From c45c2a1561884bb51ce24c71c824829a5aa89e54 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 14 Aug 2014 12:27:15 +0200 Subject: [PATCH 01/18] Create empty core update 82. --- config/rootfiles/core/82/exclude | 20 +++++++++ config/rootfiles/core/82/filelists/files | 2 + config/rootfiles/core/82/meta | 1 + config/rootfiles/core/82/update.sh | 56 ++++++++++++++++++++++++ make.sh | 2 +- 5 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 config/rootfiles/core/82/exclude create mode 100644 config/rootfiles/core/82/filelists/files create mode 100644 config/rootfiles/core/82/meta create mode 100644 config/rootfiles/core/82/update.sh diff --git a/config/rootfiles/core/82/exclude b/config/rootfiles/core/82/exclude new file mode 100644 index 000000000..18e9b4d24 --- /dev/null +++ b/config/rootfiles/core/82/exclude @@ -0,0 +1,20 @@ +boot/config.txt +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/ovpn +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/82/filelists/files b/config/rootfiles/core/82/filelists/files new file mode 100644 index 000000000..409e5fe8a --- /dev/null +++ b/config/rootfiles/core/82/filelists/files @@ -0,0 +1,2 @@ +etc/system-release +etc/issue diff --git a/config/rootfiles/core/82/meta b/config/rootfiles/core/82/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/core/82/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/82/update.sh b/config/rootfiles/core/82/update.sh new file mode 100644 index 000000000..ed05488b4 --- /dev/null +++ b/config/rootfiles/core/82/update.sh @@ -0,0 +1,56 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2014 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=82 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services + +# Remove old strongswan files + +# Extract files +extract_files + +# Start services + +# Update Language cache +#perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Don't report the exitcode last command +exit 0 diff --git a/make.sh b/make.sh index 739fc5310..4cbdae4fa 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.15" # Version number -CORE="81" # Core Level (Filename) +CORE="82" # Core Level (Filename) PAKFIRE_CORE="81" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan From 072f4c10ccf4c28b906dd89943e3b23008211b59 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 14 Aug 2014 12:27:56 +0200 Subject: [PATCH 02/18] Move core updates 80 and 81 to oldcore. --- config/rootfiles/{core => oldcore}/80/exclude | 0 config/rootfiles/{core => oldcore}/80/filelists/bind | 0 config/rootfiles/{core => oldcore}/80/filelists/ddns | 0 config/rootfiles/{core => oldcore}/80/filelists/dnsmasq | 0 config/rootfiles/{core => oldcore}/80/filelists/files | 0 config/rootfiles/{core => oldcore}/80/filelists/i586/gmp | 0 config/rootfiles/{core => oldcore}/80/filelists/libgcrypt | 0 config/rootfiles/{core => oldcore}/80/filelists/libgpg-error | 0 config/rootfiles/{core => oldcore}/80/filelists/lzo | 0 config/rootfiles/{core => oldcore}/80/filelists/nettle | 0 config/rootfiles/{core => oldcore}/80/filelists/rng-tools | 0 config/rootfiles/{core => oldcore}/80/filelists/strongswan | 0 config/rootfiles/{core => oldcore}/80/filelists/wpa_supplicant | 0 config/rootfiles/{core => oldcore}/80/meta | 0 config/rootfiles/{core => oldcore}/80/update.sh | 0 config/rootfiles/{core => oldcore}/81/exclude | 0 config/rootfiles/{core => oldcore}/81/filelists/ddns | 0 config/rootfiles/{core => oldcore}/81/filelists/files | 0 config/rootfiles/{core => oldcore}/81/filelists/lzo | 0 config/rootfiles/{core => oldcore}/81/filelists/openssh | 0 config/rootfiles/{core => oldcore}/81/filelists/openssl | 0 config/rootfiles/{core => oldcore}/81/meta | 0 config/rootfiles/{core => oldcore}/81/update.sh | 0 23 files changed, 0 insertions(+), 0 deletions(-) rename config/rootfiles/{core => oldcore}/80/exclude (100%) rename config/rootfiles/{core => oldcore}/80/filelists/bind (100%) rename config/rootfiles/{core => oldcore}/80/filelists/ddns (100%) rename config/rootfiles/{core => oldcore}/80/filelists/dnsmasq (100%) rename config/rootfiles/{core => oldcore}/80/filelists/files (100%) rename config/rootfiles/{core => oldcore}/80/filelists/i586/gmp (100%) rename config/rootfiles/{core => oldcore}/80/filelists/libgcrypt (100%) rename config/rootfiles/{core => oldcore}/80/filelists/libgpg-error (100%) rename config/rootfiles/{core => oldcore}/80/filelists/lzo (100%) rename config/rootfiles/{core => oldcore}/80/filelists/nettle (100%) rename config/rootfiles/{core => oldcore}/80/filelists/rng-tools (100%) rename config/rootfiles/{core => oldcore}/80/filelists/strongswan (100%) rename config/rootfiles/{core => oldcore}/80/filelists/wpa_supplicant (100%) rename config/rootfiles/{core => oldcore}/80/meta (100%) rename config/rootfiles/{core => oldcore}/80/update.sh (100%) rename config/rootfiles/{core => oldcore}/81/exclude (100%) rename config/rootfiles/{core => oldcore}/81/filelists/ddns (100%) rename config/rootfiles/{core => oldcore}/81/filelists/files (100%) rename config/rootfiles/{core => oldcore}/81/filelists/lzo (100%) rename config/rootfiles/{core => oldcore}/81/filelists/openssh (100%) rename config/rootfiles/{core => oldcore}/81/filelists/openssl (100%) rename config/rootfiles/{core => oldcore}/81/meta (100%) rename config/rootfiles/{core => oldcore}/81/update.sh (100%) diff --git a/config/rootfiles/core/80/exclude b/config/rootfiles/oldcore/80/exclude similarity index 100% rename from config/rootfiles/core/80/exclude rename to config/rootfiles/oldcore/80/exclude diff --git a/config/rootfiles/core/80/filelists/bind b/config/rootfiles/oldcore/80/filelists/bind similarity index 100% rename from config/rootfiles/core/80/filelists/bind rename to config/rootfiles/oldcore/80/filelists/bind diff --git a/config/rootfiles/core/80/filelists/ddns b/config/rootfiles/oldcore/80/filelists/ddns similarity index 100% rename from config/rootfiles/core/80/filelists/ddns rename to config/rootfiles/oldcore/80/filelists/ddns diff --git a/config/rootfiles/core/80/filelists/dnsmasq b/config/rootfiles/oldcore/80/filelists/dnsmasq similarity index 100% rename from config/rootfiles/core/80/filelists/dnsmasq rename to config/rootfiles/oldcore/80/filelists/dnsmasq diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/oldcore/80/filelists/files similarity index 100% rename from config/rootfiles/core/80/filelists/files rename to config/rootfiles/oldcore/80/filelists/files diff --git a/config/rootfiles/core/80/filelists/i586/gmp b/config/rootfiles/oldcore/80/filelists/i586/gmp similarity index 100% rename from config/rootfiles/core/80/filelists/i586/gmp rename to config/rootfiles/oldcore/80/filelists/i586/gmp diff --git a/config/rootfiles/core/80/filelists/libgcrypt b/config/rootfiles/oldcore/80/filelists/libgcrypt similarity index 100% rename from config/rootfiles/core/80/filelists/libgcrypt rename to config/rootfiles/oldcore/80/filelists/libgcrypt diff --git a/config/rootfiles/core/80/filelists/libgpg-error b/config/rootfiles/oldcore/80/filelists/libgpg-error similarity index 100% rename from config/rootfiles/core/80/filelists/libgpg-error rename to config/rootfiles/oldcore/80/filelists/libgpg-error diff --git a/config/rootfiles/core/80/filelists/lzo b/config/rootfiles/oldcore/80/filelists/lzo similarity index 100% rename from config/rootfiles/core/80/filelists/lzo rename to config/rootfiles/oldcore/80/filelists/lzo diff --git a/config/rootfiles/core/80/filelists/nettle b/config/rootfiles/oldcore/80/filelists/nettle similarity index 100% rename from config/rootfiles/core/80/filelists/nettle rename to config/rootfiles/oldcore/80/filelists/nettle diff --git a/config/rootfiles/core/80/filelists/rng-tools b/config/rootfiles/oldcore/80/filelists/rng-tools similarity index 100% rename from config/rootfiles/core/80/filelists/rng-tools rename to config/rootfiles/oldcore/80/filelists/rng-tools diff --git a/config/rootfiles/core/80/filelists/strongswan b/config/rootfiles/oldcore/80/filelists/strongswan similarity index 100% rename from config/rootfiles/core/80/filelists/strongswan rename to config/rootfiles/oldcore/80/filelists/strongswan diff --git a/config/rootfiles/core/80/filelists/wpa_supplicant