Menu
▾
▴
astlinux-commits — Commits to the AstLinux SVN repository
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(6) |
Jul
(14) |
Aug
(156) |
Sep
(35) |
Oct
(48) |
Nov
(55) |
Dec
(16) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(24) |
Feb
(154) |
Mar
(139) |
Apr
(175) |
May
(87) |
Jun
(34) |
Jul
(42) |
Aug
(68) |
Sep
(41) |
Oct
(76) |
Nov
(77) |
Dec
(50) |
| 2008 |
Jan
(98) |
Feb
(43) |
Mar
(102) |
Apr
(27) |
May
(55) |
Jun
(13) |
Jul
(58) |
Aug
(62) |
Sep
(61) |
Oct
(43) |
Nov
(87) |
Dec
(134) |
| 2009 |
Jan
(175) |
Feb
(106) |
Mar
(58) |
Apr
(41) |
May
(74) |
Jun
(123) |
Jul
(252) |
Aug
(192) |
Sep
(69) |
Oct
(38) |
Nov
(117) |
Dec
(95) |
| 2010 |
Jan
(146) |
Feb
(76) |
Mar
(90) |
Apr
(60) |
May
(23) |
Jun
(19) |
Jul
(208) |
Aug
(140) |
Sep
(103) |
Oct
(114) |
Nov
(50) |
Dec
(47) |
| 2011 |
Jan
(59) |
Feb
(47) |
Mar
(61) |
Apr
(58) |
May
(41) |
Jun
(11) |
Jul
(17) |
Aug
(49) |
Sep
(34) |
Oct
(166) |
Nov
(38) |
Dec
(70) |
| 2012 |
Jan
(87) |
Feb
(37) |
Mar
(28) |
Apr
(25) |
May
(29) |
Jun
(30) |
Jul
(43) |
Aug
(27) |
Sep
(46) |
Oct
(27) |
Nov
(51) |
Dec
(70) |
| 2013 |
Jan
(92) |
Feb
(34) |
Mar
(58) |
Apr
(37) |
May
(46) |
Jun
(9) |
Jul
(38) |
Aug
(22) |
Sep
(28) |
Oct
(42) |
Nov
(44) |
Dec
(34) |
| 2014 |
Jan
(63) |
Feb
(39) |
Mar
(48) |
Apr
(31) |
May
(21) |
Jun
(43) |
Jul
(36) |
Aug
(69) |
Sep
(53) |
Oct
(56) |
Nov
(46) |
Dec
(49) |
| 2015 |
Jan
(63) |
Feb
(35) |
Mar
(30) |
Apr
(38) |
May
(27) |
Jun
(42) |
Jul
(42) |
Aug
(63) |
Sep
(18) |
Oct
(45) |
Nov
(65) |
Dec
(71) |
| 2016 |
Jan
(54) |
Feb
(79) |
Mar
(59) |
Apr
(38) |
May
(32) |
Jun
(46) |
Jul
(42) |
Aug
(30) |
Sep
(58) |
Oct
(33) |
Nov
(98) |
Dec
(59) |
| 2017 |
Jan
(79) |
Feb
(12) |
Mar
(43) |
Apr
(32) |
May
(76) |
Jun
(59) |
Jul
(44) |
Aug
(14) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <abe...@us...> - 2016-07-21 21:45:22
|
Revision: 7770
http://sourceforge.net/p/astlinux/code/7770
Author: abelbeck
Date: 2016-07-21 21:45:19 +0000 (Thu, 21 Jul 2016)
Log Message:
-----------
asterisk-codec-silk, version bump to 1.0.2 for the binary blobs
Modified Paths:
--------------
branches/1.0/package/asterisk-codec-silk/asterisk-codec-silk.mk
Modified: branches/1.0/package/asterisk-codec-silk/asterisk-codec-silk.mk
===================================================================
--- branches/1.0/package/asterisk-codec-silk/asterisk-codec-silk.mk 2016-07-21 21:21:35 UTC (rev 7769)
+++ branches/1.0/package/asterisk-codec-silk/asterisk-codec-silk.mk 2016-07-21 21:45:19 UTC (rev 7770)
@@ -5,19 +5,19 @@
##############################################################
ifeq ($(BR2_PACKAGE_ASTERISK_v11),y)
ifeq ($(ARCH),x86_64)
-ASTERISK_CODEC_SILK_VERSION := 11.0_1.0.0-generic_64
+ASTERISK_CODEC_SILK_VERSION := 11.0_1.0.2-generic_64
ASTERISK_CODEC_SILK_SITE := http://downloads.digium.com/pub/telephony/codec_silk/asterisk-11.0/x86-64
else
-ASTERISK_CODEC_SILK_VERSION := 11.0_1.0.0-i686_32
+ASTERISK_CODEC_SILK_VERSION := 11.0_1.0.2-i686_32
ASTERISK_CODEC_SILK_SITE := http://downloads.digium.com/pub/telephony/codec_silk/asterisk-11.0/x86-32
endif
endif
ifeq ($(BR2_PACKAGE_ASTERISK_v13),y)
ifeq ($(ARCH),x86_64)
-ASTERISK_CODEC_SILK_VERSION := 13.0_1.0.0-generic_64
+ASTERISK_CODEC_SILK_VERSION := 13.0_1.0.2-generic_64
ASTERISK_CODEC_SILK_SITE := http://downloads.digium.com/pub/telephony/codec_silk/asterisk-13.0/x86-64
else
-ASTERISK_CODEC_SILK_VERSION := 13.0_1.0.0-i686_32
+ASTERISK_CODEC_SILK_VERSION := 13.0_1.0.2-i686_32
ASTERISK_CODEC_SILK_SITE := http://downloads.digium.com/pub/telephony/codec_silk/asterisk-13.0/x86-32
endif
endif
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-21 21:21:37
|
Revision: 7769
http://sourceforge.net/p/astlinux/code/7769
Author: abelbeck
Date: 2016-07-21 21:21:35 +0000 (Thu, 21 Jul 2016)
Log Message:
-----------
pjsip, disable speex and gsm codec's
Modified Paths:
--------------
branches/1.0/package/pjsip/pjsip.mk
Modified: branches/1.0/package/pjsip/pjsip.mk
===================================================================
--- branches/1.0/package/pjsip/pjsip.mk 2016-07-21 20:57:04 UTC (rev 7768)
+++ branches/1.0/package/pjsip/pjsip.mk 2016-07-21 21:21:35 UTC (rev 7769)
@@ -23,6 +23,9 @@
PJSIP_CONF_OPT = \
--with-external-srtp \
+ --disable-speex-codec \
+ --disable-speex-aec \
+ --disable-gsm-codec \
--disable-video \
--disable-v4l2 \
--disable-sound \
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-21 20:57:07
|
Revision: 7768
http://sourceforge.net/p/astlinux/code/7768
Author: abelbeck
Date: 2016-07-21 20:57:04 +0000 (Thu, 21 Jul 2016)
Log Message:
-----------
pjsip, version bump to 2.5
Modified Paths:
--------------
branches/1.0/package/pjsip/pjsip.mk
Added Paths:
-----------
branches/1.0/package/pjsip/pjsip-0001-evsub-Add-APIs-to-add-decrement-an-event-subscriptio.patch
branches/1.0/package/pjsip/pjsip-0002-sip_transport_tcp-tls-Set-factory-on-transports-crea.patch
Removed Paths:
-------------
branches/1.0/package/pjsip/pjsip-0001-sip_parser.c-Fix-pjsip_VIA_PARAM_SPEC_ESC.patch
Added: branches/1.0/package/pjsip/pjsip-0001-evsub-Add-APIs-to-add-decrement-an-event-subscriptio.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0001-evsub-Add-APIs-to-add-decrement-an-event-subscriptio.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0001-evsub-Add-APIs-to-add-decrement-an-event-subscriptio.patch 2016-07-21 20:57:04 UTC (rev 7768)
@@ -0,0 +1,72 @@
+From a5030c9b33b2c936879fbacb1d2ea5edc2979181 Mon Sep 17 00:00:00 2001
+From: George Joseph <gj...@di...>
+Date: Sat, 18 Jun 2016 10:14:34 -0600
+Subject: [PATCH] evsub: Add APIs to add/decrement an event subscription's
+ group lock
+
+These APIs can be used to ensure that the evsub isn't destroyed before
+an application is finished using it.
+---
+ pjsip/include/pjsip-simple/evsub.h | 20 ++++++++++++++++++++
+ pjsip/src/pjsip-simple/evsub.c | 14 ++++++++++++++
+ 2 files changed, 34 insertions(+)
+
+diff --git a/pjsip/include/pjsip-simple/evsub.h b/pjsip/include/pjsip-simple/evsub.h
+index 2dc4d69..31f85f8 100644
+--- a/pjsip/include/pjsip-simple/evsub.h
++++ b/pjsip/include/pjsip-simple/evsub.h
+@@ -490,6 +490,26 @@ PJ_DECL(void) pjsip_evsub_set_mod_data( pjsip_evsub *sub, unsigned mod_id,
+ PJ_DECL(void*) pjsip_evsub_get_mod_data( pjsip_evsub *sub, unsigned mod_id );
+
+
++/**
++ * Increment the event subscription's group lock.
++ *
++ * @param sub The server subscription instance.
++ *
++ * @return PJ_SUCCESS on success.
++ */
++PJ_DEF(pj_status_t) pjsip_evsub_add_ref(pjsip_evsub *sub);
++
++
++/**
++ * Decrement the event subscription's group lock.
++ *
++ * @param sub The server subscription instance.
++ *
++ * @return PJ_SUCCESS on success.
++ */
++PJ_DEF(pj_status_t) pjsip_evsub_dec_ref(pjsip_evsub *sub);
++
++
+
+ PJ_END_DECL
+
+diff --git a/pjsip/src/pjsip-simple/evsub.c b/pjsip/src/pjsip-simple/evsub.c
+index 7cd8859..68a9564 100644
+--- a/pjsip/src/pjsip-simple/evsub.c
++++ b/pjsip/src/pjsip-simple/evsub.c
+@@ -831,7 +831,21 @@ static pj_status_t evsub_create( pjsip_dialog *dlg,
+ return PJ_SUCCESS;
+ }
+
++/*
++ * Increment the event subscription's group lock.
++ */
++PJ_DEF(pj_status_t) pjsip_evsub_add_ref(pjsip_evsub *sub)
++{
++ return pj_grp_lock_add_ref(sub->grp_lock);
++}
+
++/*
++ * Decrement the event subscription's group lock.
++ */
++PJ_DEF(pj_status_t) pjsip_evsub_dec_ref(pjsip_evsub *sub)
++{
++ return pj_grp_lock_dec_ref(sub->grp_lock);
++}
+
+ /*
+ * Create client subscription session.
+--
+2.5.5
Deleted: branches/1.0/package/pjsip/pjsip-0001-sip_parser.c-Fix-pjsip_VIA_PARAM_SPEC_ESC.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0001-sip_parser.c-Fix-pjsip_VIA_PARAM_SPEC_ESC.patch 2016-07-21 18:16:49 UTC (rev 7767)
+++ branches/1.0/package/pjsip/pjsip-0001-sip_parser.c-Fix-pjsip_VIA_PARAM_SPEC_ESC.patch 2016-07-21 20:57:04 UTC (rev 7768)
@@ -1,29 +0,0 @@
-From 0fc7ef5f01be9cc74d184c3ca3a973ff1ef44c93 Mon Sep 17 00:00:00 2001
-From: George Joseph <geo...@fa...>
-Date: Sun, 10 Apr 2016 12:54:06 -0600
-Subject: [PATCH] sip_parser.c: Fix pjsip_VIA_PARAM_SPEC_ESC
-
-pjsip_VIA_PARAM_SPEC_ESC should have been pjsip_TOKEN_SPEC_ESC + ":" but
-instead of appending ":" to pjsip_VIA_PARAM_SPEC_ESC it was being appended
-to pjsip_VIA_PARAM_SPEC again. This was causing parsing of Via headers
-to fail when an ipv6 address was in a "received" param and
-PJSIP_UNESCAPE_IN_PLACE was used. Probably just a copy/paste error.
----
- pjsip/src/pjsip/sip_parser.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/pjsip/src/pjsip/sip_parser.c b/pjsip/src/pjsip/sip_parser.c
-index 378c22f..c18faa3 100644
---- a/pjsip/src/pjsip/sip_parser.c
-+++ b/pjsip/src/pjsip/sip_parser.c
-@@ -327,7 +327,7 @@ static pj_status_t init_parser()
-
- status = pj_cis_dup(&pconst.pjsip_VIA_PARAM_SPEC_ESC, &pconst.pjsip_TOKEN_SPEC_ESC);
- PJ_ASSERT_RETURN(status == PJ_SUCCESS, status);
-- pj_cis_add_str(&pconst.pjsip_VIA_PARAM_SPEC, ":");
-+ pj_cis_add_str(&pconst.pjsip_VIA_PARAM_SPEC_ESC, ":");
-
- status = pj_cis_dup(&pconst.pjsip_HOST_SPEC, &pconst.pjsip_ALNUM_SPEC);
- PJ_ASSERT_RETURN(status == PJ_SUCCESS, status);
---
-2.5.5
Added: branches/1.0/package/pjsip/pjsip-0002-sip_transport_tcp-tls-Set-factory-on-transports-crea.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0002-sip_transport_tcp-tls-Set-factory-on-transports-crea.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0002-sip_transport_tcp-tls-Set-factory-on-transports-crea.patch 2016-07-21 20:57:04 UTC (rev 7768)
@@ -0,0 +1,47 @@
+From b7cb93b0e1729589a71e8b30d9a9893f0918e2a2 Mon Sep 17 00:00:00 2001
+From: George Joseph <geo...@fa...>
+Date: Mon, 30 May 2016 11:58:22 -0600
+Subject: [PATCH] sip_transport_tcp/tls: Set factory on transports created
+ from accept
+
+The ability to re-use tcp and tls transports when a factory is
+specified now depends on transport->factory being set which is a new field
+in 2.5. This was being set only on new outgoing sockets not on
+incoming sockets. The result was that a client REGISTER created a new
+socket but without the factory set, the next outgoing request to the
+client, OPTIONS, INVITE, etc, would attempt to create another socket
+which the client would refuse.
+
+This patch sets the factory on transports created as a result of an
+accept.
+---
+ pjsip/src/pjsip/sip_transport_tcp.c | 1 +
+ pjsip/src/pjsip/sip_transport_tls.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/pjsip/src/pjsip/sip_transport_tcp.c b/pjsip/src/pjsip/sip_transport_tcp.c
+index 1bbb324..00eb8fc 100644
+--- a/pjsip/src/pjsip/sip_transport_tcp.c
++++ b/pjsip/src/pjsip/sip_transport_tcp.c
+@@ -713,6 +713,7 @@ static pj_status_t tcp_create( struct tcp_listener *listener,
+ tcp->base.send_msg = &tcp_send_msg;
+ tcp->base.do_shutdown = &tcp_shutdown;
+ tcp->base.destroy = &tcp_destroy_transport;
++ tcp->base.factory = &listener->factory;
+
+ /* Create group lock */
+ status = pj_grp_lock_create(pool, NULL, &tcp->grp_lock);
+diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
+index a83ac32..36ee70d 100644
+--- a/pjsip/src/pjsip/sip_transport_tls.c
++++ b/pjsip/src/pjsip/sip_transport_tls.c
+@@ -742,6 +742,7 @@ static pj_status_t tls_create( struct tls_listener *listener,
+ tls->base.send_msg = &tls_send_msg;
+ tls->base.do_shutdown = &tls_shutdown;
+ tls->base.destroy = &tls_destroy_transport;
++ tls->base.factory = &listener->factory;
+
+ tls->ssock = ssock;
+
+--
+2.5.5
Modified: branches/1.0/package/pjsip/pjsip.mk
===================================================================
--- branches/1.0/package/pjsip/pjsip.mk 2016-07-21 18:16:49 UTC (rev 7767)
+++ branches/1.0/package/pjsip/pjsip.mk 2016-07-21 20:57:04 UTC (rev 7768)
@@ -4,7 +4,7 @@
#
################################################################################
-PJSIP_VERSION = 2.4.5
+PJSIP_VERSION = 2.5
PJSIP_SOURCE = pjproject-$(PJSIP_VERSION).tar.bz2
PJSIP_SITE = http://www.pjsip.org/release/$(PJSIP_VERSION)
PJSIP_INSTALL_STAGING = YES
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-21 18:16:52
|
Revision: 7767
http://sourceforge.net/p/astlinux/code/7767
Author: abelbeck
Date: 2016-07-21 18:16:49 +0000 (Thu, 21 Jul 2016)
Log Message:
-----------
update ChangeLog
Modified Paths:
--------------
branches/1.0/docs/ChangeLog.txt
Modified: branches/1.0/docs/ChangeLog.txt
===================================================================
--- branches/1.0/docs/ChangeLog.txt 2016-07-21 18:14:39 UTC (rev 7766)
+++ branches/1.0/docs/ChangeLog.txt 2016-07-21 18:16:49 UTC (rev 7767)
@@ -12,6 +12,8 @@
** System
+-- php, version bump to 5.5.38, bug and security fixes
+
-- perl, version bump to 5.24.0 using perlcross 1.0.3
-- ethtool, version bump to 4.6
@@ -30,6 +32,8 @@
-- arnofw (AIF), version bump to 2.0.1g-RC1
+-- libcurl (curl) version bump to 7.50.0
+
** Asterisk
-- Asterisk 1.8.32.3 (no change), 11.22.0 (no change) and 13.9.1 (no change)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-21 18:14:42
|
Revision: 7766
http://sourceforge.net/p/astlinux/code/7766
Author: abelbeck
Date: 2016-07-21 18:14:39 +0000 (Thu, 21 Jul 2016)
Log Message:
-----------
php, version bump to 5.5.38
Modified Paths:
--------------
branches/1.0/package/php/php.mk
Modified: branches/1.0/package/php/php.mk
===================================================================
--- branches/1.0/package/php/php.mk 2016-07-21 18:05:36 UTC (rev 7765)
+++ branches/1.0/package/php/php.mk 2016-07-21 18:14:39 UTC (rev 7766)
@@ -4,7 +4,7 @@
#
#############################################################
-PHP_VERSION = 5.5.37
+PHP_VERSION = 5.5.38
PHP_SITE = http://www.php.net/distributions
PHP_SOURCE = php-$(PHP_VERSION).tar.xz
PHP_INSTALL_STAGING = YES
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-21 18:05:38
|
Revision: 7765
http://sourceforge.net/p/astlinux/code/7765
Author: abelbeck
Date: 2016-07-21 18:05:36 +0000 (Thu, 21 Jul 2016)
Log Message:
-----------
libcurl, version bump to 7.50.0
Modified Paths:
--------------
branches/1.0/package/libcurl/libcurl.mk
Modified: branches/1.0/package/libcurl/libcurl.mk
===================================================================
--- branches/1.0/package/libcurl/libcurl.mk 2016-07-20 19:56:36 UTC (rev 7764)
+++ branches/1.0/package/libcurl/libcurl.mk 2016-07-21 18:05:36 UTC (rev 7765)
@@ -3,7 +3,7 @@
# libcurl
#
#############################################################
-LIBCURL_VERSION = 7.49.1
+LIBCURL_VERSION = 7.50.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.gz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_INSTALL_STAGING = YES
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-20 19:56:40
|
Revision: 7764
http://sourceforge.net/p/astlinux/code/7764
Author: abelbeck
Date: 2016-07-20 19:56:36 +0000 (Wed, 20 Jul 2016)
Log Message:
-----------
update ChangeLog
Modified Paths:
--------------
branches/1.0/docs/ChangeLog.txt
Modified: branches/1.0/docs/ChangeLog.txt
===================================================================
--- branches/1.0/docs/ChangeLog.txt 2016-07-20 16:49:54 UTC (rev 7763)
+++ branches/1.0/docs/ChangeLog.txt 2016-07-20 19:56:36 UTC (rev 7764)
@@ -12,8 +12,18 @@
** System
--- (no change)
+-- perl, version bump to 5.24.0 using perlcross 1.0.3
+-- ethtool, version bump to 4.6
+
+-- sudo, version bump to 1.8.17p1
+
+-- nano, version bump to 2.6.1
+
+-- screen, version bump to 4.4.0
+
+-- Time Zone Database update, tzdata2016f and php-timezonedb-2016.6
+
** Networking
-- Added a 4th LAN Interface configuration entry
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-20 16:49:58
|
Revision: 7763
http://sourceforge.net/p/astlinux/code/7763
Author: abelbeck
Date: 2016-07-20 16:49:54 +0000 (Wed, 20 Jul 2016)
Log Message:
-----------
perl, version bump to 5.24.0, perl-cross version bump to 1.0.3
Modified Paths:
--------------
branches/1.0/package/perl/perl.mk
Modified: branches/1.0/package/perl/perl.mk
===================================================================
--- branches/1.0/package/perl/perl.mk 2016-07-20 15:47:02 UTC (rev 7762)
+++ branches/1.0/package/perl/perl.mk 2016-07-20 16:49:54 UTC (rev 7763)
@@ -4,8 +4,8 @@
#
#############################################################
-PERL_VERSION_MAJOR = 22
-PERL_VERSION = 5.$(PERL_VERSION_MAJOR).1
+PERL_VERSION_MAJOR = 24
+PERL_VERSION = 5.$(PERL_VERSION_MAJOR).0
PERL_SITE = http://www.cpan.org/src/5.0
PERL_SOURCE = perl-$(PERL_VERSION).tar.bz2
PERL_INSTALL_STAGING = YES
@@ -17,9 +17,8 @@
PERL_MODULES = constant version Carp Errno Fcntl PathTools POSIX Digest Socket IO XSLoader Exporter File-Find
PERL_MODULES += Digest/MD5 Digest/SHA Getopt/Long Time/Local File/Glob Sys/Hostname
-PERL_CROSS_VERSION = 1.0.2
+PERL_CROSS_VERSION = 1.0.3
PERL_CROSS_SITE = https://github.com/arsv/perl-cross/releases/download/$(PERL_CROSS_VERSION)
-#PERL_CROSS_SITE = http://files.astlinux-project.org
PERL_CROSS_SOURCE = perl-$(PERL_VERSION)-cross-$(PERL_CROSS_VERSION).tar.gz
# We use the perlcross hack to cross-compile perl. It should
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-20 15:47:04
|
Revision: 7762
http://sourceforge.net/p/astlinux/code/7762
Author: abelbeck
Date: 2016-07-20 15:47:02 +0000 (Wed, 20 Jul 2016)
Log Message:
-----------
zoneinfo, version bump to 2016f and PHP_TIMEZONEDB 2016.6
Modified Paths:
--------------
branches/1.0/package/php/php.mk
branches/1.0/package/zoneinfo/zoneinfo.mk
Modified: branches/1.0/package/php/php.mk
===================================================================
--- branches/1.0/package/php/php.mk 2016-07-20 15:32:06 UTC (rev 7761)
+++ branches/1.0/package/php/php.mk 2016-07-20 15:47:02 UTC (rev 7762)
@@ -13,7 +13,7 @@
PHP_DEPENDENCIES = host-pkg-config
ifeq ($(BR2_PACKAGE_PHP_EXT_TIMEZONEDB),y)
-PHP_TIMEZONEDB_VERSION = 2016.5
+PHP_TIMEZONEDB_VERSION = 2016.6
PHP_TIMEZONEDB_SITE = http://files.astlinux-project.org
PHP_TIMEZONEDB_SOURCE = timezonedb-$(PHP_TIMEZONEDB_VERSION).tar.gz
Modified: branches/1.0/package/zoneinfo/zoneinfo.mk
===================================================================
--- branches/1.0/package/zoneinfo/zoneinfo.mk 2016-07-20 15:32:06 UTC (rev 7761)
+++ branches/1.0/package/zoneinfo/zoneinfo.mk 2016-07-20 15:47:02 UTC (rev 7762)
@@ -3,7 +3,7 @@
# zoneinfo
#
##############################################################
-ZONEINFO_VERSION := 2016e
+ZONEINFO_VERSION := 2016f
ZONEINFO_DATA := tzdata$(ZONEINFO_VERSION).tar.gz
ZONEINFO_SOURCE := tzcode$(ZONEINFO_VERSION).tar.gz
ZONEINFO_SITE := http://www.iana.org/time-zones/repository/releases
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-20 15:32:08
|
Revision: 7761
http://sourceforge.net/p/astlinux/code/7761
Author: abelbeck
Date: 2016-07-20 15:32:06 +0000 (Wed, 20 Jul 2016)
Log Message:
-----------
sudo, version bump to 1.8.17p1
Modified Paths:
--------------
branches/1.0/package/sudo/sudo.mk
Modified: branches/1.0/package/sudo/sudo.mk
===================================================================
--- branches/1.0/package/sudo/sudo.mk 2016-07-20 15:18:21 UTC (rev 7760)
+++ branches/1.0/package/sudo/sudo.mk 2016-07-20 15:32:06 UTC (rev 7761)
@@ -4,7 +4,7 @@
#
#############################################################
-SUDO_VERSION = 1.8.16
+SUDO_VERSION = 1.8.17p1
SUDO_SITE = http://www.sudo.ws/sudo/dist
# This is to avoid sudo's make install from chown()ing files which fails
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-20 15:18:24
|
Revision: 7760
http://sourceforge.net/p/astlinux/code/7760
Author: abelbeck
Date: 2016-07-20 15:18:21 +0000 (Wed, 20 Jul 2016)
Log Message:
-----------
ethtool, version bump to 4.6
Modified Paths:
--------------
branches/1.0/package/ethtool/ethtool.mk
Modified: branches/1.0/package/ethtool/ethtool.mk
===================================================================
--- branches/1.0/package/ethtool/ethtool.mk 2016-07-20 15:06:40 UTC (rev 7759)
+++ branches/1.0/package/ethtool/ethtool.mk 2016-07-20 15:18:21 UTC (rev 7760)
@@ -4,7 +4,7 @@
#
#############################################################
-ETHTOOL_VERSION = 4.5
+ETHTOOL_VERSION = 4.6
ETHTOOL_SITE = $(BR2_KERNEL_MIRROR)/software/network/ethtool
$(eval $(call AUTOTARGETS,package,ethtool))
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-20 15:06:43
|
Revision: 7759
http://sourceforge.net/p/astlinux/code/7759
Author: abelbeck
Date: 2016-07-20 15:06:40 +0000 (Wed, 20 Jul 2016)
Log Message:
-----------
nano, version bump to 2.6.1
Modified Paths:
--------------
branches/1.0/package/nano/nano.mk
Modified: branches/1.0/package/nano/nano.mk
===================================================================
--- branches/1.0/package/nano/nano.mk 2016-07-20 14:41:24 UTC (rev 7758)
+++ branches/1.0/package/nano/nano.mk 2016-07-20 15:06:40 UTC (rev 7759)
@@ -4,8 +4,8 @@
#
#############################################################
-NANO_VERSION = 2.5.3
-NANO_SITE = http://www.nano-editor.org/dist/v2.5
+NANO_VERSION = 2.6.1
+NANO_SITE = http://www.nano-editor.org/dist/v2.6
NANO_MAKE_ENV = CURSES_LIB="-lncurses"
NANO_CONF_ENV = ac_cv_prog_NCURSESW_CONFIG=false
NANO_CONF_OPT = \
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-20 14:41:27
|
Revision: 7758
http://sourceforge.net/p/astlinux/code/7758
Author: abelbeck
Date: 2016-07-20 14:41:24 +0000 (Wed, 20 Jul 2016)
Log Message:
-----------
screen, version bump to 4.4.0, synced to upstream Buildroot
Modified Paths:
--------------
branches/1.0/package/screen/screen.mk
Added Paths:
-----------
branches/1.0/package/screen/screen-0001-compiler-sanity-checks.patch
branches/1.0/package/screen/screen-0002-no-memcpy-fallback.patch
branches/1.0/package/screen/screen-0003-cross-compilation-AC_TRY_RUN.patch
branches/1.0/package/screen/screen-0004-cross-compilation-ignore-host-fs.patch
branches/1.0/package/screen/screen-0005-avoid-identifying-as-SVR4.patch
branches/1.0/package/screen/screen-0006-install-no-backup-binary.patch
branches/1.0/package/screen/screen-0007-install-always-chmod.patch
branches/1.0/package/screen/screen-0008-install-nonversioned-binary.patch
branches/1.0/package/screen/screen-0009-install-dir-dependency.patch
branches/1.0/package/screen/screen-0010-rename-sched_h.patch
Removed Paths:
-------------
branches/1.0/package/screen/screen-cross_compile_fix.patch
branches/1.0/package/screen/screen-install-fix.patch
Added: branches/1.0/package/screen/screen-0001-compiler-sanity-checks.patch
===================================================================
--- branches/1.0/package/screen/screen-0001-compiler-sanity-checks.patch (rev 0)
+++ branches/1.0/package/screen/screen-0001-compiler-sanity-checks.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -0,0 +1,62 @@
+From: Maarten ter Huurne <ma...@tr...>
+Date: Sat, 13 Sep 2014 10:27:27 +0200
+Subject: Removed redundant compiler sanity checks
+
+AC_PROG_CC already performs sanity checks. And unlike the removed
+checks, it does so in a way that supports cross compilation.
