From a4e9b9d8e085455fce6ba632da4829a959f3cc96 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 5 Nov 2015 11:44:04 +0000
Subject: [PATCH 1/5] openvpn: Apply static routes on client site as well

Fixes: #10968

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 1 +
 1 file changed, 1 insertion(+)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 2eff2e01a..93d58c7c8 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1026,6 +1026,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; 
   print CLIENTCONF "# Server Gateway Network\n"; 
   print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; 
+  print CLIENTCONF "up /etc/init.d/static-routes start\n";
   print CLIENTCONF "# tun Device\n"; 
   print CLIENTCONF "dev tun\n"; 
   print CLIENTCONF "# Port and Protokol\n"; 

From 2913185aa487b605e38bdd5b5ac3820d1fa6f654 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 5 Nov 2015 11:44:57 +0000
Subject: [PATCH 2/5] openvpn: The --up option only takes one single argument

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 93d58c7c8..7b759525f 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -926,7 +926,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; 
   print SERVERCONF "# Client Gateway Network\n"; 
   print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
-  print SERVERCONF "up /etc/init.d/static-routes start\n";
+  print SERVERCONF "up \"/etc/init.d/static-routes start\"\n";
   print SERVERCONF "# tun Device\n"; 
   print SERVERCONF "dev tun\n"; 
   print SERVERCONF "#Logfile for statistics\n";
@@ -1026,7 +1026,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; 
   print CLIENTCONF "# Server Gateway Network\n"; 
   print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; 
-  print CLIENTCONF "up /etc/init.d/static-routes start\n";
+  print CLIENTCONF "up \"/etc/init.d/static-routes start\"\n";
   print CLIENTCONF "# tun Device\n"; 
   print CLIENTCONF "dev tun\n"; 
   print CLIENTCONF "# Port and Protokol\n"; 

From 63cbd2c1df71e246a51b614a2549869168399b10 Mon Sep 17 00:00:00 2001
From: Erik Kapfer <erik.kapfer@ipfire.org>
Date: Thu, 5 Nov 2015 06:29:01 +0100
Subject: [PATCH 3/5] ipset: New package

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/common/ipset                 | 26 ++++++
 lfs/ipset                                     | 88 +++++++++++++++++++
 make.sh                                       |  1 +
 .../ipset-6.26_fix_kernel_dir_path.patch      | 20 +++++
 4 files changed, 135 insertions(+)
 create mode 100644 config/rootfiles/common/ipset
 create mode 100644 lfs/ipset
 create mode 100644 src/patches/ipset-6.26_fix_kernel_dir_path.patch

diff --git a/config/rootfiles/common/ipset b/config/rootfiles/common/ipset
new file mode 100644
index 000000000..50ebed59b
--- /dev/null
+++ b/config/rootfiles/common/ipset
@@ -0,0 +1,26 @@
+etc/ipset
+#usr/include/libipset
+#usr/include/libipset/data.h
+#usr/include/libipset/errcode.h
+#usr/include/libipset/linux_ip_set.h
+#usr/include/libipset/linux_ip_set_bitmap.h
+#usr/include/libipset/linux_ip_set_hash.h
+#usr/include/libipset/linux_ip_set_list.h
+#usr/include/libipset/mnl.h
+#usr/include/libipset/nf_inet_addr.h
+#usr/include/libipset/nfproto.h
+#usr/include/libipset/parse.h
+#usr/include/libipset/pfxlen.h
+#usr/include/libipset/print.h
+#usr/include/libipset/session.h
+#usr/include/libipset/transport.h
+#usr/include/libipset/types.h
+#usr/include/libipset/ui.h
+#usr/include/libipset/utils.h
+#usr/lib/libipset.la
+#usr/lib/libipset.so
+usr/lib/libipset.so.3
+usr/lib/libipset.so.3.6.0
+#usr/lib/pkgconfig/libipset.pc
+usr/sbin/ipset
+#usr/share/man/man8/ipset.8
diff --git a/lfs/ipset b/lfs/ipset
new file mode 100644
index 000000000..0ee8c923c
--- /dev/null
+++ b/lfs/ipset
@@ -0,0 +1,88 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2015  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 6.26
+
+THISAPP    = ipset-$(VER)
+DL_FILE    = $(THISAPP).tar.bz2
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 5ec4e79053a30fb6d72e0549d7d09343
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && ./autogen.sh
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ipset-6.26_fix_kernel_dir_path.patch
+	cd $(DIR_APP) && ./configure \
+		--prefix=/usr \
+		--disable-static
+
+	# Add configuration directory
+	-mkdir -pv /etc/ipset
+	chmod 750 /etc/ipset
+	chown root:root /etc/ipset
+
+	cd $(DIR_APP) && make $(MAKETUNING)
+	cd $(DIR_APP) && make install
+
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index ed902c9cc..47e07b232 100755
--- a/make.sh
+++ b/make.sh
@@ -850,6 +850,7 @@ buildipfire() {
   ipfiremake perl-Text-CSV_XS
   ipfiremake swconfig
   ipfiremake haproxy
+  ipfiremake ipset
 }
 