b/config/rootfiles/oldcore/80/filelists/wpa_supplicant similarity index 100% rename from config/rootfiles/core/80/filelists/wpa_supplicant rename to config/rootfiles/oldcore/80/filelists/wpa_supplicant diff --git a/config/rootfiles/core/80/meta b/config/rootfiles/oldcore/80/meta similarity index 100% rename from config/rootfiles/core/80/meta rename to config/rootfiles/oldcore/80/meta diff --git a/config/rootfiles/core/80/update.sh b/config/rootfiles/oldcore/80/update.sh similarity index 100% rename from config/rootfiles/core/80/update.sh rename to config/rootfiles/oldcore/80/update.sh diff --git a/config/rootfiles/core/81/exclude b/config/rootfiles/oldcore/81/exclude similarity index 100% rename from config/rootfiles/core/81/exclude rename to config/rootfiles/oldcore/81/exclude diff --git a/config/rootfiles/core/81/filelists/ddns b/config/rootfiles/oldcore/81/filelists/ddns similarity index 100% rename from config/rootfiles/core/81/filelists/ddns rename to config/rootfiles/oldcore/81/filelists/ddns diff --git a/config/rootfiles/core/81/filelists/files b/config/rootfiles/oldcore/81/filelists/files similarity index 100% rename from config/rootfiles/core/81/filelists/files rename to config/rootfiles/oldcore/81/filelists/files diff --git a/config/rootfiles/core/81/filelists/lzo b/config/rootfiles/oldcore/81/filelists/lzo similarity index 100% rename from config/rootfiles/core/81/filelists/lzo rename to config/rootfiles/oldcore/81/filelists/lzo diff --git a/config/rootfiles/core/81/filelists/openssh b/config/rootfiles/oldcore/81/filelists/openssh similarity index 100% rename from config/rootfiles/core/81/filelists/openssh rename to config/rootfiles/oldcore/81/filelists/openssh diff --git a/config/rootfiles/core/81/filelists/openssl b/config/rootfiles/oldcore/81/filelists/openssl similarity index 100% rename from config/rootfiles/core/81/filelists/openssl rename to config/rootfiles/oldcore/81/filelists/openssl diff --git a/config/rootfiles/core/81/meta b/config/rootfiles/oldcore/81/meta similarity index 100% rename from config/rootfiles/core/81/meta rename to config/rootfiles/oldcore/81/meta diff --git a/config/rootfiles/core/81/update.sh b/config/rootfiles/oldcore/81/update.sh similarity index 100% rename from config/rootfiles/core/81/update.sh rename to config/rootfiles/oldcore/81/update.sh From d82668d553b7005fbf1666e6336ecb5e63f0a11d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 14 Aug 2014 12:45:37 +0200 Subject: [PATCH 03/18] core82: Add changed files --- config/rootfiles/core/82/filelists/armv5tel/gmp | 1 + config/rootfiles/core/82/filelists/batctl | 1 + config/rootfiles/core/82/filelists/boost | 1 + config/rootfiles/core/82/filelists/files | 13 +++++++++++++ config/rootfiles/core/82/filelists/i586/gmp | 1 + config/rootfiles/core/82/filelists/libnl-3 | 1 + config/rootfiles/core/82/filelists/mpfr | 1 + config/rootfiles/core/82/update.sh | 5 +++-- 8 files changed, 22 insertions(+), 2 deletions(-) create mode 120000 config/rootfiles/core/82/filelists/armv5tel/gmp create mode 120000 config/rootfiles/core/82/filelists/batctl create mode 120000 config/rootfiles/core/82/filelists/boost create mode 120000 config/rootfiles/core/82/filelists/i586/gmp create mode 120000 config/rootfiles/core/82/filelists/libnl-3 create mode 120000 config/rootfiles/core/82/filelists/mpfr diff --git a/config/rootfiles/core/82/filelists/armv5tel/gmp b/config/rootfiles/core/82/filelists/armv5tel/gmp new file mode 120000 index 000000000..2bdf30dac --- /dev/null +++ b/config/rootfiles/core/82/filelists/armv5tel/gmp @@ -0,0 +1 @@ +../../../../common/armv5tel/gmp \ No newline at end of file diff --git a/config/rootfiles/core/82/filelists/batctl b/config/rootfiles/core/82/filelists/batctl new file mode 120000 index 000000000..6a6edde44 --- /dev/null +++ b/config/rootfiles/core/82/filelists/batctl @@ -0,0 +1 @@ +../../../common/batctl \ No newline at end of file diff --git a/config/rootfiles/core/82/filelists/boost b/config/rootfiles/core/82/filelists/boost new file mode 120000 index 000000000..05246f07c --- /dev/null +++ b/config/rootfiles/core/82/filelists/boost @@ -0,0 +1 @@ +../../../common/boost \ No newline at end of file diff --git a/config/rootfiles/core/82/filelists/files b/config/rootfiles/core/82/filelists/files index 409e5fe8a..19e551c60 100644 --- a/config/rootfiles/core/82/filelists/files +++ b/config/rootfiles/core/82/filelists/files @@ -1,2 +1,15 @@ etc/system-release etc/issue +etc/rc.d/init.d/firewall +etc/rc.d/init.d/networking/red.down/20-firewall +etc/rc.d/init.d/networking/red.up/20-firewall +srv/web/ipfire/cgi-bin/connections.cgi +srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/fwhosts.cgi +srv/web/ipfire/cgi-bin/optionsfw.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/proxy.cgi +usr/lib/firewall/rules.pl +var/ipfire/general-functions.pl +var/ipfire/langs +var/ipfire/network-functions.pl diff --git a/config/rootfiles/core/82/filelists/i586/gmp b/config/rootfiles/core/82/filelists/i586/gmp new file mode 120000 index 000000000..52a09cd0b --- /dev/null +++ b/config/rootfiles/core/82/filelists/i586/gmp @@ -0,0 +1 @@ +../../../../common/i586/gmp \ No newline at end of file diff --git a/config/rootfiles/core/82/filelists/libnl-3 b/config/rootfiles/core/82/filelists/libnl-3 new file mode 120000 index 000000000..00e61c261 --- /dev/null +++ b/config/rootfiles/core/82/filelists/libnl-3 @@ -0,0 +1 @@ +../../../common/libnl-3 \ No newline at end of file diff --git a/config/rootfiles/core/82/filelists/mpfr b/config/rootfiles/core/82/filelists/mpfr new file mode 120000 index 000000000..c8468bf42 --- /dev/null +++ b/config/rootfiles/core/82/filelists/mpfr @@ -0,0 +1 @@ +../../../common/mpfr \ No newline at end of file diff --git a/config/rootfiles/core/82/update.sh b/config/rootfiles/core/82/update.sh index ed05488b4..76677ae57 100644 --- a/config/rootfiles/core/82/update.sh +++ b/config/rootfiles/core/82/update.sh @@ -33,7 +33,8 @@ done # Stop services -# Remove old strongswan files +# Remove old files +rm -vf /etc/rc.d/init.d/networking/red.up/20-RL-firewall # Extract files extract_files @@ -41,7 +42,7 @@ extract_files # Start services # Update Language cache -#perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" sync From d2a08170b9c36fbd4058d91178d8d873d6b722c1 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 19 Aug 2014 16:17:13 +0200 Subject: [PATCH 04/18] ppp: update to 2.4.7. Fix for ms-chap-v2. fixes #10575. --- config/rootfiles/common/ppp | 24 ++++++++++++------------ config/rootfiles/core/82/filelists/ppp | 1 + lfs/ppp | 6 +++--- 3 files changed, 16 insertions(+), 15 deletions(-) create mode 120000 config/rootfiles/core/82/filelists/ppp diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index 709e0d0e0..46c2f83b3 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -33,18 +33,18 @@ etc/ppp/standardloginscript #usr/include/pppd/tdb.h #usr/include/pppd/upap.h usr/lib/pppd -usr/lib/pppd/2.4.6 -usr/lib/pppd/2.4.6/minconn.so -usr/lib/pppd/2.4.6/openl2tp.so -usr/lib/pppd/2.4.6/passprompt.so -usr/lib/pppd/2.4.6/passwordfd.so -usr/lib/pppd/2.4.6/pppoatm.so -usr/lib/pppd/2.4.6/pppol2tp.so -usr/lib/pppd/2.4.6/radattr.so -usr/lib/pppd/2.4.6/radius.so -usr/lib/pppd/2.4.6/radrealms.so -usr/lib/pppd/2.4.6/rp-pppoe.so -usr/lib/pppd/2.4.6/winbind.so +usr/lib/pppd/2.4.7 +#usr/lib/pppd/2.4.7/minconn.so +#usr/lib/pppd/2.4.7/openl2tp.so +#usr/lib/pppd/2.4.7/passprompt.so +#usr/lib/pppd/2.4.7/passwordfd.so +#usr/lib/pppd/2.4.7/pppoatm.so +#usr/lib/pppd/2.4.7/pppol2tp.so +#usr/lib/pppd/2.4.7/radattr.so +#usr/lib/pppd/2.4.7/radius.so +#usr/lib/pppd/2.4.7/radrealms.so +#usr/lib/pppd/2.4.7/rp-pppoe.so +#usr/lib/pppd/2.4.7/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump diff --git a/config/rootfiles/core/82/filelists/ppp b/config/rootfiles/core/82/filelists/ppp new file mode 120000 index 000000000..4844a9b58 --- /dev/null +++ b/config/rootfiles/core/82/filelists/ppp @@ -0,0 +1 @@ +../../../common/ppp \ No newline at end of file diff --git a/lfs/ppp b/lfs/ppp index 3c60938dc..f25531006 100644 --- a/lfs/ppp +++ b/lfs/ppp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2014 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.4.6 +VER = 2.4.7 THISAPP = ppp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 3434d2cc9327167a0723aaaa8670083b +$(DL_FILE)_MD5 = 78818f40e6d33a1d1de68a1551f6595a install : $(TARGET) From 6b271ee283d7b62b92d099f5140a3f4e1b95257e Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 20 Aug 2014 21:56:35 +0200 Subject: [PATCH 05/18] iputils: Ship tracepath --- config/rootfiles/common/iputils | 1 + lfs/iputils | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/common/iputils b/config/rootfiles/common/iputils index 12bab801d..934b55509 100644 --- a/config/rootfiles/common/iputils +++ b/config/rootfiles/common/iputils @@ -1 +1,2 @@ usr/bin/ping +usr/bin/tracepath diff --git a/lfs/iputils b/lfs/iputils index deb92357a..7741c0ed0 100644 --- a/lfs/iputils +++ b/lfs/iputils @@ -73,7 +73,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/iputils-20020927-headers.