 14:22:54 2006
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 52
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 53
#endif /* _PATCHLEVEL_H_ */

221
src/patches/bash/bash43-027 Normal file
View File

@@ -0,0 +1,221 @@
BASH PATCH REPORT
=================
Bash-Release: 4.3
Patch-ID: bash43-027
Bug-Reported-by: Florian Weimer <fweimer@redhat.com>
Bug-Reference-ID:
Bug-Reference-URL:
Bug-Description:
This patch changes the encoding bash uses for exported functions to avoid
clashes with shell variables and to avoid depending only on an environment
variable's contents to determine whether or not to interpret it as a shell
function.
Patch (apply with `patch -p0'):
*** ../bash-4.3.26/variables.c 2014-09-25 23:02:18.000000000 -0400
--- variables.c 2014-09-27 20:52:04.000000000 -0400
***************
*** 84,87 ****
--- 84,92 ----
#define ifsname(s) ((s)[0] == 'I' && (s)[1] == 'F' && (s)[2] == 'S' && (s)[3] == '\0')
+ #define BASHFUNC_PREFIX "BASH_FUNC_"
+ #define BASHFUNC_PREFLEN 10 /* == strlen(BASHFUNC_PREFIX */
+ #define BASHFUNC_SUFFIX "%%"
+ #define BASHFUNC_SUFFLEN 2 /* == strlen(BASHFUNC_SUFFIX) */
+
extern char **environ;
***************
*** 280,284 ****
static void dispose_temporary_env __P((sh_free_func_t *));
! static inline char *mk_env_string __P((const char *, const char *));
static char **make_env_array_from_var_list __P((SHELL_VAR **));
static char **make_var_export_array __P((VAR_CONTEXT *));
--- 285,289 ----
static void dispose_temporary_env __P((sh_free_func_t *));
! static inline char *mk_env_string __P((const char *, const char *, int));
static char **make_env_array_from_var_list __P((SHELL_VAR **));
static char **make_var_export_array __P((VAR_CONTEXT *));
***************
*** 350,369 ****
/* If exported function, define it now. Don't import functions from
the environment in privileged mode. */
! if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
{
string_length = strlen (string);
! temp_string = (char *)xmalloc (3 + string_length + char_index);
! strcpy (temp_string, name);
! temp_string[char_index] = ' ';
! strcpy (temp_string + char_index + 1, string);
/* Don't import function names that are invalid identifiers from the
environment, though we still allow them to be defined as shell
variables. */
! if (legal_identifier (name))
! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
! if (temp_var = find_function (name))
{
VSETATTR (temp_var, (att_exported|att_imported));
--- 355,385 ----
/* If exported function, define it now. Don't import functions from
the environment in privileged mode. */
! if (privmode == 0 && read_but_dont_execute == 0 &&
! STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) &&
! STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) &&
! STREQN ("() {", string, 4))
{
+ size_t namelen;
+ char *tname; /* desired imported function name */
+
+ namelen = char_index - BASHFUNC_PREFLEN - BASHFUNC_SUFFLEN;
+
+ tname = name + BASHFUNC_PREFLEN; /* start of func name */
+ tname[namelen] = '\0'; /* now tname == func name */
+
string_length = strlen (string);
! temp_string = (char *)xmalloc (namelen + string_length + 2);
! memcpy (temp_string, tname, namelen);
! temp_string[namelen] = ' ';
! memcpy (temp_string + namelen + 1, string, string_length + 1);
/* Don't import function names that are invalid identifiers from the
environment, though we still allow them to be defined as shell
variables. */
! if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname)))
! parse_and_execute (temp_string, tname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
! if (temp_var = find_function (tname))
{
VSETATTR (temp_var, (att_exported|att_imported));
***************
*** 378,383 ****
}
last_command_exit_value = 1;
! report_error (_("error importing function definition for `%s'"), name);
}
}
#if defined (ARRAY_VARS)
--- 394,402 ----
}
last_command_exit_value = 1;
! report_error (_("error importing function definition for `%s'"), tname);
}
+
+ /* Restore original suffix */
+ tname[namelen] = BASHFUNC_SUFFIX[0];
}
#if defined (ARRAY_VARS)
***************
*** 2955,2959 ****
INVALIDATE_EXPORTSTR (var);
! var->exportstr = mk_env_string (name, value);
array_needs_making = 1;
--- 2974,2978 ----
INVALIDATE_EXPORTSTR (var);
! var->exportstr = mk_env_string (name, value, 0);
array_needs_making = 1;
***************
*** 3853,3871 ****
static inline char *
! mk_env_string (name, value)
const char *name, *value;
{
! int name_len, value_len;
! char *p;
name_len = strlen (name);
value_len = STRLEN (value);
! p = (char *)xmalloc (2 + name_len + value_len);
! strcpy (p, name);
! p[name_len] = '=';
if (value && *value)
! strcpy (p + name_len + 1, value);
else
! p[name_len + 1] = '\0';
return (p);
}
--- 3872,3911 ----
static inline char *
! mk_env_string (name, value, isfunc)
const char *name, *value;
+ int isfunc;
{
! size_t name_len, value_len;
! char *p, *q;
name_len = strlen (name);
value_len = STRLEN (value);
!
! /* If we are exporting a shell function, construct the encoded function
! name. */
! if (isfunc && value)
! {
! p = (char *)xmalloc (BASHFUNC_PREFLEN + name_len + BASHFUNC_SUFFLEN + value_len + 2);
! q = p;
! memcpy (q, BASHFUNC_PREFIX, BASHFUNC_PREFLEN);
! q += BASHFUNC_PREFLEN;
! memcpy (q, name, name_len);
! q += name_len;
! memcpy (q, BASHFUNC_SUFFIX, BASHFUNC_SUFFLEN);
! q += BASHFUNC_SUFFLEN;
! }
! else
! {
! p = (char *)xmalloc (2 + name_len + value_len);
! memcpy (p, name, name_len);
! q = p + name_len;
! }
!
! q[0] = '=';
if (value && *value)
! memcpy (q + 1, value, value_len + 1);
else
! q[1] = '\0';
!
return (p);
}
***************
*** 3953,3957 ****
using the cached exportstr... */
list[list_index] = USE_EXPORTSTR ? savestring (value)
! : mk_env_string (var->name, value);
if (USE_EXPORTSTR == 0)
--- 3993,3997 ----
using the cached exportstr... */
list[list_index] = USE_EXPORTSTR ? savestring (value)
! : mk_env_string (var->name, value, function_p (var));
if (USE_EXPORTSTR == 0)
*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 26
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 27
#endif /* _PATCHLEVEL_H_ */

65
src/patches/dnsmasq-2.71-support-nettle-3.0.patch
View File

@@ -1,65 +0,0 @@
From cdb755c5f16a6768c3e8b1f345fe15fc9244228d Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 18 Jun 2014 20:52:53 +0100
Subject: [PATCH] Fix FTBFS with Nettle-3.0.
---
CHANGELOG | 3 +++
src/dnssec.c | 18 ++++++++++++------
2 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/src/dnssec.c b/src/dnssec.c
index 2ffb75d..69bfc29 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -28,6 +28,12 @@
#include <nettle/nettle-meta.h>
#include <nettle/bignum.h>
+/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
+ to detect Nettle-3, and invoke the backwards compatibility mode. */
+#ifdef dsa_params_init
+#include <nettle/dsa-compat.h>
+#endif
+
#define SERIAL_UNDEF -100
#define SERIAL_EQ 0
@@ -121,8 +127,8 @@ static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char
return 1;
}
-static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
- unsigned char *digest, int algo)
+static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+ unsigned char *digest, int algo)
{
unsigned char *p;
size_t exp_len;
@@ -173,8 +179,8 @@ static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned
return 0;
}
-static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
- unsigned char *digest, int algo)
+static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+ unsigned char *digest, int algo)
{
unsigned char *p;
unsigned int t;
@@ -293,10 +299,10 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
switch (algo)
{
case 1: case 5: case 7: case 8: case 10:
- return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+ return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
case 3: case 6:
- return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+ return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
#ifndef NO_NETTLE_ECC
case 13: case 14:
--
1.7.10.4

88
src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch
View File

@@ -1,88 +0,0 @@
From 063efb330a3f341c2548e2cf1f67f83e49cd6395 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 17 Jun 2014 19:49:31 +0100
Subject: [PATCH] Build config: add -DNO_GMP for use with nettle/mini-gmp
---
Makefile | 2 +-
bld/pkg-wrapper | 9 +++++++--
src/config.h | 7 +++++++
src/dnssec.c | 3 ++-
4 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index c58b50b..17eeb27 100644
--- a/Makefile
+++ b/Makefile
@@ -61,7 +61,7 @@ lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CON
lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1`
nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed`
nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed`
-gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --copy -lgmp`
+gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
diff --git a/bld/pkg-wrapper b/bld/pkg-wrapper
index 9f9332d..0ddb678 100755
--- a/bld/pkg-wrapper
+++ b/bld/pkg-wrapper
@@ -11,9 +11,14 @@ in=`cat`
if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
echo $in | grep $search >/dev/null 2>&1; then
-
+# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP
if [ $op = "--copy" ]; then
- pkg="$*"
+ if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
+ echo $in | grep $pkg >/dev/null 2>&1; then
+ pkg=""
+ else
+ pkg="$*"
+ fi
elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
pkg=`$pkg --static $op $*`
diff --git a/src/config.h b/src/config.h
index 2155544..ee6d218 100644
--- a/src/config.h
+++ b/src/config.h
@@ -105,6 +105,8 @@ HAVE_AUTH
define this to include the facility to act as an authoritative DNS
server for one or more zones.
+HAVE_DNSSEC
+ include DNSSEC validator.
NO_IPV6
NO_TFTP
@@ -118,6 +120,11 @@ NO_AUTH
which are enabled by default in the distributed source tree. Building dnsmasq
with something like "make COPTS=-DNO_SCRIPT" will do the trick.
+NO_NETTLE_ECC
+ Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions.
+NO_GMP
+ Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.
+
LEASEFILE
CONFFILE
RESOLVFILE
diff --git a/src/dnssec.c b/src/dnssec.c
index 44d626b..2ffb75d 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -26,7 +26,8 @@
# include <nettle/ecc-curve.h>
#endif
#include <nettle/nettle-meta.h>
-#include <gmp.h>
+#include <nettle/bignum.h>
+
#define SERIAL_UNDEF -100
#define SERIAL_EQ 0
--
1.7.10.4

30
src/patches/dnsmasq-2.70-Add-support-to-read-ISC-DHCP-lease-file.patch → src/patches/dnsmasq-2.72rc2-Add-support-to-read-ISC-DHCP-lease-file.patch
View File

