From 7535861c50af78230d509e0440e00abacf3057cb Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri, 18 Jul 2014 22:32:41 +0200
Subject: [PATCH 1/7] stage2: rootfile update.

---
 config/rootfiles/common/stage2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 39bf555c1..eb9704076 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -98,6 +98,7 @@ usr/local/bin/timezone-transition
 usr/local/bin/update-lang-cache
 #usr/local/include
 #usr/local/lib
+#usr/local/lib/sse2
 #usr/local/sbin
 #usr/local/share
 #usr/local/share/doc

From fffc646e743adb4aebdf75972bb2c9fb12e0675e Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 24 Jul 2014 13:32:05 +0200
Subject: [PATCH 2/7] logs: Add dynamic DNS logging section.

---
 config/rootfiles/core/80/filelists/files      |  1 +
 html/cgi-bin/logs.cgi/log.dat                 |  2 ++
 lfs/ddns                                      |  2 ++
 ...-a-program-prefix-to-syslog-messages.patch | 25 +++++++++++++++++++
 4 files changed, 30 insertions(+)
 create mode 100644 src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch

diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files
index 822baa2de..d5973f791 100644
--- a/config/rootfiles/core/80/filelists/files
+++ b/config/rootfiles/core/80/filelists/files
@@ -7,6 +7,7 @@ etc/rc.d/init.d/dnsmasq
 etc/rc.d/init.d/networking/red.up/30-ddns
 srv/web/ipfire/cgi-bin/ddns.cgi
 srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat
+srv/web/ipfire/cgi-bin/logs.cgi/log.dat
 srv/web/ipfire/cgi-bin/netexternal.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
diff --git a/html/cgi-bin/logs.cgi/log.dat b/html/cgi-bin/logs.cgi/log.dat
index dacd518a1..1813862fe 100644
--- a/html/cgi-bin/logs.cgi/log.dat
+++ b/html/cgi-bin/logs.cgi/log.dat
@@ -51,6 +51,7 @@ $cgiparams{'SECTION'} = 'ipfire';
 my %sections = (
         'ipfire' => '(ipfire: )',
         'red' => '(red:|pppd\[.*\]: |chat\[.*\]|pppoe\[.*\]|pptp\[.*\]|pppoa\[.*\]|pppoa3\[.*\]|pppoeci\[.*\]|ipppd|ipppd\[.*\]|kernel: ippp\d|kernel: isdn.*|ibod\[.*\]|dhcpcd\[.*\]|modem_run\[.*\])',
+        'ddns' => '(ddns\[\d+\]:)',
         'dns' => '(dnsmasq\[.*\]: )',
         'dhcp' => '(dhcpd: )',
         'clamav' => '(clamd\[.*\]: |freshclam\[.*\]: )',
@@ -70,6 +71,7 @@ my %sections = (
 my %trsections = (
         'ipfire' => 'IPFire',
         'red' => 'RED',
+        'ddns' => $Lang::tr{'dynamic dns'},
         'dns' => 'DNS',
         'dhcp' => "$Lang::tr{'dhcp server'}",
         'cron' => 'Cron',
diff --git a/lfs/ddns b/lfs/ddns
index c8348cee2..975c8c3ab 100644
--- a/lfs/ddns
+++ b/lfs/ddns
@@ -71,6 +71,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch
+
 	cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh
 	cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/var/ipfire
 	cd $(DIR_APP) && make $(MAKETUNING)
diff --git a/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch b/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch
new file mode 100644
index 000000000..978db85fc
--- /dev/null
+++ b/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch
@@ -0,0 +1,25 @@
+From 21fd4b8d26d01d622185ab8de971a9ee934220a3 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 24 Jul 2014 13:23:36 +0200
+Subject: [PATCH] Add a program prefix to syslog messages.
+
+---
+ src/ddns/__init__.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/ddns/__init__.py b/src/ddns/__init__.py
+index 22764e6..6fe3a33 100644
+--- a/src/ddns/__init__.py
++++ b/src/ddns/__init__.py
+@@ -42,6 +42,8 @@ def setup_logging():
+ 	handler = logging.handlers.SysLogHandler(address="/dev/log",
+ 		facility=logging.handlers.SysLogHandler.LOG_DAEMON
+ 	)
++	formatter = logging.Formatter("ddns[%(process)d]: %(message)s")
++	handler.setFormatter(formatter)
+ 	handler.setLevel(logging.INFO)
+ 	rootlogger.addHandler(handler)
+ 
+-- 
+1.9.3
+

From cb8a29b10bcbfa25a135a180ca8cc2c74f54cd52 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 26 Jul 2014 20:54:54 +0200
Subject: [PATCH 3/7] core80: fix permissions before config update.