+
+Signed-off-by: Maarten ter Huurne <ma...@tr...>
+[Ricardo: rebase on top of 4.3.1]
+Signed-off-by: Ricardo Martincoski <ric...@gm...>
+---
+ configure.ac | 27 ---------------------------
+ 1 file changed, 27 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index ffe2e37..27690a6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -48,31 +48,6 @@ AC_PROG_GCC_TRADITIONAL
+ AC_ISC_POSIX
+ AC_USE_SYSTEM_EXTENSIONS
+
+-AC_TRY_RUN(main(){exit(0);},,[
+-if test $CC != cc ; then
+-AC_NOTE(Your $CC failed - restarting with CC=cc)
+-AC_NOTE()
+-CC=cc
+-export CC
+-exec $0 $configure_args
+-fi
+-])
+-
+-AC_TRY_RUN(main(){exit(0);},,
+-exec 5>&2
+-eval $ac_link
+-AC_NOTE(CC=$CC; CFLAGS=$CFLAGS; LIBS=$LIBS;)
+-AC_NOTE($ac_compile)
+-AC_MSG_ERROR(Can't run the compiler - sorry))
+-
+-AC_TRY_RUN([
+-main()
+-{
+- int __something_strange_();
+- __something_strange_(0);
+-}
+-],AC_MSG_ERROR(Your compiler does not set the exit status - sorry))
+-
+ AC_PROG_AWK
+
+ AC_PROG_INSTALL
+@@ -1300,8 +1275,6 @@ fi
+ dnl Ptx bug workaround -- insert -lc after -ltermcap
+ test -n "$seqptx" && LIBS="-ltermcap -lc -lsocket -linet -lnsl -lsec -lseq"
+
+-AC_TRY_RUN(main(){exit(0);},,AC_MSG_ERROR(Can't run the compiler - internal error. Sorry.))
+-
+ ETCSCREENRC=
+ AC_MSG_CHECKING(for the global screenrc file)
+ AC_ARG_WITH(sys-screenrc, [ --with-sys-screenrc=path to the global screenrc file], [ ETCSCREENRC="${withval}" ])
+--
+1.8.4.5
+
Added: branches/1.0/package/screen/screen-0002-no-memcpy-fallback.patch
===================================================================
--- branches/1.0/package/screen/screen-0002-no-memcpy-fallback.patch (rev 0)
+++ branches/1.0/package/screen/screen-0002-no-memcpy-fallback.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -0,0 +1,124 @@
+From: Maarten ter Huurne <ma...@tr...>
+Date: Sat, 13 Sep 2014 11:37:59 +0200
+Subject: Do not use memcpy as an alternative for bcopy/memmove
+
+The configure script runs a small test program to check whether
+memcpy can handle overlapping memory areas. However, it is not valid
+to conclude that if a single case of overlapping memory is handled
+correctly, all cases will be handled correctly.
+
+Since screen already has its own bcopy implementation as a fallback
+for the case that bcopy and memmove are unusable, removing the memcpy
+option should not break any systems.
+
+Signed-off-by: Maarten ter Huurne <ma...@tr...>
+[Ricardo: rebase on top of 4.3.1]
+Signed-off-by: Ricardo Martincoski <ric...@gm...>
+---
+ acconfig.h | 3 +--
+ configure.ac | 18 +-----------------
+ os.h | 8 ++------
+ osdef.h.in | 10 +---------
+ 4 files changed, 5 insertions(+), 34 deletions(-)
+
+diff --git a/acconfig.h b/acconfig.h
+index 2e46985..9b0b9d4 100644
+--- a/acconfig.h
++++ b/acconfig.h
+@@ -476,7 +476,7 @@
+ #undef GETTTYENT
+
+ /*
+- * Define USEBCOPY if the bcopy/memcpy from your system's C library
++ * Define USEBCOPY if the bcopy from your system's C library
+ * supports the overlapping of source and destination blocks. When
+ * undefined, screen uses its own (probably slower) version of bcopy().
+ *
+@@ -487,7 +487,6 @@
+ * Their memove fails the test in the configure script. Sigh. (Juergen)
+ */
+ #undef USEBCOPY
+-#undef USEMEMCPY
+ #undef USEMEMMOVE
+
+ /*
+diff --git a/configure.ac b/configure.ac
+index 27690a6..b8e3bec 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1145,7 +1145,7 @@ AC_TRY_LINK(,[getttyent();], AC_DEFINE(GETTTYENT))
+ AC_CHECKING(fdwalk)
+ AC_TRY_LINK([#include <stdlib.h>], [fdwalk(NULL, NULL);],AC_DEFINE(HAVE_FDWALK))
+
+-AC_CHECKING(whether memcpy/memmove/bcopy handles overlapping arguments)
++AC_CHECKING(whether memmove/bcopy handles overlapping arguments)
+ AC_TRY_RUN([
+ main() {
+ char buf[10];
+@@ -1175,22 +1175,6 @@ main() {
+ exit(0); /* libc version works properly. */
+ }], AC_DEFINE(USEMEMMOVE))
+
+-
+-AC_TRY_RUN([
+-#define bcopy(s,d,l) memcpy(d,s,l)
+-main() {
+- char buf[10];
+- strcpy(buf, "abcdefghi");
+- bcopy(buf, buf + 2, 3);
+- if (strncmp(buf, "ababcf", 6))
+- exit(1);
+- strcpy(buf, "abcdefghi");
+- bcopy(buf + 2, buf, 3);
+- if (strncmp(buf, "cdedef", 6))
+- exit(1);
+- exit(0); /* libc version works properly. */
+-}], AC_DEFINE(USEMEMCPY))
+-
+ AC_SYS_LONG_FILE_NAMES
+
+ AC_MSG_CHECKING(for vsprintf)
+diff --git a/os.h b/os.h
+index e827ac9..0b41fb9 100644
+--- a/os.h
++++ b/os.h
+@@ -142,12 +142,8 @@ extern int errno;
+ # ifdef USEMEMMOVE
+ # define bcopy(s,d,len) memmove(d,s,len)
+ # else
+-# ifdef USEMEMCPY
+-# define bcopy(s,d,len) memcpy(d,s,len)
+-# else
+-# define NEED_OWN_BCOPY
+-# define bcopy xbcopy
+-# endif
++# define NEED_OWN_BCOPY
++# define bcopy xbcopy
+ # endif
+ #endif
+
+diff --git a/osdef.h.in b/osdef.h.in
+index 8687b60..e4057a0 100644
+--- a/osdef.h.in
++++ b/osdef.h.in
+@@ -58,16 +58,8 @@ extern int bcmp __P((char *, char *, int));
+ extern int killpg __P((int, int));
+ #endif
+
+-#ifndef USEBCOPY
+-# ifdef USEMEMCPY
+-extern void memcpy __P((char *, char *, int));
+-# else
+-# ifdef USEMEMMOVE
++#if defined(USEMEMMOVE) && !defined(USEBCOPY)
+ extern void memmove __P((char *, char *, int));
+-# else
+-extern void bcopy __P((char *, char *, int));
+-# endif
+-# endif
+ #else
+ extern void bcopy __P((char *, char *, int));
+ #endif
+--
+1.8.4.5
+
Added: branches/1.0/package/screen/screen-0003-cross-compilation-AC_TRY_RUN.patch
===================================================================
--- branches/1.0/package/screen/screen-0003-cross-compilation-AC_TRY_RUN.patch (rev 0)
+++ branches/1.0/package/screen/screen-0003-cross-compilation-AC_TRY_RUN.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -0,0 +1,125 @@
+From: Maarten ter Huurne <ma...@tr...>
+Date: Sat, 13 Sep 2014 12:04:41 +0200
+Subject: Provide cross compilation alternatives for all AC_TRY_RUN uses
+
+Signed-off-by: Maarten ter Huurne <ma...@tr...>
+[Ricardo: rebase on top of 4.3.1]
+Signed-off-by: Ricardo Martincoski <ric...@gm...>
+---
+ configure.ac | 30 +++++++++++++++++++-----------
+ 1 file changed, 19 insertions(+), 11 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index b8e3bec..c4b7cd4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -348,7 +348,8 @@ main()
+ exit(0);
+ }
+ ], AC_NOTE(- your fifos are usable) fifo=1,
+-AC_NOTE(- your fifos are not usable))
++AC_NOTE(- your fifos are not usable),
++AC_NOTE(- skipping check because we are cross compiling; assuming fifos are usable) fifo=1)
+ rm -f /tmp/conftest*
+
+ if test -n "$fifo"; then
+@@ -396,7 +397,8 @@ main()
+ exit(0);
+ }
+ ], AC_NOTE(- your implementation is ok),
+-AC_NOTE(- you have a broken implementation) AC_DEFINE(BROKEN_PIPE) fifobr=1)
++AC_NOTE(- you have a broken implementation) AC_DEFINE(BROKEN_PIPE) fifobr=1,
++AC_NOTE(- skipping check because we are cross compiling; assuming fifo implementation is ok))
+ rm -f /tmp/conftest*
+ fi
+
+@@ -458,7 +460,8 @@ main()
+ exit(0);
+ }
+ ], AC_NOTE(- your sockets are usable) sock=1,
+-AC_NOTE(- your sockets are not usable))
++AC_NOTE(- your sockets are not usable),
++AC_NOTE(- skipping check because we are cross compiling; assuming sockets are usable) sock=1)
+ rm -f /tmp/conftest*
+
+ if test -n "$sock"; then
+@@ -497,7 +500,8 @@ main()
+ }
+ ],AC_NOTE(- you are normal),
+ AC_NOTE(- unix domain sockets are not kept in the filesystem)
+-AC_DEFINE(SOCK_NOT_IN_FS) socknofs=1)
++AC_DEFINE(SOCK_NOT_IN_FS) socknofs=1,
++AC_NOTE(- skipping check because we are cross compiling; assuming sockets are normal))
+ rm -f /tmp/conftest*
+ fi
+
+@@ -624,7 +628,8 @@ main()
+ exit(0);
+ }
+ ],AC_NOTE(- select is ok),
+-AC_NOTE(- select can't count) AC_DEFINE(SELECT_BROKEN))
++AC_NOTE(- select can't count) AC_DEFINE(SELECT_BROKEN),
++AC_NOTE(- skipping check because we are cross compiling; assuming select is ok))
+
+ dnl
+ dnl **** termcap or terminfo ****
+@@ -666,7 +671,8 @@ main()
+ {
+ exit(strcmp(tgoto("%p1%d", 0, 1), "1") ? 0 : 1);
+ }], AC_NOTE(- you use the termcap database),
+-AC_NOTE(- you use the terminfo database) AC_DEFINE(TERMINFO))
++AC_NOTE(- you use the terminfo database) AC_DEFINE(TERMINFO),
++AC_NOTE(- skipping check because we are cross compiling; assuming terminfo database is used) AC_DEFINE(TERMINFO))
+ AC_CHECKING(ospeed)
+ AC_TRY_LINK(extern short ospeed;,ospeed=5;,,AC_DEFINE(NEED_OSPEED))
+
+@@ -801,7 +807,8 @@ main()
+ else
+ AC_NOTE(- can't determine - assume ptys are world accessable)
+ fi
+- ]
++ ],
++ AC_NOTE(- skipping check because we are cross compiling; assuming ptys are world accessable)
+ )
+ rm -f conftest_grp
+ fi
+@@ -885,7 +892,7 @@ AC_EGREP_CPP(yes,
+ #endif
+ ], load=1)
+ fi
+-if test -z "$load" ; then
++if test -z "$load" && test "$cross_compiling" = no ; then
+ AC_CHECKING(for kernelfile)
+ for core in /unix /vmunix /dynix /hp-ux /xelos /dev/ksyms /kernel/unix /kernel/genunix /unicos /mach /netbsd /386bsd /dgux /bsd /stand/vmunix; do
+ if test -f $core || test -c $core; then
+@@ -1078,7 +1085,7 @@ main()
+ #endif
+ exit(0);
+ }
+-],,AC_DEFINE(SYSVSIGS))
++],,AC_DEFINE(SYSVSIGS),:)
+
+ fi
+
+@@ -1158,7 +1165,7 @@ main() {
+ if (strncmp(buf, "cdedef", 6))
+ exit(1);
+ exit(0); /* libc version works properly. */
+-}], AC_DEFINE(USEBCOPY))
++}], AC_DEFINE(USEBCOPY),,:)
+
+ AC_TRY_RUN([
+ #define bcopy(s,d,l) memmove(d,s,l)
+@@ -1173,7 +1180,8 @@ main() {
+ if (strncmp(buf, "cdedef", 6))
+ exit(1);
+ exit(0); /* libc version works properly. */
+-}], AC_DEFINE(USEMEMMOVE))
++}], AC_DEFINE(USEMEMMOVE),,
++ AC_NOTE(- skipping check because we are cross compiling; use memmove) AC_DEFINE(USEMEMMOVE))
+
+ AC_SYS_LONG_FILE_NAMES
+
+--
+1.8.4.5
+
Added: branches/1.0/package/screen/screen-0004-cross-compilation-ignore-host-fs.patch
===================================================================
--- branches/1.0/package/screen/screen-0004-cross-compilation-ignore-host-fs.patch (rev 0)
+++ branches/1.0/package/screen/screen-0004-cross-compilation-ignore-host-fs.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -0,0 +1,132 @@
+From: Maarten ter Huurne <ma...@tr...>
+Date: Sun, 14 Sep 2014 07:10:59 +0200
+Subject: When cross-compiling, skip checks that look in the host file system
+
+Signed-off-by: Maarten ter Huurne <ma...@tr...>
+[Ricardo: rebase on top of 4.3.1]
+Signed-off-by: Ricardo Martincoski <ric...@gm...>
+---
+ configure.ac | 23 +++++++++++++++++++----
+ 1 file changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index c4b7cd4..9cf7cee 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -85,7 +85,7 @@ AC_ARG_ENABLE(socket-dir,
+ dnl
+ dnl **** special unix variants ****
+ dnl
+-if test -n "$ISC"; then
++if test "$cross_compiling" = no && test -n "$ISC" ; then
+ AC_DEFINE(ISC) LIBS="$LIBS -linet"
+ fi
+
+@@ -96,10 +96,11 @@ dnl AC_DEFINE(OSF1) # this disables MIPS again....
+ dnl fi
+ dnl fi
+
+-if test -f /sysV68 ; then
++if test "$cross_compiling" = no && test -f /sysV68 ; then
+ AC_DEFINE(sysV68)
+ fi
+
++if test "$cross_compiling" = no ; then
+ AC_CHECKING(for MIPS)
+ if test -f /lib/libmld.a || test -f /usr/lib/libmld.a || test -f /usr/lib/cmplrs/cc/libmld.a; then
+ oldlibs="$LIBS"
+@@ -123,6 +124,7 @@ AC_DEFINE(USE_WAIT2) LIBS="$LIBS -lbsd" ; CC="$CC -I/usr/include/bsd"
+ ))
+ fi
+ fi
++fi
+
+
+ AC_CHECKING(for Ultrix)
+@@ -132,7 +134,7 @@ AC_EGREP_CPP(yes,
+ #endif
+ ], ULTRIX=1)
+
+-if test -f /usr/lib/libpyr.a ; then
++if test "$cross_compiling" = no && test -f /usr/lib/libpyr.a ; then
+ oldlibs="$LIBS"
+ LIBS="$LIBS -lpyr"
+ AC_CHECKING(Pyramid OSX)
+@@ -679,17 +681,21 @@ AC_TRY_LINK(extern short ospeed;,ospeed=5;,,AC_DEFINE(NEED_OSPEED))
+ dnl
+ dnl **** PTY specific things ****
+ dnl
++if test "$cross_compiling" = no ; then
+ AC_CHECKING(for /dev/ptc)
+ if test -r /dev/ptc; then
+ AC_DEFINE(HAVE_DEV_PTC)
+ fi
++fi
+
++if test "$cross_compiling" = no ; then
+ AC_CHECKING(for SVR4 ptys)
+ sysvr4ptys=
+ if test -c /dev/ptmx ; then
+ AC_TRY_LINK([],[ptsname(0);grantpt(0);unlockpt(0);],[AC_DEFINE(HAVE_SVR4_PTYS)
+ sysvr4ptys=1])
+ fi
++fi
+
+ AC_CHECK_FUNCS(getpt)
+
+@@ -699,6 +705,7 @@ AC_CHECK_FUNCS(openpty,,
+ [AC_CHECK_LIB(util,openpty, [AC_DEFINE(HAVE_OPENPTY)] [LIBS="$LIBS -lutil"])])
+ fi
+
++if test "$cross_compiling" = no ; then
+ AC_CHECKING(for ptyranges)
+ if test -d /dev/ptym ; then
+ pdir='/dev/ptym'
+@@ -722,6 +729,7 @@ p1=`echo $ptys | tr ' ' '\012' | sed -e 's/^.*\(.\)$/\1/g' | sort -u | tr -d '\
+ AC_DEFINE_UNQUOTED(PTYRANGE0,"$p0")
+ AC_DEFINE_UNQUOTED(PTYRANGE1,"$p1")
+ fi
++fi
+
+ dnl **** pty mode/group handling ****
+ dnl
+@@ -869,14 +877,16 @@ fi
+ dnl
+ dnl **** loadav ****
+ dnl
++if test "$cross_compiling" = no ; then
+ AC_CHECKING(for libutil(s))
+ test -f /usr/lib/libutils.a && LIBS="$LIBS -lutils"
+ test -f /usr/lib/libutil.a && LIBS="$LIBS -lutil"
++fi
+
+ AC_CHECKING(getloadavg)
+ AC_TRY_LINK(,[getloadavg((double *)0, 0);],
+ AC_DEFINE(LOADAV_GETLOADAVG) load=1,
+-if test -f /usr/lib/libkvm.a ; then
++if test "$cross_compiling" = no && test -f /usr/lib/libkvm.a ; then
+ olibs="$LIBS"
+ LIBS="$LIBS -lkvm"
+ AC_CHECKING(getloadavg with -lkvm)
+@@ -1094,13 +1104,18 @@ dnl **** libraries ****
+ dnl
+
+ AC_CHECKING(for crypt and sec libraries)
++if test "$cross_compiling" = no ; then
+ test -f /lib/libcrypt_d.a || test -f /usr/lib/libcrypt_d.a && LIBS="$LIBS -lcrypt_d"
++fi
+ oldlibs="$LIBS"
+ LIBS="$LIBS -lcrypt"
+ AC_CHECKING(crypt)
+ AC_TRY_LINK(,,,LIBS="$oldlibs")
++if test "$cross_compiling" = no ; then
+ test -f /lib/libsec.a || test -f /usr/lib/libsec.a && LIBS="$LIBS -lsec"
+ test -f /lib/libshadow.a || test -f /usr/lib/libshadow.a && LIBS="$LIBS -lshadow"
++fi
++
+ oldlibs="$LIBS"
+ LIBS="$LIBS -lsun"
+ AC_CHECKING(IRIX sun library)
+--
+1.8.4.5
+
Added: branches/1.0/package/screen/screen-0005-avoid-identifying-as-SVR4.patch
===================================================================
--- branches/1.0/package/screen/screen-0005-avoid-identifying-as-SVR4.patch (rev 0)
+++ branches/1.0/package/screen/screen-0005-avoid-identifying-as-SVR4.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -0,0 +1,54 @@
+From: Maarten ter Huurne <ma...@tr...>
+Date: Sun, 14 Sep 2014 11:16:58 +0200
+Subject: Avoid mis-identifying systems as SVR4
+
+My openSUSE 13.1 Linux system was detected as SVR4 because it had
+libelf installed. This leads to linking with libelf, even though no
+symbols from that library were actually used, and to a workaround for
+a buggy getlogin() being enabled.
+
+It is not documented which exact SVR4 system had the bug that the
+workaround was added for, so all I could do is make an educated guess
+at the #defines its compiler would be likely to set.