@@ -1,18 +1,18 @@
diff --git a/Makefile b/Makefile
index 292c8bd..5e0cdbe 100644
index 58a7975..616c6b7 100644
--- a/Makefile
+++ b/Makefile
@@ -69,7 +69,7 @@ objs = cache.o rfc1035.o util.o option.o forward.o network.o \
dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \
- domain.o dnssec.o blockdata.o
+ domain.o dnssec.o blockdata.o isc.o
- domain.o dnssec.o blockdata.o tables.o loop.o
+ domain.o dnssec.o blockdata.o tables.o loop.o isc.o
hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
dns-protocol.h radv-protocol.h ip6addr.h
diff --git a/src/cache.c b/src/cache.c
index 5cec918..1f5657f 100644
index 2c3a498..77a7046 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -17,7 +17,7 @@
@@ -65,10 +65,10 @@ index 5cec918..1f5657f 100644
cache_hash(crec);
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 1c96a0e..156ac9a 100644
index f4a89fc..a448ec4 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -934,6 +934,11 @@ int main (int argc, char **argv)
@@ -940,6 +940,11 @@ int main (int argc, char **argv)
poll_resolv(0, daemon->last_resolv != 0, now);
daemon->last_resolv = now;
@@ -81,18 +81,24 @@ index 1c96a0e..156ac9a 100644
if (FD_ISSET(piperead, &rset))
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 3032546..a40b2a9 100644
index e74b15a..4a35168 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1447,3 +1447,8 @@ void slaac_add_addrs(struct dhcp_lease *lease, time_t now, int force);
time_t periodic_slaac(time_t now, struct dhcp_lease *leases);
@@ -1463,9 +1463,13 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases);
void slaac_ping_reply(struct in6_addr *sender, unsigned char *packet, char *interface, struct dhcp_lease *leases);
#endif
+
+/* isc.c */
+#ifdef HAVE_ISC_READER
+void load_dhcp(time_t now);
+#endif
+
/* loop.c */
#ifdef HAVE_LOOP
void loop_send_probes();
int detect_loop(char *query, int type);
#endif
-
diff --git a/src/isc.c b/src/isc.c
new file mode 100644
index 0000000..5106442
@@ -351,10 +357,10 @@ index 0000000..5106442
+
+#endif
diff --git a/src/option.c b/src/option.c
index daa728f..d16c982 100644
index 45d8875..29c9ee5 100644
--- a/src/option.c
+++ b/src/option.c
@@ -1642,7 +1642,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
@@ -1669,7 +1669,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
ret_err(_("bad MX target"));
break;

45
src/patches/glibc/glibc-rh1008310.patch Normal file
View File

@@ -0,0 +1,45 @@
diff -Nrup a/malloc/malloc.c b/malloc/malloc.c
--- a/malloc/malloc.c 2013-09-23 17:08:33.698331221 -0400
+++ b/malloc/malloc.c 2013-09-23 21:04:25.901270645 -0400
@@ -3879,6 +3879,13 @@ public_mEMALIGn(size_t alignment, size_t
/* Otherwise, ensure that it is at least a minimum chunk size */
if (alignment < MINSIZE) alignment = MINSIZE;
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - alignment - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
arena_get(ar_ptr, bytes + alignment + MINSIZE);
if(!ar_ptr)
return 0;
@@ -3924,6 +3931,13 @@ public_vALLOc(size_t bytes)
size_t pagesz = mp_.pagesize;
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - pagesz - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
__malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
__const __malloc_ptr_t)) =
force_reg (__memalign_hook);
@@ -3975,6 +3989,13 @@ public_pVALLOc(size_t bytes)
size_t page_mask = mp_.pagesize - 1;
size_t rounded_bytes = (bytes + page_mask) & ~(page_mask);
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
__malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
__const __malloc_ptr_t)) =
force_reg (__memalign_hook);

20
src/patches/glibc/glibc-rh1022022.patch Normal file
View File

@@ -0,0 +1,20 @@
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index 81e928a..05883bd 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -832,8 +832,13 @@ gaih_inet (const char *name, const struct gaih_service *service,
while (!no_more)
{
no_data = 0;
- nss_gethostbyname4_r fct4
- = __nss_lookup_function (nip, "gethostbyname4_r");
+ nss_gethostbyname4_r fct4 = NULL;
+
+ /* gethostbyname4_r sends out parallel A and AAAA queries and
+ is thus only suitable for PF_UNSPEC. */
+ if (req->ai_family == PF_UNSPEC)
+ fct4 = __nss_lookup_function (nip, "gethostbyname4_r");
+
if (fct4 != NULL)
{
int herrno;

58
src/patches/glibc/glibc-rh1091162.patch Normal file
View File

@@ -0,0 +1,58 @@
commit 362b47fe09ca9a928d444c7e2f7992f7f61bfc3e
Author: Maxim Kuvyrkov <maxim@kugelworks.com>
Date: Tue Dec 24 09:44:50 2013 +1300
Fix race in free() of fastbin chunk: BZ #15073
Perform sanity check only if we have_lock. Due to lockless nature of fastbins
we need to be careful derefencing pointers to fastbin entries (chunksize(old)
in this case) in multithreaded environments.
The fix is to add have_lock to the if-condition checks. The rest of the patch
only makes code more readable.
* malloc/malloc.c (_int_free): Perform sanity check only if we
have_lock.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index b1668b5..5e419ad 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3783,25 +3783,29 @@ _int_free(mstate av, mchunkptr p, int have_lock)
fb = &fastbin (av, idx);
#ifdef ATOMIC_FASTBINS
- mchunkptr fd;
- mchunkptr old = *fb;
+ /* Atomically link P to its fastbin: P->FD = *FB; *FB = P; */
+ mchunkptr old = *fb, old2;
unsigned int old_idx = ~0u;
do
{
- /* Another simple check: make sure the top of the bin is not the
- record we are going to add (i.e., double free). */
+ /* Check that the top of the bin is not the record we are going to add
+ (i.e., double free). */
if (__builtin_expect (old == p, 0))
{
errstr = "double free or corruption (fasttop)";
goto errout;
}
- if (old != NULL)
+ /* Check that size of fastbin chunk at the top is the same as
+ size of the chunk that we are adding. We can dereference OLD
+ only if we have the lock, otherwise it might have already been
+ deallocated. See use of OLD_IDX below for the actual check. */
+ if (have_lock && old != NULL)
old_idx = fastbin_index(chunksize(old));
- p->fd = fd = old;
+ p->fd = old2 = old;
}
- while ((old = catomic_compare_and_exchange_val_rel (fb, p, fd)) != fd);
+ while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2)) != old2);
- if (fd != NULL && __builtin_expect (old_idx != idx, 0))
+ if (have_lock && old != NULL && __builtin_expect (old_idx != idx, 0))
{
errstr = "invalid fastbin entry (free)";
goto errout;

28
src/patches/glibc/glibc-rh1098050.patch Normal file
View File

@@ -0,0 +1,28 @@
commit cf26a0cb6a0bbaca46a01ddad6662e5e5159a32a
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Thu May 15 12:33:11 2014 +0530
Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (BZ #16849)
getaddrinfo correctly returns EAI_AGAIN for AF_INET and AF_INET6
queries. For AF_UNSPEC however, an older change
(a682a1bf553b1efe4dbb03207fece5b719cec482) broke the check and due to
that the returned error was EAI_NONAME.
This patch fixes the check so that a non-authoritative not-found is
returned as EAI_AGAIN to the user instead of EAI_NONAME.
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index 6258330..8f392b9 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -867,8 +867,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
if (status != NSS_STATUS_TRYAGAIN
|| rc != ERANGE || herrno != NETDB_INTERNAL)
{
- if (status == NSS_STATUS_TRYAGAIN
- && herrno == TRY_AGAIN)
+ if (herrno == TRY_AGAIN)
no_data = EAI_AGAIN;
else
no_data = herrno == NO_DATA;

199
src/patches/glibc/glibc-rh1133809-1.patch Normal file
View File

@@ -0,0 +1,199 @@
2014-08-21 Florian Weimer <fweimer@redhat.com>
[BZ #17187]
* iconv/gconv_trans.c (struct known_trans, search_tree, lock,
trans_compare, open_translit, __gconv_translit_find):
Remove module loading code.
diff --git a/iconv/gconv_trans.c b/iconv/gconv_trans.c
index 1e25854..d71c029 100644
--- a/iconv/gconv_trans.c
+++ b/iconv/gconv_trans.c
@@ -238,181 +238,11 @@ __gconv_transliterate (struct __gconv_step *step,
return __GCONV_ILLEGAL_INPUT;
}
-
-/* Structure to represent results of found (or not) transliteration
- modules. */
-struct known_trans
-{
- /* This structure must remain the first member. */
- struct trans_struct info;
-
- char *fname;
- void *handle;
- int open_count;
-};
-
-
-/* Tree with results of previous calls to __gconv_translit_find. */
-static void *search_tree;
-
-/* We modify global data. */
-__libc_lock_define_initialized (static, lock);
-
-
-/* Compare two transliteration entries. */
-static int
-trans_compare (const void *p1, const void *p2)
-{
- const struct known_trans *s1 = (const struct known_trans *) p1;
- const struct known_trans *s2 = (const struct known_trans *) p2;
-
- return strcmp (s1->info.name, s2->info.name);
-}
-
-
-/* Open (maybe reopen) the module named in the struct. Get the function
- and data structure pointers we need. */
-static int
-open_translit (struct known_trans *trans)
-{
- __gconv_trans_query_fct queryfct;
-
- trans->handle = __libc_dlopen (trans->fname);
- if (trans->handle == NULL)
- /* Not available. */
- return 1;
-
- /* Find the required symbol. */
- queryfct = __libc_dlsym (trans->handle, "gconv_trans_context");
- if (queryfct == NULL)
- {
- /* We cannot live with that. */
- close_and_out:
- __libc_dlclose (trans->handle);
- trans->handle = NULL;
- return 1;
- }
-
- /* Get the context. */
- if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames)
- != 0)
- goto close_and_out;
-
- /* Of course we also have to have the actual function. */
- trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans");
- if (trans->info.trans_fct == NULL)
- goto close_and_out;
-
- /* Now the optional functions. */
- trans->info.trans_init_fct =
- __libc_dlsym (trans->handle, "gconv_trans_init");
- trans->info.trans_context_fct =
- __libc_dlsym (trans->handle, "gconv_trans_context");
- trans->info.trans_end_fct =
- __libc_dlsym (trans->handle, "gconv_trans_end");
-
- trans->open_count = 1;
-
- return 0;
-}
-
-
int
internal_function
__gconv_translit_find (struct trans_struct *trans)
{
- struct known_trans **found;
- const struct path_elem *runp;
- int res = 1;
-
- /* We have to have a name. */
- assert (trans->name != NULL);
-
- /* Acquire the lock. */
- __libc_lock_lock (lock);
-
- /* See whether we know this module already. */
- found = __tfind (trans, &search_tree, trans_compare);
- if (found != NULL)
- {
- /* Is this module available? */
- if ((*found)->handle != NULL)
- {
- /* Maybe we have to reopen the file. */
- if ((*found)->handle != (void *) -1)
- /* The object is not unloaded. */
- res = 0;
- else if (open_translit (*found) == 0)
- {
- /* Copy the data. */
- *trans = (*found)->info;
- (*found)->open_count++;
- res = 0;
- }
- }
- }
- else
- {
- size_t name_len = strlen (trans->name) + 1;
- int need_so = 0;
- struct known_trans *newp;
-
- /* We have to continue looking for the module. */
- if (__gconv_path_elem == NULL)
- __gconv_get_path ();
-
- /* See whether we have to append .so. */
- if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0)
- need_so = 1;
-
- /* Create a new entry. */
- newp = (struct known_trans *) malloc (sizeof (struct known_trans)
- + (__gconv_max_path_elem_len
- + name_len + 3)
- + name_len);
- if (newp != NULL)
- {
- char *cp;
-
- /* Clear the struct. */
- memset (newp, '\0', sizeof (struct known_trans));
-
- /* Store a copy of the module name. */
- newp->info.name = cp = (char *) (newp + 1);
- cp = __mempcpy (cp, trans->name, name_len);
-
- newp->fname = cp;
-
- /* Search in all the directories. */
- for (runp = __gconv_path_elem; runp->name != NULL; ++runp)
- {
- cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name),
- trans->name, name_len);
- if (need_so)
- memcpy (cp, ".so", sizeof (".so"));
-
- if (open_translit (newp) == 0)
- {
- /* We found a module. */
- res = 0;
- break;
- }
- }
-
- if (res)
- newp->fname = NULL;
-
- /* In any case we'll add the entry to our search tree. */
- if (__tsearch (newp, &search_tree, trans_compare) == NULL)
- {
- /* Yickes, this should not happen. Unload the object. */
- res = 1;
- /* XXX unload here. */
- }
- }
- }
-
- __libc_lock_unlock (lock);
-
- return res;
+ /* This function always fails. Transliteration module loading is
+ not implemented. */
+ return 1;
}
--
1.9.3