---
 config/rootfiles/core/80/update.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/core/80/update.sh b/config/rootfiles/core/80/update.sh
index b8b5b58e7..67244c654 100644
--- a/config/rootfiles/core/80/update.sh
+++ b/config/rootfiles/core/80/update.sh
@@ -60,9 +60,6 @@ rm -f \
 	/opt/pakfire/db/installed/meta-libgpg-error \
 	/opt/pakfire/db/rootfiles/libgpg-error
 
-# Regenerate squid configuration file
-sudo -u nobody /srv/web/ipfire/cgi-bin/proxy.cgi
-
 # Fix broken proxy configuration permissions
 chown -R nobody.nobody \
 	/var/ipfire/proxy/advanced \
@@ -72,6 +69,9 @@ chown -R nobody.nobody \
 	/var/ipfire/proxy/squid.conf \
 	/var/ipfire/proxy/transparent
 
+# Regenerate squid configuration file
+sudo -u nobody /srv/web/ipfire/cgi-bin/proxy.cgi
+
 # Generate ddns configuration file
 sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi
 

From 5b861b054576b43e5564289ca08875ee28859cbf Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 26 Jul 2014 21:16:23 +0200
Subject: [PATCH 4/7] Revert "firewall: Filter logging of broadcasts from the
 internal networks."

This reverts commit 63f2fb7fda9112d9e39414328e5d4fab28809c63.
---
 config/rootfiles/core/80/filelists/files |  1 +
 src/initscripts/init.d/firewall          | 14 --------------
 2 files changed, 1 insertion(+), 14 deletions(-)

diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files
index d5973f791..5f4c42cee 100644
--- a/config/rootfiles/core/80/filelists/files
+++ b/config/rootfiles/core/80/filelists/files
@@ -4,6 +4,7 @@ etc/logrotate.conf
 etc/rc.d/init.d/cleanfs
 etc/rc.d/init.d/dhcrelay
 etc/rc.d/init.d/dnsmasq
+etc/rc.d/init.d/firewall
 etc/rc.d/init.d/networking/red.up/30-ddns
 srv/web/ipfire/cgi-bin/ddns.cgi
 srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 7a18502bf..97186c399 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -254,20 +254,6 @@ iptables_init() {
 	iptables -t nat -N REDNAT
 	iptables -t nat -A POSTROUTING -j REDNAT
 
-	# Filter logging of incoming broadcasts.
-	iptables -N BROADCAST_FILTER
-	iptables -A INPUT -j BROADCAST_FILTER
-
-	iptables -A BROADCAST_FILTER -i "${GREEN_DEV}" -d "${GREEN_BROADCAST}" -j DROP
-
-	if [ -n "${BLUE_DEV}" -a -n "${BLUE_BROADCAST}" ]; then
-		iptables -A BROADCAST_FILTER -i "${BLUE_DEV}" -d "${BLUE_BROADCAST}" -j DROP
-	fi
-
-	if [ -n "${ORANGE_DEV}" -a -n "${ORANGE_BROADCAST}" ]; then
-		iptables -A BROADCAST_FILTER -i "${ORANGE_DEV}" -d "${ORANGE_BROADCAST}" -j DROP
-	fi
-
 	# Apply OpenVPN firewall rules
 	/usr/local/bin/openvpnctrl --firewall-rules
 

From bc70c8273792c3cbe41edca1a90f62b4ff0666a1 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 29 Jul 2014 12:07:02 +0200
Subject: [PATCH 5/7] rngd: Silence initscript when rngd is already started.