+
+Signed-off-by: Maarten ter Huurne <ma...@tr...>
+[Ricardo: rebase on top of 4.3.1]
+Signed-off-by: Ricardo Martincoski <ric...@gm...>
+---
+ configure.ac | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 9cf7cee..e09e4cf 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -179,14 +179,24 @@ AC_EGREP_CPP(yes,
+ #endif
+ ], LIBS="$LIBS -lsocket -linet";seqptx=1)
+
++AC_CHECKING(SVR4)
++AC_EGREP_CPP(yes,
++[main () {
++#if defined(SVR4) || defined(__SVR4)
++ yes;
++#endif
++], AC_NOTE(- you have a SVR4 system) AC_DEFINE(SVR4) svr4=1)
++if test -n "$svr4" ; then
+ oldlibs="$LIBS"
+ LIBS="$LIBS -lelf"
+ AC_CHECKING(SVR4)
+ AC_TRY_LINK([#include <utmpx.h>
+ ],,
+-[AC_CHECK_HEADER(dwarf.h, AC_DEFINE(SVR4) AC_DEFINE(BUGGYGETLOGIN),
+-[AC_CHECK_HEADER(elf.h, AC_DEFINE(SVR4) AC_DEFINE(BUGGYGETLOGIN))])]
++[AC_CHECK_HEADER(dwarf.h, AC_DEFINE(BUGGYGETLOGIN),
++[AC_CHECK_HEADER(elf.h, AC_DEFINE(BUGGYGETLOGIN))])]
+ ,LIBS="$oldlibs")
++fi
++
+ AC_CHECK_HEADERS([stropts.h string.h strings.h])
+
+ AC_CHECKING(for Solaris 2.x)
+--
+1.8.4.5
+
Added: branches/1.0/package/screen/screen-0006-install-no-backup-binary.patch
===================================================================
--- branches/1.0/package/screen/screen-0006-install-no-backup-binary.patch (rev 0)
+++ branches/1.0/package/screen/screen-0006-install-no-backup-binary.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -0,0 +1,39 @@
+From: Maarten ter Huurne <ma...@tr...>
+Date: Sun, 14 Sep 2014 23:58:34 +0200
+Subject: Do not create backup of old installed binary
+
+This is a rather unusual feature that packagers will not expect.
+
+Signed-off-by: Maarten ter Huurne <ma...@tr...>
+---
+ Makefile.in | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 187a69b..65549e9 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -83,12 +83,9 @@ screen: $(OFILES)
+ $(OPTIONS) $(CFLAGS) $<
+
+ install_bin: .version screen
+- -if [ -f $(DESTDIR)$(bindir)/$(SCREEN) ] && [ ! -f $(DESTDIR)$(bindir)/$(SCREEN).old ]; \
+- then mv $(DESTDIR)$(bindir)/$(SCREEN) $(DESTDIR)$(bindir)/$(SCREEN).old; fi
+ $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN)
+ -chown root $(DESTDIR)$(bindir)/$(SCREEN) && chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN)
+ # This doesn't work if $(bindir)/screen is a symlink
+- -if [ -f $(DESTDIR)$(bindir)/screen ] && [ ! -f $(DESTDIR)$(bindir)/screen.old ]; then mv $(DESTDIR)$(bindir)/screen $(DESTDIR)$(bindir)/screen.old; fi
+ rm -f $(DESTDIR)$(bindir)/screen
+ (cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen)
+ cp $(srcdir)/utf8encodings/?? $(DESTDIR)$(SCREENENCODINGS)
+@@ -113,7 +110,6 @@ installdirs:
+ uninstall: .version
+ rm -f $(DESTDIR)$(bindir)/$(SCREEN)
+ rm -f $(DESTDIR)$(bindir)/screen
+- -mv $(DESTDIR)$(bindir)/screen.old $(DESTDIR)$(bindir)/screen
+ rm -f $(DESTDIR)$(ETCSCREENRC)
+ cd doc; $(MAKE) uninstall
+
+--
+1.8.4.5
+
Added: branches/1.0/package/screen/screen-0007-install-always-chmod.patch
===================================================================
--- branches/1.0/package/screen/screen-0007-install-always-chmod.patch (rev 0)
+++ branches/1.0/package/screen/screen-0007-install-always-chmod.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -0,0 +1,29 @@
+From: Maarten ter Huurne <ma...@tr...>
+Date: Mon, 15 Sep 2014 00:03:05 +0200
+Subject: Change binary permission flags even if chown fails
+
+Typically when creating a package, the build is not run as root, so
+the chown will fail. But the chmod can still be done.
+
+Signed-off-by: Maarten ter Huurne <ma...@tr...>
+---
+ Makefile.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 65549e9..3c12fdb 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -84,7 +84,8 @@ screen: $(OFILES)
+
+ install_bin: .version screen
+ $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN)
+- -chown root $(DESTDIR)$(bindir)/$(SCREEN) && chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN)
++ -chown root $(DESTDIR)$(bindir)/$(SCREEN)
++ -chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN)
+ # This doesn't work if $(bindir)/screen is a symlink
+ rm -f $(DESTDIR)$(bindir)/screen
+ (cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen)
+--
+1.8.4.5
+
Added: branches/1.0/package/screen/screen-0008-install-nonversioned-binary.patch
===================================================================
--- branches/1.0/package/screen/screen-0008-install-nonversioned-binary.patch (rev 0)
+++ branches/1.0/package/screen/screen-0008-install-nonversioned-binary.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -0,0 +1,31 @@
+From: Maarten ter Huurne <ma...@tr...>
+Date: Mon, 15 Sep 2014 00:06:20 +0200
+Subject: Support overriding SCREEN to get a non-versioned binary
+
+If a packager runs "make install SCREEN=screen", do not create
+"screen" as a symlink to itself.
+
+Signed-off-by: Maarten ter Huurne <ma...@tr...>
+---
+ Makefile.in | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Makefile.in b/Makefile.in
+index 3c12fdb..860f351 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -86,9 +86,11 @@ install_bin: .version screen
+ $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN)
+ -chown root $(DESTDIR)$(bindir)/$(SCREEN)
+ -chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN)
++ifneq (${SCREEN},screen)
+ # This doesn't work if $(bindir)/screen is a symlink
+ rm -f $(DESTDIR)$(bindir)/screen
+ (cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen)
++endif
+ cp $(srcdir)/utf8encodings/?? $(DESTDIR)$(SCREENENCODINGS)
+
+ ###############################################################################
+--
+1.8.4.5
+
Added: branches/1.0/package/screen/screen-0009-install-dir-dependency.patch
===================================================================
--- branches/1.0/package/screen/screen-0009-install-dir-dependency.patch (rev 0)
+++ branches/1.0/package/screen/screen-0009-install-dir-dependency.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -0,0 +1,43 @@
+From: Maarten ter Huurne <ma...@tr...>
+Date: Mon, 15 Sep 2014 02:27:09 +0200
+Subject: Ensure that installation dirs exist before copying files into them
+
+Since the "install_bin" target requires the installation directories
+to exist, it should depend on the "installdirs" target. The previous
+approach of having "install" depend on "installdirs" is not reliable.
+
+For example, in a parallel build, there was no guarantee that
+"installdirs" would be finished before "install_bin" runs. Also if
+the user requested only "install_bin" to be made, "installdirs" would
+be skipped altogether.
+
+Signed-off-by: Maarten ter Huurne <ma...@tr...>
+---
+ Makefile.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 860f351..f0fe08d 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -82,7 +82,7 @@ screen: $(OFILES)
+ $(CC) -c -I. -I$(srcdir) $(M_CFLAGS) $(CPPFLAGS) $(DEFS) \
+ $(OPTIONS) $(CFLAGS) $<
+
+-install_bin: .version screen
++install_bin: .version screen installdirs
+ $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN)
+ -chown root $(DESTDIR)$(bindir)/$(SCREEN)
+ -chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN)
+@@ -94,7 +94,7 @@ endif
+ cp $(srcdir)/utf8encodings/?? $(DESTDIR)$(SCREENENCODINGS)
+
+ ###############################################################################
+-install: installdirs install_bin
++install: install_bin
+ cd doc ; $(MAKE) install
+ -if [ -d /usr/lib/terminfo ]; then \
+ PATH="$$PATH:/usr/5bin" tic ${srcdir}/terminfo/screeninfo.src; \
+--
+1.8.4.5
+
Added: branches/1.0/package/screen/screen-0010-rename-sched_h.patch
===================================================================
--- branches/1.0/package/screen/screen-0010-rename-sched_h.patch (rev 0)
+++ branches/1.0/package/screen/screen-0010-rename-sched_h.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -0,0 +1,142 @@
+From: Maarten ter Huurne <ma...@tr...>
+Date: Mon, 15 Sep 2014 00:24:41 +0200
+Subject: Renamed sched.h to eventqueue.h
+
+There is a <sched.h> system header that got shadowed by "sched.h".
+While Screen itself doesn't include <sched.h>, other system headers
+might include it indirectly. This broke the build when using uClibc
+with pthread support.
+
+Signed-off-by: Maarten ter Huurne <ma...@tr...>
+---
+ eventqueue.h | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
+ sched.h | 48 ------------------------------------------------
+ screen.h | 2 +-
+ 3 files changed, 49 insertions(+), 49 deletions(-)
+ create mode 100644 eventqueue.h
+ delete mode 100644 sched.h
+
+diff --git a/eventqueue.h b/eventqueue.h
+new file mode 100644
+index 0000000..fdc3fc4
+--- /dev/null
++++ b/eventqueue.h
+@@ -0,0 +1,48 @@
++/* Copyright (c) 2008, 2009
++ * Juergen Weigert (jnw...@im...)
++ * Michael Schroeder (mls...@im...)
++ * Micah Cowan (mi...@co...)
++ * Sadrul Habib Chowdhury (sa...@us...)
++ * Copyright (c) 1993-2002, 2003, 2005, 2006, 2007
++ * Juergen Weigert (jnw...@im...)
++ * Michael Schroeder (mls...@im...)
++ * Copyright (c) 1987 Oliver Laumann
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3, or (at your option)
++ * any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program (see the file COPYING); if not, see
++ * http://www.gnu.org/licenses/, or contact Free Software Foundation, Inc.,
++ * 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
++ *
++ ****************************************************************
++ * $Id$ GNU
++ */
++
++struct event
++{
++ struct event *next;
++ void (*handler) __P((struct event *, char *));
++ char *data;
++ int fd;
++ int type;
++ int pri;
++ struct timeval timeout;
++ int queued; /* in evs queue */
++ int active; /* in fdset */
++ int *condpos; /* only active if condpos - condneg > 0 */
++ int *condneg;
++};
++
++#define EV_TIMEOUT 0
++#define EV_READ 1
++#define EV_WRITE 2
++#define EV_ALWAYS 3
+diff --git a/sched.h b/sched.h
+deleted file mode 100644
+index fdc3fc4..0000000
+--- a/sched.h
++++ /dev/null
+@@ -1,48 +0,0 @@
+-/* Copyright (c) 2008, 2009
+- * Juergen Weigert (jnw...@im...)
+- * Michael Schroeder (mls...@im...)
+- * Micah Cowan (mi...@co...)
+- * Sadrul Habib Chowdhury (sa...@us...)
+- * Copyright (c) 1993-2002, 2003, 2005, 2006, 2007
+- * Juergen Weigert (jnw...@im...)
+- * Michael Schroeder (mls...@im...)
+- * Copyright (c) 1987 Oliver Laumann
+- *
+- * This program is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 3, or (at your option)
+- * any later version.
+- *
+- * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with this program (see the file COPYING); if not, see
+- * http://www.gnu.org/licenses/, or contact Free Software Foundation, Inc.,
+- * 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
+- *
+- ****************************************************************
+- * $Id$ GNU
+- */
+-
+-struct event
+-{
+- struct event *next;
+- void (*handler) __P((struct event *, char *));
+- char *data;
+- int fd;
+- int type;
+- int pri;
+- struct timeval timeout;
+- int queued; /* in evs queue */
+- int active; /* in fdset */
+- int *condpos; /* only active if condpos - condneg > 0 */
+- int *condneg;
+-};
+-
+-#define EV_TIMEOUT 0
+-#define EV_READ 1
+-#define EV_WRITE 2
+-#define EV_ALWAYS 3
+diff --git a/screen.h b/screen.h
+index 603ca3f..34238c8 100644
+--- a/screen.h
++++ b/screen.h
+@@ -43,7 +43,7 @@
+ #include "osdef.h"
+
+ #include "ansi.h"
+-#include "sched.h"
++#include "eventqueue.h"
+ #include "acls.h"
+ #include "comm.h"
+ #include "layer.h"
+--
+1.8.4.5
+
Deleted: branches/1.0/package/screen/screen-cross_compile_fix.patch
===================================================================
--- branches/1.0/package/screen/screen-cross_compile_fix.patch 2016-07-17 19:26:32 UTC (rev 7757)
+++ branches/1.0/package/screen/screen-cross_compile_fix.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -1,524 +0,0 @@
---- a/configure.orig 2003-12-05 14:46:53.000000000 +0100
-+++ b/configure 2007-07-28 12:45:19.000000000 +0200
-@@ -124,7 +124,7 @@
- fi
- if test ! -f "$as_myself"; then
- { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
-- { (exit 1); exit 1; }; }
-+ }
- fi
- case $CONFIG_SHELL in
- '')
-@@ -174,7 +174,7 @@
- ' >$as_me.lineno &&
- chmod +x $as_me.lineno ||
- { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
-- { (exit 1); exit 1; }; }
-+ }
-
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
-@@ -397,7 +397,7 @@
- # Reject names that are not valid shell variable names.
- expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid feature name: $ac_feature" >&2
-- { (exit 1); exit 1; }; }
-+ }
- ac_feature=`echo $ac_feature | sed 's/-/_/g'`
- eval "enable_$ac_feature=no" ;;
-
-@@ -406,7 +406,7 @@
- # Reject names that are not valid shell variable names.
- expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid feature name: $ac_feature" >&2
-- { (exit 1); exit 1; }; }
-+ }
- ac_feature=`echo $ac_feature | sed 's/-/_/g'`
- case $ac_option in
- *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
-@@ -588,7 +588,7 @@
- # Reject names that are not valid shell variable names.
- expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid package name: $ac_package" >&2
-- { (exit 1); exit 1; }; }
-+ }
- ac_package=`echo $ac_package| sed 's/-/_/g'`
- case $ac_option in
- *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
-@@ -601,7 +601,7 @@
- # Reject names that are not valid shell variable names.
- expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid package name: $ac_package" >&2
-- { (exit 1); exit 1; }; }
-+ }
- ac_package=`echo $ac_package | sed 's/-/_/g'`
- eval "with_$ac_package=no" ;;
-
-@@ -625,7 +625,7 @@
-
- -*) { echo "$as_me: error: unrecognized option: $ac_option
- Try \`$0 --help' for more information." >&2
-- { (exit 1); exit 1; }; }
-+ }
- ;;
-
- *=*)
-@@ -633,7 +633,7 @@
- # Reject names that are not valid shell variable names.
- expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
-- { (exit 1); exit 1; }; }
-+ }
- ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
- eval "$ac_envvar='$ac_optarg'"
- export $ac_envvar ;;
-@@ -652,7 +652,7 @@
- if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- { echo "$as_me: error: missing argument to $ac_option" >&2
-- { (exit 1); exit 1; }; }
-+ }
- fi
-
- # Be sure to have absolute paths.
-@@ -662,7 +662,7 @@
- case $ac_val in
- [\\/$]* | ?:[\\/]* | NONE | '' ) ;;
- *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
-- { (exit 1); exit 1; }; };;
-+ };;
- esac
- done
-
-@@ -674,7 +674,7 @@
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) ;;
- *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
-- { (exit 1); exit 1; }; };;
-+ };;
- esac
- done
-
-@@ -728,15 +728,15 @@
- if test ! -r $srcdir/$ac_unique_file; then
- if test "$ac_srcdir_defaulted" = yes; then
- { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
-- { (exit 1); exit 1; }; }
-+ }
- else
- { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
-- { (exit 1); exit 1; }; }
-+ }
- fi
- fi
- (cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null ||
- { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2
-- { (exit 1); exit 1; }; }
-+ }
- srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
- ac_env_build_alias_set=${build_alias+set}
- ac_env_build_alias_value=$build_alias
-@@ -1243,7 +1243,7 @@
- echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
- echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
-
- ac_ext=c
-@@ -1734,7 +1734,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: no acceptable C compiler found in \$PATH
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
-
- # Provide some information about the compiler.
- echo "$as_me:$LINENO:" \
-@@ -1856,7 +1856,7 @@
- echo "$as_me: error: cannot run C compiled programs.
- If you meant to cross compile, use \`--host'.
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
- fi
- fi
-@@ -1898,7 +1898,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
-
- rm -f conftest$ac_cv_exeext
-@@ -1950,7 +1950,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot compute suffix of object files: cannot compile
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
-
- rm -f conftest.$ac_cv_objext conftest.$ac_ext
-@@ -2514,7 +2514,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
-
- ac_ext=c
-@@ -2704,7 +2704,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -2753,7 +2753,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -2790,7 +2790,7 @@
-
- { { echo "$as_me:$LINENO: error: Can't run the compiler - sorry" >&5
- echo "$as_me: error: Can't run the compiler - sorry" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
- rm -f core core.* *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
- fi
-@@ -2800,7 +2800,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -2830,7 +2830,7 @@
- (exit $ac_status); }; }; then
- { { echo "$as_me:$LINENO: error: Your compiler does not set the exit status - sorry" >&5
- echo "$as_me: error: Your compiler does not set the exit status - sorry" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- echo "$as_me: program exited with status $ac_status" >&5
- echo "$as_me: failed program was:" >&5
-@@ -2900,7 +2900,7 @@
- if test -z "$ac_aux_dir"; then
- { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
- echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
- ac_config_guess="$SHELL $ac_aux_dir/config.guess"
- ac_config_sub="$SHELL $ac_aux_dir/config.sub"
-@@ -4149,7 +4149,7 @@
-
- { { echo "$as_me:$LINENO: error: !!! no select - no screen" >&5
- echo "$as_me: error: !!! no select - no screen" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
- rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-@@ -4163,7 +4163,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -4272,7 +4272,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -4365,7 +4365,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -4460,7 +4460,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -4562,7 +4562,7 @@
- else
- { { echo "$as_me:$LINENO: error: you have neither usable sockets nor usable pipes -> no screen" >&5
- echo "$as_me: error: you have neither usable sockets nor usable pipes -> no screen" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
-
-
-@@ -4573,7 +4573,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -4898,7 +4898,7 @@
-
- { { echo "$as_me:$LINENO: error: !!! no tgetent - no screen" >&5
- echo "$as_me: error: !!! no tgetent - no screen" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
- rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
- fi
-@@ -4915,7 +4915,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -5359,7 +5359,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -6206,7 +6206,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -6482,7 +6482,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -6598,8 +6598,6 @@
- LIBS="$oldlibs"
- fi
- rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
--test -f /lib/libsec.a || test -f /usr/lib/libsec.a && LIBS="$LIBS -lsec"
--test -f /lib/libshadow.a || test -f /usr/lib/libshadow.a && LIBS="$LIBS -lshadow"
- oldlibs="$LIBS"
- LIBS="$LIBS -lsun"
- { echo "$as_me:$LINENO: checking IRIX sun library..." >&5
-@@ -7004,7 +7002,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -7056,7 +7054,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -7110,7 +7108,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -7951,7 +7949,7 @@
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- else
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
-@@ -7982,7 +7980,7 @@
- ( exit $ac_status )
- { { echo "$as_me:$LINENO: error: Can't run the compiler - internal error. Sorry." >&5
- echo "$as_me: error: Can't run the compiler - internal error. Sorry." >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
- rm -f core core.* *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
- fi
-@@ -8251,7 +8249,7 @@
- if test ! -f "$as_myself"; then
- { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
- echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi
- case $CONFIG_SHELL in
- '')
-@@ -8302,7 +8300,7 @@
- chmod +x $as_me.lineno ||
- { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
- echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
-
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
-@@ -8494,7 +8492,7 @@
- Try \`$0 --help' for more information." >&5
- echo "$as_me: error: ambiguous option: $1
- Try \`$0 --help' for more information." >&2;}
-- { (exit 1); exit 1; }; };;
-+ };;
- --help | --hel | -h )
- echo "$ac_cs_usage"; exit 0 ;;
- --debug | --d* | -d )
-@@ -8516,7 +8514,7 @@
- Try \`$0 --help' for more information." >&5
- echo "$as_me: error: unrecognized option: $1
- Try \`$0 --help' for more information." >&2;}
-- { (exit 1); exit 1; }; } ;;
-+ } ;;
-
- *) ac_config_targets="$ac_config_targets $1" ;;
-
-@@ -8555,7 +8553,7 @@
- "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
- *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
- echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
-- { (exit 1); exit 1; }; };;
-+ };;
- esac
- done
-
-@@ -8750,7 +8748,7 @@
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
- echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
-- { (exit 1); exit 1; }; }; }
-+ }; }
-
- ac_builddir=.
-
-@@ -8816,7 +8814,7 @@
- # Absolute (can't be DOS-style, as IFS=:)
- test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
- echo "$as_me: error: cannot find input file: $f" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- echo $f;;
- *) # Relative
- if test -f "$f"; then
-@@ -8829,7 +8827,7 @@
- # /dev/null tree
- { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
- echo "$as_me: error: cannot find input file: $f" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi;;
- esac
- done` || { (exit 1); exit 1; }
-@@ -8907,7 +8905,7 @@
- # Absolute (can't be DOS-style, as IFS=:)
- test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
- echo "$as_me: error: cannot find input file: $f" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- echo $f;;
- *) # Relative
- if test -f "$f"; then
-@@ -8920,7 +8918,7 @@
- # /dev/null tree
- { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
- echo "$as_me: error: cannot find input file: $f" >&2;}
-- { (exit 1); exit 1; }; }
-+ }
- fi;;
- esac
- done` || { (exit 1); exit 1; }
-@@ -9073,7 +9071,7 @@
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
- echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
-- { (exit 1); exit 1; }; }; }
-+ }; }
-
- rm -f $ac_file
- mv $tmp/config.h $ac_file
---- a/pty.c.orig 2003-09-08 16:26:18.000000000 +0200
-+++ b/pty.c 2007-07-28 12:45:19.000000000 +0200
-@@ -34,9 +34,9 @@
- #endif
-
- /* for solaris 2.1, Unixware (SVR4.2) and possibly others */
--#ifdef HAVE_SVR4_PTYS
--# include <sys/stropts.h>
--#endif
-+//#ifdef HAVE_SVR4_PTYS
-+//# include <sys/stropts.h>
-+//#endif
-
- #if defined(sun) && defined(LOCKPTY) && !defined(TIOCEXCL)
- # include <sys/ttold.h>
---- a/sched.h.orig 2002-01-08 16:42:43.000000000 +0100
-+++ b/sched.h 2007-07-28 12:45:19.000000000 +0200
-@@ -22,6 +22,11 @@
- * $Id: sched.h,v 1.1.1.1 1993/06/16 23:51:13 jnweiger Exp $ FAU
- */
-
-+#ifndef __SCHED_H
-+#define __SCHED_H
-+
-+#include <sys/time.h>
-+
- struct event
- {
- struct event *next;
-@@ -41,3 +46,5 @@
- #define EV_READ 1
- #define EV_WRITE 2
- #define EV_ALWAYS 3
-+
-+#endif
Deleted: branches/1.0/package/screen/screen-install-fix.patch
===================================================================
--- branches/1.0/package/screen/screen-install-fix.patch 2016-07-17 19:26:32 UTC (rev 7757)
+++ branches/1.0/package/screen/screen-install-fix.patch 2016-07-20 14:41:24 UTC (rev 7758)
@@ -1,21 +0,0 @@
-diff -ru screen-4.0.2_vanilla/Makefile.in screen-4.0.2_install-fixup/Makefile.in
---- screen-4.0.2_vanilla/Makefile.in 2003-12-05 13:59:39.000000000 +0000
-+++ screen-4.0.2_install-fixup/Makefile.in 2009-01-03 15:20:22.000000000 +0000
-@@ -71,14 +71,9 @@
- $(CC) -c -I. -I$(srcdir) $(M_CFLAGS) $(DEFS) $(OPTIONS) $(CFLAGS) $<
-
- install_bin: .version screen
-- -if [ -f $(DESTDIR)$(bindir)/$(SCREEN) ] && [ ! -f $(DESTDIR)$(bindir)/$(SCREEN).old ]; \
-- then mv $(DESTDIR)$(bindir)/$(SCREEN) $(DESTDIR)$(bindir)/$(SCREEN).old; fi
-- $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN)
-- -chown root $(DESTDIR)$(bindir)/$(SCREEN) && chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN)
--# This doesn't work if $(bindir)/screen is a symlink
-- -if [ -f $(DESTDIR)$(bindir)/screen ] && [ ! -f $(DESTDIR)$(bindir)/screen.old ]; then mv $(DESTDIR)$(bindir)/screen $(DESTDIR)$(bindir)/screen.old; fi
-- rm -f $(DESTDIR)$(bindir)/screen
-- (cd $(DESTDIR)$(bindir) && ln -sf $(SCREEN) screen)
-+ $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/screen
-+ -chmod 4755 $(DESTDIR)$(bindir)/screen
-+ mkdir -p $(DESTDIR)$(SCREENENCODINGS)
- cp $(srcdir)/utf8encodings/?? $(DESTDIR)$(SCREENENCODINGS)
-
- ###############################################################################
Modified: branches/1.0/package/screen/screen.mk
===================================================================
--- branches/1.0/package/screen/screen.mk 2016-07-17 19:26:32 UTC (rev 7757)
+++ branches/1.0/package/screen/screen.mk 2016-07-20 14:41:24 UTC (rev 7758)
@@ -4,11 +4,17 @@
#
#############################################################
-SCREEN_VERSION = 4.0.3
+SCREEN_VERSION = 4.4.0
SCREEN_SITE = $(BR2_GNU_MIRROR)/screen
SCREEN_DEPENDENCIES = ncurses
-SCREEN_CONF_ENV = CFLAGS=-DSYSV=1
-SCREEN_MAKE_OPT = -j1
+SCREEN_AUTORECONF = YES
+SCREEN_CONF_ENV = CFLAGS="$(TARGET_CFLAGS)"
SCREEN_INSTALL_TARGET_OPT = DESTDIR=$(TARGET_DIR) SCREEN=screen install_bin
+define SCREEN_INSTALL_SCREENRC
+ $(INSTALL) -m 0755 -D $(@D)/etc/screenrc $(TARGET_DIR)/etc/screenrc
+endef
+
+SCREEN_POST_INSTALL_TARGET_HOOKS += SCREEN_INSTALL_SCREENRC
+
$(eval $(call AUTOTARGETS,package,screen))
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-17 19:26:33
|
Revision: 7757
http://sourceforge.net/p/astlinux/code/7757
Author: abelbeck
Date: 2016-07-17 19:26:32 +0000 (Sun, 17 Jul 2016)
Log Message:
-----------
beta-run-image-upload script, upload the current ChangeLog.txt with the beta images
Modified Paths:
--------------
branches/1.0/scripts/beta-run-image-upload
Modified: branches/1.0/scripts/beta-run-image-upload
===================================================================
--- branches/1.0/scripts/beta-run-image-upload 2016-07-16 13:30:19 UTC (rev 7756)
+++ branches/1.0/scripts/beta-run-image-upload 2016-07-17 19:26:32 UTC (rev 7757)
@@ -9,6 +9,10 @@
S3_BUCKET="beta.astlinux-project"
+CHANGELOG="docs/ChangeLog.txt"
+
+CHANGELOG_DIR="astlinux-changelog"
+
success_count=0
delete_dir()
@@ -108,11 +112,18 @@
fi
fi
+if [ ! -f "$CHANGELOG" ]; then
+ echo "beta-run-image-upload: changelog file \"$CHANGELOG\" not found."