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/iputils-20020927-rh.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/iputils-glibckernheaders.patch - cd $(DIR_APP) && make ping - cd $(DIR_APP) && install -m 0755 ping /usr/bin + cd $(DIR_APP) && make ping tracepath + cd $(DIR_APP) && install -m 4755 ping /usr/bin + cd $(DIR_APP) && install -m 0755 tracepath /usr/bin + + # Some scripts expect ping in /bin/ping. + ln -svf ../usr/bin/ping /bin/ping + @rm -rf $(DIR_APP) @$(POSTBUILD) From f204a2e64989f609629c014c0126171534989c85 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 21 Aug 2014 10:46:34 +0200 Subject: [PATCH 06/18] initscripts: Remove old firewall-reload symlink --- lfs/initscripts | 1 - 1 file changed, 1 deletion(-) diff --git a/lfs/initscripts b/lfs/initscripts index ab870dc77..4acf65e13 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -180,7 +180,6 @@ $(TARGET) : ln -sf ../init.d/wlanclient /etc/rc.d/rc6.d/K82wlanclient ln -sf ../../dnsmasq /etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq - ln -sf ../../firewall /etc/rc.d/init.d/networking/red.up/20-RL-firewall ln -sf ../../../../../usr/local/bin/snortctrl \ /etc/rc.d/init.d/networking/red.up/23-RS-snort ln -sf ../../../../../usr/local/bin/qosctrl \ From 6de2306a6a7f8836c5d5ea7f1541a2cf68a09377 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 21 Aug 2014 10:47:11 +0200 Subject: [PATCH 07/18] Rootfile update --- config/rootfiles/packages/owncloud | 12 ++++++------ config/rootfiles/packages/squid-accounting | 9 +++++---- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/config/rootfiles/packages/owncloud b/config/rootfiles/packages/owncloud index acfb40d6c..fed3b09c4 100644 --- a/config/rootfiles/packages/owncloud +++ b/config/rootfiles/packages/owncloud @@ -9944,14 +9944,14 @@ srv/web/owncloud #srv/web/owncloud/core/img/favicon.png #srv/web/owncloud/core/img/favicon.svg #srv/web/owncloud/core/img/filetypes -#srv/web/owncloud/core/img/filetypes/application-epub#zip.png -#srv/web/owncloud/core/img/filetypes/application-epub#zip.svg +#srv/web/owncloud/core/img/filetypes/application-epub+zip.png +#srv/web/owncloud/core/img/filetypes/application-epub+zip.svg #srv/web/owncloud/core/img/filetypes/application-javascript.png #srv/web/owncloud/core/img/filetypes/application-javascript.svg #srv/web/owncloud/core/img/filetypes/application-pdf.png #srv/web/owncloud/core/img/filetypes/application-pdf.svg -#srv/web/owncloud/core/img/filetypes/application-rss#xml.png -#srv/web/owncloud/core/img/filetypes/application-rss#xml.svg +#srv/web/owncloud/core/img/filetypes/application-rss+xml.png +#srv/web/owncloud/core/img/filetypes/application-rss+xml.svg #srv/web/owncloud/core/img/filetypes/application-x-cbr.png #srv/web/owncloud/core/img/filetypes/application-x-cbr.svg #srv/web/owncloud/core/img/filetypes/application-x-shockwave-flash.png @@ -9976,8 +9976,8 @@ srv/web/owncloud #srv/web/owncloud/core/img/filetypes/folder.svg #srv/web/owncloud/core/img/filetypes/font.png #srv/web/owncloud/core/img/filetypes/font.svg -#srv/web/owncloud/core/img/filetypes/image-svg#xml.png -#srv/web/owncloud/core/img/filetypes/image-svg#xml.svg +#srv/web/owncloud/core/img/filetypes/image-svg+xml.png +#srv/web/owncloud/core/img/filetypes/image-svg+xml.svg #srv/web/owncloud/core/img/filetypes/image.png #srv/web/owncloud/core/img/filetypes/image.svg #srv/web/owncloud/core/img/filetypes/package-x-generic.png diff --git a/config/rootfiles/packages/squid-accounting b/config/rootfiles/packages/squid-accounting index 73a75ef60..29d09a1e7 100644 --- a/config/rootfiles/packages/squid-accounting +++ b/config/rootfiles/packages/squid-accounting @@ -1,13 +1,14 @@ etc/fcron.hourly/squid-accounting -var/log/accounting.log srv/web/ipfire/cgi-bin/accounting.cgi +#srv/web/ipfire/html/accounting srv/web/ipfire/html/accounting/logo usr/local/bin/acct.pl var/ipfire/accounting -var/ipfire/accounting/dbinstall.pl -var/ipfire/accounting/bill var/ipfire/accounting/acct-lib.pl +var/ipfire/accounting/bill +var/ipfire/accounting/dbinstall.pl var/ipfire/addon-lang/acct.de.pl var/ipfire/addon-lang/acct.en.pl -var/ipfire/menu.d/EX-squid-accounting.menu var/ipfire/backup/addons/includes/squid-accounting +var/ipfire/menu.d/EX-squid-accounting.menu +var/log/accounting.log From e7204c2d95f34802c2719cce613e4c7aafabb687 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 21 Aug 2014 16:12:43 +0200 Subject: [PATCH 08/18] firewall: Fix initialization when RED has not been brought up yet --- src/initscripts/init.d/firewall | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 0d80e7cd6..c7f8b679d 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -369,8 +369,10 @@ iptables_red_down() { # while the wan interface is down - this is required to # circumvent udp related NAT issues # http://forum.ipfire.org/index.php?topic=11127.0 - iptables -F REDFORWARD - iptables -A REDFORWARD -o $IFACE -j DROP + if [ -n "${IFACE}" ]; then + iptables -F REDFORWARD + iptables -A REDFORWARD -o "${IFACE}" -j DROP + fi # Reload all rules. /usr/local/bin/firewallctrl From 05370b30da58d10f9935cf1c4cb8f23ab769b32e Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 21 Aug 2014 23:38:30 +0200 Subject: [PATCH 09/18] core82: finish update --- make.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make.sh b/make.sh index 4cbdae4fa..ce45d0d9e 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.15" # Version number CORE="82" # Core Level (Filename) -PAKFIRE_CORE="81" # Core Level (PAKFIRE) +PAKFIRE_CORE="82" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir From bfea8d7d2fb35e2a722cd3e16f7b4126c18f7165 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 24 Aug 2014 14:46:06 +0200 Subject: [PATCH 10/18] findutils: Run updatedb once a week As suggested in bug #10303 --- config/findutils/updatedb | 16 ++++++++++++++++ config/rootfiles/common/fcron | 1 - config/rootfiles/common/findutils | 2 ++ lfs/findutils | 4 ++++ 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 config/findutils/updatedb diff --git a/config/findutils/updatedb b/config/findutils/updatedb new file mode 100644 index 000000000..bc4809f91 --- /dev/null +++ b/config/findutils/updatedb @@ -0,0 +1,16 @@ +#!