When a hardware random number generator is found by udev
it will start rngd automatically which is what we also do
by default in the initialisation sequence of the system
(e.g. for RDRAND).
The user will then see an error message that rngd has
already been started which was confusing.
---
 config/rootfiles/core/80/filelists/files |  1 +
 src/initscripts/init.d/rngd              | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files
index 5f4c42cee..a12048d7b 100644
--- a/config/rootfiles/core/80/filelists/files
+++ b/config/rootfiles/core/80/filelists/files
@@ -6,6 +6,7 @@ etc/rc.d/init.d/dhcrelay
 etc/rc.d/init.d/dnsmasq
 etc/rc.d/init.d/firewall
 etc/rc.d/init.d/networking/red.up/30-ddns
+etc/rc.d/init.d/rngd
 srv/web/ipfire/cgi-bin/ddns.cgi
 srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat
 srv/web/ipfire/cgi-bin/logs.cgi/log.dat
diff --git a/src/initscripts/init.d/rngd b/src/initscripts/init.d/rngd
index 22437fdc4..df4aa7da2 100644
--- a/src/initscripts/init.d/rngd
+++ b/src/initscripts/init.d/rngd
@@ -28,12 +28,18 @@ case "${1}" in
 		fi
 
 		boot_mesg "Starting Random Number Generator Daemon..."
-		loadproc /usr/sbin/rngd --no-tpm=1
+
+		if pidofproc /usr/sbin/rngd &>/dev/null; then
+			# Is already running.
+			echo_ok
+		else
+			loadproc /usr/sbin/rngd --no-tpm=1
+		fi
 		;;
 
 	stop)
 		boot_mesg "Stopping Random Number Generator Daemon..."
-		killproc /usr/sbin/rngd
+		killproc -p /var/run/rngd.pid /usr/sbin/rngd
 		;;
 
 	restart)

From 8df091d9680ca0230723fc62b56c9e1d29acb481 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 29 Jul 2014 12:12:38 +0200
Subject: [PATCH 6/7] Revert "General-functions.pl: rewrite getnetworkip
 without inet_aton"

This reverts commit 1be398ae381d4d0cdbd50272bff4434121d36f65.

Some users reported some issues with the generated firewall ruleset
with the new function:
  http://forum.ipfire.org/index.php?topic=11124.0
---
 config/cfgroot/general-functions.pl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 6994f333d..ebf621420 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -413,9 +413,9 @@ sub getnetworkip
 	#Gets:  IP, CIDR    (10.10.10.0-255, 24)
 	#Gives:  10.10.10.0
 	my ($ccdip,$ccdsubnet) = @_;
-	my $ip_address_binary = &Socket::inet_pton( AF_INET,$ccdip );
-	my $netmask_binary = &Socket::inet_pton(AF_INET,&iporsubtodec($ccdsubnet));
-	my $network_address    = &Socket::inet_ntop( AF_INET,$ip_address_binary & $netmask_binary );
+	my $ip_address_binary = inet_aton( $ccdip );
+	my $netmask_binary    = ~pack("N", (2**(32-$ccdsubnet))-1);
+	my $network_address    = inet_ntoa( $ip_address_binary & $netmask_binary );
 	return $network_address;
 }
 

From cea4fc3aaf3fb9b776a2209ccdaff6452e099f8e Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 29 Jul 2014 12:14:23 +0200
Subject: [PATCH 7/7] Revert "General-functions.pl: rewrite IpInSubnet replace
 inet_ntoa"

This reverts commit ab92dc0c84cc6c11f90e753439567d80bac23e2b.

See comment in last commit
---
 config/cfgroot/general-functions.pl | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index ebf621420..dbac0d7a1 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -773,21 +773,12 @@ sub validportrange # used to check a port range
 # Return: TRUE/FALSE
 sub IpInSubnet
 {
-	my $addr = shift;
-	my $network = shift;
-	my $netmask = shift;
-
-	my $addr_num = &Socket::inet_pton(AF_INET,$addr);
-	my $network_num = &Socket::inet_pton(AF_INET,$network);
-	my $netmask_num = &Socket::inet_pton(AF_INET,$netmask);
-
-	# Find start address
-	my $network_start = $network_num & $netmask_num;
-
-	# Find end address
-	my $network_end = $network_start ^ ~$netmask_num;
-
-	return (($addr_num ge $network_start) && ($addr_num le $network_end));
+    my $ip = unpack('N', &Socket::inet_aton(shift));
+    my $start = unpack('N', &Socket::inet_aton(shift));
+    my $mask  = unpack('N', &Socket::inet_aton(shift));
+       $start &= $mask;  # base of subnet...
+    my $end   = $start + ~$mask;
+    return (($ip >= $start) && ($ip <= $end));
 }
 
 #