+ exit 1
+fi
+
if [ ! -f "$auth_file" ]; then
echo "beta-run-image-upload: authentication file \"$auth_file\" not found."
exit 1
fi
+# Remove pre-existing ChangeLog.txt
+delete_dir "$CHANGELOG_DIR"
for asterisk in ast18 ast11 ast13; do
@@ -126,6 +137,9 @@
done
+# Upload current ChangeLog.txt
+upload_file "$CHANGELOG_DIR" "$CHANGELOG"
+
echo "
##
## Beta Run-Image Upload Finished for '$success_count' Images
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-16 13:30:22
|
Revision: 7756
http://sourceforge.net/p/astlinux/code/7756
Author: abelbeck
Date: 2016-07-16 13:30:19 +0000 (Sat, 16 Jul 2016)
Log Message:
-----------
update ChangeLog
Modified Paths:
--------------
branches/1.0/docs/ChangeLog.txt
Modified: branches/1.0/docs/ChangeLog.txt
===================================================================
--- branches/1.0/docs/ChangeLog.txt 2016-07-16 13:22:59 UTC (rev 7755)
+++ branches/1.0/docs/ChangeLog.txt 2016-07-16 13:30:19 UTC (rev 7756)
@@ -16,6 +16,8 @@
** Networking
+-- Added a 4th LAN Interface configuration entry
+
-- arnofw (AIF), version bump to 2.0.1g-RC1
** Asterisk
@@ -28,6 +30,8 @@
** Web Interface
+-- Network tab, add 4th LAN Interface. Added 4th LAN support to Firewall sub-tab and PhoneProv tab.
+
-- Network -> Firewall sub-tab, add "Deny LAN to DMZ" option for specified LAN Interfaces.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-16 13:23:03
|
Revision: 7755
http://sourceforge.net/p/astlinux/code/7755
Author: abelbeck
Date: 2016-07-16 13:22:59 +0000 (Sat, 16 Jul 2016)
Log Message:
-----------
Add 4th LAN Interface
Modified Paths:
--------------
branches/1.0/package/arnofw/arnofw.wrapper
branches/1.0/package/darkstat/darkstat.init
branches/1.0/package/dnsmasq/dnsmasq.init
branches/1.0/package/miniupnpd/miniupnpd.init
branches/1.0/package/msmtp/testmail.sh
branches/1.0/package/phoneprov-tools/phoneprov-build
branches/1.0/package/phoneprov-tools/phoneprov-massdeployment
branches/1.0/package/webinterface/altweb/admin/firewall.php
branches/1.0/package/webinterface/altweb/admin/network.php
branches/1.0/package/webinterface/altweb/admin/phoneprov.php
branches/1.0/project/astlinux/target_skeleton/etc/init.d/alert
branches/1.0/project/astlinux/target_skeleton/etc/init.d/functions.d/misc
branches/1.0/project/astlinux/target_skeleton/etc/init.d/network
branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
Modified: branches/1.0/package/arnofw/arnofw.wrapper
===================================================================
--- branches/1.0/package/arnofw/arnofw.wrapper 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/package/arnofw/arnofw.wrapper 2016-07-16 13:22:59 UTC (rev 7755)
@@ -125,6 +125,9 @@
INT3IF)
lanif="$INT3IF"
;;
+ INT4IF)
+ lanif="$INT4IF"
+ ;;
esac
if [ -z "$lanif" ]; then
@@ -206,6 +209,8 @@
addINTERNALnet "$INT3IF" "$INT3IP" "$INT3NM"
+ addINTERNALnet "$INT4IF" "$INT4IP" "$INT4NM"
+
setDMZnet "$DMZIF" "$DMZIP" "$DMZNM"
MODEM_IF=""
Modified: branches/1.0/package/darkstat/darkstat.init
===================================================================
--- branches/1.0/package/darkstat/darkstat.init 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/package/darkstat/darkstat.init 2016-07-16 13:22:59 UTC (rev 7755)
@@ -36,7 +36,7 @@
}
start () {
- local promisc="" interfaces="" f_ext="" f_lan="" f_lan2="" f_lan3="" f_dmz=""
+ local promisc="" interfaces="" f_ext="" f_int="" f_int2="" f_int3="" f_int4="" f_dmz=""
if [ "$NETSTAT_SERVER" = "darkstat" ]; then
echo "Starting darkstat..."
@@ -70,6 +70,10 @@
interfaces="$interfaces${interfaces:+ }-i $INT3IF"
f_int3="$NETSTAT_FILTER"
fi
+ if is_darkstat_enabled INT4IF && is_interface_enabled "$INT4IF" "$INT4IP" "$INT4NM"; then
+ interfaces="$interfaces${interfaces:+ }-i $INT4IF"
+ f_int4="$NETSTAT_FILTER"
+ fi
if is_darkstat_enabled DMZIF && is_interface_enabled "$DMZIF" "$DMZIP" "$DMZNM"; then
interfaces="$interfaces${interfaces:+ }-i $DMZIF"
f_dmz="$NETSTAT_FILTER"
@@ -80,7 +84,7 @@
fi
darkstat ${interfaces} --chroot $CHROOT_DIR --pidfile $PIDFILE --syslog ${promisc}${f_ext:+ -f "$f_ext"} \
- ${f_int:+ -f "$f_int"}${f_int2:+ -f "$f_int2"}${f_int3:+ -f "$f_int3"}${f_dmz:+ -f "$f_dmz"} \
+ ${f_int:+ -f "$f_int"}${f_int2:+ -f "$f_int2"}${f_int3:+ -f "$f_int3"}${f_int4:+ -f "$f_int4"}${f_dmz:+ -f "$f_dmz"} \
-b 127.0.0.1 -p 667 --base /admin/netstat/ $NETSTAT_OPTIONS
fi
}
Modified: branches/1.0/package/dnsmasq/dnsmasq.init
===================================================================
--- branches/1.0/package/dnsmasq/dnsmasq.init 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/package/dnsmasq/dnsmasq.init 2016-07-16 13:22:59 UTC (rev 7755)
@@ -149,6 +149,13 @@
break
fi
;;
+ INT4IF)
+ if [ "$tag" = "lan4" ]; then
+ dhcpv6="$DHCPV6_CLIENT_ENABLE"
+ prefix="$(addr_to_prefix64 "$INT4IPV6")"
+ break
+ fi
+ ;;
DMZIF)
if [ "$tag" = "dmz" ]; then
dhcpv6="$DHCPV6_CLIENT_ENABLE"
@@ -323,7 +330,7 @@
is_DHCP_active()
{
- for intf in $INTIF $INT2IF $INT3IF $DMZIF; do
+ for intf in $INTIF $INT2IF $INT3IF $INT4IF $DMZIF; do
if [ "$intf" != "none" ] && isDHCPinterface $intf; then
return 0
fi
@@ -400,6 +407,8 @@
addDNSMASQnet "$INT3IF" "$INT3IP" "$INT3NM" lan3 >> /tmp/etc/dnsmasq.conf
+ addDNSMASQnet "$INT4IF" "$INT4IP" "$INT4NM" lan4 >> /tmp/etc/dnsmasq.conf
+
addDNSMASQnet "$DMZIF" "$DMZIP" "$DMZNM" dmz >> /tmp/etc/dnsmasq.conf
if is_EXTDHCP_active; then
Modified: branches/1.0/package/miniupnpd/miniupnpd.init
===================================================================
--- branches/1.0/package/miniupnpd/miniupnpd.init 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/package/miniupnpd/miniupnpd.init 2016-07-16 13:22:59 UTC (rev 7755)
@@ -155,6 +155,10 @@
echo "listening_ip=$INT3IP/$INT3NM" >> $MINIUPNPD_CONF
RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $INT3IP $INT3NM) 1024-65535"
fi
+ if is_upnp_enabled INT4IF && is_interface_enabled "$INT4IF" "$INT4IP" "$INT4NM"; then
+ echo "listening_ip=$INT4IP/$INT4NM" >> $MINIUPNPD_CONF
+ RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $INT4IP $INT4NM) 1024-65535"
+ fi
if is_upnp_enabled DMZIF && is_interface_enabled "$DMZIF" "$DMZIP" "$DMZNM"; then
echo "listening_ip=$DMZIP/$DMZNM" >> $MINIUPNPD_CONF
RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $DMZIP $DMZNM) 1024-65535"
Modified: branches/1.0/package/msmtp/testmail.sh
===================================================================
--- branches/1.0/package/msmtp/testmail.sh 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/package/msmtp/testmail.sh 2016-07-16 13:22:59 UTC (rev 7755)
@@ -64,6 +64,9 @@
if [ -n "$INT3IF" ]; then
echo "3rd LAN IPv4 Network: $(dev_to_ipv4_network $INT3IF)"
fi
+ if [ -n "$INT4IF" ]; then
+ echo "4th LAN IPv4 Network: $(dev_to_ipv4_network $INT4IF)"
+ fi
if [ -n "$DMZIF" ]; then
echo "The DMZ IPv4 Network: $(dev_to_ipv4_network $DMZIF)"
fi
Modified: branches/1.0/package/phoneprov-tools/phoneprov-build
===================================================================
--- branches/1.0/package/phoneprov-tools/phoneprov-build 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/package/phoneprov-tools/phoneprov-build 2016-07-16 13:22:59 UTC (rev 7755)
@@ -21,7 +21,7 @@
Options:
-f, --force-overwrite Overwrite existing files
-h, --help Show this help text
- -i, --if-name Interface Name: INTIF, INT2IF, INT3IF, EXTIF, ethN, brN
+ -i, --if-name Interface Name: INTIF, INT2IF, INT3IF, INT4IF, EXTIF, ethN, brN
Defaults to config variable PHONEPROV_GW_IF
'
exit 1
@@ -266,6 +266,10 @@
sip_server_if="$INT3IF"
sip_server_ipv4="$INT3IP"
;;
+ INT4IF)
+ sip_server_if="$INT4IF"
+ sip_server_ipv4="$INT4IP"
+ ;;
EXTIF)
sip_server_if="$EXTIF"
sip_server_ipv4="$(find_ipv4_from_if $EXTIF)"
Modified: branches/1.0/package/phoneprov-tools/phoneprov-massdeployment
===================================================================
--- branches/1.0/package/phoneprov-tools/phoneprov-massdeployment 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/package/phoneprov-tools/phoneprov-massdeployment 2016-07-16 13:22:59 UTC (rev 7755)
@@ -21,7 +21,7 @@
-A, --only-pass Same as "-a, --auto-pass" without further processing
-f, --force-overwrite Overwrite existing files
-h, --help Show this help text
- -i, --if-name Interface Name: INTIF, INT2IF, INT3IF, EXTIF, ethN, brN
+ -i, --if-name Interface Name: INTIF, INT2IF, INT3IF, INT4IF, EXTIF, ethN, brN
Defaults to config variable PHONEPROV_GW_IF
-p, --partial Partial input, append "dialplan" and "sip" entries to existing
-r, --auto-reload Automatically reload Asterisk "dialplan" and "sip" on success
Modified: branches/1.0/package/webinterface/altweb/admin/firewall.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/firewall.php 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/package/webinterface/altweb/admin/firewall.php 2016-07-16 13:22:59 UTC (rev 7755)
@@ -90,20 +90,47 @@
'INTIF' => '1st',
'INT2IF' => '2nd',
'INT3IF' => '3rd',
- 'INTIF INT2IF' => '1st and 2nd',
- 'INTIF INT3IF' => '1st and 3rd',
- 'INT2IF INT3IF' => '2nd and 3rd',
- 'INTIF INT2IF INT3IF' => '1st and 2nd and 3rd'
+ 'INT4IF' => '4th',
+ 'INTIF INT2IF' => '1st, 2nd',
+ 'INTIF INT3IF' => '1st, 3rd',
+ 'INTIF INT4IF' => '1st, 4th',
+ 'INT2IF INT3IF' => '2nd, 3rd',
+ 'INT2IF INT4IF' => '2nd, 4th',
+ 'INT3IF INT4IF' => '3rd, 4th',
+ 'INTIF INT2IF INT3IF' => '1st, 2nd, 3rd',
+ 'INTIF INT2IF INT4IF' => '1st, 2nd, 4th',
+ 'INTIF INT3IF INT4IF' => '1st, 3rd, 4th',
+ 'INT2IF INT3IF INT4IF' => '2nd, 3rd, 4th',
+ 'INTIF INT2IF INT3IF INT4IF' => '1st, 2nd, 3rd, 4th'
);
$allowlans_label = array (
- 'INTIF INT2IF' => '1st and 2nd',
- 'INTIF INT3IF' => '1st and 3rd',
- 'INT2IF INT3IF' => '2nd and 3rd',
- 'INTIF INT2IF~INTIF INT3IF' => '1st and 2nd, 1st and 3rd',
- 'INTIF INT2IF~INT2IF INT3IF' => '1st and 2nd, 2nd and 3rd',
- 'INTIF INT3IF~INT2IF INT3IF' => '1st and 3rd, 2nd and 3rd',
- 'INTIF INT2IF INT3IF' => '1st and 2nd and 3rd'
+ 'INTIF INT2IF' => '1st + 2nd',
+ 'INTIF INT3IF' => '1st + 3rd',
+ 'INTIF INT4IF' => '1st + 4th',
+ 'INT2IF INT3IF' => '2nd + 3rd',
+ 'INT2IF INT4IF' => '2nd + 4th',
+ 'INT3IF INT4IF' => '3rd + 4th',
+ 'INTIF INT2IF INT3IF' => '1st + 2nd + 3rd',
+ 'INTIF INT2IF INT4IF' => '1st + 2nd + 4th',
+ 'INTIF INT3IF INT4IF' => '1st + 3rd + 4th',
+ 'INT2IF INT3IF INT4IF' => '2nd + 3rd + 4th',
+ 'INTIF INT2IF INT3IF INT4IF' => '1st + 2nd + 3rd + 4th',
+ 'INTIF INT2IF~INTIF INT3IF' => '1st + 2nd, 1st + 3rd',
+ 'INTIF INT2IF~INTIF INT4IF' => '1st + 2nd, 1st + 4th',
+ 'INTIF INT2IF~INT2IF INT3IF' => '1st + 2nd, 2nd + 3rd',
+ 'INTIF INT2IF~INT2IF INT4IF' => '1st + 2nd, 2nd + 4th',
+ 'INTIF INT2IF~INT3IF INT4IF' => '1st + 2nd, 3rd + 4th',
+ 'INTIF INT3IF~INTIF INT4IF' => '1st + 3rd, 1st + 4th',
+ 'INTIF INT3IF~INT2IF INT3IF' => '1st + 3rd, 2nd + 3rd',
+ 'INTIF INT3IF~INT2IF INT4IF' => '1st + 3rd, 2nd + 4th',
+ 'INTIF INT3IF~INT3IF INT4IF' => '1st + 3rd, 3rd + 4th',
+ 'INTIF INT4IF~INT2IF INT3IF' => '1st + 4th, 2nd + 3rd',
+ 'INTIF INT4IF~INT2IF INT4IF' => '1st + 4th, 2nd + 4th',
+ 'INTIF INT4IF~INT3IF INT4IF' => '1st + 4th, 3rd + 4th',
+ 'INT2IF INT3IF~INT2IF INT4IF' => '2nd + 3rd, 2nd + 4th',
+ 'INT2IF INT3IF~INT3IF INT4IF' => '2nd + 3rd, 3rd + 4th',
+ 'INT2IF INT4IF~INT3IF INT4IF' => '2nd + 4th, 3rd + 4th'
);
$lan_default_policy_label = array (
Modified: branches/1.0/package/webinterface/altweb/admin/network.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/network.php 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/package/webinterface/altweb/admin/network.php 2016-07-16 13:22:59 UTC (rev 7755)
@@ -38,6 +38,7 @@
// 08-21-2015, Added Fossil - Software Configuration Management
// 11-01-2015, Added DHCPv6 support
// 06-07-2016, Added Avahi mDNS/DNS-SD support
+// 07-15-2016, Added 4th LAN Interface
//
// System location of rc.conf file
$CONFFILE = '/etc/rc.conf';
@@ -150,6 +151,7 @@
$eth[] = $_POST['int_eth'];
$eth[] = $_POST['int2_eth'];
$eth[] = $_POST['int3_eth'];
+ $eth[] = $_POST['int4_eth'];
$eth[] = $_POST['dmz_eth'];
foreach ($eth as $ki => $i) {
@@ -163,7 +165,7 @@
}
if ($_POST['dmz_eth'] !== '') {
- if ($_POST['int_eth'] === '' && $_POST['int2_eth'] === '' && $_POST['int3_eth'] === '') {
+ if ($_POST['int_eth'] === '' && $_POST['int2_eth'] === '' && $_POST['int3_eth'] === '' && $_POST['int4_eth'] === '') {
return(101);
}
}
@@ -333,6 +335,22 @@
$value = 'INT3IPV6="'.$value.'"';
fwrite($fp, "### 3rd LAN IPv6\n".$value."\n");
+ $value = 'INT4IF="'.$_POST['int4_eth'].'"';
+ fwrite($fp, "### 4th LAN Interface\n".$value."\n");
+
+ $value = 'INT4IP="'.tuq($_POST['int4_ip']).'"';
+ fwrite($fp, "### 4th LAN IPv4\n".$value."\n");
+
+ $value = 'INT4NM="'.tuq($_POST['int4_mask_ip']).'"';
+ fwrite($fp, "### 4th LAN NetMask\n".$value."\n");
+
+ $value = tuq($_POST['int4_ipv6']);
+ if ($value !== '' && strpos($value, '/') === FALSE) {
+ $value="$value/64";
+ }
+ $value = 'INT4IPV6="'.$value.'"';
+ fwrite($fp, "### 4th LAN IPv6\n".$value."\n");
+
$value = 'DMZIF="'.$_POST['dmz_eth'].'"';
fwrite($fp, "### DMZ Interface\n".$value."\n");
@@ -355,6 +373,7 @@
$x_value = $_POST['int_autoconf'];
$x_value .= $_POST['int2_autoconf'];
$x_value .= $_POST['int3_autoconf'];
+ $x_value .= $_POST['int4_autoconf'];
$x_value .= $_POST['dmz_autoconf'];
$value = 'IPV6_AUTOCONF="'.trim($x_value).'"';
fwrite($fp, "### IPv6 Autoconfig\n".$value."\n");
@@ -457,6 +476,9 @@
if (isset($_POST['netstat_INT3IF'])) {
$x_value .= ' INT3IF';
}
+ if (isset($_POST['netstat_INT4IF'])) {
+ $x_value .= ' INT4IF';
+ }
if (isset($_POST['netstat_DMZIF'])) {
$x_value .= ' DMZIF';
}
@@ -483,6 +505,9 @@
if (isset($_POST['upnp_INT3IF'])) {
$x_value .= ' INT3IF';
}
+ if (isset($_POST['upnp_INT4IF'])) {
+ $x_value .= ' INT4IF';
+ }
if (isset($_POST['upnp_DMZIF'])) {
$x_value .= ' DMZIF';
}
@@ -859,6 +884,7 @@
'int_dhcp' => 'int_eth',
'int2_dhcp' => 'int2_eth',
'int3_dhcp' => 'int3_eth',
+ 'int4_dhcp' => 'int4_eth',
'dmz_dhcp' => 'dmz_eth'
);
$rtn = '';
@@ -1560,6 +1586,38 @@
putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
+ putHtml('<strong>4th LAN Interface:</strong>');
+ putHtml('<select name="int4_eth">');
+ putHtml('<option value="">none</option>');
+ $varif = getVARdef($db, 'INT4IF', $cur_db);
+ if (($n = count($eth)) > 0) {
+ for ($i = 0; $i < $n; $i++) {
+ $sel = ($varif === $eth[$i]) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$eth[$i].'"'.$sel.'>'.$eth[$i].'</option>');
+ }
+ }
+ putHtml('</select>');
+ putDNS_DHCP_Html($db, $cur_db, $varif, 'int4_dhcp');
+ $value = getVARdef($db, 'INT4IP', $cur_db);
+ putHtml('– IPv4:<input type="text" size="16" maxlength="15" value="'.$value.'" name="int4_ip" />');
+ if (($value = getVARdef($db, 'INT4NM', $cur_db)) === '') {
+ $value = '255.255.255.0';
+ }
+ putHtml('NetMask:<input type="text" size="16" maxlength="15" value="'.$value.'" name="int4_mask_ip" />');
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
+ putHtml(' IPv6 Autoconfig:');
+ putHtml('<select name="int4_autoconf">');
+ putHtml('<option value="">disabled</option>');
+ $sel = isVARtype('IPV6_AUTOCONF', $db, $cur_db, 'INT4IF') ? ' selected="selected"' : '';
+ putHtml('<option value=" INT4IF"'.$sel.'>enabled</option>');
+ putHtml('</select>');
+ $value = getVARdef($db, 'INT4IPV6', $cur_db);
+ putHtml('– IPv6/nn:<input type="text" size="45" maxlength="43" value="'.$value.'" name="int4_ipv6" />');
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
putHtml('<strong>The DMZ Interface:</strong>');
putHtml('<select name="dmz_eth">');
putHtml('<option value="">none</option>');
@@ -1822,12 +1880,14 @@
putHtml('<input type="checkbox" value="netstat_INT2IF" name="netstat_INT2IF"'.$sel.' /> 2nd LAN');
$sel = isVARtype('NETSTAT_CAPTURE', $db, $cur_db, 'INT3IF') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="netstat_INT3IF" name="netstat_INT3IF"'.$sel.' /> 3rd LAN');
+ $sel = isVARtype('NETSTAT_CAPTURE', $db, $cur_db, 'INT4IF') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="netstat_INT4IF" name="netstat_INT4IF"'.$sel.' /> 4th LAN');
$sel = isVARtype('NETSTAT_CAPTURE', $db, $cur_db, 'DMZIF') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="netstat_DMZIF" name="netstat_DMZIF"'.$sel.' /> DMZ');
putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
- putHtml("Universal Plug'n'Play:");
+ putHtml("Universal Plug'n'Play Server:");
$upnp_natpmp = getVARdef($db, 'UPNP_ENABLE_NATPMP', $cur_db) === 'yes' ? 'yes' : 'no';
$upnp_upnp = getVARdef($db, 'UPNP_ENABLE_UPNP', $cur_db) === 'yes' ? 'yes' : 'no';
putHtml('<select name="upnp" onchange="upnp_change()">');
@@ -1836,13 +1896,18 @@
putHtml('<option value="'.$value.'"'.$sel.'>'.$key.'</option>');
}
putHtml('</select>');
- putHtml('– Interfaces:');
+ putHtml('</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td style="text-align: left;" colspan="6">');
+ putHtml("Universal Plug'n'Play Interfaces:");
$sel = isVARtype('UPNP_LISTEN', $db, $cur_db, 'INTIF') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="upnp_INTIF" name="upnp_INTIF"'.$sel.' /> 1st LAN');
$sel = isVARtype('UPNP_LISTEN', $db, $cur_db, 'INT2IF') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="upnp_INT2IF" name="upnp_INT2IF"'.$sel.' /> 2nd LAN');
$sel = isVARtype('UPNP_LISTEN', $db, $cur_db, 'INT3IF') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="upnp_INT3IF" name="upnp_INT3IF"'.$sel.' /> 3rd LAN');
+ $sel = isVARtype('UPNP_LISTEN', $db, $cur_db, 'INT4IF') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="upnp_INT4IF" name="upnp_INT4IF"'.$sel.' /> 4th LAN');
$sel = isVARtype('UPNP_LISTEN', $db, $cur_db, 'DMZIF') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="upnp_DMZIF" name="upnp_DMZIF"'.$sel.' /> DMZ');
putHtml('</td></tr>');
Modified: branches/1.0/package/webinterface/altweb/admin/phoneprov.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/phoneprov.php 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/package/webinterface/altweb/admin/phoneprov.php 2016-07-16 13:22:59 UTC (rev 7755)
@@ -38,6 +38,7 @@
'INTIF' => '1st LAN Interface',
'INT2IF' => '2nd LAN Interface',
'INT3IF' => '3rd LAN Interface',
+ 'INT4IF' => '4th LAN Interface',
'EXTIF' => 'External Interface'
);
Modified: branches/1.0/project/astlinux/target_skeleton/etc/init.d/alert
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/init.d/alert 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/project/astlinux/target_skeleton/etc/init.d/alert 2016-07-16 13:22:59 UTC (rev 7755)
@@ -49,7 +49,8 @@
Interface: $EXTIF (External) IPv4 Address: $(dev_to_ipv4_addresses $EXTIF)${INTIF:+
Interface: $INTIF (1st LAN) IPv4 Network: $(dev_to_ipv4_networks $INTIF)}${INT2IF:+
Interface: $INT2IF (2nd LAN) IPv4 Network: $(dev_to_ipv4_networks $INT2IF)}${INT3IF:+
- Interface: $INT3IF (3rd LAN) IPv4 Network: $(dev_to_ipv4_networks $INT3IF)}${DMZIF:+
+ Interface: $INT3IF (3rd LAN) IPv4 Network: $(dev_to_ipv4_networks $INT3IF)}${INT4IF:+
+ Interface: $INT4IF (4th LAN) IPv4 Network: $(dev_to_ipv4_networks $INT4IF)}${DMZIF:+
Interface: $DMZIF (The DMZ) IPv4 Network: $(dev_to_ipv4_networks $DMZIF)}
"
# Add a one second delay to allow the message to transmit since getty immediately
Modified: branches/1.0/project/astlinux/target_skeleton/etc/init.d/functions.d/misc
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/init.d/functions.d/misc 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/project/astlinux/target_skeleton/etc/init.d/functions.d/misc 2016-07-16 13:22:59 UTC (rev 7755)
@@ -11,7 +11,7 @@
local ip hostip hostipv6 IFS
# we deliberately leave out EXTIP
- for ip in $INTIP/$INTIPV6 $INT2IP/$INT2IPV6 $INT3IP/$INT3IPV6; do
+ for ip in $INTIP/$INTIPV6 $INT2IP/$INT2IPV6 $INT3IP/$INT3IPV6 $INT4IP/$INT4IPV6; do
hostip="$(echo $ip | cut -d'/' -f1)"
hostipv6="$(echo $ip | cut -d'/' -f2)"
if [ -n "$hostip" ]; then
Modified: branches/1.0/project/astlinux/target_skeleton/etc/init.d/network
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/init.d/network 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/project/astlinux/target_skeleton/etc/init.d/network 2016-07-16 13:22:59 UTC (rev 7755)
@@ -122,6 +122,11 @@
int="$INT3IF"
fi
;;
+ INT4IF)
+ if [ -n "$INT4IF" -a "$INT4IF" != "none" -a -n "$INT4IP" -a -n "$INT4NM" ]; then
+ int="$INT4IF"
+ fi
+ ;;
DMZIF)
if [ -n "$DMZIF" -a "$DMZIF" != "none" -a -n "$DMZIP" -a -n "$DMZNM" ]; then
int="$DMZIF"
@@ -326,7 +331,7 @@
ip link set dev lo up
# look for nas[0123] being any one of our interfaces, and create it
- for IF in $PPPOEIF $BRIDGE0 $BRIDGE1 $BRIDGE2 $INTIF $INT2IF $INT3IF; do
+ for IF in $PPPOEIF $BRIDGE0 $BRIDGE1 $BRIDGE2 $INTIF $INT2IF $INT3IF $INT4IF; do
case $IF in
nas[0123])
create_nasX $IF ;;
@@ -462,6 +467,14 @@
ip link set dev $INT3IF up
fi
+ if [ -n "$INT4IF" -a -n "$INT4IP" -a -n "$INT4NM" -a "$INT4IF" != "none" ]; then
+ ip addr add $INT4IP/$INT4NM brd + dev $INT4IF
+ if [ "$IPV6" = "yes" -a -n "$INT4IPV6" ]; then
+ ip -6 addr add $INT4IPV6 dev $INT4IF
+ fi
+ ip link set dev $INT4IF up
+ fi
+
if [ -n "$WANDELAY" ]; then
echo "Sleeping for $WANDELAY seconds before I bring up $EXTIF..."