625
src/patches/glibc/glibc-rh1133809-2.patch Normal file
View File

@@ -0,0 +1,625 @@
commit 585367266923156ac6fb789939a923641ba5aaf4
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed May 28 14:05:03 2014 +0200
manual: Update the locale documentation
commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon May 12 15:24:12 2014 +0200
_nl_find_locale: Improve handling of crafted locale names [BZ #17137]
Prevent directory traversal in locale-related environment variables
(CVE-2014-0475).
commit d183645616b0533b3acee28f1a95570bffbdf50f
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed May 28 14:41:52 2014 +0200
setlocale: Use the heap for the copy of the locale argument
This avoids alloca calls with potentially large arguments.
diff -pruN glibc-2.18/locale/findlocale.c glibc-2.18.patched/locale/findlocale.c
--- glibc-2.18/locale/findlocale.c 2013-08-11 04:22:55.000000000 +0530
+++ glibc-2.18.patched/locale/findlocale.c 2014-08-26 16:14:50.403253778 +0530
@@ -17,6 +17,7 @@
02111-1307 USA. */
#include <assert.h>
+#include <errno.h>
#include <locale.h>
#include <stdlib.h>
#include <string.h>
@@ -57,6 +58,45 @@ struct loaded_l10nfile *_nl_locale_file_
const char _nl_default_locale_path[] attribute_hidden = LOCALEDIR;
+/* Checks if the name is actually present, that is, not NULL and not
+ empty. */
+static inline int
+name_present (const char *name)
+{
+ return name != NULL && name[0] != '\0';
+}
+
+/* Checks that the locale name neither extremely long, nor contains a
+ ".." path component (to prevent directory traversal). */
+static inline int
+valid_locale_name (const char *name)
+{
+ /* Not set. */
+ size_t namelen = strlen (name);
+ /* Name too long. The limit is arbitrary and prevents stack overflow
+ issues later. */
+ if (__builtin_expect (namelen > 255, 0))
+ return 0;
+ /* Directory traversal attempt. */
+ static const char slashdot[4] = {'/', '.', '.', '/'};
+ if (__builtin_expect (memmem (name, namelen,
+ slashdot, sizeof (slashdot)) != NULL, 0))
+ return 0;
+ if (namelen == 2 && __builtin_expect (name[0] == '.' && name [1] == '.', 0))
+ return 0;
+ if (namelen >= 3
+ && __builtin_expect (((name[0] == '.'
+ && name[1] == '.'
+ && name[2] == '/')
+ || (name[namelen - 3] == '/'
+ && name[namelen - 2] == '.'
+ && name[namelen - 1] == '.')), 0))
+ return 0;
+ /* If there is a slash in the name, it must start with one. */
+ if (__builtin_expect (memchr (name, '/', namelen) != NULL, 0) && name[0] != '/')
+ return 0;
+ return 1;
+}
struct __locale_data *
internal_function
@@ -65,7 +105,7 @@ _nl_find_locale (const char *locale_path
{
int mask;
/* Name of the locale for this category. */
- char *loc_name;
+ char *loc_name = (char *) *name;
const char *language;
const char *modifier;
const char *territory;
@@ -73,31 +113,39 @@ _nl_find_locale (const char *locale_path
const char *normalized_codeset;
struct loaded_l10nfile *locale_file;
- if ((*name)[0] == '\0')
+ if (loc_name[0] == '\0')
{
/* The user decides which locale to use by setting environment
variables. */
- *name = getenv ("LC_ALL");
- if (*name == NULL || (*name)[0] == '\0')
- *name = getenv (_nl_category_names.str
+ loc_name = getenv ("LC_ALL");
+ if (!name_present (loc_name))
+ loc_name = getenv (_nl_category_names.str
+ _nl_category_name_idxs[category]);
- if (*name == NULL || (*name)[0] == '\0')
- *name = getenv ("LANG");
+ if (!name_present (loc_name))
+ loc_name = getenv ("LANG");
+ if (!name_present (loc_name))
+ loc_name = (char *) _nl_C_name;
}
- if (*name == NULL || (*name)[0] == '\0'
- || (__builtin_expect (__libc_enable_secure, 0)
- && strchr (*name, '/') != NULL))
- *name = (char *) _nl_C_name;
+ /* We used to fall back to the C locale if the name contains a slash
+ character '/', but we now check for directory traversal in
+ valid_locale_name, so this is no longer necessary. */
- if (__builtin_expect (strcmp (*name, _nl_C_name), 1) == 0
- || __builtin_expect (strcmp (*name, _nl_POSIX_name), 1) == 0)
+ if (__builtin_expect (strcmp (loc_name, _nl_C_name), 1) == 0
+ || __builtin_expect (strcmp (loc_name, _nl_POSIX_name), 1) == 0)
{
/* We need not load anything. The needed data is contained in
the library itself. */
*name = (char *) _nl_C_name;
return _nl_C[category];
}
+ else if (!valid_locale_name (loc_name))
+ {
+ __set_errno (EINVAL);
+ return NULL;
+ }
+
+ *name = loc_name;
/* We really have to load some data. First we try the archive,
but only if there was no LOCPATH environment variable specified. */
diff -pruN glibc-2.18/locale/setlocale.c glibc-2.18.patched/locale/setlocale.c
--- glibc-2.18/locale/setlocale.c 2013-08-11 04:22:55.000000000 +0530
+++ glibc-2.18.patched/locale/setlocale.c 2014-08-26 16:14:50.401253764 +0530
@@ -272,6 +272,8 @@ setlocale (int category, const char *loc
of entries of the form `CATEGORY=VALUE'. */
const char *newnames[__LC_LAST];
struct __locale_data *newdata[__LC_LAST];
+ /* Copy of the locale argument, for in-place splitting. */
+ char *locale_copy = NULL;
/* Set all name pointers to the argument name. */
for (category = 0; category < __LC_LAST; ++category)
@@ -281,7 +283,13 @@ setlocale (int category, const char *loc
if (__builtin_expect (strchr (locale, ';') != NULL, 0))
{
/* This is a composite name. Make a copy and split it up. */
- char *np = strdupa (locale);
+ locale_copy = strdup (locale);
+ if (__builtin_expect (locale_copy == NULL, 0))
+ {
+ __libc_rwlock_unlock (__libc_setlocale_lock);
+ return NULL;
+ }
+ char *np = locale_copy;
char *cp;
int cnt;
@@ -299,6 +307,7 @@ setlocale (int category, const char *loc
{
error_return:
__libc_rwlock_unlock (__libc_setlocale_lock);
+ free (locale_copy);
/* Bogus category name. */
ERROR_RETURN;
@@ -391,8 +400,9 @@ setlocale (int category, const char *loc
/* Critical section left. */
__libc_rwlock_unlock (__libc_setlocale_lock);
- /* Free the resources (the locale path variable). */
+ /* Free the resources. */
free (locale_path);
+ free (locale_copy);
return composite;
}
diff -pruN glibc-2.18/localedata/Makefile glibc-2.18.patched/localedata/Makefile
--- glibc-2.18/localedata/Makefile 2014-08-26 16:15:22.656474571 +0530
+++ glibc-2.18.patched/localedata/Makefile 2014-08-26 16:14:50.403253778 +0530
@@ -77,7 +77,7 @@ locale_test_suite := tst_iswalnum tst_is
tests = $(locale_test_suite) tst-digits tst-setlocale bug-iconv-trans \
tst-leaks tst-mbswcs6 tst-xlocale1 tst-xlocale2 bug-usesetlocale \
- tst-strfmon1 tst-sscanf tst-strptime
+ tst-strfmon1 tst-sscanf tst-strptime tst-setlocale3
ifeq (yes,$(build-shared))
ifneq (no,$(PERL))
tests: $(objpfx)mtrace-tst-leaks
@@ -288,6 +288,7 @@ tst-strfmon1-ENV = $(TEST_MBWC_ENV)
tst-strptime-ENV = $(TEST_MBWC_ENV)
tst-setlocale-ENV = LOCPATH=$(common-objpfx)localedata LC_ALL=ja_JP.EUC-JP
+tst-setlocale3-ENV = LOCPATH=$(common-objpfx)localedata
bug-iconv-trans-ENV = LOCPATH=$(common-objpfx)localedata
diff -pruN glibc-2.18/localedata/tst-setlocale3.c glibc-2.18.patched/localedata/tst-setlocale3.c
--- glibc-2.18/localedata/tst-setlocale3.c 1970-01-01 05:30:00.000000000 +0530
+++ glibc-2.18.patched/localedata/tst-setlocale3.c 2014-08-26 16:14:50.403253778 +0530
@@ -0,0 +1,203 @@
+/* Regression test for setlocale invalid environment variable handling.
+ Copyright (C) 2014 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <locale.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* The result of setlocale may be overwritten by subsequent calls, so
+ this wrapper makes a copy. */
+static char *
+setlocale_copy (int category, const char *locale)
+{
+ const char *result = setlocale (category, locale);
+ if (result == NULL)
+ return NULL;
+ return strdup (result);
+}
+
+static char *de_locale;
+
+static void
+setlocale_fail (const char *envstring)
+{
+ setenv ("LC_CTYPE", envstring, 1);
+ if (setlocale (LC_CTYPE, "") != NULL)
+ {
+ printf ("unexpected setlocale success for \"%s\" locale\n", envstring);
+ exit (1);
+ }
+ const char *newloc = setlocale (LC_CTYPE, NULL);
+ if (strcmp (newloc, de_locale) != 0)
+ {
+ printf ("failed setlocale call \"%s\" changed locale to \"%s\"\n",
+ envstring, newloc);
+ exit (1);
+ }
+}
+
+static void
+setlocale_success (const char *envstring)
+{
+ setenv ("LC_CTYPE", envstring, 1);
+ char *newloc = setlocale_copy (LC_CTYPE, "");
+ if (newloc == NULL)
+ {
+ printf ("setlocale for \"%s\": %m\n", envstring);
+ exit (1);
+ }
+ if (strcmp (newloc, de_locale) == 0)
+ {
+ printf ("setlocale with LC_CTYPE=\"%s\" left locale at \"%s\"\n",
+ envstring, de_locale);
+ exit (1);
+ }
+ if (setlocale (LC_CTYPE, de_locale) == NULL)
+ {
+ printf ("restoring locale \"%s\" with LC_CTYPE=\"%s\": %m\n",
+ de_locale, envstring);
+ exit (1);
+ }
+ char *newloc2 = setlocale_copy (LC_CTYPE, newloc);
+ if (newloc2 == NULL)
+ {
+ printf ("restoring locale \"%s\" following \"%s\": %m\n",
+ newloc, envstring);
+ exit (1);
+ }
+ if (strcmp (newloc, newloc2) != 0)
+ {
+ printf ("representation of locale \"%s\" changed from \"%s\" to \"%s\"",
+ envstring, newloc, newloc2);
+ exit (1);
+ }
+ free (newloc);
+ free (newloc2);
+
+ if (setlocale (LC_CTYPE, de_locale) == NULL)
+ {
+ printf ("restoring locale \"%s\" with LC_CTYPE=\"%s\": %m\n",
+ de_locale, envstring);
+ exit (1);
+ }
+}
+
+/* Checks that a known-good locale still works if LC_ALL contains a
+ value which should be ignored. */
+static void
+setlocale_ignore (const char *to_ignore)
+{
+ const char *fr_locale = "fr_FR.UTF-8";
+ setenv ("LC_CTYPE", fr_locale, 1);
+ char *expected_locale = setlocale_copy (LC_CTYPE, "");
+ if (expected_locale == NULL)
+ {
+ printf ("setlocale with LC_CTYPE=\"%s\" failed: %m\n", fr_locale);
+ exit (1);
+ }
+ if (setlocale (LC_CTYPE, de_locale) == NULL)
+ {
+ printf ("failed to restore locale: %m\n");
+ exit (1);
+ }
+ unsetenv ("LC_CTYPE");
+
+ setenv ("LC_ALL", to_ignore, 1);
+ setenv ("LC_CTYPE", fr_locale, 1);
+ const char *actual_locale = setlocale (LC_CTYPE, "");
+ if (actual_locale == NULL)
+ {
+ printf ("setlocale with LC_ALL, LC_CTYPE=\"%s\" failed: %m\n",
+ fr_locale);
+ exit (1);
+ }
+ if (strcmp (actual_locale, expected_locale) != 0)
+ {
+ printf ("setlocale under LC_ALL failed: got \"%s\", expected \"%s\"\n",
+ actual_locale, expected_locale);
+ exit (1);
+ }
+ unsetenv ("LC_CTYPE");
+ setlocale_success (fr_locale);
+ unsetenv ("LC_ALL");
+ free (expected_locale);
+}
+
+static int
+do_test (void)