/bin/bash + +[ -x "/usr/bin/updatedb" ] || exit 0 + +LOCKFILE="/var/lib/locate/updatedb.lock" + +trap "rm -f $LOCKFILE" EXIT + +if [ -e "$LOCKFILE" ]; then + echo >&2 "Warning: $LOCKFILE present, not running updatedb." + exit 1 +else + touch "$LOCKFILE" +fi + +exec /usr/bin/updatedb diff --git a/config/rootfiles/common/fcron b/config/rootfiles/common/fcron index b3a1c4960..89f68a76c 100644 --- a/config/rootfiles/common/fcron +++ b/config/rootfiles/common/fcron @@ -11,7 +11,6 @@ etc/fcron.hourly/info.txt etc/fcron.minutely/info.txt #etc/fcron.monthly etc/fcron.monthly/info.txt -#etc/fcron.weekly etc/fcron.weekly/info.txt usr/bin/fcronsighup usr/bin/fcrontab diff --git a/config/rootfiles/common/findutils b/config/rootfiles/common/findutils index 13cae26eb..ac4fffe95 100644 --- a/config/rootfiles/common/findutils +++ b/config/rootfiles/common/findutils @@ -1,3 +1,5 @@ +#etc/fcron.weekly +etc/fcron.weekly/updatedb bin/find usr/bin/locate #usr/bin/oldfind diff --git a/lfs/findutils b/lfs/findutils index c05aca3cb..e2dd04a02 100644 --- a/lfs/findutils +++ b/lfs/findutils @@ -91,6 +91,10 @@ ifeq "$(ROOT)" "" mv -v /usr/bin/find /bin sed -i -e 's|BINDIR=/usr/bin|BINDIR=/bin|' /usr/bin/updatedb -mkdir -p /var/lib/locate + + -mkdir -pv /etc/fcron.weekly + install -v -m 754 $(DIR_SRC)/config/findutils/updatedb \ + /etc/fcron.weekly/updatedb endif @rm -rf $(DIR_APP) @$(POSTBUILD) From ff6d34ab8b0cc8ad7f2c425bfc58f469aa6bb48e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 24 Aug 2014 15:14:25 +0200 Subject: [PATCH 11/18] minidlna: Update to 1.1.3 Fixes #10573 --- config/rootfiles/packages/minidlna | 14 +++++++++++++- lfs/minidlna | 10 +++++----- src/initscripts/init.d/minidlna | 8 ++++---- 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/config/rootfiles/packages/minidlna b/config/rootfiles/packages/minidlna index c30e30b40..f0b953653 100644 --- a/config/rootfiles/packages/minidlna +++ b/config/rootfiles/packages/minidlna @@ -1,3 +1,15 @@ etc/rc.d/init.d/minidlna etc/minidlna.conf -usr/sbin/minidlna +usr/sbin/minidlnad +#usr/share/locale/da/LC_MESSAGES/minidlna.mo +#usr/share/locale/de/LC_MESSAGES/minidlna.mo +#usr/share/locale/es/LC_MESSAGES/minidlna.mo +#usr/share/locale/fr/LC_MESSAGES/minidlna.mo +#usr/share/locale/it/LC_MESSAGES/minidlna.mo +#usr/share/locale/ja/LC_MESSAGES/minidlna.mo +#usr/share/locale/nb/LC_MESSAGES/minidlna.mo +#usr/share/locale/nl/LC_MESSAGES/minidlna.mo +#usr/share/locale/pl/LC_MESSAGES/minidlna.mo +#usr/share/locale/ru/LC_MESSAGES/minidlna.mo +#usr/share/locale/sl/LC_MESSAGES/minidlna.mo +#usr/share/locale/sv/LC_MESSAGES/minidlna.mo diff --git a/lfs/minidlna b/lfs/minidlna index 26ec3dd00..155cd4a07 100644 --- a/lfs/minidlna +++ b/lfs/minidlna @@ -24,15 +24,15 @@ include Config -VER = 1.0.25 +VER = 1.1.3 THISAPP = minidlna-$(VER) -DL_FILE = minidlna_$(VER)_src.tar.gz +DL_FILE = minidlna-$(VER).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = minidlna -PAK_VER = 2 +PAK_VER = 3 DEPS = "ffmpeg flac libexif libid3tag libogg sqlite" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = d966256baf2f9b068b9de871ab5dade5 +$(DL_FILE)_MD5 = 879027192c89e5376cdd2ae2d1aa33b4 install : $(TARGET) @@ -77,7 +77,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && sed -i '/include/a #include /' metadata.c + cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install diff --git a/src/initscripts/init.d/minidlna b/src/initscripts/init.d/minidlna index 682306760..74ad8f880 100644 --- a/src/initscripts/init.d/minidlna +++ b/src/initscripts/init.d/minidlna @@ -16,17 +16,17 @@ case "${1}" in start) boot_mesg "Starting minidlna..." - loadproc /usr/sbin/minidlna + loadproc /usr/sbin/minidlnad ;; stop) boot_mesg "Stopping minidlna..." - killproc /usr/sbin/minidlna + killproc /usr/sbin/minidlnad ;; reload) boot_mesg "Reloading minidlna..." - reloadproc /usr/sbin/minidlna + reloadproc /usr/sbin/minidlnad ;; restart) @@ -36,7 +36,7 @@ case "${1}" in ;; status) - statusproc /usr/sbin/minidlna + statusproc /usr/sbin/minidlnad ;; *) From d79fbce44e9baa9dceda2ad08bf91c16e04024d2 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 24 Aug 2014 15:22:04 +0200 Subject: [PATCH 12/18] findutils: Cannot use exec here or the lockfile won't be removed --- config/findutils/updatedb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/findutils/updatedb b/config/findutils/updatedb index bc4809f91..6cc188672 100644 --- a/config/findutils/updatedb +++ b/config/findutils/updatedb @@ -13,4 +13,4 @@ else touch "$LOCKFILE" fi -exec /usr/bin/updatedb +/usr/bin/updatedb From 94b3d7d2f298d0d52a622210529cd4901060cd25 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 28 Aug 2014 16:09:31 +0200 Subject: [PATCH 13/18] squid: Update to 3.4.7 Solves a DoS issue "Ignore Range headers with unidentifiable byte-range values" filed under security advisory SQUID-2014:2 and CVE-2014-3609. --- lfs/squid | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/squid b/lfs/squid index e050b17c5..921feebf2 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@ include Config -VER = 3.4.5 +VER = 3.4.7 THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = a831efb36cfbaa419f8dc7a43cba72c9 +$(DL_FILE)_MD5 = 74677634121649ccb87a5655fcd4298d install : $(TARGET) From 8fbcf730aee1210abd399ecab5f68dbc9c01bad2 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 28 Aug 2014 17:01:44 +0200 Subject: [PATCH 14/18] proxy.cgi: Move ACL definitions up ACl definitions could not be used in some other directives unless they are defined earlier. --- html/cgi-bin/proxy.cgi | 84 +++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 772852bb8..ba2455a96 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3221,6 +3221,48 @@ END print FILE "\n"; } + open (PORTS,"$acl_ports_ssl"); + my @ssl_ports = ; + close PORTS; + + if (@ssl_ports) { + foreach (@ssl_ports) { + print FILE "acl SSL_ports port $_"; + } + } + + open (PORTS,"$acl_ports_safe"); + my @safe_ports = ; + close PORTS; + + if (@safe_ports) { + foreach (@safe_ports) { + print FILE "acl Safe_ports port $_"; + } + } + + print FILE < 0) { print FILE <; -close PORTS; - -if (@ssl_ports) { - foreach (@ssl_ports) { - print FILE "acl SSL_ports port $_"; - } -} - -open (PORTS,"$acl_ports_safe"); -my @safe_ports = ; -close PORTS; - -if (@safe_ports) { - foreach (@safe_ports) { - print FILE "acl Safe_ports port $_"; - } -} - - print FILE < Date: Wed, 3 Sep 2014 21:49:01 +0200 Subject: [PATCH 15/18] glibc: Import several fixes from RHEL. Fixes #10611, CVE-2014-5119 among other bug fixes. --- lfs/glibc | 6 + src/patches/glibc/glibc-rh1008310.patch | 45 ++ src/patches/glibc/glibc-rh1022022.patch | 20 + src/patches/glibc/glibc-rh1091162.patch | 58 ++ src/patches/glibc/glibc-rh1098050.patch | 28 + src/patches/glibc/glibc-rh1133809-1.patch | 199 +++++++ src/patches/glibc/glibc-rh1133809-2.patch | 625 ++++++++++++++++++++++ 7 files changed, 981 insertions(+) create mode 100644 src/patches/glibc/glibc-rh1008310.patch create mode 100644 src/patches/glibc/glibc-rh1022022.patch create mode 100644 src/patches/glibc/glibc-rh1091162.patch create mode 100644 src/patches/glibc/glibc-rh1098050.patch create mode 100644 src/patches/glibc/glibc-rh1133809-1.patch create mode 100644 src/patches/glibc/glibc-rh1133809-2.patch diff --git a/lfs/glibc b/lfs/glibc index f0d8aba64..32c494f24 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -268,6 +268,12 @@ endif cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh966775.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh966778.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh970090.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1008310.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1022022.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1091162.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1098050.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1133809-1.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1133809-2.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch diff --git a/src/patches/glibc/glibc-rh1008310.patch b/src/patches/glibc/glibc-rh1008310.patch new file mode 100644 index 000000000..3658a9f31 --- /dev/null +++ b/src/patches/glibc/glibc-rh1008310.patch @@ -0,0 +1,45 @@ +diff -Nrup a/malloc/malloc.c b/malloc/malloc.c +--- a/malloc/malloc.c 2013-09-23 17:08:33.698331221 -0400 ++++ b/malloc/malloc.c 2013-09-23 21:04:25.901270645 -0400 +@@ -3879,6 +3879,13 @@ public_mEMALIGn(size_t alignment, size_t + /* Otherwise, ensure that it is at least a minimum chunk size */ + if (alignment < MINSIZE) alignment = MINSIZE; + ++ /* Check for overflow. */ ++ if (bytes > SIZE_MAX - alignment - MINSIZE) ++ { ++ __set_errno (ENOMEM); ++ return 0; ++ } ++ + arena_get(ar_ptr, bytes + alignment + MINSIZE); + if(!ar_ptr) + return 0; +@@ -3924,6 +3931,13 @@ public_vALLOc(size_t bytes) + + size_t pagesz = mp_.pagesize; + ++ /* Check for overflow. */ ++ if (bytes > SIZE_MAX - pagesz - MINSIZE) ++ { ++ __set_errno (ENOMEM); ++ return 0; ++ } ++ + __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t, + __const __malloc_ptr_t)) = + force_reg (__memalign_hook); +@@ -3975,6 +3989,13 @@ public_pVALLOc(size_t bytes) + size_t page_mask = mp_.pagesize - 1; + size_t rounded_bytes = (bytes + page_mask) & ~(page_mask); + ++ /* Check for overflow. */ ++ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE) ++ { ++ __set_errno (ENOMEM); ++ return 0; ++ } ++ + __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t, + __const __malloc_ptr_t)) = + force_reg (__memalign_hook); diff --git a/src/patches/glibc/glibc-rh1022022.patch b/src/patches/glibc/glibc-rh1022022.patch new file mode 100644 index 000000000..6d23bb1e1 --- /dev/null +++ b/src/patches/glibc/glibc-rh1022022.patch @@ -0,0 +1,20 @@ +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 81e928a..05883bd 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -832,8 +832,13 @@ gaih_inet (const char *name, const struct gaih_service *service, + while (!no_more) + { + no_data = 0; +- nss_gethostbyname4_r fct4 +- = __nss_lookup_function (nip, "gethostbyname4_r"); ++ nss_gethostbyname4_r fct4 = NULL; ++ ++ /* gethostbyname4_r sends out parallel A and AAAA queries and ++ is thus only suitable for PF_UNSPEC. */ ++ if (req->ai_family == PF_UNSPEC) ++ fct4 = __nss_lookup_function (nip, "gethostbyname4_r"); ++ + if (fct4 != NULL) + { + int herrno; diff --git a/src/patches/glibc/glibc-rh1091162.patch b/src/patches/glibc/glibc-rh1091162.patch new file mode 100644 index 000000000..782568282 --- /dev/null +++ b/src/patches/glibc/glibc-rh1091162.patch @@ -0,0 +1,58 @@ +commit 362b47fe09ca9a928d444c7e2f7992f7f61bfc3e +Author: Maxim Kuvyrkov +Date: Tue Dec 24 09:44:50 2013 +1300 + + Fix race in free() of fastbin chunk: BZ #15073 + + Perform sanity check only if we have_lock. Due to lockless nature of fastbins + we need to be careful derefencing pointers to fastbin entries (chunksize(old) + in this case) in multithreaded environments. + + The fix is to add have_lock to the if-condition checks. The rest of the patch + only makes code more readable. + + * malloc/malloc.c (_int_free): Perform sanity check only if we + have_lock. + +diff --git a/malloc/malloc.c b/malloc/malloc.c +index b1668b5..5e419ad 100644 +--- a/malloc/malloc.c ++++ b/malloc/malloc.c +@@ -3783,25 +3783,29 @@ _int_free(mstate av, mchunkptr p, int have_lock) + fb = &fastbin (av, idx); + + #ifdef ATOMIC_FASTBINS +- mchunkptr fd; +- mchunkptr old = *fb; ++ /* Atomically link P to its fastbin: P->FD = *FB; *FB = P; */ ++ mchunkptr old = *fb, old2; + unsigned int old_idx = ~0u; + do + { +- /* Another simple check: make sure the top of the bin is not the +- record we are going to add (i.e., double free). */ ++ /* Check that the top of the bin is not the record we are going to add ++ (i.e., double free). */ + if (__builtin_expect (old == p, 0)) + { + errstr = "double free or corruption (fasttop)"; + goto errout; + } +- if (old != NULL) ++ /* Check that size of fastbin chunk at the top is the same as ++ size of the chunk that we are adding. We can dereference OLD ++ only if we have the lock, otherwise it might have already been ++ deallocated. See use of OLD_IDX below for the actual check. */ ++ if (have_lock && old != NULL) + old_idx = fastbin_index(chunksize(old)); +- p->fd = fd = old; ++ p->fd = old2 = old; + } +- while ((old = catomic_compare_and_exchange_val_rel (fb, p, fd)) != fd); ++ while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2)) != old2); + +- if (fd != NULL && __builtin_expect (old_idx != idx, 0)) ++ if (have_lock && old != NULL && __builtin_expect (old_idx != idx, 0)) + { + errstr = "invalid fastbin entry (free)"; + goto errout; diff --git a/src/patches/glibc/glibc-rh1098050.patch b/src/patches/glibc/glibc-rh1098050.patch new file mode 100644 index 000000000..e5ff3ca1b --- /dev/null +++ b/src/patches/glibc/glibc-rh1098050.patch @@ -0,0 +1,28 @@ +commit cf26a0cb6a0bbaca46a01ddad6662e5e5159a32a +Author: Siddhesh Poyarekar +Date: Thu May 15 12:33:11 2014 +0530 + + Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (BZ #16849) + + getaddrinfo correctly returns EAI_AGAIN for AF_INET and AF_INET6 + queries. For AF_UNSPEC however, an older change + (a682a1bf553b1efe4dbb03207fece5b719cec482) broke the check and due to + that the returned error was EAI_NONAME. + + This patch fixes the check so that a non-authoritative not-found is + returned as EAI_AGAIN to the user instead of EAI_NONAME. + +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 6258330..8f392b9 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -867,8 +867,7 @@ gaih_inet (const char *name, const struct gaih_service *service, + if (status != NSS_STATUS_TRYAGAIN + || rc != ERANGE || herrno != NETDB_INTERNAL) + { +- if (status == NSS_STATUS_TRYAGAIN +- && herrno == TRY_AGAIN) ++ if (herrno == TRY_AGAIN) + no_data = EAI_AGAIN; + else + no_data = herrno == NO_DATA; diff --git a/src/patches/glibc/glibc-rh1133809-1.patch b/src/patches/glibc/glibc-rh1133809-1.patch new file mode 100644 index 000000000..12b99499f --- /dev/null +++ b/src/patches/glibc/glibc-rh1133809-1.patch @@ -0,0 +1,199 @@ +2014-08-21 Florian Weimer + + [BZ #17187] + * iconv/gconv_trans.c (struct known_trans, search_tree, lock, + trans_compare, open_translit, __gconv_translit_find): + Remove module loading code. + +diff --git a/iconv/gconv_trans.c b/iconv/gconv_trans.c +index 1e25854..d71c029 100644 +--- a/iconv/gconv_trans.c ++++ b/iconv/gconv_trans.c +@@ -238,181 +238,11 @@ __gconv_transliterate (struct __gconv_step *step, + return __GCONV_ILLEGAL_INPUT; + } + +- +-/* Structure to represent results of found (or not) transliteration +- modules. */ +-struct known_trans +-{ +- /* This structure must remain the first member. */ +- struct trans_struct info; +- +- char *fname; +- void *handle; +- int open_count; +-}; +- +- +-/* Tree with results of previous calls to __gconv_translit_find. */ +-static void *search_tree; +- +-/* We modify global data. */ +-__libc_lock_define_initialized (static, lock); +- +- +-/* Compare two transliteration entries. */ +-static int +-trans_compare (const void *p1, const void *p2) +-{ +- const struct known_trans *s1 = (const struct known_trans *) p1; +- const struct known_trans *s2 = (const struct known_trans *) p2; +- +- return strcmp (s1->info.name, s2->info.name); +-} +- +- +-/* Open (maybe reopen) the module named in the struct. Get the function +- and data structure pointers we need. */ +-static int +-open_translit (struct known_trans *trans) +-{ +- __gconv_trans_query_fct queryfct; +- +- trans->handle = __libc_dlopen (trans->fname); +- if (trans->handle == NULL) +- /* Not available. */ +- return 1; +- +- /* Find the required symbol. */ +- queryfct = __libc_dlsym (trans->handle, "gconv_trans_context"); +- if (queryfct == NULL) +- { +- /* We cannot live with that. */ +- close_and_out: +- __libc_dlclose (trans->handle); +- trans->handle = NULL; +- return 1; +- } +- +- /* Get the context. */ +- if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames) +- != 0) +- goto close_and_out; +- +- /* Of course we also have to have the actual function. */ +- trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans"); +- if (trans->info.trans_fct == NULL) +- goto close_and_out; +- +- /* Now the optional functions. */ +- trans->info.trans_init_fct = +- __libc_dlsym (trans->handle, "gconv_trans_init"); +- trans->info.trans_context_fct = +- __libc_dlsym (trans->handle, "gconv_trans_context"); +- trans->info.trans_end_fct = +- __libc_dlsym (trans->handle, "gconv_trans_end"); +- +- trans->open_count = 1; +- +- return 0; +-} +- +- + int + internal_function + __gconv_translit_find (struct trans_struct *trans) + { +- struct known_trans **found; +- const struct path_elem *runp; +- int res = 1; +- +- /* We have to have a name. */ +- assert (trans->name != NULL); +- +- /* Acquire the lock. */ +- __libc_lock_lock (lock); +- +- /* See whether we know this module already. */ +- found = __tfind (trans, &search_tree, trans_compare); +- if (found != NULL) +- { +- /* Is this module available? */ +- if ((*found)->handle != NULL) +- { +- /* Maybe we have to reopen the file. */ +- if ((*found)->handle != (void *) -1) +- /* The object is not unloaded. */ +- res = 0; +- else if (open_translit (*found) == 0) +- { +- /* Copy the data. */ +- *trans = (*found)->info; +- (*found)->open_count++; +- res = 0; +- } +- } +- } +- else +- { +- size_t name_len = strlen (trans->name) + 1; +- int need_so = 0; +- struct known_trans *newp; +- +- /* We