sleep $WANDELAY
@@ -742,6 +755,11 @@
ip link set dev $INT3IF down
fi
+ if [ -n "$INT4IF" -a "$INT4IF" != "none" ]; then
+ echo "Bringing down $INT4IF..."
+ ip link set dev $INT4IF down
+ fi
+
if [ -n "$DMZIF" -a "$DMZIF" != "none" ]; then
echo "Bringing down $DMZIF ..."
ip link set dev $DMZIF down
@@ -772,7 +790,7 @@
fi
# ATM interfaces
- for IF in $PPPOEIF $BRIDGE0 $BRIDGE1 $BRIDGE2 $INTIF $INT2IF $INT3IF; do
+ for IF in $PPPOEIF $BRIDGE0 $BRIDGE1 $BRIDGE2 $INTIF $INT2IF $INT3IF $INT4IF; do
case $IF in
nas[0123])
ip link set dev "$IF" down
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2016-07-13 19:33:30 UTC (rev 7754)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2016-07-16 13:22:59 UTC (rev 7755)
@@ -95,6 +95,10 @@
#INT3IP=192.168.103.1
#INT3NM=255.255.255.0
+#INT4IF=eth3
+#INT4IP=192.168.104.1
+#INT4NM=255.255.255.0
+
## DMZ Support
#DMZIF="eth2"
#DMZIP="192.168.102.1"
@@ -234,13 +238,14 @@
#INTIPV6="2001:db8:10::1/64"
#INT2IPV6="2001:db8:11::1/64"
#INT3IPV6="2001:db8:12::1/64"
+#INT4IPV6="2001:db8:13::1/64"
##
## DMZ IPv6 address
#DMZIPV6="2001:db8:20::1/64"
## Configure IPv6 Router Advertisement Daemon
## Define: Interface_Name, space separated for multiple
-## Interface_Name is "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd Internal Interface
+## Interface_Name is "INTIF" for 1st, "INT2IF" for 2nd, "INT3IF" for 3rd, and "INT4IF" for 4th Internal Interface
## "DMZIF" for DMZ Interface
## Note: the autoconf prefix is derived from the IPv6 address on the interface, which must be defined.
#IPV6_AUTOCONF="INTIF"
@@ -291,15 +296,15 @@
#NAT_FOREIGN_NETWORK="192.168.6.0/24 192.168.7.0/24"
## Allow LAN to LAN traffic for internal interfaces, defaults to disallow.
-## Space separate "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd Internal Interface
+## Space separate "INTIF" for 1st, "INT2IF" for 2nd, "INT3IF" for 3rd, and "INT4IF" for 4th Internal Interface
## Separate groups using a ~ (tilde)
#ALLOWLANS="INTIF INT2IF"
#ALLOWLANS="INTIF INT2IF~INTIF INT3IF"
-#ALLOWLANS="INTIF INT2IF INT3IF"
+#ALLOWLANS="INTIF INT2IF INT3IF INT4IF"
## Deny LAN to DMZ traffic for internal interfaces, defaults to allow.
-## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface, space separated for multiple
-#DMZ_DENYLAN="INT2IF INT3IF"
+## Use "INTIF" for 1st, "INT2IF" for 2nd, "INT3IF" for 3rd, or "INT4IF" for 4th Internal Interface, space separated for multiple
+#DMZ_DENYLAN="INT2IF INT3IF INT4IF"
## Traffic Shaping
## Shapetype. This defines the qdisc type. Traffic shaping currently supports htb
@@ -353,7 +358,7 @@
## Capture interfaces, NETSTAT_CAPTURE, at least one must be specified.
## Define: Interface_Name, space separated for multiple
## Interface_Name is: "EXTIF" for External Interface
-## "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd Internal Interface
+## "INTIF" for 1st, "INT2IF" for 2nd, "INT3IF" for 3rd, and "INT4IF" for 4th Internal Interface
## "DMZIF" for DMZ Interface
#NETSTAT_CAPTURE="EXTIF"
@@ -383,7 +388,7 @@
## Default base directory for phoneprov-tools scripts, default is "/mnt/kd/phoneprov"
#PHONEPROV_BASE_DIR="/mnt/kd/phoneprov"
## Default gateway interface for phoneprov-tools scripts.
-## Interface Name: "INTIF", "INT2IF", "INT3IF", "EXTIF", ethN, brN, defaults to "INTIF"
+## Interface Name: "INTIF", "INT2IF", "INT3IF", "INT4IF", "EXTIF", ethN, brN, defaults to "INTIF"
#PHONEPROV_GW_IF="INTIF"
## NTPd Server
@@ -513,7 +518,7 @@
#UPNP_ENABLE_UPNP="yes"
## UPnP internal interfaces, UPNP_LISTEN, at least one must be specified.
## Define: Interface_Name, space separated for multiple
-## Interface_Name is "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd Internal Interface
+## Interface_Name is "INTIF" for 1st, "INT2IF" for 2nd, "INT3IF" for 3rd, and "INT4IF" for 4th Internal Interface
## "DMZIF" for DMZ Interface
#UPNP_LISTEN="INTIF"
## Optional, restrict allowed IPv4 addresses or CIDR's in UPNP_ALLOW, space separated for multiple.
@@ -658,7 +663,7 @@
#username2 password2
#"
## Allow OpenVPN Server tunnel to LAN Interface(s), defaults to disallow.
-## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface, space separated for multiple
+## Use "INTIF" for 1st, "INT2IF" for 2nd, "INT3IF" for 3rd, or "INT4IF" for 4th Internal Interface, space separated for multiple
## Note: OpenVPN Server tunnel to DMZ Interface is allowed.
#OVPN_ALLOWLAN="INTIF"
##
@@ -698,7 +703,7 @@
## Define ns-cert-type if set
#OVPNC_NSCERTTYPE="server"
## Allow OpenVPN Client tunnel to LAN Interface(s), defaults to disallow.
-## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface, space separated for multiple
+## Use "INTIF" for 1st, "INT2IF" for 2nd, "INT3IF" for 3rd, or "INT4IF" for 4th Internal Interface, space separated for multiple
## Note: OpenVPN Client tunnel to DMZ Interface is allowed.
#OVPNC_ALLOWLAN="INTIF"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-13 19:33:32
|
Revision: 7754
http://sourceforge.net/p/astlinux/code/7754
Author: abelbeck
Date: 2016-07-13 19:33:30 +0000 (Wed, 13 Jul 2016)
Log Message:
-----------
update ChangeLog
Modified Paths:
--------------
branches/1.0/docs/ChangeLog.txt
Modified: branches/1.0/docs/ChangeLog.txt
===================================================================
--- branches/1.0/docs/ChangeLog.txt 2016-07-13 19:31:55 UTC (rev 7753)
+++ branches/1.0/docs/ChangeLog.txt 2016-07-13 19:33:30 UTC (rev 7754)
@@ -16,7 +16,7 @@
** Networking
--- (no change)
+-- arnofw (AIF), version bump to 2.0.1g-RC1
** Asterisk
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-13 19:31:58
|
Revision: 7753
http://sourceforge.net/p/astlinux/code/7753
Author: abelbeck
Date: 2016-07-13 19:31:55 +0000 (Wed, 13 Jul 2016)
Log Message:
-----------
arnofw, version bump to 2.0.1g-RC1, remove all our patches
Modified Paths:
--------------
branches/1.0/package/arnofw/arnofw.mk
Removed Paths:
-------------
branches/1.0/package/arnofw/arnofw-0001-do-not-reset-accept_ra.patch
branches/1.0/package/arnofw/arnofw-0002-icmpv6-add-MLD-cleanup-logging.patch
branches/1.0/package/arnofw/arnofw-0003-pptp-vpn-passthrough.patch
branches/1.0/package/arnofw/arnofw-0004-add-LAN_LAN_FORWARD_CHAIN.patch
branches/1.0/package/arnofw/arnofw-0005-add-LAN_DMZ_ALLOW_IF.patch
Deleted: branches/1.0/package/arnofw/arnofw-0001-do-not-reset-accept_ra.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-0001-do-not-reset-accept_ra.patch 2016-07-12 17:02:11 UTC (rev 7752)
+++ branches/1.0/package/arnofw/arnofw-0001-do-not-reset-accept_ra.patch 2016-07-13 19:31:55 UTC (rev 7753)
@@ -1,11 +0,0 @@
---- arno-iptables-firewall_2.0.1f/bin/arno-iptables-firewall.orig 2015-10-30 15:52:23.000000000 -0500
-+++ arno-iptables-firewall_2.0.1f/bin/arno-iptables-firewall 2015-10-30 16:00:37.000000000 -0500
-@@ -495,7 +495,7 @@
- sysctl_set_all "net.ipv6.conf" "forwarding" 1
- echo " Disabling Local IPv6 Auto-Configuration"
- sysctl_set_all "net.ipv6.conf" "autoconf" 0
-- sysctl_set_all "net.ipv6.conf" "accept_ra" 0
-+ ## Setting accept_ra=0 is not needed with forwarding=1, don't overwrite any existing accept_ra=2 values
- fi
- elif [ "$IP_FORWARDING" = "0" ]; then
- echo " DISABLING packet forwarding"
Deleted: branches/1.0/package/arnofw/arnofw-0002-icmpv6-add-MLD-cleanup-logging.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-0002-icmpv6-add-MLD-cleanup-logging.patch 2016-07-12 17:02:11 UTC (rev 7752)
+++ branches/1.0/package/arnofw/arnofw-0002-icmpv6-add-MLD-cleanup-logging.patch 2016-07-13 19:31:55 UTC (rev 7753)
@@ -1,75 +0,0 @@
-From 7bd64927a401050769b7da18fd2ae52370cc2390 Mon Sep 17 00:00:00 2001
-From: Lonnie Abelbeck <lo...@ab...>
-Date: Sat, 13 Feb 2016 16:16:16 -0600
-Subject: [PATCH] changed: added support for ICMPv6 Multicast Listener
- Discovery, disabled by default with OPEN_ICMPV6_MLD=0. Additionally make sure
- all un-needed ICMPv6 packets are dropped so they don't appear as annoying
- logs, more common with native IPv6 support by ISP's. Thanks to David Kerr for
- pointing out the issue and testing a solution.
-
----
- bin/arno-iptables-firewall | 10 ++++++++++
- etc/arno-iptables-firewall/firewall.conf | 6 ++++++
- share/arno-iptables-firewall/environment | 4 ++++
- 3 files changed, 20 insertions(+)
-
-diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
-index f5095a5..b02a85f 100755
---- a/bin/arno-iptables-firewall
-+++ b/bin/arno-iptables-firewall
-@@ -4574,6 +4574,11 @@ setup_firewall_rules()
- for icmpv6_type in $ICMPV6_SPECIAL_TYPES; do
- ip6tables -A INPUT -i $interface -p icmpv6 --icmpv6-type $icmpv6_type -m hl --hl-eq 255 -j ACCEPT
- done
-+ if [ "$OPEN_ICMPV6_MLD" = "1" ]; then
-+ for icmpv6_type in $ICMPV6_MLD_TYPES; do
-+ ip6tables -A INPUT -i $interface -p icmpv6 --icmpv6-type $icmpv6_type -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
-+ done
-+ fi
- fi
-
- # Apply external (internet) interface policy for the input chain:
-@@ -4592,6 +4597,11 @@ setup_firewall_rules()
-
- # ICMP traffic (flood)
- iptables -A INPUT -i $interface -p icmp -m state --state NEW -j EXT_ICMP_FLOOD_CHAIN
-+
-+ # Drop any remaining ICMPv6 traffic
-+ if [ "$IPV6_SUPPORT" = "1" ]; then
-+ ip6tables -A INPUT -i $interface -p icmpv6 -j POST_INPUT_DROP_CHAIN
-+ fi
- done
-
-
-diff --git a/etc/arno-iptables-firewall/firewall.conf b/etc/arno-iptables-firewall/firewall.conf
-index 9e80e20..2291916 100644
---- a/etc/arno-iptables-firewall/firewall.conf
-+++ b/etc/arno-iptables-firewall/firewall.conf
-@@ -1158,6 +1158,12 @@ OPEN_ICMP=0
- # -----------------------------------------------------------------------------
- OPEN_ICMPV6=1
-
-+# Enable (1) to make the default policy allow IPv6 ICMPv6
-+# Multicast Listener Discovery (RFC 2710, 3810) for INET access
-+# Note: Requires setting OPEN_ICMPV6=1 to apply.
-+# -----------------------------------------------------------------------------
-+OPEN_ICMPV6_MLD=0
-+
- # Put in the following variables which ports or IP protocols you want to leave
- # open to the whole world.
- # -----------------------------------------------------------------------------
-diff --git a/share/arno-iptables-firewall/environment b/share/arno-iptables-firewall/environment
-index 5728e4c..616c29c 100644
---- a/share/arno-iptables-firewall/environment
-+++ b/share/arno-iptables-firewall/environment
-@@ -1698,6 +1698,10 @@ fi
- ######################################################################
- ICMPV6_SPECIAL_TYPES="133 134 135 136"
-
-+# IPv6 ICMPv6 Multicast Listener Discovery (RFC 2710, 3810)
-+######################################################################
-+ICMPV6_MLD_TYPES="130 131 132 143"
-+
- # Check plugin bin path and fallback in case it's empty
- #######################################################
- if [ -z "$PLUGIN_BIN_PATH" ]; then
Deleted: branches/1.0/package/arnofw/arnofw-0003-pptp-vpn-passthrough.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-0003-pptp-vpn-passthrough.patch 2016-07-12 17:02:11 UTC (rev 7752)
+++ branches/1.0/package/arnofw/arnofw-0003-pptp-vpn-passthrough.patch 2016-07-13 19:31:55 UTC (rev 7753)
@@ -1,186 +0,0 @@
-From ade2e3fd17771b861f97dd3adb5307e4da16dc4e Mon Sep 17 00:00:00 2001
-From: Lonnie Abelbeck <lo...@ab...>
-Date: Sat, 9 Jan 2016 10:04:46 -0600
-Subject: [PATCH] added: PPTP VPN Passthrough plugin, Issue #27
-
----
- .../plugins/pptp-vpn-passthrough.conf | 14 +++
- .../plugins/50pptp-vpn-passthrough.plugin | 135 +++++++++++++++++++++
- .../plugins/pptp-vpn-passthrough.CHANGELOG | 4 +
- 3 files changed, 153 insertions(+)
- create mode 100644 etc/arno-iptables-firewall/plugins/pptp-vpn-passthrough.conf
- create mode 100644 share/arno-iptables-firewall/plugins/50pptp-vpn-passthrough.plugin
- create mode 100644 share/arno-iptables-firewall/plugins/pptp-vpn-passthrough.CHANGELOG
-
-diff --git a/etc/arno-iptables-firewall/plugins/pptp-vpn-passthrough.conf b/etc/arno-iptables-firewall/plugins/pptp-vpn-passthrough.conf
-new file mode 100644
-index 0000000..250bc0d
---- /dev/null
-+++ b/etc/arno-iptables-firewall/plugins/pptp-vpn-passthrough.conf
-@@ -0,0 +1,14 @@
-+# ------------------------------------------------------------------------------
-+# -= Arno's iptables firewall - PPTP VPN Passthrough plugin =-
-+# ------------------------------------------------------------------------------
-+
-+# To actually enable this plugin make ENABLED=1:
-+# ------------------------------------------------------------------------------
-+ENABLED=0
-+
-+# PPTP uses the GRE protocol for transport, as such, when PPTP VPN clients
-+# have NAT between them and the PPTP VPN server special packet handling must be performed.
-+# This plugin loads the required Linux Kernel modules to handle that situation.
-+#
-+# No configuration options
-+# ------------------------------------------------------------------------------
-diff --git a/share/arno-iptables-firewall/plugins/50pptp-vpn-passthrough.plugin b/share/arno-iptables-firewall/plugins/50pptp-vpn-passthrough.plugin
-new file mode 100644
-index 0000000..379a1dd
---- /dev/null
-+++ b/share/arno-iptables-firewall/plugins/50pptp-vpn-passthrough.plugin
-@@ -0,0 +1,135 @@
-+# ------------------------------------------------------------------------------
-+# -= Arno's iptables firewall - PPTP VPN Passthrough plugin =-
-+#
-+PLUGIN_NAME="PPTP VPN Passthrough plugin"
-+PLUGIN_VERSION="1.00"
-+PLUGIN_CONF_FILE="pptp-vpn-passthrough.conf"
-+#
-+# Last changed : January 9, 2016
-+# Requirements : AIF 2.0.0+ and ip_nat_pptp
-+# Comments : This plugin loads the required kernel modules for PPTP VPN Clients
-+# to access remote PPTP VPN Server(s) when NAT is enabled.
-+#
-+# Author : (C) Copyright 2016 by Lonnie Abelbeck & Arno van Amersfoort
-+# Homepage : http://rocky.eld.leidenuniv.nl/
-+# Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
-+# (note: you must remove all spaces and substitute the @ and the .
-+# at the proper locations!)
-+# ------------------------------------------------------------------------------
-+# This program is free software; you can redistribute it and/or
-+# modify it under the terms of the GNU General Public License
-+# version 2 as published by the Free Software Foundation.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+# ------------------------------------------------------------------------------
-+
-+# Plugin start function
-+plugin_start()
-+{
-+
-+ if [ "$NAT" = "1" ]; then
-+ echo "${INDENT}Enable PPTP NAT helper module"
-+ modprobe_multi nf_nat_pptp ip_nat_pptp
-+ else
-+ echo "${INDENT}ERROR: NAT is not enabled, this plugin will be ignored."