+{
+ /* The glibc test harness sets this environment variable
+ uncondionally. */
+ unsetenv ("LC_ALL");
+
+ de_locale = setlocale_copy (LC_CTYPE, "de_DE.UTF-8");
+ if (de_locale == NULL)
+ {
+ printf ("setlocale (LC_CTYPE, \"de_DE.UTF-8\"): %m\n");
+ return 1;
+ }
+ setlocale_success ("C");
+ setlocale_success ("en_US.UTF-8");
+ setlocale_success ("/en_US.UTF-8");
+ setlocale_success ("//en_US.UTF-8");
+ setlocale_ignore ("");
+
+ setlocale_fail ("does-not-exist");
+ setlocale_fail ("/");
+ setlocale_fail ("/../localedata/en_US.UTF-8");
+ setlocale_fail ("en_US.UTF-8/");
+ setlocale_fail ("en_US.UTF-8/..");
+ setlocale_fail ("en_US.UTF-8/../en_US.UTF-8");
+ setlocale_fail ("../localedata/en_US.UTF-8");
+ {
+ size_t large_length = 1024;
+ char *large_name = malloc (large_length + 1);
+ if (large_name == NULL)
+ {
+ puts ("malloc failure");
+ return 1;
+ }
+ memset (large_name, '/', large_length);
+ const char *suffix = "en_US.UTF-8";
+ strcpy (large_name + large_length - strlen (suffix), suffix);
+ setlocale_fail (large_name);
+ free (large_name);
+ }
+ {
+ size_t huge_length = 64 * 1024 * 1024;
+ char *huge_name = malloc (huge_length + 1);
+ if (huge_name == NULL)
+ {
+ puts ("malloc failure");
+ return 1;
+ }
+ memset (huge_name, 'X', huge_length);
+ huge_name[huge_length] = '\0';
+ /* Construct a composite locale specification. */
+ const char *prefix = "LC_CTYPE=de_DE.UTF-8;LC_TIME=";
+ memcpy (huge_name, prefix, strlen (prefix));
+ setlocale_fail (huge_name);
+ free (huge_name);
+ }
+
+ return 0;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
diff -pruN glibc-2.18/manual/locale.texi glibc-2.18.patched/manual/locale.texi
--- glibc-2.18/manual/locale.texi 2013-08-11 04:22:55.000000000 +0530
+++ glibc-2.18.patched/manual/locale.texi 2014-08-26 16:14:50.404253785 +0530
@@ -29,6 +29,7 @@ will follow the conventions preferred by
* Setting the Locale:: How a program specifies the locale
with library functions.
* Standard Locales:: Locale names available on all systems.
+* Locale Names:: Format of system-specific locale names.
* Locale Information:: How to access the information for the locale.
* Formatting Numbers:: A dedicated function to format numbers.
* Yes-or-No Questions:: Check a Response against the locale.
@@ -99,14 +100,16 @@ locale named @samp{espana-castellano} to
most of Spain.
The set of locales supported depends on the operating system you are
-using, and so do their names. We can't make any promises about what
-locales will exist, except for one standard locale called @samp{C} or
-@samp{POSIX}. Later we will describe how to construct locales.
-@comment (@pxref{Building Locale Files}).
+using, and so do their names, except that the standard locale called
+@samp{C} or @samp{POSIX} always exist. @xref{Locale Names}.
+
+In order to force the system to always use the default locale, the
+user can set the @code{LC_ALL} environment variable to @samp{C}.
@cindex combining locales
-A user also has the option of specifying different locales for different
-purposes---in effect, choosing a mixture of multiple locales.
+A user also has the option of specifying different locales for
+different purposes---in effect, choosing a mixture of multiple
+locales. @xref{Locale Categories}.
For example, the user might specify the locale @samp{espana-castellano}
for most purposes, but specify the locale @samp{usa-english} for
@@ -120,7 +123,7 @@ which locales apply. However, the user
for a particular subset of those purposes.
@node Locale Categories, Setting the Locale, Choosing Locale, Locales
-@section Categories of Activities that Locales Affect
+@section Locale Categories
@cindex categories for locales
@cindex locale categories
@@ -128,7 +131,11 @@ The purposes that locales serve are grou
that a user or a program can choose the locale for each category
independently. Here is a table of categories; each name is both an
environment variable that a user can set, and a macro name that you can
-use as an argument to @code{setlocale}.
+use as the first argument to @code{setlocale}.
+
+The contents of the environment variable (or the string in the second
+argument to @code{setlocale}) has to be a valid locale name.
+@xref{Locale Names}.
@vtable @code
@comment locale.h
@@ -172,7 +179,7 @@ for affirmative and negative responses.
@comment locale.h
@comment ISO
@item LC_ALL
-This is not an environment variable; it is only a macro that you can use
+This is not a category; it is only a macro that you can use
with @code{setlocale} to set a single locale for all purposes. Setting
this environment variable overwrites all selections by the other
@code{LC_*} variables or @code{LANG}.
@@ -225,13 +232,7 @@ The symbols in this section are defined
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
The function @code{setlocale} sets the current locale for category
-@var{category} to @var{locale}. A list of all the locales the system
-provides can be created by running
-
-@pindex locale
-@smallexample
- locale -a
-@end smallexample
+@var{category} to @var{locale}.
If @var{category} is @code{LC_ALL}, this specifies the locale for all
purposes. The other possible values of @var{category} specify an
@@ -256,10 +257,9 @@ is passed in as @var{locale} parameter.
When you read the current locale for category @code{LC_ALL}, the value
encodes the entire combination of selected locales for all categories.
-In this case, the value is not just a single locale name. In fact, we
-don't make any promises about what it looks like. But if you specify
-the same ``locale name'' with @code{LC_ALL} in a subsequent call to
-@code{setlocale}, it restores the same combination of locale selections.
+If you specify the same ``locale name'' with @code{LC_ALL} in a
+subsequent call to @code{setlocale}, it restores the same combination
+of locale selections.
To be sure you can use the returned string encoding the currently selected
locale at a later time, you must make a copy of the string. It is not
@@ -275,6 +275,11 @@ for @var{category}.
If a nonempty string is given for @var{locale}, then the locale of that
name is used if possible.
+The effective locale name (either the second argument to
+@code{setlocale}, or if the argument is an empty string, the name
+obtained from the process environment) must be valid locale name.
+@xref{Locale Names}.
+
If you specify an invalid locale name, @code{setlocale} returns a null
pointer and leaves the current locale unchanged.
@end deftypefun
@@ -328,7 +323,7 @@ locale categories, and future versions o
portability, assume that any symbol beginning with @samp{LC_} might be
defined in @file{locale.h}.
-@node Standard Locales, Locale Information, Setting the Locale, Locales
+@node Standard Locales, Locale Names, Setting the Locale, Locales
@section Standard Locales
The only locale names you can count on finding on all operating systems
@@ -362,7 +357,94 @@ with the environment, rather than trying
locale explicitly by name. Remember, different machines might have
different sets of locales installed.
-@node Locale Information, Formatting Numbers, Standard Locales, Locales
+@node Locale Names, Locale Information, Standard Locales, Locales
+@section Locale Names
+
+The following command prints a list of locales supported by the
+system:
+
+@pindex locale
+@smallexample
+ locale -a
+@end smallexample
+
+@strong{Portability Note:} With the notable exception of the standard
+locale names @samp{C} and @samp{POSIX}, locale names are
+system-specific.
+
+Most locale names follow XPG syntax and consist of up to four parts:
+
+@smallexample
+@var{language}[_@var{territory}[.@var{codeset}]][@@@var{modifier}]
+@end smallexample
+
+Beside the first part, all of them are allowed to be missing. If the
+full specified locale is not found, less specific ones are looked for.
+The various parts will be stripped off, in the following order:
+
+@enumerate
+@item
+codeset
+@item
+normalized codeset
+@item
+territory
+@item
+modifier
+@end enumerate
+
+For example, the locale name @samp{de_AT.iso885915@@euro} denotes a
+German-language locale for use in Austria, using the ISO-8859-15
+(Latin-9) character set, and with the Euro as the currency symbol.
+
+In addition to locale names which follow XPG syntax, systems may
+provide aliases such as @samp{german}. Both categories of names must
+not contain the slash character @samp{/}.
+
+If the locale name starts with a slash @samp{/}, it is treated as a
+path relative to the configured locale directories; see @code{LOCPATH}
+below. The specified path must not contain a component @samp{..}, or
+the name is invalid, and @code{setlocale} will fail.
+
+@strong{Portability Note:} POSIX suggests that if a locale name starts
+with a slash @samp{/}, it is resolved as an absolute path. However,
+the GNU C Library treats it as a relative path under the directories listed
+in @code{LOCPATH} (or the default locale directory if @code{LOCPATH}
+is unset).
+
+Locale names which are longer than an implementation-defined limit are
+invalid and cause @code{setlocale} to fail.
+
+As a special case, locale names used with @code{LC_ALL} can combine
+several locales, reflecting different locale settings for different
+categories. For example, you might want to use a U.S. locale with ISO
+A4 paper format, so you set @code{LANG} to @samp{en_US.UTF-8}, and
+@code{LC_PAPER} to @samp{de_DE.UTF-8}. In this case, the
+@code{LC_ALL}-style combined locale name is
+
+@smallexample
+LC_CTYPE=en_US.UTF-8;LC_TIME=en_US.UTF-8;LC_PAPER=de_DE.UTF-8;@dots{}
+@end smallexample
+
+followed by other category settings not shown here.
+
+@vindex LOCPATH
+The path used for finding locale data can be set using the
+@code{LOCPATH} environment variable. This variable lists the
+directories in which to search for locale definitions, separated by a
+colon @samp{:}.
+
+The default path for finding locale data is system specific. A typical
+value for the @code{LOCPATH} default is:
+
+@smallexample
+/usr/share/locale
+@end smallexample
+
+The value of @code{LOCPATH} is ignored by privileged programs for
+security reasons, and only the default directory is used.
+
+@node Locale Information, Formatting Numbers, Locale Names, Locales
@section Accessing Locale Information
There are several ways to access locale information. The simplest