have to continue looking for the module. */ +- if (__gconv_path_elem == NULL) +- __gconv_get_path (); +- +- /* See whether we have to append .so. */ +- if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0) +- need_so = 1; +- +- /* Create a new entry. */ +- newp = (struct known_trans *) malloc (sizeof (struct known_trans) +- + (__gconv_max_path_elem_len +- + name_len + 3) +- + name_len); +- if (newp != NULL) +- { +- char *cp; +- +- /* Clear the struct. */ +- memset (newp, '\0', sizeof (struct known_trans)); +- +- /* Store a copy of the module name. */ +- newp->info.name = cp = (char *) (newp + 1); +- cp = __mempcpy (cp, trans->name, name_len); +- +- newp->fname = cp; +- +- /* Search in all the directories. */ +- for (runp = __gconv_path_elem; runp->name != NULL; ++runp) +- { +- cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name), +- trans->name, name_len); +- if (need_so) +- memcpy (cp, ".so", sizeof (".so")); +- +- if (open_translit (newp) == 0) +- { +- /* We found a module. */ +- res = 0; +- break; +- } +- } +- +- if (res) +- newp->fname = NULL; +- +- /* In any case we'll add the entry to our search tree. */ +- if (__tsearch (newp, &search_tree, trans_compare) == NULL) +- { +- /* Yickes, this should not happen. Unload the object. */ +- res = 1; +- /* XXX unload here. */ +- } +- } +- } +- +- __libc_lock_unlock (lock); +- +- return res; ++ /* This function always fails. Transliteration module loading is ++ not implemented. */ ++ return 1; + } +-- +1.9.3 + diff --git a/src/patches/glibc/glibc-rh1133809-2.patch b/src/patches/glibc/glibc-rh1133809-2.patch new file mode 100644 index 000000000..8148abbbc --- /dev/null +++ b/src/patches/glibc/glibc-rh1133809-2.patch @@ -0,0 +1,625 @@ +commit 585367266923156ac6fb789939a923641ba5aaf4 +Author: Florian Weimer +Date: Wed May 28 14:05:03 2014 +0200 + + manual: Update the locale documentation + +commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3 +Author: Florian Weimer +Date: Mon May 12 15:24:12 2014 +0200 + + _nl_find_locale: Improve handling of crafted locale names [BZ #17137] + + Prevent directory traversal in locale-related environment variables + (CVE-2014-0475). + +commit d183645616b0533b3acee28f1a95570bffbdf50f +Author: Florian Weimer +Date: Wed May 28 14:41:52 2014 +0200 + + setlocale: Use the heap for the copy of the locale argument + + This avoids alloca calls with potentially large arguments. + +diff -pruN glibc-2.18/locale/findlocale.c glibc-2.18.patched/locale/findlocale.c +--- glibc-2.18/locale/findlocale.c 2013-08-11 04:22:55.000000000 +0530 ++++ glibc-2.18.patched/locale/findlocale.c 2014-08-26 16:14:50.403253778 +0530 +@@ -17,6 +17,7 @@ + 02111-1307 USA. */ + + #include ++#include + #include + #include + #include +@@ -57,6 +58,45 @@ struct loaded_l10nfile *_nl_locale_file_ + + const char _nl_default_locale_path[] attribute_hidden = LOCALEDIR; + ++/* Checks if the name is actually present, that is, not NULL and not ++ empty. */ ++static inline int ++name_present (const char *name) ++{ ++ return name != NULL && name[0] != '\0'; ++} ++ ++/* Checks that the locale name neither extremely long, nor contains a ++ ".." path component (to prevent directory traversal). */ ++static inline int ++valid_locale_name (const char *name) ++{ ++ /* Not set. */ ++ size_t namelen = strlen (name); ++ /* Name too long. The limit is arbitrary and prevents stack overflow ++ issues later. */ ++ if (__builtin_expect (namelen > 255, 0)) ++ return 0; ++ /* Directory traversal attempt. */ ++ static const char slashdot[4] = {'/', '.', '.', '/'}; ++ if (__builtin_expect (memmem (name, namelen, ++ slashdot, sizeof (slashdot)) != NULL, 0)) ++ return 0; ++ if (namelen == 2 && __builtin_expect (name[0] == '.' && name [1] == '.', 0)) ++ return 0; ++ if (namelen >= 3 ++ && __builtin_expect (((name[0] == '.' ++ && name[1] == '.' ++ && name[2] == '/') ++ || (name[namelen - 3] == '/' ++ && name[namelen - 2] == '.' ++ && name[namelen - 1] == '.')), 0)) ++ return 0; ++ /* If there is a slash in the name, it must start with one. */ ++ if (__builtin_expect (memchr (name, '/', namelen) != NULL, 0) && name[0] != '/') ++ return 0; ++ return 1; ++} + + struct __locale_data * + internal_function +@@ -65,7 +105,7 @@ _nl_find_locale (const char *locale_path + { + int mask; + /* Name of the locale for this category. */ +- char *loc_name; ++ char *loc_name = (char *) *name; + const char *language; + const char *modifier; + const char *territory; +@@ -73,31 +113,39 @@ _nl_find_locale (const char *locale_path + const char *normalized_codeset; + struct loaded_l10nfile *locale_file; + +- if ((*name)[0] == '\0') ++ if (loc_name[0] == '\0') + { + /* The user decides which locale to use by setting environment + variables. */ +- *name = getenv ("LC_ALL"); +- if (*name == NULL || (*name)[0] == '\0') +- *name = getenv (_nl_category_names.str ++ loc_name = getenv ("LC_ALL"); ++ if (!name_present (loc_name)) ++ loc_name = getenv (_nl_category_names.str + + _nl_category_name_idxs[category]); +- if (*name == NULL || (*name)[0] == '\0') +- *name = getenv ("LANG"); ++ if (!name_present (loc_name)) ++ loc_name = getenv ("LANG"); ++ if (!name_present (loc_name)) ++ loc_name = (char *) _nl_C_name; + } + +- if (*name == NULL || (*name)[0] == '\0' +- || (__builtin_expect (__libc_enable_secure, 0) +- && strchr (*name, '/') != NULL)) +- *name = (char *) _nl_C_name; ++ /* We used to fall back to the C locale if the name contains a slash ++ character '/', but we now check for directory traversal in ++ valid_locale_name, so this is no longer necessary. */ + +- if (__builtin_expect (strcmp (*name, _nl_C_name), 1) == 0 +- || __builtin_expect (strcmp (*name, _nl_POSIX_name), 1) == 0) ++ if (__builtin_expect (strcmp (loc_name, _nl_C_name), 1) == 0 ++ || __builtin_expect (strcmp (loc_name, _nl_POSIX_name), 1) == 0) + { + /* We need not load anything. The needed data is contained in + the library itself. */ + *name = (char *) _nl_C_name; + return _nl_C[category]; + } ++ else if (!valid_locale_name (loc_name)) ++ { ++ __set_errno (EINVAL); ++ return NULL; ++ } ++ ++ *name = loc_name; + + /* We really have to load some data. First we try the archive, + but only if there was no LOCPATH environment variable specified. */ +diff -pruN glibc-2.18/locale/setlocale.c glibc-2.18.patched/locale/setlocale.c +--- glibc-2.18/locale/setlocale.c 2013-08-11 04:22:55.000000000 +0530 ++++ glibc-2.18.patched/locale/setlocale.c 2014-08-26 16:14:50.401253764 +0530 +@@ -272,6 +272,8 @@ setlocale (int category, const char *loc + of entries of the form `CATEGORY=VALUE'. */ + const char *newnames[__LC_LAST]; + struct __locale_data *newdata[__LC_LAST]; ++ /* Copy of the locale argument, for in-place splitting. */ ++ char *locale_copy = NULL; + + /* Set all name pointers to the argument name. */ + for (category = 0; category < __LC_LAST; ++category) +@@ -281,7 +283,13 @@ setlocale (int category, const char *loc + if (__builtin_expect (strchr (locale, ';') != NULL, 0)) + { + /* This is a composite name. Make a copy and split it up. */ +- char *np = strdupa (locale); ++ locale_copy = strdup (locale); ++ if (__builtin_expect (locale_copy == NULL, 0)) ++ { ++ __libc_rwlock_unlock (__libc_setlocale_lock); ++ return NULL; ++ } ++ char *np = locale_copy; + char *cp; + int cnt; + +@@ -299,6 +307,7 @@ setlocale (int category, const char *loc + { + error_return: + __libc_rwlock_unlock (__libc_setlocale_lock); ++ free (locale_copy); + + /* Bogus category name. */ + ERROR_RETURN; +@@ -391,8 +400,9 @@ setlocale (int category, const char *loc + /* Critical section left. */ + __libc_rwlock_unlock (__libc_setlocale_lock); + +- /* Free the resources (the locale path variable). */ ++ /* Free the resources. */ + free (locale_path); ++ free (locale_copy); + + return composite; + } +diff -pruN glibc-2.18/localedata/Makefile glibc-2.18.patched/localedata/Makefile +--- glibc-2.18/localedata/Makefile 2014-08-26 16:15:22.656474571 +0530 ++++ glibc-2.18.patched/localedata/Makefile 2014-08-26 16:14:50.403253778 +0530 +@@ -77,7 +77,7 @@ locale_test_suite := tst_iswalnum tst_is + + tests = $(locale_test_suite) tst-digits tst-setlocale bug-iconv-trans \ + tst-leaks tst-mbswcs6 tst-xlocale1 