-+ fi
-+
-+ return 0
-+}
-+
-+
-+# Plugin restart function
-+plugin_restart()
-+{
-+
-+ # Skip plugin_stop on a restart
-+ plugin_start
-+
-+ return 0
-+}
-+
-+
-+# Plugin stop function
-+plugin_stop()
-+{
-+
-+ if [ "$NAT" = "1" ]; then
-+ if [ -e /proc/modules -a -x "$MODPROBE" ]; then
-+ if ! $MODPROBE -r nf_nat_pptp >/dev/null 2>&1; then
-+ $MODPROBE -r ip_nat_pptp >/dev/null 2>&1
-+ fi
-+ if [ $? -eq 0 ]; then
-+ echo "${INDENT}Disabled PPTP NAT helper module"
-+ fi
-+ fi
-+ fi
-+
-+ return 0
-+}
-+
-+
-+# Plugin status function
-+plugin_status()
-+{
-+ return 0
-+}
-+
-+
-+# Check sanity of eg. environment
-+plugin_sanity_check()
-+{
-+ return 0
-+}
-+
-+
-+############
-+# Mainline #
-+############
-+
-+# Check where to find the config file
-+CONF_FILE=""
-+if [ -n "$PLUGIN_CONF_PATH" ]; then
-+ CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE"
-+fi
-+
-+# Preinit to success:
-+PLUGIN_RET_VAL=0
-+
-+# Check if the config file exists
-+if [ ! -e "$CONF_FILE" ]; then
-+ printf "NOTE: Config file \"$CONF_FILE\" not found!\n Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2
-+else
-+ # Source the plugin config file
-+ . "$CONF_FILE"
-+
-+ if [ "$ENABLED" = "1" -a "$PLUGIN_CMD" != "stop-restart" ] ||
-+ [ "$ENABLED" = "0" -a "$PLUGIN_CMD" = "stop-restart" ] ||
-+ [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] ||
-+ [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then
-+ # Show who we are:
-+ echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION"
-+
-+ # Increment indention
-+ INDENT="$INDENT "
-+
-+ # Only proceed if environment ok
-+ if ! plugin_sanity_check; then
-+ PLUGIN_RET_VAL=1
-+ else
-+ case $PLUGIN_CMD in
-+ start|'') plugin_start; PLUGIN_RET_VAL=$? ;;
-+ restart ) plugin_restart; PLUGIN_RET_VAL=$? ;;
-+ stop|stop-restart) plugin_stop; PLUGIN_RET_VAL=$? ;;
-+ status ) plugin_status; PLUGIN_RET_VAL=$? ;;
-+ * ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m${INDENT}ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2 ;;
-+ esac
-+ fi
-+ fi
-+fi
-diff --git a/share/arno-iptables-firewall/plugins/pptp-vpn-passthrough.CHANGELOG b/share/arno-iptables-firewall/plugins/pptp-vpn-passthrough.CHANGELOG
-new file mode 100644
-index 0000000..042b789
---- /dev/null
-+++ b/share/arno-iptables-firewall/plugins/pptp-vpn-passthrough.CHANGELOG
-@@ -0,0 +1,4 @@
-+Version 1.00 (January 9, 2016)
-+-----------------------------------
-++ Initial version
-+
-
Deleted: branches/1.0/package/arnofw/arnofw-0004-add-LAN_LAN_FORWARD_CHAIN.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-0004-add-LAN_LAN_FORWARD_CHAIN.patch 2016-07-12 17:02:11 UTC (rev 7752)
+++ branches/1.0/package/arnofw/arnofw-0004-add-LAN_LAN_FORWARD_CHAIN.patch 2016-07-13 19:31:55 UTC (rev 7753)
@@ -1,253 +0,0 @@
-diff --git a/README b/README
-index 093151a..802ce61 100644
---- a/README
-+++ b/README
-@@ -480,6 +480,7 @@ INT_FORWARD_IN_CHAIN - Internal-net FORWARD chain for INcoming traffic
- INT_FORWARD_OUT_CHAIN - Internal-net FORWARD chain for OUTcoming traffic
- INT_INPUT_CHAIN - Internal-net INPUT chain
- INT_OUTPUT_CHAIN - Internal-net OUTPUT chain
-+LAN_LAN_FORWARD_CHAIN - LAN to LAN (Inter-LAN) forward chain (AIF private use only)
- LAN_INET_FORWARD_CHAIN - LAN to internet (external net) forward chain
- POST_INPUT_CHAIN - This chain is always processed last(post) in the
- INPUT chain
-diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
-index b02a85f..beee62d 100755
---- a/bin/arno-iptables-firewall
-+++ b/bin/arno-iptables-firewall
-@@ -2263,6 +2263,79 @@ setup_int_input_chain()
- }
-
-
-+##################################################
-+# Setup chain for the LAN-to-LAN forward traffic #
-+##################################################
-+setup_lan_lan_forward_chain()
-+{
-+ local rtn_val=1
-+
-+ echo " Setting up LAN->LAN policy"
-+
-+ # TCP ports to ALLOW for certain Inter-LAN hosts
-+ ################################################
-+ unset IFS
-+ for rule in $LAN_LAN_HOST_OPEN_TCP; do
-+ if parse_rule "$rule" LAN_LAN_HOST_OPEN_TCP "shosts:ANYHOST-dhosts-ports:ANYPORT"; then
-+
-+ echo " Allowing $shosts(LAN) to $dhosts(LAN) for TCP port(s): $ports"
-+
-+ IFS=','
-+ for shost in `ip_range "$shosts"`; do
-+ for dhost in `ip_range "$dhosts"`; do
-+ for port in $ports; do
-+ iptables -A LAN_LAN_FORWARD_CHAIN -s $shost -d $dhost -p tcp --dport $port -j ACCEPT
-+ rtn_val=0
-+ done
-+ done
-+ done
-+ fi
-+ done
-+
-+ # UDP ports to ALLOW for certain Inter-LAN hosts
-+ ################################################
-+ unset IFS
-+ for rule in $LAN_LAN_HOST_OPEN_UDP; do
-+ if parse_rule "$rule" LAN_LAN_HOST_OPEN_UDP "shosts:ANYHOST-dhosts-ports:ANYPORT"; then
-+
-+ echo " Allowing $shosts(LAN) to $dhosts(LAN) for UDP port(s): $ports"
-+
-+ IFS=','
-+ for shost in `ip_range "$shosts"`; do
-+ for dhost in `ip_range "$dhosts"`; do
-+ for port in $ports; do
-+ iptables -A LAN_LAN_FORWARD_CHAIN -s $shost -d $dhost -p udp --dport $port -j ACCEPT
-+ rtn_val=0
-+ done
-+ done
-+ done
-+ fi
-+ done
-+
-+ # IP protocol(s) to ALLOW for certain Inter-LAN hosts
-+ #####################################################
-+ unset IFS
-+ for rule in $LAN_LAN_HOST_OPEN_IP; do
-+ if parse_rule "$rule" LAN_LAN_HOST_OPEN_IP "shosts:ANYHOST-dhosts-protos"; then
-+
-+ echo " Allowing $shosts(LAN) to $dhosts(LAN) for IP protocol(s): $protos"
-+
-+ IFS=','
-+ for shost in `ip_range "$shosts"`; do
-+ for dhost in `ip_range "$dhosts"`; do
-+ for proto in $protos; do
-+ iptables -A LAN_LAN_FORWARD_CHAIN -s $shost -d $dhost -p $proto -j ACCEPT
-+ rtn_val=0
-+ done
-+ done
-+ done
-+ fi
-+ done
-+
-+ return $rtn_val
-+}
-+
-+
- ###################################################
- # Setup chain for the LAN-to-INET forward traffic #
- ###################################################
-@@ -4803,7 +4876,10 @@ setup_firewall_rules()
- echo " Logging of denied LAN->INET FORWARD connections disabled"
- fi
-
-- # Setup helper chain for the LAN:
-+ # Setup helper chains for the LAN:
-+ setup_lan_lan_forward_chain;
-+ lan_lan_forward_result=$?
-+
- setup_lan_inet_forward_chain;
-
- IFS=' ,'
-@@ -4813,10 +4889,20 @@ setup_firewall_rules()
- # Always make subnets on the SAME interface trust each other
- iptables -A FORWARD -i $iif -o $iif -j ACCEPT
-
-+ # Optimize by only adding to FORWARD if LAN_LAN_FORWARD_CHAIN contains rules
-+ if [ $lan_lan_forward_result -eq 0 ]; then
-+ for output_if in $INT_IF; do
-+ if [ "$iif" != "$output_if" ]; then
-+ iptables -A FORWARD -i $iif -o $output_if -j LAN_LAN_FORWARD_CHAIN
-+ fi
-+ done
-+ fi
-+
- for eif in $EXT_IF; do
- iptables -A FORWARD -i $iif -o $eif -j LAN_INET_FORWARD_CHAIN
- done
- done
-+ unset lan_lan_forward_result
- fi
-
-
-@@ -5035,6 +5121,7 @@ create_user_chains()
- iptables -N DMZ_LAN_FORWARD_CHAIN
- iptables -N INET_DMZ_FORWARD_CHAIN
- iptables -N DMZ_INET_FORWARD_CHAIN
-+ iptables -N LAN_LAN_FORWARD_CHAIN
- iptables -N LAN_INET_FORWARD_CHAIN
-
- # Chains for the external interface
-@@ -5091,6 +5178,7 @@ flush_user_chains()
- iptables -F DMZ_LAN_FORWARD_CHAIN
- iptables -F INET_DMZ_FORWARD_CHAIN
- iptables -F DMZ_INET_FORWARD_CHAIN
-+ iptables -F LAN_LAN_FORWARD_CHAIN
- iptables -F LAN_INET_FORWARD_CHAIN
-
- # Chains for the external interface
-diff --git a/etc/arno-iptables-firewall/firewall.conf b/etc/arno-iptables-firewall/firewall.conf
-index 2291916..73554d2 100644
---- a/etc/arno-iptables-firewall/firewall.conf
-+++ b/etc/arno-iptables-firewall/firewall.conf
-@@ -696,6 +696,40 @@ LAN_HOST_DENY_IP=""
-
-
- ###############################################################################
-+# LAN_LAN_xxx = LAN->LAN access rules (forward) #
-+###############################################################################
-+
-+# Put in the following variables which LAN hosts you want to allow to certain
-+# hosts/services on a different LAN (net).
-+#
-+# TCP/UDP form:
-+# "SRCIP1,SRCIP2,...>DESTIP1~port \
-+# SRCIP3,...>DESTIP2~port"
-+#
-+# IP form:
-+# "SRCIP1,SRCIP2,...>DESTIP1~protocol \
-+# SRCIP3,...>DESTIP2~protocol"
-+#
-+# TCP/UDP examples:
-+# Simple (Allow port 80 to LAN host 1.2.3.4 from all other LAN hosts(0/0)):
-+# LAN_LAN_HOST_OPEN_xxx="0/0>1.2.3.4~80"
-+# Advanced (Allow port 20 & 21 to LAN host 1.2.3.4 from all other LAN hosts (0/0) and
-+# allow port 80 from LAN host 5.6.7.8 (only) to LAN host 1.2.3.4):
-+# LAN_LAN_HOST_OPEN_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
-+#
-+# IP protocol example:
-+# (Allow protocols 47 & 48 to LAN host 1.2.3.4 from all other LAN hosts(0/0)):
-+# LAN_LAN_HOST_OPEN_IP="0/0>1.2.3.4~47,48"
-+#
-+# NOTE 1: If no SRCIPx is specified, any source host is used
-+# NOTE 2: If no port is specified, any port is used
-+# -----------------------------------------------------------------------------
-+LAN_LAN_HOST_OPEN_TCP=""
-+LAN_LAN_HOST_OPEN_UDP=""
-+LAN_LAN_HOST_OPEN_IP=""
-+
-+
-+###############################################################################
- # LAN_INET_xxx = LAN->internet access rules (forward) #
- # #
- # Note that when the LAN_INET_OPEN_xxx & LAN_INET_HOST_OPEN_xxx variables are #
-
-
-From dd4ac2ea35da58eb625a3e1bb87dc707044f13a6 Mon Sep 17 00:00:00 2001
-From: Lonnie Abelbeck <lo...@ab...>
-Date: Wed, 22 Jun 2016 14:55:37 -0500
-Subject: [PATCH] removed: unused INT_FORWARD_IN_CHAIN and
- INT_FORWARD_OUT_CHAIN user chains, related #28
-
----
- README | 2 --
- bin/arno-iptables-firewall | 12 ------------
- 2 files changed, 14 deletions(-)
-
-diff --git a/README b/README
-index 802ce61..3f88069 100644
---- a/README
-+++ b/README
-@@ -476,8 +476,6 @@ HOST_BLOCK_DST - Chain containing the list of destination based
- blocked hosts
- HOST_BLOCK_SRC - Chain containing the list of source based blocked
- hosts
--INT_FORWARD_IN_CHAIN - Internal-net FORWARD chain for INcoming traffic
--INT_FORWARD_OUT_CHAIN - Internal-net FORWARD chain for OUTcoming traffic
- INT_INPUT_CHAIN - Internal-net INPUT chain
- INT_OUTPUT_CHAIN - Internal-net OUTPUT chain
- LAN_LAN_FORWARD_CHAIN - LAN to LAN (Inter-LAN) forward chain (AIF private use only)
-diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
-index beee62d..99735ee 100755
---- a/bin/arno-iptables-firewall
-+++ b/bin/arno-iptables-firewall
-@@ -4769,14 +4769,6 @@ setup_firewall_rules()
- iptables -A FORWARD -o $eif -j EXT_FORWARD_OUT_CHAIN
- done
-
-- # Source the IN/OUT chains for the internal interface(s)
-- ########################################################
-- IFS=' ,'
-- for iif in $INT_IF; do
-- iptables -A FORWARD -i $iif -j INT_FORWARD_IN_CHAIN
-- iptables -A FORWARD -o $iif -j INT_FORWARD_OUT_CHAIN
-- done
--
- # Source the IN/OUT chains for the dmz interface(s)
- ########################################################
- IFS=' ,'
-@@ -5135,8 +5127,6 @@ create_user_chains()
-
- # INT(LAN) chains
- iptables -N INT_INPUT_CHAIN
-- iptables -N INT_FORWARD_IN_CHAIN
-- iptables -N INT_FORWARD_OUT_CHAIN
- iptables -N INT_OUTPUT_CHAIN
-
- # DMZ chains
-@@ -5192,8 +5182,6 @@ flush_user_chains()
-
- # INT(LAN) chains
- iptables -F INT_INPUT_CHAIN
-- iptables -F INT_FORWARD_IN_CHAIN
-- iptables -F INT_FORWARD_OUT_CHAIN
- iptables -F INT_OUTPUT_CHAIN
-
- # DMZ chains
Deleted: branches/1.0/package/arnofw/arnofw-0005-add-LAN_DMZ_ALLOW_IF.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-0005-add-LAN_DMZ_ALLOW_IF.patch 2016-07-12 17:02:11 UTC (rev 7752)
+++ branches/1.0/package/arnofw/arnofw-0005-add-LAN_DMZ_ALLOW_IF.patch 2016-07-13 19:31:55 UTC (rev 7753)
@@ -1,46 +0,0 @@
-diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
-index 0cb5cba..d825c0b 100755
---- a/bin/arno-iptables-firewall
-+++ b/bin/arno-iptables-firewall
-@@ -4814,6 +4814,8 @@ setup_firewall_rules()
- setup_dmz_inet_forward_chain;
- setup_dmz_lan_forward_chain;
-
-+ echo " Allowing LAN->DMZ for LAN interface(s): ${LAN_DMZ_ALLOW_IF:-$INT_IF}"
-+
- IFS=' ,'
- for dif in $DMZ_IF; do
- echo "Applying DMZ FORWARD policy to interface: $dif"
-@@ -4834,8 +4836,13 @@ setup_firewall_rules()
- # Apply policy for DMZ->LAN
- iptables -A FORWARD -i $dif -o $iif -j DMZ_LAN_FORWARD_CHAIN
-
-- # Apply policy for LAN->DMZ (allow all)
-- iptables -A FORWARD -i $iif -o $dif -j ACCEPT
-+ # Apply policy for LAN->DMZ (allow all INT_IF when LAN_DMZ_ALLOW_IF is not defined)
-+ for interface in ${LAN_DMZ_ALLOW_IF:-$INT_IF}; do
-+ if [ "$iif" = "$interface" ]; then
-+ iptables -A FORWARD -i $iif -o $dif -j ACCEPT
-+ break
-+ fi
-+ done
- done
- done
- fi
-diff --git a/etc/arno-iptables-firewall/firewall.conf b/etc/arno-iptables-firewall/firewall.conf
-index 83ef1dc..6d3bd19 100644
---- a/etc/arno-iptables-firewall/firewall.conf
-+++ b/etc/arno-iptables-firewall/firewall.conf
-@@ -125,6 +125,12 @@ DMZ_IF=""
- # -----------------------------------------------------------------------------
- DMZ_NET=""
-
-+# Specify the LAN (INT_IF) interfaces that are allowed full access to the
-+# DMZ interface(s). (LAN to DMZ forwarding policy)
-+# If LAN_DMZ_ALLOW_IF is not defined, all the INT_IF interfaces will be allowed.
-+# -----------------------------------------------------------------------------
-+LAN_DMZ_ALLOW_IF=""
-+
- # Set this variable to 0 to disable antispoof checking for the dmz nets
- # (EXPERT SETTING!)
- # -----------------------------------------------------------------------------
Modified: branches/1.0/package/arnofw/arnofw.mk
===================================================================
--- branches/1.0/package/arnofw/arnofw.mk 2016-07-12 17:02:11 UTC (rev 7752)
+++ branches/1.0/package/arnofw/arnofw.mk 2016-07-13 19:31:55 UTC (rev 7753)
@@ -3,11 +3,11 @@
# Arno's IPtables Firewall Script
#
#############################################################
-ARNOFW_VER := 2.0.1f
+ARNOFW_VER := 2.0.1g-RC1
ARNOFW_ROOT := arno-iptables-firewall
ARNOFW_SOURCE := $(ARNOFW_ROOT)_$(ARNOFW_VER).tar.gz
-ARNOFW_SITE := http://rocky.eld.leidenuniv.nl/arno-iptables-firewall
-#ARNOFW_SITE := http://files.astlinux-project.org
+#ARNOFW_SITE := http://rocky.eld.leidenuniv.nl/arno-iptables-firewall
+ARNOFW_SITE := http://files.astlinux-project.org
ARNOFW_DIR := $(BUILD_DIR)/$(ARNOFW_ROOT)_$(ARNOFW_VER)
ARNOFW_CAT := zcat
ARNOFW_TARGET_BINARY := /usr/sbin/arno-iptables-firewall
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-12 17:02:14
|
Revision: 7752
http://sourceforge.net/p/astlinux/code/7752
Author: abelbeck
Date: 2016-07-12 17:02:11 +0000 (Tue, 12 Jul 2016)
Log Message:
-----------
miniupnpd, include the new NAT_IF variable when start/stopping the AIF plugin
Modified Paths:
--------------
branches/1.0/package/miniupnpd/miniupnpd.init
Modified: branches/1.0/package/miniupnpd/miniupnpd.init
===================================================================
--- branches/1.0/package/miniupnpd/miniupnpd.init 2016-07-12 15:57:50 UTC (rev 7751)
+++ branches/1.0/package/miniupnpd/miniupnpd.init 2016-07-12 17:02:11 UTC (rev 7752)
@@ -48,8 +48,10 @@
# Setup needed AIF variables
EXT_IF=""
+ NAT_IF=""
for intf in $EXTIF $EXT2IF; do
EXT_IF="$EXT_IF${EXT_IF:+ }$intf"
+ NAT_IF="$NAT_IF${NAT_IF:+ }$intf"
done
case $action in
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-12 15:57:53
|
Revision: 7751
http://sourceforge.net/p/astlinux/code/7751
Author: abelbeck
Date: 2016-07-12 15:57:50 +0000 (Tue, 12 Jul 2016)
Log Message:
-----------
arnofw, add support for new NAT_IF variable in AIF, tracks EXT_IF interfaces that are NAT'ed
Modified Paths:
--------------
branches/1.0/package/arnofw/arnofw.wrapper
branches/1.0/package/arnofw/miniupnpd/50miniupnpd.plugin.sh
Modified: branches/1.0/package/arnofw/arnofw.wrapper
===================================================================
--- branches/1.0/package/arnofw/arnofw.wrapper 2016-07-11 13:55:09 UTC (rev 7750)
+++ branches/1.0/package/arnofw/arnofw.wrapper 2016-07-12 15:57:50 UTC (rev 7751)
@@ -160,17 +160,22 @@
if [ -z "$PPPOEIF" ]; then
EXT_IF=""
+ NAT_IF=""
unset IFS
for intf in $EXTIF $EXT2IF; do
EXT_IF="$EXT_IF${EXT_IF:+ }$intf"
+ NAT_IF="$NAT_IF${NAT_IF:+ }$intf"
done
else
EXT_IF="${PPPOE_EXTIF:-ppp+}"
+ NAT_IF="${PPPOE_EXTIF:-ppp+}"
unset IFS
for intf in $EXTIF $EXT2IF; do
case "$intf" in
ppp[0-9]*) ;;
- *) EXT_IF="$EXT_IF $intf" ;;
+ *) EXT_IF="$EXT_IF $intf"
+ NAT_IF="$NAT_IF $intf"
+ ;;
esac
done
fi
Modified: branches/1.0/package/arnofw/miniupnpd/50miniupnpd.plugin.sh
===================================================================
--- branches/1.0/package/arnofw/miniupnpd/50miniupnpd.plugin.sh 2016-07-11 13:55:09 UTC (rev 7750)
+++ branches/1.0/package/arnofw/miniupnpd/50miniupnpd.plugin.sh 2016-07-12 15:57:50 UTC (rev 7751)
@@ -2,14 +2,14 @@
# -= Arno's iptables firewall - MiniUPnPd plugin =-
#
PLUGIN_NAME="MiniUPnPd plugin"
-PLUGIN_VERSION="1.0"
+PLUGIN_VERSION="1.01"
PLUGIN_CONF_FILE="miniupnpd.conf"
#
-# Last changed : July 6, 2012
+# Last changed : July 12, 2016
# Requirements : AIF 2.0.0+ with miniupnpd daemon
# Comments : Setup of the iptables chains that the miniupnpd daemon manages
#
-# Author : (C) Copyright 2012 by Lonnie Abelbeck & Arno van Amersfoort
+# Author : (C) Copyright 2012-2016 by Lonnie Abelbeck & Arno van Amersfoort
# Homepage : http://rocky.eld.leidenuniv.nl/
# Freshmeat homepage : http://freshmeat.net/projects/iptables-firewall/?topic_id=151
# Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
@@ -67,7 +67,7 @@
# Reconnect both MINIUPNPD chains, flushed on a restart
IFS=' ,'
- for eif in $EXT_IF; do
+ for eif in ${NAT_IF:-$EXT_IF}; do
ip4tables -t nat -A POST_NAT_PREROUTING_CHAIN -i $eif -j MINIUPNPD
ip4tables -A POST_FORWARD_CHAIN -i $eif ! -o $eif -j MINIUPNPD
@@ -89,7 +89,7 @@
fi
IFS=' ,'
- for eif in $EXT_IF; do
+ for eif in ${NAT_IF:-$EXT_IF}; do
ip4tables -t nat -D POST_NAT_PREROUTING_CHAIN -i $eif -j MINIUPNPD
ip4tables -D POST_FORWARD_CHAIN -i $eif ! -o $eif -j MINIUPNPD
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-11 13:55:12
|
Revision: 7750
http://sourceforge.net/p/astlinux/code/7750
Author: abelbeck
Date: 2016-07-11 13:55:09 +0000 (Mon, 11 Jul 2016)
Log Message:
-----------
avahi, include David Kerr's upstream avahi pull-request adding a reflect-filter
https://github.com/lathiat/avahi/pull/62
Added Paths:
-----------
branches/1.0/package/avahi/avahi-reflect-filter_PR62.patch
Removed Paths:
-------------
branches/1.0/package/avahi/avahi-Filtering-Reflector-Advertisements.patch
branches/1.0/package/avahi/avahi-airplay-service.patch
Deleted: branches/1.0/package/avahi/avahi-Filtering-Reflector-Advertisements.patch
===================================================================
--- branches/1.0/package/avahi/avahi-Filtering-Reflector-Advertisements.patch 2016-07-10 19:41:49 UTC (rev 7749)
+++ branches/1.0/package/avahi/avahi-Filtering-Reflector-Advertisements.patch 2016-07-11 13:55:09 UTC (rev 7750)
@@ -1,182 +0,0 @@
-From 0e9f40ff16f2d1582b3e1200a7a35f83f216f4f2 Mon Sep 17 00:00:00 2001
-From: James Rudd <Jam...@sb...>
-Date: Mon, 25 Aug 2014 16:23:33 +1000
-Subject: [[PATCH] Filtering Reflector Advertisements] Filtering Reflector
- Advertisements
-
-Allows Avahi-Daemon to filter which advertisements are added to the cache to be reflected to different networks.
-It checks incoming service names against a list defined in avahi-daemon.conf [reflector] reflect-filters.
-The list can be types of services or can contain hostnames to match.
-For example we only allow AirPlay and AirTunes to be reflected between VLANs, so have "_airplay._tcp.local,_raop._tcp.local" set.
-
-The patch will block the PTR and SRV advertisements but will still allow A records for machine name lookup.
-All locally published services are still published even if they do not match the filter.
-
-The filter also blocks local programs from seeing advertised programs so it is recommend to only enable it on a dedicated bonjour reflector server.