30
src/patches/readline/readline52-001
View File

@@ -1,30 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-001
Bug-Reported-by: ebb9@byu.net
Bug-Reference-ID: <45540862.9030900@byu.net>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2006-11/msg00017.html
http://lists.gnu.org/archive/html/bug-bash/2006-11/msg00016.html
Bug-Description:
In some cases, code that is intended to be used in the presence of multibyte
characters is called when no such characters are present, leading to incorrect
display position calculations and incorrect redisplay.
Patch:
*** ../readline-5.2/display.c Thu Sep 14 14:20:12 2006
--- display.c Mon Nov 13 17:55:57 2006
***************
*** 2381,2384 ****
--- 2409,2414 ----
if (end <= start)
return 0;
+ if (MB_CUR_MAX == 1 || rl_byte_oriented)
+ return (end - start);
memset (&ps, 0, sizeof (mbstate_t));

49
src/patches/readline/readline52-002
View File

@@ -1,49 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-002
Bug-Reported-by: Magnus Svensson <msvensson@mysql.com>
Bug-Reference-ID: <45BDC44D.80609@mysql.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2007-01/msg00002.html
Bug-Description:
Readline neglects to reallocate the array it uses to keep track of wrapped
screen lines when increasing its size. This will eventually result in
segmentation faults when given sufficiently long input.
Patch:
*** ../readline-5.2-patched/display.c Thu Sep 14 14:20:12 2006
--- display.c Fri Feb 2 20:23:17 2007
***************
*** 561,574 ****
--- 561,586 ----
wrap_offset = prompt_invis_chars_first_line = 0;
}
+ #if defined (HANDLE_MULTIBYTE)
#define CHECK_INV_LBREAKS() \
do { \
if (newlines >= (inv_lbsize - 2)) \
{ \
inv_lbsize *= 2; \
inv_lbreaks = (int *)xrealloc (inv_lbreaks, inv_lbsize * sizeof (int)); \
+ _rl_wrapped_line = (int *)xrealloc (_rl_wrapped_line, inv_lbsize * sizeof (int)); \
} \
} while (0)
+ #else
+ #define CHECK_INV_LBREAKS() \
+ do { \
+ if (newlines >= (inv_lbsize - 2)) \
+ { \
+ inv_lbsize *= 2; \
+ inv_lbreaks = (int *)xrealloc (inv_lbreaks, inv_lbsize * sizeof (int)); \
+ } \
+ } while (0)
+ #endif /* HANDLE_MULTIBYTE */
#if defined (HANDLE_MULTIBYTE)
#define CHECK_LPOS() \

37
src/patches/readline/readline52-003
View File

@@ -1,37 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-003
Bug-Reported-by: Peter Volkov <torre_cremata@mail.ru>
Bug-Reference-ID: <1171795523.8021.18.camel@localhost>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-02/msg00054.html
Bug-Description:
When moving the cursor, bash sometimes misplaces the cursor when the prompt
contains two or more multibyte characters. The particular circumstance that
uncovered the problem was having the (multibyte) current directory name in
the prompt string.
Patch:
*** ../readline-5.2.2/display.c Fri Jan 19 13:34:50 2007
--- display.c Sat Mar 10 17:25:44 2007
***************
*** 1745,1749 ****
{
dpos = _rl_col_width (data, 0, new);
! if (dpos > prompt_last_invisible) /* XXX - don't use woff here */
{
dpos -= woff;
--- 1745,1752 ----
{
dpos = _rl_col_width (data, 0, new);
! /* Use NEW when comparing against the last invisible character in the
! prompt string, since they're both buffer indices and DPOS is a
! desired display position. */
! if (new > prompt_last_invisible) /* XXX - don't use woff here */
{
dpos -= woff;

70
src/patches/readline/readline52-004
View File

@@ -1,70 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-004
Bug-Reported-by: Peter Volkov <torre_cremata@mail.ru>
Bug-Reference-ID: <1173636022.7039.36.camel@localhost>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-03/msg00039.html
Bug-Description:
When restoring the original prompt after finishing an incremental search,
bash sometimes places the cursor incorrectly if the primary prompt contains
invisible characters.
Patch:
*** ../readline-5.2.3/display.c Fri Apr 20 13:30:16 2007
--- display.c Fri Apr 20 15:17:01 2007
***************
*** 1599,1604 ****
if (temp > 0)
{
_rl_output_some_chars (nfd, temp);
! _rl_last_c_pos += _rl_col_width (nfd, 0, temp);;
}
}
--- 1599,1618 ----
if (temp > 0)
{
+ /* If nfd begins at the prompt, or before the invisible
+ characters in the prompt, we need to adjust _rl_last_c_pos
+ in a multibyte locale to account for the wrap offset and
+ set cpos_adjusted accordingly. */
_rl_output_some_chars (nfd, temp);
! if (MB_CUR_MAX > 1 && rl_byte_oriented == 0)
! {
! _rl_last_c_pos += _rl_col_width (nfd, 0, temp);
! if (current_line == 0 && wrap_offset && ((nfd - new) <= prompt_last_invisible))
! {
! _rl_last_c_pos -= wrap_offset;
! cpos_adjusted = 1;
! }
! }
! else
! _rl_last_c_pos += temp;
}
}
***************
*** 1608,1613 ****
--- 1622,1639 ----
if (temp > 0)
{
+ /* If nfd begins at the prompt, or before the invisible
+ characters in the prompt, we need to adjust _rl_last_c_pos
+ in a multibyte locale to account for the wrap offset and
+ set cpos_adjusted accordingly. */
_rl_output_some_chars (nfd, temp);
_rl_last_c_pos += col_temp; /* XXX */
+ if (MB_CUR_MAX > 1 && rl_byte_oriented == 0)
+ {
+ if (current_line == 0 && wrap_offset && ((nfd - new) <= prompt_last_invisible))
+ {
+ _rl_last_c_pos -= wrap_offset;
+ cpos_adjusted = 1;
+ }
+ }
}
lendiff = (oe - old) - (ne - new);