tst-xlocale2 bug-usesetlocale \ +- tst-strfmon1 tst-sscanf tst-strptime ++ tst-strfmon1 tst-sscanf tst-strptime tst-setlocale3 + ifeq (yes,$(build-shared)) + ifneq (no,$(PERL)) + tests: $(objpfx)mtrace-tst-leaks +@@ -288,6 +288,7 @@ tst-strfmon1-ENV = $(TEST_MBWC_ENV) + tst-strptime-ENV = $(TEST_MBWC_ENV) + + tst-setlocale-ENV = LOCPATH=$(common-objpfx)localedata LC_ALL=ja_JP.EUC-JP ++tst-setlocale3-ENV = LOCPATH=$(common-objpfx)localedata + + bug-iconv-trans-ENV = LOCPATH=$(common-objpfx)localedata + +diff -pruN glibc-2.18/localedata/tst-setlocale3.c glibc-2.18.patched/localedata/tst-setlocale3.c +--- glibc-2.18/localedata/tst-setlocale3.c 1970-01-01 05:30:00.000000000 +0530 ++++ glibc-2.18.patched/localedata/tst-setlocale3.c 2014-08-26 16:14:50.403253778 +0530 +@@ -0,0 +1,203 @@ ++/* Regression test for setlocale invalid environment variable handling. ++ Copyright (C) 2014 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++/* The result of setlocale may be overwritten by subsequent calls, so ++ this wrapper makes a copy. */ ++static char * ++setlocale_copy (int category, const char *locale) ++{ ++ const char *result = setlocale (category, locale); ++ if (result == NULL) ++ return NULL; ++ return strdup (result); ++} ++ ++static char *de_locale; ++ ++static void ++setlocale_fail (const char *envstring) ++{ ++ setenv ("LC_CTYPE", envstring, 1); ++ if (setlocale (LC_CTYPE, "") != NULL) ++ { ++ printf ("unexpected setlocale success for \"%s\" locale\n", envstring); ++ exit (1); ++ } ++ const char *newloc = setlocale (LC_CTYPE, NULL); ++ if (strcmp (newloc, de_locale) != 0) ++ { ++ printf ("failed setlocale call \"%s\" changed locale to \"%s\"\n", ++ envstring, newloc); ++ exit (1); ++ } ++} ++ ++static void ++setlocale_success (const char *envstring) ++{ ++ setenv ("LC_CTYPE", envstring, 1); ++ char *newloc = setlocale_copy (LC_CTYPE, ""); ++ if (newloc == NULL) ++ { ++ printf ("setlocale for \"%s\": %m\n", envstring); ++ exit (1); ++ } ++ if (strcmp (newloc, de_locale) == 0) ++ { ++ printf ("setlocale with LC_CTYPE=\"%s\" left locale at \"%s\"\n", ++ envstring, de_locale); ++ exit (1); ++ } ++ if (setlocale (LC_CTYPE, de_locale) == NULL) ++ { ++ printf ("restoring locale \"%s\" with LC_CTYPE=\"%s\": %m\n", ++ de_locale, envstring); ++ exit (1); ++ } ++ char *newloc2 = setlocale_copy (LC_CTYPE, newloc); ++ if (newloc2 == NULL) ++ { ++ printf ("restoring locale \"%s\" following \"%s\": %m\n", ++ newloc, envstring); ++ exit (1); ++ } ++ if (strcmp (newloc, newloc2) != 0) ++ { ++ printf ("representation of locale \"%s\" changed from \"%s\" to \"%s\"", ++ envstring, newloc, newloc2); ++ exit (1); ++ } ++ free (newloc); ++ free (newloc2); ++ ++ if (setlocale (LC_CTYPE, de_locale) == NULL) ++ { ++ printf ("restoring locale \"%s\" with LC_CTYPE=\"%s\": %m\n", ++ de_locale, envstring); ++ exit (1); ++ } ++} ++ ++/* Checks that a known-good locale still works if LC_ALL contains a ++ value which should be ignored. */ ++static void ++setlocale_ignore (const char *to_ignore) ++{ ++ const char *fr_locale = "fr_FR.UTF-8"; ++ setenv ("LC_CTYPE", fr_locale, 1); ++ char *expected_locale = setlocale_copy (LC_CTYPE, ""); ++ if (expected_locale == NULL) ++ { ++ printf ("setlocale with LC_CTYPE=\"%s\" failed: %m\n", fr_locale); ++ exit (1); ++ } ++ if (setlocale (LC_CTYPE, de_locale) == NULL) ++ { ++ printf ("failed to restore locale: %m\n"); ++ exit (1); ++ } ++ unsetenv ("LC_CTYPE"); ++ ++ setenv ("LC_ALL", to_ignore, 1); ++ setenv ("LC_CTYPE", fr_locale, 1); ++ const char *actual_locale = setlocale (LC_CTYPE, ""); ++ if (actual_locale == NULL) ++ { ++ printf ("setlocale with LC_ALL, LC_CTYPE=\"%s\" failed: %m\n", ++ fr_locale); ++ exit (1); ++ } ++ if (strcmp (actual_locale, expected_locale) != 0) ++ { ++ printf ("setlocale under LC_ALL failed: got \"%s\", expected \"%s\"\n", ++ actual_locale, expected_locale); ++ exit (1); ++ } ++ unsetenv ("LC_CTYPE"); ++ setlocale_success (fr_locale); ++ unsetenv ("LC_ALL"); ++ free (expected_locale); ++} ++ ++static int ++do_test (void) ++{ ++ /* The glibc test harness sets this environment variable ++ uncondionally. */ ++ unsetenv ("LC_ALL"); ++ ++ de_locale = setlocale_copy (LC_CTYPE, "de_DE.UTF-8"); ++ if (de_locale == NULL) ++ { ++ printf ("setlocale (LC_CTYPE, \"de_DE.UTF-8\"): %m\n"); ++ return 1; ++ } ++ setlocale_success ("C"); ++ setlocale_success ("en_US.UTF-8"); ++ setlocale_success ("/en_US.UTF-8"); ++ setlocale_success ("//en_US.UTF-8"); ++ setlocale_ignore (""); ++ ++ setlocale_fail ("does-not-exist"); ++ setlocale_fail ("/"); ++ setlocale_fail ("/../localedata/en_US.UTF-8"); ++ setlocale_fail ("en_US.UTF-8/"); ++ setlocale_fail ("en_US.UTF-8/.."); ++ setlocale_fail ("en_US.UTF-8/../en_US.UTF-8"); ++ setlocale_fail ("../localedata/en_US.UTF-8"); ++ { ++ size_t large_length = 1024; ++ char *large_name = malloc (large_length + 1); ++ if (large_name == NULL) ++ { ++ puts ("malloc failure"); ++ return 1; ++ } ++ memset (large_name, '/', large_length); ++ const char *suffix = "en_US.UTF-8"; ++ strcpy (large_name + large_length - strlen (suffix), suffix); ++ setlocale_fail (large_name); ++ free (large_name); ++ } ++ { ++ size_t huge_length = 64 * 1024 * 1024; ++ char *huge_name = malloc (huge_length + 1); ++ if (huge_name == NULL) ++ { ++ puts ("malloc failure"); ++ return 1; ++ } ++ memset (huge_name, 'X', huge_length); ++ huge_name[huge_length] = '\0'; ++ /* Construct a composite locale specification. */ ++ const char *prefix = "LC_CTYPE=de_DE.UTF-8;LC_TIME="; ++ memcpy (huge_name, prefix, strlen (prefix)); ++ setlocale_fail (huge_name); ++ free (huge_name); ++ } ++ ++ return 0; ++} ++ ++#define TEST_FUNCTION do_test () ++#include "../test-skeleton.c" +diff -pruN glibc-2.18/manual/locale.texi glibc-2.18.patched/manual/locale.texi +--- glibc-2.18/manual/locale.texi 2013-08-11 04:22:55.000000000 +0530 ++++ glibc-2.18.patched/manual/locale.texi 2014-08-26 16:14:50.404253785 +0530 +@@ -29,6 +29,7 @@ will follow the conventions preferred by + * Setting the Locale:: How a program specifies the locale + with library functions. + * Standard Locales:: Locale names available on all systems. ++* Locale Names:: Format of system-specific locale names. + * Locale Information:: How to access the information for the locale. + * Formatting Numbers:: A dedicated function to format numbers. + * Yes-or-No Questions:: Check a Response against the locale. +@@ -99,14 +100,16 @@ locale named @samp{espana-castellano} to + most of Spain. + + The set of locales supported depends on the operating system you are +-using, and so do their names. We can't make any promises about what +-locales will exist, except for one standard locale called @samp{C} or +-@samp{POSIX}. Later we will describe how to construct locales. +-@comment (@pxref{Building Locale Files}). ++using, and so do their names, except that the standard locale called ++@samp{C} or @samp{POSIX} always exist. @xref{Locale Names}. ++ ++In order to force the system to always use the default locale, the ++user can set the @code{LC_ALL} environment variable to @samp{C}. + + @cindex combining locales +-A user also has the option of specifying different locales for different +-purposes---in effect, choosing a mixture of multiple locales. ++A user also has the option of specifying different locales for ++different purposes---in effect, choosing a mixture of multiple ++locales. @xref{Locale Categories}. + + For example, the user might specify the locale @samp{espana-castellano} + for most purposes, but specify the locale @samp{usa-english} for +@@ -120,7 +123,7 @@ which locales apply. However, the user + for a particular subset of those purposes. + + @node Locale Categories, Setting the Locale, Choosing Locale, Locales +-@section Categories of Activities that Locales Affect ++@section Locale Categories + @cindex categories for locales + @cindex locale categories + +@@ -128,7 +131,11 @@ The purposes that locales serve are grou + that a user or a program can choose the locale for each category + independently. Here is a table of categories; each name is both an + environment variable that a user can set, and a macro name that you can +-use as an argument to @code{setlocale}. ++use as the first argument to @code{setlocale}. ++ ++The contents of the environment variable (or the string in the second ++argument to @code{setlocale}) has to be a valid locale name. ++@xref{Locale Names}. + + @vtable @code + @comment locale.h +@@ -172,7 +179,7 @@ for affirmative and negative responses. + @comment locale.h + @comment ISO + @item LC_ALL +-This is not an environment variable; it is only a macro that you can use ++This is not a category; it is only a macro that you can use + with @code{setlocale} to set a single locale for all purposes. Setting + this environment variable overwrites all selections by the other + @code{LC_*} variables or @code{LANG}. +@@ -225,13 +232,7 @@ The symbols in this section are defined + @comment ISO + @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale}) + The function @code{setlocale} sets the current locale for category +-@var{category} to @var{locale}. A list of all the locales the system +-provides can be created by running +- +-@pindex locale +-@smallexample +- locale -a +-@end smallexample ++@var{category} to @var{locale}. + + If @var{category} is @code{LC_ALL}, this specifies the locale for all + purposes. The other possible values of @var{category} specify an +@@ -256,10 +257,9 @@ is passed in as @var{locale} parameter. + + When you read the current locale for category @code{LC_ALL}, the value + encodes the entire combination of selected locales for all categories. +-In this case, the value is not just a single locale name. In fact, we +-don't make any promises about what it looks like. But if you specify +-the same ``locale name'' with @code{LC_ALL} in a subsequent call to +-@code{setlocale}, it restores the same combination of locale selections. ++If you specify the same ``locale name'' with @code{LC_ALL} in a ++subsequent call to @code{setlocale}, it restores the same combination ++of locale selections. + + To be sure you can use the returned string encoding the currently selected + locale at a later time, you must make a copy of the string. It is not +@@ -275,6 +275,11 @@ for @var{category}. + If a nonempty string is given for @var{locale}, then the locale of that + name is used if possible. + ++The effective locale name (either the second argument to ++@code{setlocale}, or if the argument is an empty string, the name ++obtained from the process environment) must be valid locale name. ++@xref{Locale Names}. ++ + If you specify an invalid locale name, @code{setlocale} returns a null + pointer and leaves the current locale unchanged. + @end deftypefun +@@ -328,7 +323,7 @@ locale categories, and future versions o + portability, assume that any symbol beginning with @samp{LC_} might be + defined in @file{locale.h}. + +-@node Standard Locales, Locale Information, Setting the Locale, Locales ++@node Standard Locales, Locale Names, Setting the Locale, Locales + @section Standard Locales + + The only locale names you can count on finding on all operating systems +@@ -362,7 +357,94 @@ with the environment, rather than trying + locale explicitly by name. Remember, different machines might have + different sets of locales installed. + +-@node Locale Information, Formatting Numbers, Standard Locales, Locales ++@node Locale Names, Locale Information, Standard Locales, Locales ++@section Locale Names ++ ++The following command prints a list of locales supported by the ++system: ++ ++@pindex locale ++@smallexample ++ locale -a ++@end smallexample ++ ++@strong{Portability Note:} With the notable exception of the standard ++locale names @samp{C} and @samp{POSIX}, locale names are ++system-specific. ++ ++Most locale names follow XPG syntax and consist of up to four parts: ++ ++@smallexample ++@var{language}[_@var{territory}[.@var{codeset}]][@@@var{modifier}] ++@end smallexample ++ ++Beside the first part, all of them are allowed to be missing. If the ++full specified locale is not found, less specific ones are looked for. ++The various parts will be stripped off, in the following order: ++ ++@enumerate ++@item ++codeset ++@item ++normalized codeset ++@item ++territory ++@item ++modifier ++@end enumerate ++ ++For example, the locale name @samp{de_AT.iso885915@@euro} denotes a ++German-language locale for use in Austria, using the ISO-8859-15 ++(Latin-9) character set, and with the Euro as the currency symbol. ++ ++In addition to locale names which follow XPG syntax, systems may ++provide aliases such as @samp{german}. Both categories of names must ++not contain the slash character @samp{/}. ++ ++If the locale name starts with a slash @samp{/}, it is treated as a ++path relative to the configured locale directories; see @code{LOCPATH} ++below. The specified path must not contain a component @samp{..}, or ++the name is invalid, and @code{setlocale} will fail. ++ ++@strong{Portability Note:} POSIX suggests that if a locale name starts ++with a slash @samp{/}, it is resolved as an absolute path. However, ++the GNU C Library treats it as a relative path under the directories listed ++in @code{LOCPATH} (or the default locale directory if @code{LOCPATH} ++is unset). ++ ++Locale names which are longer than an implementation-defined limit are ++invalid and cause @code{setlocale} to fail. ++ ++As a special case, locale names used with @code{LC_ALL} can combine ++several locales, reflecting different locale settings for different ++categories. For example, you might want to use a U.S. locale with ISO ++A4 paper format, so you set @code{LANG} to @samp{en_US.UTF-8}, and ++@code{LC_PAPER} to @samp{de_DE.UTF-8}. In this case, the ++@code{LC_ALL}-style combined locale name is ++ ++@smallexample ++LC_CTYPE=en_US.UTF-8;LC_TIME=en_US.UTF-8;LC_PAPER=de_DE.UTF-8;@dots{} ++@end smallexample ++ ++followed by other category settings not shown here. ++ ++@vindex LOCPATH ++The path used for finding locale data can be set using the ++@code{LOCPATH} environment variable. This variable lists the ++directories in which to search for locale definitions, separated by a ++colon @samp{:}. ++ ++The default path for finding locale data is system specific. A typical ++value for the @code{LOCPATH} default is: ++ ++@smallexample ++/usr/share/locale ++@end smallexample ++ ++The value of @code{LOCPATH} is ignored by privileged programs for ++security reasons, and only the default directory is used. ++ ++@node Locale Information, Formatting Numbers, Locale Names, Locales + @section Accessing Locale Information + + There are several ways to access locale information. The simplest From 6a2a62cf25bc486c854715d06154b7e500396dd2 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 3 Sep 2014 22:23:04 +0200 Subject: [PATCH 16/18] general-functions.pl: Subroutine getnetworkip() accepted multiple arguments --- config/cfgroot/general-functions.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 8ed87fc80..7c88cfc68 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -388,7 +388,9 @@ sub iporsubtocidr } sub getnetworkip { - return &Network::get_netaddress(shift); + my $arg = join("/", $@); + + return &Network::get_netaddress($arg); } sub getccdbc From da05e07629a8d1afccdb356ac47964df41987476 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 4 Sep 2014 11:13:41 +0200 Subject: [PATCH 17/18] general-functions.pl: Fix syntax error --- config/cfgroot/general-functions.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 7c88cfc68..4ed5a5520 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -388,7 +388,7 @@ sub iporsubtocidr } sub getnetworkip { - my $arg = join("/", $@); + my $arg = join("/", @_); return &Network::get_netaddress($arg); } From c14203248c2a36d504af122c8ab5185346c65166 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 6 Sep 2014 18:44:50 +0200 Subject: [PATCH 18/18] general-functions.pl: Fix perl coding error --- config/cfgroot/general-functions.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 4ed5a5520..35ae7c093 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -286,7 +286,7 @@ sub validip sub validmask { my $mask = shift; - return &Network::check_netmask($mask) or &Network::check_prefix($mask); + return &Network::check_netmask($mask) || &Network::check_prefix($mask); } sub validipormask