 buildinstaller() {
diff --git a/src/patches/ipset-6.26_fix_kernel_dir_path.patch b/src/patches/ipset-6.26_fix_kernel_dir_path.patch
new file mode 100644
index 000000000..7c2044850
--- /dev/null
+++ b/src/patches/ipset-6.26_fix_kernel_dir_path.patch
@@ -0,0 +1,20 @@
+--- ipset-6.26_orig/configure	2015-10-11 06:57:32.659295626 +0000
++++ ipset-6.26/configure	2015-10-11 06:58:21.935695339 +0000
+@@ -13079,7 +13079,7 @@
+ then
+ 	kbuilddir="$KBUILDDIR"
+ else
+-	kbuilddir="/lib/modules/`uname -r`/build"
++	kbuilddir="/lib/modules/`uname -r`-ipfire/build"
+ fi
+ 
+ if test -n "$KSOURCEDIR"; then
+@@ -13087,7 +13087,7 @@
+ elif test -e "$kbuilddir/include/linux/netfilter/nfnetlink.h"; then
+ 	ksourcedir="$kbuilddir"
+ else
+-	ksourcedir="/lib/modules/$(uname -r)/source"
++	ksourcedir="/lib/modules/$(uname -r)-ipfire/source"
+ fi
+ if test ! -e "$ksourcedir/include/linux/netfilter/nfnetlink.h"
+ then

From 4bfec109e7ed1856c8f39de83bb8d213e9ba13a4 Mon Sep 17 00:00:00 2001
From: Alexander Marx <alexander.marx@ipfire.org>
Date: Sat, 31 Oct 2015 07:34:56 +0100
Subject: [PATCH 4/5] BUG10965: only write auth.conf if username/password are
 set

auth.conf was always written, even if no username/password provided.
In this case only the ip or Hostname of the mailserver was written into
auth.conf. Now the file is only filled if username/password are filled.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Timo Eissler <timo.eissler@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/mail.cgi | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi
index a72f923ca..072888cb4 100755
--- a/html/cgi-bin/mail.cgi
+++ b/html/cgi-bin/mail.cgi
@@ -110,9 +110,12 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite
 		$mail{'SENDER'} 		= $cgiparams{'txt_mailsender'};
 		$mail{'RECIPIENT'}		= $cgiparams{'txt_recipient'};
 
-		$auth{'AUTHNAME'}		= $cgiparams{'txt_mailuser'};
-		$auth{'AUTHPASS'}		= $cgiparams{'txt_mailpass'};
-		$auth{'AUTHHOST'}		= $cgiparams{'txt_mailserver'};
+		if ($cgiparams{'txt_mailuser'} && $cgiparams{'txt_mailpass'}) {
+			$auth{'AUTHNAME'}		= $cgiparams{'txt_mailuser'};
+			$auth{'AUTHPASS'}		= $cgiparams{'txt_mailpass'};
+			$auth{'AUTHHOST'}		= $cgiparams{'txt_mailserver'};
+			print TXT1 "$auth{'AUTHNAME'}|$auth{'AUTHHOST'}:$auth{'AUTHPASS'}\n";
+		}
 
 		$dma{'SMARTHOST'}		= $cgiparams{'txt_mailserver'};
 		$dma{'PORT'}			= $cgiparams{'txt_mailport'};
@@ -129,7 +132,7 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite
 			print TXT "$k $v\n";
 		}
 		close TXT;
-		print TXT1 "$auth{'AUTHNAME'}|$auth{'AUTHHOST'}:$auth{'AUTHPASS'}\n";
+		close TXT1;
 		close TXT2;
 
 	}else{

From 9ce3b858a616613539eb4319bf621a50bc8d33eb Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 5 Nov 2015 15:35:46 +0000
Subject: [PATCH 5/5] core95: Ship changed mail.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/core/95/filelists/files | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/rootfiles/core/95/filelists/files b/config/rootfiles/core/95/filelists/files
index ab8f1a890..3db6caf8f 100644
--- a/config/rootfiles/core/95/filelists/files
+++ b/config/rootfiles/core/95/filelists/files
@@ -11,6 +11,7 @@ srv/web/ipfire/cgi-bin/dhcp.cgi
 srv/web/ipfire/cgi-bin/firewall.cgi
 srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat
+srv/web/ipfire/cgi-bin/mail.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/pppsetup.cgi
 srv/web/ipfire/cgi-bin/routing.cgi