328
src/patches/readline/readline52-005
View File

@@ -1,328 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-005
Bug-Reported-by: Thomas Loeber <ifp@loeber1.de>
Bug-Reference-ID: <200703082223.08919.ifp@loeber1.de>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-03/msg00036.html
Bug-Description:
When rl_read_key returns -1, indicating that readline's controlling terminal
has been invalidated for some reason (e.g., receiving a SIGHUP), the error
status was not reported correctly to the caller. This could cause input
loops.
Patch:
*** ../readline-5.2/complete.c Fri Jul 28 11:35:49 2006
--- complete.c Tue Mar 13 08:50:16 2007
***************
*** 429,433 ****
if (c == 'n' || c == 'N' || c == RUBOUT)
return (0);
! if (c == ABORT_CHAR)
_rl_abort_internal ();
if (for_pager && (c == NEWLINE || c == RETURN))
--- 440,444 ----
if (c == 'n' || c == 'N' || c == RUBOUT)
return (0);
! if (c == ABORT_CHAR || c < 0)
_rl_abort_internal ();
if (for_pager && (c == NEWLINE || c == RETURN))
*** ../readline-5.2/input.c Wed Aug 16 15:15:16 2006
--- input.c Wed May 2 16:07:59 2007
***************
*** 514,518 ****
int size;
{
! int mb_len = 0;
size_t mbchar_bytes_length;
wchar_t wc;
--- 522,526 ----
int size;
{
! int mb_len, c;
size_t mbchar_bytes_length;
wchar_t wc;
***************
*** 521,531 ****
memset(&ps, 0, sizeof (mbstate_t));
memset(&ps_back, 0, sizeof (mbstate_t));
!
while (mb_len < size)
{
RL_SETSTATE(RL_STATE_MOREINPUT);
! mbchar[mb_len++] = rl_read_key ();
RL_UNSETSTATE(RL_STATE_MOREINPUT);
mbchar_bytes_length = mbrtowc (&wc, mbchar, mb_len, &ps);
if (mbchar_bytes_length == (size_t)(-1))
--- 529,545 ----
memset(&ps, 0, sizeof (mbstate_t));
memset(&ps_back, 0, sizeof (mbstate_t));
!
! mb_len = 0;
while (mb_len < size)
{
RL_SETSTATE(RL_STATE_MOREINPUT);
! c = rl_read_key ();
RL_UNSETSTATE(RL_STATE_MOREINPUT);
+ if (c < 0)
+ break;
+
+ mbchar[mb_len++] = c;
+
mbchar_bytes_length = mbrtowc (&wc, mbchar, mb_len, &ps);
if (mbchar_bytes_length == (size_t)(-1))
***************
*** 565,569 ****
c = first;
memset (mb, 0, mlen);
! for (i = 0; i < mlen; i++)
{
mb[i] = (char)c;
--- 579,583 ----
c = first;
memset (mb, 0, mlen);
! for (i = 0; c >= 0 && i < mlen; i++)
{
mb[i] = (char)c;
*** ../readline-5.2/isearch.c Mon Dec 26 17:18:53 2005
--- isearch.c Fri Mar 9 14:30:59 2007
***************
*** 328,333 ****
f = (rl_command_func_t *)NULL;
!
! /* Translate the keys we do something with to opcodes. */
if (c >= 0 && _rl_keymap[c].type == ISFUNC)
{
--- 328,340 ----
f = (rl_command_func_t *)NULL;
!
! if (c < 0)
! {
! cxt->sflags |= SF_FAILED;
! cxt->history_pos = cxt->last_found_line;
! return -1;
! }
!
! /* Translate the keys we do something with to opcodes. */
if (c >= 0 && _rl_keymap[c].type == ISFUNC)
{
*** ../readline-5.2/misc.c Mon Dec 26 17:20:46 2005
--- misc.c Fri Mar 9 14:44:11 2007
***************
*** 147,150 ****
--- 147,152 ----
rl_clear_message ();
RL_UNSETSTATE(RL_STATE_NUMERICARG);
+ if (key < 0)
+ return -1;
return (_rl_dispatch (key, _rl_keymap));
}
*** ../readline-5.2/readline.c Wed Aug 16 15:00:36 2006
--- readline.c Fri Mar 9 14:47:24 2007
***************
*** 646,649 ****
--- 669,677 ----
{
nkey = _rl_subseq_getchar (cxt->okey);
+ if (nkey < 0)
+ {
+ _rl_abort_internal ();
+ return -1;
+ }
r = _rl_dispatch_subseq (nkey, cxt->dmap, cxt->subseq_arg);
cxt->flags |= KSEQ_DISPATCHED;
*** ../readline-5.2/text.c Fri Jul 28 11:55:27 2006
--- text.c Sun Mar 25 13:41:38 2007
***************
*** 858,861 ****
--- 864,870 ----
RL_UNSETSTATE(RL_STATE_MOREINPUT);
+ if (c < 0)
+ return -1;
+
#if defined (HANDLE_SIGNALS)
if (RL_ISSTATE (RL_STATE_CALLBACK) == 0)
***************
*** 1521,1524 ****
--- 1530,1536 ----
mb_len = _rl_read_mbchar (mbchar, MB_LEN_MAX);
+ if (mb_len <= 0)
+ return -1;
+
if (count < 0)
return (_rl_char_search_internal (-count, bdir, mbchar, mb_len));
***************
*** 1537,1540 ****
--- 1549,1555 ----
RL_UNSETSTATE(RL_STATE_MOREINPUT);
+ if (c < 0)
+ return -1;
+
if (count < 0)
return (_rl_char_search_internal (-count, bdir, c));
*** ../readline-5.2/vi_mode.c Sat Jul 29 16:42:28 2006
--- vi_mode.c Fri Mar 9 15:02:11 2007
***************
*** 887,890 ****
--- 887,897 ----
c = rl_read_key ();
RL_UNSETSTATE(RL_STATE_MOREINPUT);
+
+ if (c < 0)
+ {
+ *nextkey = 0;
+ return -1;
+ }
+
*nextkey = c;
***************
*** 903,906 ****
--- 910,918 ----
c = rl_read_key (); /* real command */
RL_UNSETSTATE(RL_STATE_MOREINPUT);
+ if (c < 0)
+ {
+ *nextkey = 0;
+ return -1;
+ }
*nextkey = c;
}
***************
*** 1225,1236 ****
_rl_callback_generic_arg *data;
{
#if defined (HANDLE_MULTIBYTE)
! _rl_vi_last_search_mblen = _rl_read_mbchar (_rl_vi_last_search_mbchar, MB_LEN_MAX);
#else
RL_SETSTATE(RL_STATE_MOREINPUT);
! _rl_vi_last_search_char = rl_read_key ();
RL_UNSETSTATE(RL_STATE_MOREINPUT);
#endif
_rl_callback_func = 0;
_rl_want_redisplay = 1;
--- 1243,1262 ----
_rl_callback_generic_arg *data;
{
+ int c;
#if defined (HANDLE_MULTIBYTE)
! c = _rl_vi_last_search_mblen = _rl_read_mbchar (_rl_vi_last_search_mbchar, MB_LEN_MAX);
#else
RL_SETSTATE(RL_STATE_MOREINPUT);
! c = rl_read_key ();
RL_UNSETSTATE(RL_STATE_MOREINPUT);
#endif
+ if (c <= 0)
+ return -1;
+
+ #if !defined (HANDLE_MULTIBYTE)
+ _rl_vi_last_search_char = c;
+ #endif
+
_rl_callback_func = 0;
_rl_want_redisplay = 1;
***************
*** 1248,1251 ****
--- 1274,1278 ----
int count, key;
{
+ int c;
#if defined (HANDLE_MULTIBYTE)
static char *target;
***************
*** 1294,1302 ****
{
#if defined (HANDLE_MULTIBYTE)
! _rl_vi_last_search_mblen = _rl_read_mbchar (_rl_vi_last_search_mbchar, MB_LEN_MAX);
#else
RL_SETSTATE(RL_STATE_MOREINPUT);
! _rl_vi_last_search_char = rl_read_key ();
RL_UNSETSTATE(RL_STATE_MOREINPUT);
#endif
}
--- 1321,1335 ----
{
#if defined (HANDLE_MULTIBYTE)
! c = _rl_read_mbchar (_rl_vi_last_search_mbchar, MB_LEN_MAX);
! if (c <= 0)
! return -1;
! _rl_vi_last_search_mblen = c;
#else
RL_SETSTATE(RL_STATE_MOREINPUT);
! c = rl_read_key ();
RL_UNSETSTATE(RL_STATE_MOREINPUT);
+ if (c < 0)
+ return -1;
+ _rl_vi_last_search_char = c;
#endif
}
***************
*** 1468,1471 ****
--- 1501,1507 ----
RL_UNSETSTATE(RL_STATE_MOREINPUT);
+ if (c < 0)
+ return -1;
+
#if defined (HANDLE_MULTIBYTE)
if (MB_CUR_MAX > 1 && rl_byte_oriented == 0)
***************
*** 1486,1489 ****
--- 1522,1528 ----
_rl_vi_last_replacement = c = _rl_vi_callback_getchar (mb, MB_LEN_MAX);
+ if (c < 0)
+ return -1;
+
_rl_callback_func = 0;
_rl_want_redisplay = 1;
***************
*** 1517,1520 ****
--- 1556,1562 ----
_rl_vi_last_replacement = c = _rl_vi_callback_getchar (mb, MB_LEN_MAX);
+ if (c < 0)
+ return -1;
+
return (_rl_vi_change_char (count, c, mb));
}
***************
*** 1651,1655 ****
RL_UNSETSTATE(RL_STATE_MOREINPUT);
! if (ch < 'a' || ch > 'z')
{
rl_ding ();
--- 1693,1697 ----
RL_UNSETSTATE(RL_STATE_MOREINPUT);
! if (ch < 0 || ch < 'a' || ch > 'z') /* make test against 0 explicit */
{
rl_ding ();
***************
*** 1703,1707 ****
return 0;
}
! else if (ch < 'a' || ch > 'z')
{
rl_ding ();
--- 1745,1749 ----
return 0;
}
! else if (ch < 0 || ch < 'a' || ch > 'z') /* make test against 0 explicit */
{
rl_ding ();