-
-Signed-off-by: James Rudd <Jam...@sb...>
----
- avahi-core/core.h | 1 +
- avahi-core/server.c | 42 +++++++++++++++++++++++++++++++++++++++++-
- avahi-daemon/avahi-daemon.conf | 1 +
- avahi-daemon/main.c | 12 ++++++++++++
- man/avahi-daemon.conf.5.xml.in | 10 ++++++++++
- 5 files changed, 65 insertions(+), 1 deletion(-)
-
-diff --git a/avahi-core/core.h b/avahi-core/core.h
-index f50c612..1ebd27a 100644
---- a/avahi-core/core.h
-+++ b/avahi-core/core.h
-@@ -56,6 +56,7 @@ typedef struct AvahiServerConfig {
- int use_iff_running; /**< Require IFF_RUNNING on local network interfaces. This is the official way to check for link beat. Unfortunately this doesn't work with all drivers. So bettere leave this off. */
- int enable_reflector; /**< Reflect incoming mDNS traffic to all local networks. This allows mDNS based network browsing beyond ethernet borders */
- int reflect_ipv; /**< if enable_reflector is 1, enable/disable reflecting between IPv4 and IPv6 */
-+ AvahiStringList *reflect_filters; /**< if enable_reflector is 1, will only add services containing one of these strings */
- int add_service_cookie; /**< Add magic service cookie to all locally generated records implicitly */
- int enable_wide_area; /**< Enable wide area support */
- AvahiAddress wide_area_servers[AVAHI_WIDE_AREA_SERVERS_MAX]; /** Unicast DNS server to use for wide area lookup */
-diff --git a/avahi-core/server.c b/avahi-core/server.c
-index 69a1d02..81725ac 100644
---- a/avahi-core/server.c
-+++ b/avahi-core/server.c
-@@ -674,6 +674,34 @@ static void handle_response_packet(AvahiServer *s, AvahiDnsPacket *p, AvahiInter
- }
-
- if (!avahi_key_is_pattern(record->key)) {
-+ // Filter services that will be cached. Allow all local services
-+ if (!from_local_iface && s->config.enable_reflector && s->config.reflect_filters != NULL){
-+ AvahiStringList *l;
-+ int match = 0;
-+
-+ if (record->key->type == AVAHI_DNS_TYPE_PTR){
-+ // Need to match DNS pointer target with filter
-+ for (l = s->config.reflect_filters; l; l = l->next)
-+ if (strstr( record->data.ptr.name, (char*) l->text) != NULL)
-+ match = 1;
-+
-+ if (! match){
-+ //avahi_log_info("Reject Ptr SRC [%s] Dest [%s]", record->key->name, record->data.ptr.name);
-+ return;
-+ }
-+ }
-+ else if (record->key->type == AVAHI_DNS_TYPE_SRV || record->key->type == AVAHI_DNS_TYPE_TXT){
-+ // Need to match key name with filter
-+ for (l = s->config.reflect_filters; l; l = l->next)
-+ if (strstr( record->key->name, (char*) l->text) != NULL)
-+ match = 1;
-+
-+ if (! match){
-+ //avahi_log_info("Reject Key [%s] iface [%d]", record->key->name, from_local_iface);
-+ return;
-+ }
-+ }
-+ }
-
- if (handle_conflict(s, i, record, cache_flush)) {
- if (!from_local_iface && !avahi_record_is_link_local_address(record))
-@@ -1589,6 +1617,7 @@ AvahiServerConfig* avahi_server_config_init(AvahiServerConfig *c) {
- c->use_iff_running = 0;
- c->enable_reflector = 0;
- c->reflect_ipv = 0;
-+ c->reflect_filters = NULL;
- c->add_service_cookie = 0;
- c->enable_wide_area = 0;
- c->n_wide_area_servers = 0;
-@@ -1611,13 +1640,14 @@ void avahi_server_config_free(AvahiServerConfig *c) {
- avahi_free(c->host_name);
- avahi_free(c->domain_name);
- avahi_string_list_free(c->browse_domains);
-+ avahi_string_list_free(c->reflect_filters);
- avahi_string_list_free(c->allow_interfaces);
- avahi_string_list_free(c->deny_interfaces);
- }
-
- AvahiServerConfig* avahi_server_config_copy(AvahiServerConfig *ret, const AvahiServerConfig *c) {
- char *d = NULL, *h = NULL;
-- AvahiStringList *browse = NULL, *allow = NULL, *deny = NULL;
-+ AvahiStringList *browse = NULL, *allow = NULL, *deny = NULL, *reflect = NULL ;
- assert(ret);
- assert(c);
-
-@@ -1652,12 +1682,22 @@ AvahiServerConfig* avahi_server_config_copy(AvahiServerConfig *ret, const AvahiS
- return NULL;
- }
-
-+ if (!(reflect = avahi_string_list_copy(c->reflect_filters)) && c->reflect_filters) {
-+ avahi_string_list_free(allow);
-+ avahi_string_list_free(browse);
-+ avahi_string_list_free(deny);
-+ avahi_free(h);
-+ avahi_free(d);
-+ return NULL;
-+ }
-+
- *ret = *c;
- ret->host_name = h;
- ret->domain_name = d;
- ret->browse_domains = browse;
- ret->allow_interfaces = allow;
- ret->deny_interfaces = deny;
-+ ret->reflect_filters = reflect;
-
- return ret;
- }
-diff --git a/avahi-daemon/avahi-daemon.conf b/avahi-daemon/avahi-daemon.conf
-index 27e240d..662fd69 100644
---- a/avahi-daemon/avahi-daemon.conf
-+++ b/avahi-daemon/avahi-daemon.conf
-@@ -57,6 +57,7 @@ publish-workstation=no
- [reflector]
- #enable-reflector=no
- #reflect-ipv=no
-+#reflect-filters=_airplay._tcp.local,_raop._tcp.local
-
- [rlimits]
- #rlimit-as=
-diff --git a/avahi-daemon/main.c b/avahi-daemon/main.c
-index 8c28fd6..2676133 100644
---- a/avahi-daemon/main.c
-+++ b/avahi-daemon/main.c
-@@ -826,6 +826,18 @@ static int load_config_file(DaemonConfig *c) {
- c->server_config.enable_reflector = is_yes(p->value);
- else if (strcasecmp(p->key, "reflect-ipv") == 0)
- c->server_config.reflect_ipv = is_yes(p->value);
-+ else if (strcasecmp(p->key, "reflect-filters") == 0) {
-+ char **e, **t;
-+
-+ avahi_string_list_free(c->server_config.reflect_filters);
-+ c->server_config.reflect_filters = NULL;
-+ e = avahi_split_csv(p->value);
-+
-+ for (t = e; *t; t++)
-+ c->server_config.reflect_filters = avahi_string_list_add(c->server_config.reflect_filters, *t);
-+
-+ avahi_strfreev(e);
-+ }
- else {
- avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name);
- goto finish;
-diff --git a/man/avahi-daemon.conf.5.xml.in b/man/avahi-daemon.conf.5.xml.in
-index 2d15017..c3eeff4 100644
---- a/man/avahi-daemon.conf.5.xml.in
-+++ b/man/avahi-daemon.conf.5.xml.in
-@@ -327,6 +327,16 @@
- enabled, avahi-daemon will forward mDNS traffic between IPv4
- and IPv6, which is usually not recommended. Defaults to "no".</p>
- </option>
-+
-+ <option>
-+ <p><opt>reflect-filters=</opt> Set a comma separated list of
-+ allowed service names to be reflected. Each service that is
-+ seen must match an entry in this list to be reflected to other
-+ networks. This list can match the type of service or the name
-+ of the machine providing the service. Defaults to allowing all
-+ services.</p>
-+
-+ </option>
- </section>
-
- <section name="Section [rlimits]">
---
-1.9.1
-
Deleted: branches/1.0/package/avahi/avahi-airplay-service.patch
===================================================================
--- branches/1.0/package/avahi/avahi-airplay-service.patch 2016-07-10 19:41:49 UTC (rev 7749)
+++ branches/1.0/package/avahi/avahi-airplay-service.patch 2016-07-11 13:55:09 UTC (rev 7750)
@@ -1,12 +0,0 @@
-diff --git a/service-type-database/service-types b/service-type-database/service-types
-index 6e7e2cd..54719af 100644
---- a/service-type-database/service-types
-+++ b/service-type-database/service-types
-@@ -139,6 +139,7 @@ _realplayfavs._tcp:RealPlayer Shared Favorites
- _realplayfavs._tcp[it]:RealPlayer - Preferiti Condivisi
-
- _raop._tcp:AirTunes Remote Audio
-+_airplay._tcp:AirPlay Remote Video
-
- _rtsp._tcp:RTSP Realtime Streaming Server
- _rtp._udp:RTP Realtime Streaming Server
Added: branches/1.0/package/avahi/avahi-reflect-filter_PR62.patch
===================================================================
--- branches/1.0/package/avahi/avahi-reflect-filter_PR62.patch (rev 0)
+++ branches/1.0/package/avahi/avahi-reflect-filter_PR62.patch 2016-07-11 13:55:09 UTC (rev 7750)
@@ -0,0 +1,281 @@
+From d195ac7ddd53ac457c282581783ef5cd756b9608 Mon Sep 17 00:00:00 2001
+From: David Kerr <da...@ke...>
+Date: Sat, 2 Jul 2016 14:05:24 -0400
+Subject: [PATCH 1/3] Add service types to database for audio streaming, device
+ info, amazon fire and qnap nas devices.
+
+---
+ service-type-database/service-types | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/service-type-database/service-types b/service-type-database/service-types
+index 6e7e2cd..4bbf52a 100644
+--- a/service-type-database/service-types
++++ b/service-type-database/service-types
+@@ -139,6 +139,7 @@ _realplayfavs._tcp:RealPlayer Shared Favorites
+ _realplayfavs._tcp[it]:RealPlayer - Preferiti Condivisi
+
+ _raop._tcp:AirTunes Remote Audio
++_airplay._tcp:AirPlay Remote Video
+
+ _rtsp._tcp:RTSP Realtime Streaming Server
+ _rtp._udp:RTP Realtime Streaming Server
+@@ -216,6 +217,10 @@ _adobe-vc._tcp:Adobe Version Cue
+
+ _home-sharing._tcp:Apple Home Sharing
+
++_amzn-wplay._tcp:Amazon Fire TV
++
++_qdiscover._tcp:QNAP NAS
++
+
+ # Other
+
+@@ -231,3 +236,6 @@ _tp-https._tcp:Thousand Parsec Server (Secure HTTP Tunnel)
+ _shifter._tcp:Window Shifter
+
+ _libvirt._tcp:Virtual Machine Manager
++
++_device-info._tcp:Device Info
++
+
+From d9caeb59739c4e8af6b0dfbffff8e4ed365d3beb Mon Sep 17 00:00:00 2001
+From: David Kerr <da...@ke...>
+Date: Sat, 2 Jul 2016 18:14:24 -0400
+Subject: [PATCH 2/3] Adds support for filtering reflector advertisements This
+ enhancement is provided courtesy of James Rudd <Jam...@sb...>
+ and http://jrudd.org/2014/08/avahi-reflector-filtering-patch/
+
+Allows Avahi-Daemon to filter which advertisements are added to the cache to be reflected to different networks.
+It checks incoming service names against a list defined in avahi-daemon.conf [reflector] reflect-filters.
+The list can be types of services or can contain hostnames to match.
+For example if we only allow AirPlay and AirTunes to be reflected between VLANs, so have "_airplay._tcp.local,_raop._tcp.local" set.
+For AirPrint set "_printer._tcp.local,_ipp._tcp.local,_pdl-datastream._tcp.local"
+Remember to set firewall to permit traffic between LANs for the corresponding ports.
+
+The patch will block the PTR and SRV advertisements but will still allow A records for machine name lookup.
+All locally published services are still published even if they do not match the filter.
+
+The filter also blocks local programs from seeing advertised programs so it is recommend to only enable it on a dedicated bonjour reflector server.
+---
+ avahi-core/core.h | 1 +
+ avahi-core/server.c | 48 ++++++++++++++++++++++++++++++++++++-
+ avahi-daemon/avahi-daemon.conf | 1 +
+ avahi-daemon/main.c | 12 ++++++++++
+ man/avahi-daemon.conf.5.xml.in | 10 ++++++++
+ service-type-database/service-types | 1 -
+ 6 files changed, 71 insertions(+), 2 deletions(-)
+
+diff --git a/avahi-core/core.h b/avahi-core/core.h
+index f50c612..1ebd27a 100644
+--- a/avahi-core/core.h
++++ b/avahi-core/core.h
+@@ -56,6 +56,7 @@ typedef struct AvahiServerConfig {
+ int use_iff_running; /**< Require IFF_RUNNING on local network interfaces. This is the official way to check for link beat. Unfortunately this doesn't work with all drivers. So bettere leave this off. */
+ int enable_reflector; /**< Reflect incoming mDNS traffic to all local networks. This allows mDNS based network browsing beyond ethernet borders */
+ int reflect_ipv; /**< if enable_reflector is 1, enable/disable reflecting between IPv4 and IPv6 */
++ AvahiStringList *reflect_filters; /**< if enable_reflector is 1, will only add services containing one of these strings */
+ int add_service_cookie; /**< Add magic service cookie to all locally generated records implicitly */
+ int enable_wide_area; /**< Enable wide area support */
+ AvahiAddress wide_area_servers[AVAHI_WIDE_AREA_SERVERS_MAX]; /** Unicast DNS server to use for wide area lookup */
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index a2cb19a..1a91907 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -674,6 +674,40 @@ static void handle_response_packet(AvahiServer *s, AvahiDnsPacket *p, AvahiInter
+ }
+
+ if (!avahi_key_is_pattern(record->key)) {
++ // Filter services that will be cached. Allow all local services
++ if (!from_local_iface && s->config.enable_reflector && s->config.reflect_filters != NULL){
++ AvahiStringList *l;
++ int match = 0;
++
++ if (record->key->type == AVAHI_DNS_TYPE_PTR){
++ // Need to match DNS pointer target with filter
++ for (l = s->config.reflect_filters; l; l = l->next) {
++ if (strstr( record->data.ptr.name, (char*) l->text) != NULL) {
++ match = 1;
++ break;
++ }
++ }
++
++ if (! match){
++ //avahi_log_info("Reject Ptr SRC [%s] Dest [%s]", record->key->name, record->data.ptr.name);
++ return;
++ }
++ }
++ else if (record->key->type == AVAHI_DNS_TYPE_SRV || record->key->type == AVAHI_DNS_TYPE_TXT){
++ // Need to match key name with filter
++ for (l = s->config.reflect_filters; l; l = l->next) {
++ if (strstr( record->key->name, (char*) l->text) != NULL) {
++ match = 1;
++ break;
++ }
++ }
++
++ if (! match){
++ //avahi_log_info("Reject Key [%s] iface [%d]", record->key->name, from_local_iface);
++ return;
++ }
++ }
++ }
+
+ if (handle_conflict(s, i, record, cache_flush)) {
+ if (!from_local_iface && !avahi_record_is_link_local_address(record))
+@@ -1589,6 +1623,7 @@ AvahiServerConfig* avahi_server_config_init(AvahiServerConfig *c) {
+ c->use_iff_running = 0;
+ c->enable_reflector = 0;
+ c->reflect_ipv = 0;
++ c->reflect_filters = NULL;
+ c->add_service_cookie = 0;
+ c->enable_wide_area = 0;
+ c->n_wide_area_servers = 0;
+@@ -1611,13 +1646,14 @@ void avahi_server_config_free(AvahiServerConfig *c) {
+ avahi_free(c->host_name);
+ avahi_free(c->domain_name);
+ avahi_string_list_free(c->browse_domains);
++ avahi_string_list_free(c->reflect_filters);
+ avahi_string_list_free(c->allow_interfaces);
+ avahi_string_list_free(c->deny_interfaces);
+ }
+
+ AvahiServerConfig* avahi_server_config_copy(AvahiServerConfig *ret, const AvahiServerConfig *c) {
+ char *d = NULL, *h = NULL;
+- AvahiStringList *browse = NULL, *allow = NULL, *deny = NULL;
++ AvahiStringList *browse = NULL, *allow = NULL, *deny = NULL, *reflect = NULL ;
+ assert(ret);
+ assert(c);
+
+@@ -1652,12 +1688,22 @@ AvahiServerConfig* avahi_server_config_copy(AvahiServerConfig *ret, const AvahiS
+ return NULL;
+ }
+
++ if (!(reflect = avahi_string_list_copy(c->reflect_filters)) && c->reflect_filters) {
++ avahi_string_list_free(allow);
++ avahi_string_list_free(browse);
++ avahi_string_list_free(deny);
++ avahi_free(h);
++ avahi_free(d);
++ return NULL;
++ }
++
+ *ret = *c;
+ ret->host_name = h;
+ ret->domain_name = d;
+ ret->browse_domains = browse;
+ ret->allow_interfaces = allow;
+ ret->deny_interfaces = deny;
++ ret->reflect_filters = reflect;
+
+ return ret;
+ }
+diff --git a/avahi-daemon/avahi-daemon.conf b/avahi-daemon/avahi-daemon.conf
+index 95166f8..2c6c1fc 100644
+--- a/avahi-daemon/avahi-daemon.conf
++++ b/avahi-daemon/avahi-daemon.conf
+@@ -57,6 +57,7 @@ publish-workstation=no
+ [reflector]
+ #enable-reflector=no
+ #reflect-ipv=no
++#reflect-filters=_airplay._tcp.local,_raop._tcp.local
+
+ [rlimits]
+ #rlimit-as=
+diff --git a/avahi-daemon/main.c b/avahi-daemon/main.c
+index 10cb41e..346338f 100644
+--- a/avahi-daemon/main.c
++++ b/avahi-daemon/main.c
+@@ -826,6 +826,18 @@ static int load_config_file(DaemonConfig *c) {
+ c->server_config.enable_reflector = is_yes(p->value);
+ else if (strcasecmp(p->key, "reflect-ipv") == 0)
+ c->server_config.reflect_ipv = is_yes(p->value);
++ else if (strcasecmp(p->key, "reflect-filters") == 0) {
++ char **e, **t;
++
++ avahi_string_list_free(c->server_config.reflect_filters);
++ c->server_config.reflect_filters = NULL;
++ e = avahi_split_csv(p->value);
++
++ for (t = e; *t; t++)
++ c->server_config.reflect_filters = avahi_string_list_add(c->server_config.reflect_filters, *t);
++
++ avahi_strfreev(e);
++ }
+ else {
+ avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name);
+ goto finish;
+diff --git a/man/avahi-daemon.conf.5.xml.in b/man/avahi-daemon.conf.5.xml.in
+index 2d15017..dd91e60 100644
+--- a/man/avahi-daemon.conf.5.xml.in
++++ b/man/avahi-daemon.conf.5.xml.in
+@@ -327,6 +327,16 @@
+ enabled, avahi-daemon will forward mDNS traffic between IPv4
+ and IPv6, which is usually not recommended. Defaults to "no".</p>
+ </option>
++
++ <option>
++ <p><opt>reflect-filters=</opt> Set a comma separated list of
++ allowed service names to be reflected. Each service that is
++ seen must match an entry in this list to be reflected to other
++ networks. This list can match the type of service or the name
++ of the machine providing the service. Defaults to allowing all
++ services.</p>
++
++ </option>
+ </section>
+
+ <section name="Section [rlimits]">
+diff --git a/service-type-database/service-types b/service-type-database/service-types
+index 4bbf52a..0b99d40 100644
+--- a/service-type-database/service-types
++++ b/service-type-database/service-types
+@@ -238,4 +238,3 @@ _shifter._tcp:Window Shifter
+ _libvirt._tcp:Virtual Machine Manager
+
+ _device-info._tcp:Device Info
+-
+
+From c8723de8100cac0449514e095caa45eb6af416c6 Mon Sep 17 00:00:00 2001
+From: David Kerr <da...@ke...>
+Date: Sun, 3 Jul 2016 21:46:11 -0400
+Subject: [PATCH 3/3] Uncommented the info messages and changed them to debug
+ messages. Added debug message for matches as well as rejects. I have found
+ that it is extremely useful to see what mDNS-SD messages are matched or
+ rejected in order to debug service discovery and therefore it is best if
+ these messages can be turned on with the --debug flag as necessary.
+
+---
+ avahi-core/server.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index 1a91907..018429c 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -689,9 +689,11 @@ static void handle_response_packet(AvahiServer *s, AvahiDnsPacket *p, AvahiInter
+ }
+
+ if (! match){
+- //avahi_log_info("Reject Ptr SRC [%s] Dest [%s]", record->key->name, record->data.ptr.name);
++ avahi_log_debug("Reject Ptr SRC [%s] Dest [%s]", record->key->name, record->data.ptr.name);
+ return;
+ }
++ else
++ avahi_log_debug("Match Ptr SRC [%s] Dest [%s]", record->key->name, record->data.ptr.name);
+ }
+ else if (record->key->type == AVAHI_DNS_TYPE_SRV || record->key->type == AVAHI_DNS_TYPE_TXT){
+ // Need to match key name with filter
+@@ -703,9 +705,11 @@ static void handle_response_packet(AvahiServer *s, AvahiDnsPacket *p, AvahiInter
+ }
+
+ if (! match){
+- //avahi_log_info("Reject Key [%s] iface [%d]", record->key->name, from_local_iface);
++ avahi_log_debug("Reject Key [%s] iface [%d]", record->key->name, from_local_iface);
+ return;
+ }
++ else
++ avahi_log_debug("Match Key [%s] iface [%d]", record->key->name, from_local_iface);
+ }
+ }
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-10 19:41:52
|
Revision: 7749
http://sourceforge.net/p/astlinux/code/7749
Author: abelbeck
Date: 2016-07-10 19:41:49 +0000 (Sun, 10 Jul 2016)
Log Message:
-----------
update ChangeLog
Modified Paths:
--------------
branches/1.0/docs/ChangeLog.txt
Modified: branches/1.0/docs/ChangeLog.txt
===================================================================
--- branches/1.0/docs/ChangeLog.txt 2016-07-10 19:33:43 UTC (rev 7748)
+++ branches/1.0/docs/ChangeLog.txt 2016-07-10 19:41:49 UTC (rev 7749)
@@ -10,7 +10,27 @@
Released @TBD@
+** System
+-- (no change)
+
+** Networking
+
+-- (no change)
+
+** Asterisk
+
+-- Asterisk 1.8.32.3 (no change), 11.22.0 (no change) and 13.9.1 (no change)
+
+-- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change)
+
+-- pjsip 2.4.5 (no change)
+
+** Web Interface
+
+-- Network -> Firewall sub-tab, add "Deny LAN to DMZ" option for specified LAN Interfaces.
+
+
Additions for AstLinux 1.2.7:
=============================
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-10 19:33:46
|
Revision: 7748
http://sourceforge.net/p/astlinux/code/7748
Author: abelbeck
Date: 2016-07-10 19:33:43 +0000 (Sun, 10 Jul 2016)
Log Message:
-----------
web interface, Firewall sub-tab, add 'Deny LAN to DMZ' option for specified LAN Interfaces
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/firewall.php
branches/1.0/package/webinterface/altweb/common/version.php
Modified: branches/1.0/package/webinterface/altweb/admin/firewall.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/firewall.php 2016-07-10 15:10:17 UTC (rev 7747)
+++ branches/1.0/package/webinterface/altweb/admin/firewall.php 2016-07-10 19:33:43 UTC (rev 7748)
@@ -21,6 +21,7 @@
// 01-27-2014, Added "Log Denied DMZ interface packets"
// 06-08-2014, Added support for multiple "Allow OpenVPN" LAN interfaces
// 06-12-2016, Added "Pass LAN->LAN" action
+// 07-10-2016, Added Deny LAN to DMZ for specified LAN Interfaces
//
// System location of /mnt/kd/rc.conf.d directory
$FIREWALLCONFDIR = '/mnt/kd/rc.conf.d';
@@ -85,23 +86,23 @@
'41' => '6to4'
);
-$allowlans_label = array (
+$lan_permutations_label = array (
+ 'INTIF' => '1st',
+ 'INT2IF' => '2nd',
+ 'INT3IF' => '3rd',
'INTIF INT2IF' => '1st and 2nd',
'INTIF INT3IF' => '1st and 3rd',
'INT2IF INT3IF' => '2nd and 3rd',
- 'INTIF INT2IF~INTIF INT3IF' => '1st and 2nd, 1st and 3rd',
- 'INTIF INT2IF~INT2IF INT3IF' => '1st and 2nd, 2nd and 3rd',
- 'INTIF INT3IF~INT2IF INT3IF' => '1st and 3rd, 2nd and 3rd',
'INTIF INT2IF INT3IF' => '1st and 2nd and 3rd'
);
-$vpn_allowlan_label = array (
- 'INTIF' => '1st',
- 'INT2IF' => '2nd',
- 'INT3IF' => '3rd',
+$allowlans_label = array (
'INTIF INT2IF' => '1st and 2nd',
'INTIF INT3IF' => '1st and 3rd',
'INT2IF INT3IF' => '2nd and 3rd',
+ 'INTIF INT2IF~INTIF INT3IF' => '1st and 2nd, 1st and 3rd',
+ 'INTIF INT2IF~INT2IF INT3IF' => '1st and 2nd, 2nd and 3rd',
+ 'INTIF INT3IF~INT2IF INT3IF' => '1st and 3rd, 2nd and 3rd',
'INTIF INT2IF INT3IF' => '1st and 2nd and 3rd'
);
@@ -294,6 +295,8 @@
fwrite($fp, $value."\n");
$value = 'DMZ_INET_DEFAULT_POLICY_DROP="'.$_POST['dmz_DP'].'"';
fwrite($fp, $value."\n");
+ $value = 'DMZ_DENYLAN="'.(isset($_POST['is_dmz_denylan']) ? $_POST['dmz_denylan'] : '').'"';
+ fwrite($fp, $value."\n");
$value = 'ALLOWLANS="'.(isset($_POST['is_allowlans']) ? $_POST['allowlans'] : '').'"';
fwrite($fp, $value."\n");
$value = 'OVPNC_ALLOWLAN="'.(isset($_POST['is_ovpnc_allowlan']) ? $_POST['ovpnc_allowlan'] : '').'"';
@@ -995,6 +998,18 @@
putHtml('</td></tr>');
putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">');
+ $dmz_denylan = getVARdef($vars, 'DMZ_DENYLAN');
+ $sel = ($dmz_denylan !== '') ? ' checked="checked"' : '';
+ putHtml('<input type="checkbox" value="is_dmz_denylan" name="is_dmz_denylan"'.$sel.' /></td><td>Deny LAN to DMZ for the');
+ putHtml('<select name="dmz_denylan">');
+ foreach ($lan_permutations_label as $key => $value) {
+ $sel = ($dmz_denylan === $key) ? ' selected="selected"' : '';
+ putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
+ }
+ putHtml('</select>');
+ putHtml('LAN Interface(s)</td></tr>');
+
+ putHtml('<tr class="dtrow1"><td width="75" style="text-align: right;">');
$allowlans = getVARdef($vars, 'ALLOWLANS');
$sel = ($allowlans !== '') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="is_allowlans" name="is_allowlans"'.$sel.' /></td><td>Allow LAN to LAN for the');
@@ -1011,7 +1026,7 @@
$sel = ($ovpn_allowlan !== '') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="is_ovpnc_allowlan" name="is_ovpnc_allowlan"'.$sel.' /></td><td>Allow OpenVPN Client tunnel to the');
putHtml('<select name="ovpnc_allowlan">');
- foreach ($vpn_allowlan_label as $key => $value) {
+ foreach ($lan_permutations_label as $key => $value) {
$sel = ($ovpn_allowlan === $key) ? ' selected="selected"' : '';
putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
}
@@ -1023,7 +1038,7 @@
$sel = ($ovpn_allowlan !== '') ? ' checked="checked"' : '';
putHtml('<input type="checkbox" value="is_ovpn_allowlan" name="is_ovpn_allowlan"'.$sel.' /></td><td>Allow OpenVPN Server tunnel to the');
putHtml('<select name="ovpn_allowlan">');
- foreach ($vpn_allowlan_label as $key => $value) {
+ foreach ($lan_permutations_label as $key => $value) {
$sel = ($ovpn_allowlan === $key) ? ' selected="selected"' : '';
putHtml('<option value="'.$key.'"'.$sel.'>'.$value.'</option>');
}
Modified: branches/1.0/package/webinterface/altweb/common/version.php
===================================================================
--- branches/1.0/package/webinterface/altweb/common/version.php 2016-07-10 15:10:17 UTC (rev 7747)
+++ branches/1.0/package/webinterface/altweb/common/version.php 2016-07-10 19:33:43 UTC (rev 7748)
@@ -1,6 +1,6 @@
<?php
// version.php for AstLinux Alternate Web Interface
-$GUI_VERSION = '1.8.37';
+$GUI_VERSION = '1.8.38';
?>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-10 15:10:20
|
Revision: 7747
http://sourceforge.net/p/astlinux/code/7747
Author: abelbeck
Date: 2016-07-10 15:10:17 +0000 (Sun, 10 Jul 2016)
Log Message:
-----------
arnofw, add Deny LAN to DMZ traffic for internal interfaces, rc.conf variable DMZ_DENYLAN, defaults to allow as before. Simple rework of the astlinux.shim script making all the intermediate variables 'local' so as not to appear in the AIF script.