62
src/patches/readline/readline52-006
View File

@@ -1,62 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-006
Bug-Reported-by: Peter Volkov <torre_cremata@mail.ru>
Bug-Reference-ID: <1178376645.9063.25.camel@localhost>
Bug-Reference-URL: http://bugs.gentoo.org/177095
Bug-Description:
The readline display code miscalculated the screen position when performing
a redisplay in which the new text occupies more screen space that the old,
but takes fewer bytes to do so (e.g., when replacing a shorter string
containing multibyte characters with a longer one containing only ASCII).
Patch:
*** ../readline-5.2/display.c Thu Apr 26 11:38:22 2007
--- display.c Thu Jul 12 23:10:10 2007
***************
*** 1519,1527 ****
/* Non-zero if we're increasing the number of lines. */
int gl = current_line >= _rl_vis_botlin && inv_botlin > _rl_vis_botlin;
/* Sometimes it is cheaper to print the characters rather than
use the terminal's capabilities. If we're growing the number
of lines, make sure we actually cause the new line to wrap
around on auto-wrapping terminals. */
! if (_rl_terminal_can_insert && ((2 * col_temp) >= col_lendiff || _rl_term_IC) && (!_rl_term_autowrap || !gl))
{
/* If lendiff > prompt_visible_length and _rl_last_c_pos == 0 and
--- 1568,1596 ----
/* Non-zero if we're increasing the number of lines. */
int gl = current_line >= _rl_vis_botlin && inv_botlin > _rl_vis_botlin;
+ /* If col_lendiff is > 0, implying that the new string takes up more
+ screen real estate than the old, but lendiff is < 0, meaning that it
+ takes fewer bytes, we need to just output the characters starting
+ from the first difference. These will overwrite what is on the
+ display, so there's no reason to do a smart update. This can really
+ only happen in a multibyte environment. */
+ if (lendiff < 0)
+ {
+ _rl_output_some_chars (nfd, temp);
+ _rl_last_c_pos += _rl_col_width (nfd, 0, temp);
+ /* If nfd begins before any invisible characters in the prompt,
+ adjust _rl_last_c_pos to account for wrap_offset and set
+ cpos_adjusted to let the caller know. */
+ if (current_line == 0 && wrap_offset && ((nfd - new) <= prompt_last_invisible))
+ {
+ _rl_last_c_pos -= wrap_offset;
+ cpos_adjusted = 1;
+ }
+ return;
+ }
/* Sometimes it is cheaper to print the characters rather than
use the terminal's capabilities. If we're growing the number
of lines, make sure we actually cause the new line to wrap
around on auto-wrapping terminals. */
! else if (_rl_terminal_can_insert && ((2 * col_temp) >= col_lendiff || _rl_term_IC) && (!_rl_term_autowrap || !gl))
{
/* If lendiff > prompt_visible_length and _rl_last_c_pos == 0 and

65
src/patches/readline/readline52-007
View File

@@ -1,65 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-007
Bug-Reported-by: Tom Bjorkholm <tom.bjorkholm@ericsson.com>
Bug-Reference-ID: <AEA1A32F001C6B4F98614B5B80D7647D01C075E9@esealmw115.eemea.ericsson.se>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2007-04/msg00004.html
Bug-Description:
An off-by-one error in readline's input buffering caused readline to drop
each 511th character of buffered input (e.g., when pasting a large amount
of data into a terminal window).
Patch:
*** ../readline-5.2/input.c Wed Aug 16 15:15:16 2006
--- input.c Tue Jul 17 09:24:21 2007
***************
*** 134,139 ****
*key = ibuffer[pop_index++];
!
if (pop_index >= ibuffer_len)
pop_index = 0;
--- 134,142 ----
*key = ibuffer[pop_index++];
! #if 0
if (pop_index >= ibuffer_len)
+ #else
+ if (pop_index > ibuffer_len)
+ #endif
pop_index = 0;
***************
*** 251,255 ****
{
k = (*rl_getc_function) (rl_instream);
! rl_stuff_char (k);
if (k == NEWLINE || k == RETURN)
break;
--- 254,259 ----
{
k = (*rl_getc_function) (rl_instream);
! if (rl_stuff_char (k) == 0)
! break; /* some problem; no more room */
if (k == NEWLINE || k == RETURN)
break;
***************
*** 374,378 ****
--- 378,386 ----
}
ibuffer[push_index++] = key;
+ #if 0
if (push_index >= ibuffer_len)
+ #else
+ if (push_index > ibuffer_len)
+ #endif
push_index = 0;

70
src/patches/readline/readline52-008
View File

@@ -1,70 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-008
Bug-Reported-by: dAniel hAhler <ubuntu@thequod.de>
Bug-Reference-ID: <4702ED8A.5000503@thequod.de>
Bug-Reference-URL: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/119938
Bug-Description:
When updating the display after displaying, for instance, a list of possible
completions, readline will place the cursor at the wrong position if the
prompt contains invisible characters and a newline.
Patch:
*** ../readline-5.2-patched/display.c Mon Aug 6 14:26:29 2007
--- display.c Wed Oct 10 22:43:58 2007
***************
*** 1049,1053 ****
else
tx = nleft;
! if (_rl_last_c_pos > tx)
{
_rl_backspace (_rl_last_c_pos - tx); /* XXX */
--- 1049,1053 ----
else
tx = nleft;
! if (tx >= 0 && _rl_last_c_pos > tx)
{
_rl_backspace (_rl_last_c_pos - tx); /* XXX */
***************
*** 1205,1209 ****
{
register char *ofd, *ols, *oe, *nfd, *nls, *ne;
! int temp, lendiff, wsatend, od, nd;
int current_invis_chars;
int col_lendiff, col_temp;
--- 1205,1209 ----
{
register char *ofd, *ols, *oe, *nfd, *nls, *ne;
! int temp, lendiff, wsatend, od, nd, o_cpos;
int current_invis_chars;
int col_lendiff, col_temp;
***************
*** 1466,1469 ****
--- 1466,1471 ----
}
+ o_cpos = _rl_last_c_pos;
+
/* When this function returns, _rl_last_c_pos is correct, and an absolute
cursor postion in multibyte mode, but a buffer index when not in a
***************
*** 1475,1479 ****
invisible characters in the prompt string. Let's see if setting this when
we make sure we're at the end of the drawn prompt string works. */
! if (current_line == 0 && MB_CUR_MAX > 1 && rl_byte_oriented == 0 && _rl_last_c_pos == prompt_physical_chars)
cpos_adjusted = 1;
#endif
--- 1477,1483 ----
invisible characters in the prompt string. Let's see if setting this when
we make sure we're at the end of the drawn prompt string works. */
! if (current_line == 0 && MB_CUR_MAX > 1 && rl_byte_oriented == 0 &&
! (_rl_last_c_pos > 0 || o_cpos > 0) &&
! _rl_last_c_pos == prompt_physical_chars)
cpos_adjusted = 1;
#endif

45
src/patches/readline/readline52-009
View File

@@ -1,45 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-009
Bug-Reported-by: dAniel hAhler <ubuntu@thequod.de>
Bug-Reference-ID:
Bug-Reference-URL:
Bug-Description:
Under some circumstances, readline will incorrectly display a prompt string
containing invisible characters after the final newline.
Patch:
*** ../readline-5.2-patched/display.c 2007-08-25 13:47:08.000000000 -0400
--- display.c 2007-11-10 17:51:29.000000000 -0500
***************
*** 392,396 ****
local_prompt = expand_prompt (p, &prompt_visible_length,
&prompt_last_invisible,
! (int *)NULL,
&prompt_physical_chars);
c = *t; *t = '\0';
--- 420,424 ----
local_prompt = expand_prompt (p, &prompt_visible_length,
&prompt_last_invisible,
! &prompt_invis_chars_first_line,
&prompt_physical_chars);
c = *t; *t = '\0';
***************
*** 399,403 ****
local_prompt_prefix = expand_prompt (prompt, &prompt_prefix_length,
(int *)NULL,
! &prompt_invis_chars_first_line,
(int *)NULL);
*t = c;
--- 427,431 ----
local_prompt_prefix = expand_prompt (prompt, &prompt_prefix_length,
(int *)NULL,
! (int *)NULL,
(int *)NULL);
*t = c;

47
src/patches/readline/readline52-010
View File

@@ -1,47 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-010
Bug-Reported-by: Miroslav Lichvar <mlichvar@redhat.com>
Bug-Reference-ID: Fri, 02 Nov 2007 14:07:45 +0100
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2007-11/msg00000.html
Bug-Description:
In certain cases when outputting characters at the end of the line,
e.g., when displaying the prompt string, readline positions the cursor
incorrectly if the prompt string contains invisible characters and the
text being drawn begins before the last invisible character in the line.
Patch:
*** ../readline-5.2-patched/display.c 2007-08-25 13:47:08.000000000 -0400
--- display.c 2007-11-10 17:51:29.000000000 -0500
***************
*** 1566,1574 ****
else
{
- /* We have horizontal scrolling and we are not inserting at
- the end. We have invisible characters in this line. This
- is a dumb update. */
_rl_output_some_chars (nfd, temp);
_rl_last_c_pos += col_temp;
return;
}
--- 1619,1632 ----
else
{
_rl_output_some_chars (nfd, temp);
_rl_last_c_pos += col_temp;
+ /* If nfd begins before any invisible characters in the prompt,
+ adjust _rl_last_c_pos to account for wrap_offset and set
+ cpos_adjusted to let the caller know. */
+ if (current_line == 0 && wrap_offset && ((nfd - new) <= prompt_last_invisible))
+ {
+ _rl_last_c_pos -= wrap_offset;
+ cpos_adjusted = 1;
+ }
return;
}

32
src/patches/readline/readline52-011
View File

@@ -1,32 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-011
Bug-Reported-by: Uwe Doering <gemini@geminix.org>
Bug-Reference-ID: <46F3DD72.2090801@geminix.org>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-09/msg00102.html
Bug-Description:
There is an off-by-one error in the code that buffers characters received
very quickly in succession, causing characters to be dropped.
Patch:
*** ../readline-5.2-patched/input.c 2007-08-25 13:47:10.000000000 -0400
--- input.c 2007-10-12 22:55:25.000000000 -0400
***************
*** 155,159 ****
pop_index--;
if (pop_index < 0)
! pop_index = ibuffer_len - 1;
ibuffer[pop_index] = key;
return (1);
--- 155,159 ----
pop_index--;
if (pop_index < 0)
! pop_index = ibuffer_len;
ibuffer[pop_index] = key;
return (1);

150
src/patches/readline/readline52-012
View File

@@ -1,150 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-012
Bug-Reported-by: Chet Ramey <chet.ramey@case.edu>
Bug-Reference-ID:
Bug-Reference-URL:
Bug-Description:
This updates the options required to create shared libraries on several
systems, including Mac OS X 10.5 (darwin9.x), FreeBSD, NetBSD, OpenBSD,
AIX, and HP/UX.
Patch:
*** ../readline-5.2-patched/support/shobj-conf 2006-04-11 09:15:43.000000000 -0400
--- support/shobj-conf 2007-12-06 23:46:41.000000000 -0500
***************
*** 11,15 ****
# chet@po.cwru.edu
! # Copyright (C) 1996-2002 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
--- 11,15 ----
# chet@po.cwru.edu
! # Copyright (C) 1996-2007 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
***************
*** 115,119 ****
;;
! freebsd2* | netbsd*)
SHOBJ_CFLAGS=-fpic
SHOBJ_LD=ld
--- 115,119 ----
;;
! freebsd2*)
SHOBJ_CFLAGS=-fpic
SHOBJ_LD=ld
***************
*** 126,130 ****
# FreeBSD-3.x ELF
freebsd[3-9]*|freebsdelf[3-9]*|freebsdaout[3-9]*|dragonfly*)
! SHOBJ_CFLAGS=-fpic
SHOBJ_LD='${CC}'
--- 126,130 ----
# FreeBSD-3.x ELF
freebsd[3-9]*|freebsdelf[3-9]*|freebsdaout[3-9]*|dragonfly*)
! SHOBJ_CFLAGS=-fPIC
SHOBJ_LD='${CC}'
***************
*** 143,147 ****
# Darwin/MacOS X
! darwin8*)
SHOBJ_STATUS=supported
SHLIB_STATUS=supported
--- 143,147 ----
# Darwin/MacOS X
! darwin[89]*)
SHOBJ_STATUS=supported
SHLIB_STATUS=supported
***************
*** 154,158 ****
SHLIB_LIBSUFF='dylib'
! SHOBJ_LDFLAGS='-undefined dynamic_lookup'
SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
--- 154,158 ----
SHLIB_LIBSUFF='dylib'
! SHOBJ_LDFLAGS='-dynamiclib -dynamic -undefined dynamic_lookup -arch_only `/usr/bin/arch`'
SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
***************
*** 172,176 ****
case "${host_os}" in
! darwin[78]*) SHOBJ_LDFLAGS=''
SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
;;
--- 172,176 ----
case "${host_os}" in
! darwin[789]*) SHOBJ_LDFLAGS=''
SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
;;
***************
*** 183,187 ****
;;
! openbsd*)
SHOBJ_CFLAGS=-fPIC
SHOBJ_LD='${CC}'
--- 183,187 ----
;;
! openbsd*|netbsd*)
SHOBJ_CFLAGS=-fPIC
SHOBJ_LD='${CC}'
***************
*** 248,252 ****
;;
! aix4.[2-9]*-*gcc*) # lightly tested by jik@cisco.com
SHOBJ_CFLAGS=-fpic
SHOBJ_LD='ld'
--- 248,252 ----
;;
! aix4.[2-9]*-*gcc*|aix[5-9].*-*gcc*) # lightly tested by jik@cisco.com
SHOBJ_CFLAGS=-fpic
SHOBJ_LD='ld'
***************
*** 259,263 ****
;;
! aix4.[2-9]*)
SHOBJ_CFLAGS=-K
SHOBJ_LD='ld'
--- 259,263 ----
;;
! aix4.[2-9]*|aix[5-9].*)
SHOBJ_CFLAGS=-K
SHOBJ_LD='ld'
***************
*** 330,334 ****
# if you have problems linking here, moving the `-Wl,+h,$@' from
# SHLIB_XLDFLAGS to SHOBJ_LDFLAGS has been reported to work
! SHOBJ_LDFLAGS='-shared -Wl,-b -Wl,+s'
SHLIB_XLDFLAGS='-Wl,+h,$@ -Wl,+b,$(libdir)'
--- 330,334 ----
# if you have problems linking here, moving the `-Wl,+h,$@' from
# SHLIB_XLDFLAGS to SHOBJ_LDFLAGS has been reported to work
! SHOBJ_LDFLAGS='-shared -fpic -Wl,-b -Wl,+s'
SHLIB_XLDFLAGS='-Wl,+h,$@ -Wl,+b,$(libdir)'

135
src/patches/readline/readline52-013
View File

@@ -1,135 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-013
Bug-Reported-by: slinkp <stuff@slinkp.com>
Bug-Reference-ID: <da52a26a-9f38-4861-a918-14d3482b539d@c65g2000hsa.googlegroups.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2008-05/msg00085.html
Bug-Description:
The presence of invisible characters in a prompt longer than the screenwidth
with invisible characters on the first and last prompt lines caused readline
to place the cursor in the wrong physical location.
Patch:
*** ../readline-5.2-patched/display.c 2007-12-14 21:12:40.000000000 -0500
--- display.c 2008-10-23 09:39:46.000000000 -0400
***************
*** 911,914 ****
--- 944,951 ----
OFFSET (which has already been calculated above). */
+ #define INVIS_FIRST() (prompt_physical_chars > _rl_screenwidth ? prompt_invis_chars_first_line : wrap_offset)
+ #define WRAP_OFFSET(line, offset) ((line == 0) \
+ ? (offset ? INVIS_FIRST() : 0) \
+ : ((line == prompt_last_screen_line) ? wrap_offset-prompt_invis_chars_first_line : 0))
#define W_OFFSET(line, offset) ((line) == 0 ? offset : 0)
#define VIS_LLEN(l) ((l) > _rl_vis_botlin ? 0 : (vis_lbreaks[l+1] - vis_lbreaks[l]))
***************
*** 945,949 ****
_rl_last_c_pos > wrap_offset &&
o_cpos < prompt_last_invisible)
! _rl_last_c_pos -= wrap_offset;
/* If this is the line with the prompt, we might need to
--- 982,992 ----
_rl_last_c_pos > wrap_offset &&
o_cpos < prompt_last_invisible)
! _rl_last_c_pos -= prompt_invis_chars_first_line; /* XXX - was wrap_offset */
! else if (linenum == prompt_last_screen_line && prompt_physical_chars > _rl_screenwidth &&
! (MB_CUR_MAX > 1 && rl_byte_oriented == 0) &&
! cpos_adjusted == 0 &&
! _rl_last_c_pos != o_cpos &&
! _rl_last_c_pos > (prompt_last_invisible - _rl_screenwidth - prompt_invis_chars_first_line))
! _rl_last_c_pos -= (wrap_offset-prompt_invis_chars_first_line);
/* If this is the line with the prompt, we might need to
***************
*** 1205,1209 ****
{
register char *ofd, *ols, *oe, *nfd, *nls, *ne;
! int temp, lendiff, wsatend, od, nd, o_cpos;
int current_invis_chars;
int col_lendiff, col_temp;
--- 1264,1268 ----
{
register char *ofd, *ols, *oe, *nfd, *nls, *ne;
! int temp, lendiff, wsatend, od, nd, twidth, o_cpos;
int current_invis_chars;
int col_lendiff, col_temp;
***************
*** 1221,1225 ****
temp = _rl_last_c_pos;
else
! temp = _rl_last_c_pos - W_OFFSET(_rl_last_v_pos, visible_wrap_offset);
if (temp == _rl_screenwidth && _rl_term_autowrap && !_rl_horizontal_scroll_mode
&& _rl_last_v_pos == current_line - 1)
--- 1280,1284 ----
temp = _rl_last_c_pos;
else
! temp = _rl_last_c_pos - WRAP_OFFSET (_rl_last_v_pos, visible_wrap_offset);
if (temp == _rl_screenwidth && _rl_term_autowrap && !_rl_horizontal_scroll_mode
&& _rl_last_v_pos == current_line - 1)
***************
*** 1587,1599 ****
{
_rl_output_some_chars (nfd + lendiff, temp - lendiff);
- #if 1
/* XXX -- this bears closer inspection. Fixes a redisplay bug
reported against bash-3.0-alpha by Andreas Schwab involving
multibyte characters and prompt strings with invisible
characters, but was previously disabled. */
! _rl_last_c_pos += _rl_col_width (nfd+lendiff, 0, temp-col_lendiff);
! #else
! _rl_last_c_pos += _rl_col_width (nfd+lendiff, 0, temp-lendiff);
! #endif
}
}
--- 1648,1660 ----
{
_rl_output_some_chars (nfd + lendiff, temp - lendiff);
/* XXX -- this bears closer inspection. Fixes a redisplay bug
reported against bash-3.0-alpha by Andreas Schwab involving
multibyte characters and prompt strings with invisible
characters, but was previously disabled. */
! if (MB_CUR_MAX > 1 && rl_byte_oriented == 0)
! twidth = _rl_col_width (nfd+lendiff, 0, temp-col_lendiff);
! else
! twidth = temp - lendiff;
! _rl_last_c_pos += twidth;
}
}
***************
*** 1789,1793 ****
int cpos, dpos; /* current and desired cursor positions */
! woff = W_OFFSET (_rl_last_v_pos, wrap_offset);
cpos = _rl_last_c_pos;
#if defined (HANDLE_MULTIBYTE)
--- 1850,1854 ----
int cpos, dpos; /* current and desired cursor positions */
! woff = WRAP_OFFSET (_rl_last_v_pos, wrap_offset);
cpos = _rl_last_c_pos;
#if defined (HANDLE_MULTIBYTE)
***************
*** 1803,1807 ****
prompt string, since they're both buffer indices and DPOS is a
desired display position. */
! if (new > prompt_last_invisible) /* XXX - don't use woff here */
{
dpos -= woff;
--- 1864,1872 ----
prompt string, since they're both buffer indices and DPOS is a
desired display position. */
! if ((new > prompt_last_invisible) || /* XXX - don't use woff here */
! (prompt_physical_chars > _rl_screenwidth &&
! _rl_last_v_pos == prompt_last_screen_line &&
! wrap_offset != woff &&
! new > (prompt_last_invisible-_rl_screenwidth-wrap_offset)))
{
dpos -= woff;

49
src/patches/readline/readline52-014
View File

@@ -1,49 +0,0 @@
READLINE PATCH REPORT
=====================
Readline-Release: 5.2
Patch-ID: readline52-014
Bug-Reported-by: Len Lattanzi <llattanzi@apple.com>
Bug-Reference-ID: <52B1297F-6675-45CC-B63E-24745337D006@apple.com>
Bug-Reference-URL:
Bug-Description:
On systems where mbrtowc() returns -2 when passed a length argument with
value 0, when using a multibyte locale, Readline's emacs-mode forward-char
at the end of a line will leave the point beyond the end of the line.
Patch:
*** ../readline-5.2-patched/mbutil.c 2009-05-29 23:09:26.000000000 -0400
--- mbutil.c 2009-05-29 23:10:12.000000000 -0400
***************
*** 78,82 ****
int seed, count, find_non_zero;
{
! size_t tmp;
mbstate_t ps;
int point;
--- 78,82 ----
int seed, count, find_non_zero;
{
! size_t tmp, len;
mbstate_t ps;
int point;
***************
*** 99,103 ****
while (count > 0)
{
! tmp = mbrtowc (&wc, string+point, strlen(string + point), &ps);
if (MB_INVALIDCH ((size_t)tmp))
{
--- 99,106 ----
while (count > 0)
{
! len = strlen (string + point);
! if (len == 0)
! break;
! tmp = mbrtowc (&wc, string+point, len, &ps);
if (MB_INVALIDCH ((size_t)tmp))
{