Modified Paths:
--------------
branches/1.0/package/arnofw/arnofw.wrapper
branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
Modified: branches/1.0/package/arnofw/arnofw.wrapper
===================================================================
--- branches/1.0/package/arnofw/arnofw.wrapper 2016-07-09 16:14:30 UTC (rev 7746)
+++ branches/1.0/package/arnofw/arnofw.wrapper 2016-07-10 15:10:17 UTC (rev 7747)
@@ -1,9 +1,11 @@
-#
-# In this shim, we're invoked after /etc/arno-iptables-firewall/firewall.conf
-# has been read. We then read /etc/rc.conf, and paste in variables from
-# the latter file that will override whatever values were configured in
-# firewall.conf.
-#
+##
+## Custom AstLinux Variables -> AIF Configuration
+##
+## This script is called by AIF as a LOCAL_CONFIG_FILE which occurs after
+## the /etc/arno-iptables-firewall/firewall.conf defaults are read.
+## The AstLinux variables are then sourced from /etc/rc.conf, which together
+## with this script allows AIF variables to be configured as needed.
+##
. /etc/rc.conf
@@ -25,7 +27,7 @@
isNATinterface()
{
# args: IF
- local IFS
+ local intf IFS
unset IFS
for intf in $NONAT; do
@@ -40,9 +42,10 @@
addINTERNALnet()
{
# args: IF, IP, NM
+ local NETWORK PREFIX
+
if [ -n "$1" -a "$1" != "none" -a -n "$2" -a -n "$3" ]; then
- local NETWORK PREFIX
- eval `ipcalc -np $2 $3`
+ eval $(ipcalc -np $2 $3)
INT_IF="$INT_IF${INT_IF:+ }$1"
INTERNAL_NET="$INTERNAL_NET${INTERNAL_NET:+ }$NETWORK/$PREFIX"
@@ -56,9 +59,10 @@
addNOnatINTERNALnet()
{
# args: IF, IP, NM
+ local NETWORK PREFIX
+
if [ -n "$1" -a "$1" != "none" -a -n "$2" -a -n "$3" ]; then
- local NETWORK PREFIX
- eval `ipcalc -np $2 $3`
+ eval $(ipcalc -np $2 $3)
INT_IF="$INT_IF${INT_IF:+ }$1"
INTERNAL_NET="$INTERNAL_NET${INTERNAL_NET:+ }$NETWORK/$PREFIX"
@@ -68,9 +72,10 @@
setDMZnet()
{
# args: IF, IP, NM
+ local NETWORK PREFIX
+
if [ -n "$1" -a "$1" != "none" -a -n "$2" -a -n "$3" ]; then
- local NETWORK PREFIX
- eval `ipcalc -np $2 $3`
+ eval $(ipcalc -np $2 $3)
DMZ_IF="$1"
DMZ_NET="$NETWORK/$PREFIX"
@@ -95,9 +100,10 @@
setIPSECnet()
{
# args: IP, NM
+ local NETWORK PREFIX
+
if [ -n "$1" -a -n "$2" ]; then
- local NETWORK PREFIX
- eval `ipcalc -np $1 $2`
+ eval $(ipcalc -np $1 $2)
NAT_INTERNAL_NET="$NAT_INTERNAL_NET${NAT_INTERNAL_NET:+ }$NETWORK/$PREFIX"
NAT=1
@@ -106,8 +112,9 @@
getLANinterface()
{
+ # args: LAN
local lanif=""
-
+
case $1 in
INTIF)
lanif="$INTIF"
@@ -123,7 +130,7 @@
if [ -z "$lanif" ]; then
return 1
fi
-
+
echo "$lanif"
return 0
}
@@ -141,172 +148,194 @@
esac
}
-## Disable TOS mangling
-MANGLE_TOS=0
+astlinux_wrapper()
+{
+ local intf lan lans extCIDR ovpnIF ovpnIP ovpnNM allowif allowifs denyif count IFS
-if [ "$IPV6" = "yes" ]; then
- IPV6_SUPPORT=1
-fi
+ MANGLE_TOS=0
-if [ -z "$PPPOEIF" ]; then
- EXT_IF=""
- unset IFS
- for intf in $EXTIF $EXT2IF; do
- EXT_IF="$EXT_IF${EXT_IF:+ }$intf"
- done
-else
- EXT_IF="${PPPOE_EXTIF:-ppp+}"
- unset IFS
- for intf in $EXTIF $EXT2IF; do
- case "$intf" in
- ppp[0-9]*) ;;
- *) EXT_IF="$EXT_IF $intf" ;;
- esac
- done
-fi
+ if [ "$IPV6" = "yes" ]; then
+ IPV6_SUPPORT=1
+ fi
-# Add external interface 'ip6tun' if an IPv6 tunnel is defined
-if [ "$IPV6" = "yes" -a -n "$IPV6_TUNNEL" ]; then
- EXT_IF="$EXT_IF ip6tun"
-fi
+ if [ -z "$PPPOEIF" ]; then
+ EXT_IF=""
+ unset IFS
+ for intf in $EXTIF $EXT2IF; do
+ EXT_IF="$EXT_IF${EXT_IF:+ }$intf"
+ done
+ else
+ EXT_IF="${PPPOE_EXTIF:-ppp+}"
+ unset IFS
+ for intf in $EXTIF $EXT2IF; do
+ case "$intf" in
+ ppp[0-9]*) ;;
+ *) EXT_IF="$EXT_IF $intf" ;;
+ esac
+ done
+ fi
-if [ -z "$EXTERNAL_NET" ]; then
- unset IFS
- for intf in $EXTIF $EXT2IF; do
- extCIDR="$(get_network_cidr "$intf")"
- if [ -n "$extCIDR" ]; then
- EXTERNAL_NET="$EXTERNAL_NET${EXTERNAL_NET:+ }$extCIDR"
- fi
- done
-fi
+ # Add external interface 'ip6tun' if an IPv6 tunnel is defined
+ if [ "$IPV6" = "yes" -a -n "$IPV6_TUNNEL" ]; then
+ EXT_IF="$EXT_IF ip6tun"
+ fi
-INT_IF=""
-INTERNAL_NET=""
-NAT_INTERNAL_NET=""
-NAT=0
+ if [ -z "$EXTERNAL_NET" ]; then
+ unset IFS
+ for intf in $EXTIF $EXT2IF; do
+ extCIDR="$(get_network_cidr "$intf")"
+ if [ -n "$extCIDR" ]; then
+ EXTERNAL_NET="$EXTERNAL_NET${EXTERNAL_NET:+ }$extCIDR"
+ fi
+ done
+ fi
-addINTERNALnet "$INTIF" "$INTIP" "$INTNM"
+ INT_IF=""
+ INTERNAL_NET=""
+ NAT_INTERNAL_NET=""
+ NAT=0
-addINTERNALnet "$INT2IF" "$INT2IP" "$INT2NM"
+ addINTERNALnet "$INTIF" "$INTIP" "$INTNM"
-addINTERNALnet "$INT3IF" "$INT3IP" "$INT3NM"
+ addINTERNALnet "$INT2IF" "$INT2IP" "$INT2NM"
-setDMZnet "$DMZIF" "$DMZIP" "$DMZNM"
+ addINTERNALnet "$INT3IF" "$INT3IP" "$INT3NM"
-MODEM_IF=""
+ setDMZnet "$DMZIF" "$DMZIP" "$DMZNM"
-if [ -n "$NAT_FOREIGN_NETWORK" ]; then
- setFOREIGNnet
-fi
+ MODEM_IF=""
-EXT_IF_DHCP_IP=0
-if [ -n "$EXTIF" -a -z "$EXTIP" ] && [ "$EXTIF" != "ppp0" -o -z "$PPPOEIF" ]; then
- EXT_IF_DHCP_IP=1
-fi
-if [ -n "$EXT2IF" -a -z "$EXT2IP" ] && [ "$EXT2IF" != "ppp0" -o -z "$PPPOEIF" ]; then
- EXT_IF_DHCP_IP=1
-fi
+ if [ -n "$NAT_FOREIGN_NETWORK" ]; then
+ setFOREIGNnet
+ fi
-if [ "$EXTDHCP" = "yes" -a -n "$EXTIP" -a -n "$EXTGW" -a -z "$EXT2IF" -a -z "$PPPOEIF" ]; then
- EXTERNAL_DHCP_SERVER=1
-fi
+ EXT_IF_DHCP_IP=0
+ if [ -n "$EXTIF" -a -z "$EXTIP" ] && [ "$EXTIF" != "ppp0" -o -z "$PPPOEIF" ]; then
+ EXT_IF_DHCP_IP=1
+ fi
+ if [ -n "$EXT2IF" -a -z "$EXT2IP" ] && [ "$EXT2IF" != "ppp0" -o -z "$PPPOEIF" ]; then
+ EXT_IF_DHCP_IP=1
+ fi
-if isVPNtype racoon || isVPNtype ipsecmobile; then
- RP_FILTER=0
-fi
+ if [ "$EXTDHCP" = "yes" -a -n "$EXTIP" -a -n "$EXTGW" -a -z "$EXT2IF" -a -z "$PPPOEIF" ]; then
+ EXTERNAL_DHCP_SERVER=1
+ fi
-if isVPNtype ipsecmobile && [ "$IPSECM_AUTH_METHOD" = "xauth_rsa_server" ]; then
- setIPSECnet "$IPSECM_XAUTH_POOLBASE" "$IPSECM_XAUTH_POOLMASK"
-fi
+ if isVPNtype racoon || isVPNtype ipsecmobile; then
+ RP_FILTER=0
+ fi
-if isVPNtype openvpn; then
- if [ -n "$OVPN_SERVER" ]; then
- ovpnIP="`echo $OVPN_SERVER | awk '{ print $1; }'`"
- ovpnNM="`echo $OVPN_SERVER | awk '{ print $2; }'`"
- if [ -z "$OVPN_DEV" -o "$OVPN_DEV" = "tun" ]; then
- ovpnIF="tun+"
+ if isVPNtype ipsecmobile && [ "$IPSECM_AUTH_METHOD" = "xauth_rsa_server" ]; then
+ setIPSECnet "$IPSECM_XAUTH_POOLBASE" "$IPSECM_XAUTH_POOLMASK"
+ fi
+
+ if isVPNtype openvpn; then
+ if [ -n "$OVPN_SERVER" ]; then
+ ovpnIP="$(echo $OVPN_SERVER | awk '{ print $1; }')"
+ ovpnNM="$(echo $OVPN_SERVER | awk '{ print $2; }')"
+ if [ -z "$OVPN_DEV" -o "$OVPN_DEV" = "tun" ]; then
+ ovpnIF="tun+"
+ else
+ ovpnIF="$OVPN_DEV"
+ fi
+ addINTERNALnet "$ovpnIF" "$ovpnIP" "$ovpnNM"
+ if [ -n "$OVPN_ALLOWLAN" ]; then
+ unset IFS
+ for lan in $OVPN_ALLOWLAN; do
+ allowif="$(getLANinterface "$lan")"
+ if [ $? -eq 0 ]; then
+ IFS=' ,'
+ for intf in $INT_IF; do
+ if [ "$intf" = "$allowif" ]; then
+ IF_TRUSTS="$IF_TRUSTS${IF_TRUSTS:+|}$allowif $ovpnIF"
+ break
+ fi
+ done
+ fi
+ done
+ fi
else
- ovpnIF="$OVPN_DEV"
+ # Failsafe if /mnt/kd/openvpn/openvpn.conf is used
+ # and OVPN_SERVER is not defined.
+ TRUSTED_IF="tun+"
fi
- addINTERNALnet "$ovpnIF" "$ovpnIP" "$ovpnNM"
- if [ -n "$OVPN_ALLOWLAN" ]; then
- unset IFS
- for lan in $OVPN_ALLOWLAN; do
- allowif="$(getLANinterface "$lan")"
- if [ $? -eq 0 ]; then
- IFS=' ,'
- for intf in $INT_IF; do
- if [ "$intf" = "$allowif" ]; then
- IF_TRUSTS="$IF_TRUSTS${IF_TRUSTS:+|}$allowif $ovpnIF"
- break;
- fi
- done
- fi
- done
- fi
- else
- # Failsafe if /mnt/kd/openvpn/openvpn.conf is used
- # and OVPN_SERVER is not defined.
- TRUSTED_IF="tun+"
fi
-fi
-if isVPNtype openvpnclient; then
- if [ -n "$OVPNC_SERVER" ]; then
- ovpnIP="`echo $OVPNC_SERVER | awk '{ print $1; }'`"
- ovpnNM="`echo $OVPNC_SERVER | awk '{ print $2; }'`"
- if [ -z "$OVPNC_DEV" -o "$OVPNC_DEV" = "tun" ]; then
- ovpnIF="tun+"
+ if isVPNtype openvpnclient; then
+ if [ -n "$OVPNC_SERVER" ]; then
+ ovpnIP="$(echo $OVPNC_SERVER | awk '{ print $1; }')"
+ ovpnNM="$(echo $OVPNC_SERVER | awk '{ print $2; }')"
+ if [ -z "$OVPNC_DEV" -o "$OVPNC_DEV" = "tun" ]; then
+ ovpnIF="tun+"
+ else
+ ovpnIF="$OVPNC_DEV"
+ fi
+ addNOnatINTERNALnet "$ovpnIF" "$ovpnIP" "$ovpnNM"
+ if [ -n "$OVPNC_ALLOWLAN" ]; then
+ unset IFS
+ for lan in $OVPNC_ALLOWLAN; do
+ allowif="$(getLANinterface "$lan")"
+ if [ $? -eq 0 ]; then
+ IFS=' ,'
+ for intf in $INT_IF; do
+ if [ "$intf" = "$allowif" ]; then
+ IF_TRUSTS="$IF_TRUSTS${IF_TRUSTS:+|}$allowif $ovpnIF"
+ break
+ fi
+ done
+ fi
+ done
+ fi
else
- ovpnIF="$OVPNC_DEV"
+ # Failsafe if /mnt/kd/openvpn/openvpnconf.conf is used
+ # and OVPNC_SERVER is not defined.
+ TRUSTED_IF="tun+"
fi
- addNOnatINTERNALnet "$ovpnIF" "$ovpnIP" "$ovpnNM"
- if [ -n "$OVPNC_ALLOWLAN" ]; then
- unset IFS
- for lan in $OVPNC_ALLOWLAN; do
+ fi
+
+ if [ -n "$ALLOWLANS" ]; then
+ IFS='~'
+ for lans in $ALLOWLANS; do
+ allowifs=""
+ count=0
+ IFS=' '
+ for lan in $lans; do
allowif="$(getLANinterface "$lan")"
if [ $? -eq 0 ]; then
IFS=' ,'
for intf in $INT_IF; do
if [ "$intf" = "$allowif" ]; then
- IF_TRUSTS="$IF_TRUSTS${IF_TRUSTS:+|}$allowif $ovpnIF"
- break;
+ allowifs="$allowifs${allowifs:+ }$allowif"
+ count=$((count + 1))
+ break
fi
done
fi
done
- fi
- else
- # Failsafe if /mnt/kd/openvpn/openvpnconf.conf is used
- # and OVPNC_SERVER is not defined.
- TRUSTED_IF="tun+"
+ if [ -n "$allowifs" ] && [ $count -gt 1 ]; then
+ IF_TRUSTS="$IF_TRUSTS${IF_TRUSTS:+|}$allowifs"
+ fi
+ done
fi
-fi
-if [ -n "$ALLOWLANS" ]; then
- IFS='~'
- for lans in $ALLOWLANS; do
- allowifs=""
- count=0
- IFS=' '
- for lan in $lans; do
- allowif="$(getLANinterface "$lan")"
- if [ $? -eq 0 ]; then
- IFS=' ,'
- for intf in $INT_IF; do
- if [ "$intf" = "$allowif" ]; then
- allowifs="$allowifs${allowifs:+ }$allowif"
- count=$((count + 1))
- break;
+ if [ -n "$DMZ_DENYLAN" ]; then
+ IFS=' ,'
+ for intf in $INT_IF; do
+ allowif="$intf"
+ unset IFS
+ for lan in $DMZ_DENYLAN; do
+ denyif="$(getLANinterface "$lan")"
+ if [ $? -eq 0 ]; then
+ if [ "$intf" = "$denyif" ]; then
+ allowif=""
+ break
fi
- done
+ fi
+ done
+ if [ -n "$allowif" ]; then
+ LAN_DMZ_ALLOW_IF="$LAN_DMZ_ALLOW_IF${LAN_DMZ_ALLOW_IF:+ }$allowif"
fi
done
- if [ -n "$allowifs" ] && [ "$count" -gt 1 ]; then
- IF_TRUSTS="$IF_TRUSTS${IF_TRUSTS:+|}$allowifs"
- fi
- done
-fi
-
-unset IFS
-
+ fi
+}
+astlinux_wrapper
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2016-07-09 16:14:30 UTC (rev 7746)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2016-07-10 15:10:17 UTC (rev 7747)
@@ -290,13 +290,17 @@
## Note: Use the /mnt/kd/rc.elocal script to define the necessary static routes.
#NAT_FOREIGN_NETWORK="192.168.6.0/24 192.168.7.0/24"
-## Allow LAN to LAN traffic for internal interfaces, defaults to disallow
+## Allow LAN to LAN traffic for internal interfaces, defaults to disallow.
## Space separate "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd Internal Interface
## Separate groups using a ~ (tilde)
#ALLOWLANS="INTIF INT2IF"
#ALLOWLANS="INTIF INT2IF~INTIF INT3IF"
#ALLOWLANS="INTIF INT2IF INT3IF"
+## Deny LAN to DMZ traffic for internal interfaces, defaults to allow.
+## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface, space separated for multiple
+#DMZ_DENYLAN="INT2IF INT3IF"
+
## Traffic Shaping
## Shapetype. This defines the qdisc type. Traffic shaping currently supports htb
## (default and well tested) or the newer hfsc version (less tested). You can
@@ -653,8 +657,9 @@
#username1 password1
#username2 password2
#"
-## Allow OpenVPN Server tunnel to LAN Interface(s), defaults to disallow
+## Allow OpenVPN Server tunnel to LAN Interface(s), defaults to disallow.
## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface, space separated for multiple
+## Note: OpenVPN Server tunnel to DMZ Interface is allowed.
#OVPN_ALLOWLAN="INTIF"
##
## Firewall Options, automatically supported via AIF openvpn-server plugin.
@@ -692,8 +697,9 @@
#OVPNC_USER_PASS="user pass"
## Define ns-cert-type if set
#OVPNC_NSCERTTYPE="server"
-## Allow OpenVPN Client tunnel to LAN Interface(s), defaults to disallow
+## Allow OpenVPN Client tunnel to LAN Interface(s), defaults to disallow.
## Use "INTIF" for 1st, "INT2IF" for 2nd, or "INT3IF" for 3rd Internal Interface, space separated for multiple
+## Note: OpenVPN Client tunnel to DMZ Interface is allowed.
#OVPNC_ALLOWLAN="INTIF"
## Racoon support - VPN above must include "racoon"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2016-07-09 16:14:32
|
Revision: 7746
http://sourceforge.net/p/astlinux/code/7746
Author: abelbeck
Date: 2016-07-09 16:14:30 +0000 (Sat, 09 Jul 2016)
Log Message:
-----------
arnofw, added: LAN to DMZ forwarding policy, new optional LAN_DMZ_ALLOW_IF variable
Ref: https://github.com/arno-iptables-firewall/aif/commit/fc00939ffe317610e52cd9fa4db573e3b0191d03
Added Paths:
-----------
branches/1.0/package/arnofw/arnofw-0005-add-LAN_DMZ_ALLOW_IF.patch
Added: branches/1.0/package/arnofw/arnofw-0005-add-LAN_DMZ_ALLOW_IF.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-0005-add-LAN_DMZ_ALLOW_IF.patch (rev 0)
+++ branches/1.0/package/arnofw/arnofw-0005-add-LAN_DMZ_ALLOW_IF.patch 2016-07-09 16:14:30 UTC (rev 7746)
@@ -0,0 +1,46 @@
+diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
+index 0cb5cba..d825c0b 100755
+--- a/bin/arno-iptables-firewall
++++ b/bin/arno-iptables-firewall
+@@ -4814,6 +4814,8 @@ setup_firewall_rules()
+ setup_dmz_inet_forward_chain;
+ setup_dmz_lan_forward_chain;
+
++ echo " Allowing LAN->DMZ for LAN interface(s): ${LAN_DMZ_ALLOW_IF:-$INT_IF}"
++
+ IFS=' ,'
+ for dif in $DMZ_IF; do
+ echo "Applying DMZ FORWARD policy to interface: $dif"
+@@ -4834,8 +4836,13 @@ setup_firewall_rules()
+ # Apply policy for DMZ->LAN
+ iptables -A FORWARD -i $dif -o $iif -j DMZ_LAN_FORWARD_CHAIN
+
+- # Apply policy for LAN->DMZ (allow all)
+- iptables -A FORWARD -i $iif -o $dif -j ACCEPT
++ # Apply policy for LAN->DMZ (allow all INT_IF when LAN_DMZ_ALLOW_IF is not defined)
++ for interface in ${LAN_DMZ_ALLOW_IF:-$INT_IF}; do
++ if [ "$iif" = "$interface" ]; then
++ iptables -A FORWARD -i $iif -o $dif -j ACCEPT
++ break
++ fi
++ done
+ done
+ done
+ fi
+diff --git a/etc/arno-iptables-firewall/firewall.conf b/etc/arno-iptables-firewall/firewall.conf
+index 83ef1dc..6d3bd19 100644
+--- a/etc/arno-iptables-firewall/firewall.conf
++++ b/etc/arno-iptables-firewall/firewall.conf
+@@ -125,6 +125,12 @@ DMZ_IF=""
+ # -----------------------------------------------------------------------------
+ DMZ_NET=""
+
++# Specify the LAN (INT_IF) interfaces that are allowed full access to the
++# DMZ interface(s). (LAN to DMZ forwarding policy)
++# If LAN_DMZ_ALLOW_IF is not defined, all the INT_IF interfaces will be allowed.
++# -----------------------------------------------------------------------------
++LAN_DMZ_ALLOW_IF=""
++
+ # Set this variable to 0 to disable antispoof checking for the dmz nets
+ # (EXPERT SETTING!)
+ # -----------------------------------------------------------------------------
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
1 message has been excluded from this view by a project administrator.
