44#
55# Original Creation Date: 2023-Oct-01 by @ExtremeFiretop.
66# Official Co-Author: @Martinski W. - Date: 2023-Nov-01
7- # Last Modified: 2025-May-21
7+ # Last Modified: 2025-May-31
88# ##################################################################
99set -u
1010
@@ -2558,9 +2558,9 @@ _WebUI_SetEmailConfigFileFromAMTM_()
25582558 _WriteVarDefToHelperJSFile_ " isEMailConfigEnabledInAMTM" " $isEMailConfigEnabledInAMTM " true
25592559}
25602560
2561- # #---------------------------------------##
2562- # # Added by ExtremeFiretop [2025-May-21] ##
2563- # #---------------------------------------##
2561+ # #------------------------------------------ ##
2562+ # # Modified by ExtremeFiretop [2025-May-21] ##
2563+ # #------------------------------------------ ##
25642564_ActionsAfterNewConfigSettings_ ()
25652565{
25662566 if [ ! -s " ${CONFIG_FILE} .bak" || \
@@ -4316,61 +4316,73 @@ _GetPasswordInput_()
43164316 return
43174317}
43184318
4319- # #------------------------------------------ ##
4320- # # Modified by ExtremeFiretop [2024 -May-19 ] ##
4321- # #------------------------------------------ ##
4319+ # #----------------------------------------##
4320+ # # Modified by Martinski W. [2025 -May-31 ] ##
4321+ # #----------------------------------------##
43224322_CIDR_IPaddrBlockContainsIPaddr_ ()
43234323{
4324- if [ $# -ne 2 ] || [ -z " $1 " || [ -z " $2 " ; then
4325- return 1
4326- fi
4324+ if [ $# -lt 2 ] || [ -z " $1 " || [ -z " $2 "
4325+ then return 1 ; fi
43274326
4328- awk -v cidr=" $1 " " $2 " '
4327+ local cidrNetIPaddr=" ${1%/* } "
4328+ local mainLANIPaddr=" $2 "
4329+
4330+ # # If FIRST octet does NOT match, LAN IP address is NOT included ##
4331+ if [ " ${mainLANIPaddr%% .* } " -ne " ${cidrNetIPaddr%% .* } "
4332+ then return 1 ; fi
4333+
4334+ awk -v cidr=" $1 " " $2 " '
43294335 function ip2int(s, a){split(s,a,".");return a[1]*16777216+a[2]*65536+a[3]*256+a[4]}
43304336 BEGIN{
4331- split(cidr,c,"/"); net =c[1]; bits=c[2]+0
4337+ split(cidr,c,"/"); netip =c[1]; bits=c[2]+0
43324338 mask = bits==0 ? 0 : and(0xffffffff, lshift(0xffffffff,32-bits))
4333- exit and(ip2int(ip ),mask)==and(ip2int(net ),mask) ? 0 : 1
4339+ exit and(ip2int(lanip ),mask)==and(ip2int(netip ),mask) ? 0 : 1
43344340 }'
43354341}
43364342
4337- # #------------------------------------------##
4338- # # Modified by ExtremeFiretop [2024-May-19] ##
4339- # #------------------------------------------##
4343+ # #----------------------------------------##
4344+ # # Modified by Martinski W. [2025-May-31] ##
4345+ # #----------------------------------------##
4346+ # Router LAN IP address MUST have access to WebGUI,
4347+ # and MUST be within a 24-bit IP address subnet block.
4348+ # ------------------------------------------------------#
43404349_CheckWebGUILoginAccessOK_ ()
43414350{
43424351 local accessRestriction restrictRuleList
43434352 local lanIPaddrRegEx1 lanIPaddrRegEx2 lanIPaddrRegEx3
43444353 local cidrIPaddrEntry cidrIPaddrBlock cidrIPaddrRegEx
4345- local mainLANIPaddrRegEx netwkIPv4AddrRegEx netwkIPv4AddrX
4354+ local mainLANIPaddrRegEx netwkIPv4addrRegEx
4355+ local netwkIPaddr1stOctet netwkIPv4addrX
4356+ local mainLANIPaddrRegEx netwkIPv4addrRegEx ruleTailFlag
43464357
43474358 accessRestriction=" $( nvram get enable_acc_restriction) "
43484359 if [ -z " $accessRestriction " || [ " $accessRestriction " -eq 0 ]
43494360 then return 0 ; fi
43504361
4362+ ruleTailFlag=' >[13]' # #[only WebUI or ALL]##
43514363 restrictRuleList=" $( nvram get restrict_rulelist) "
4364+
43524365 if [ -n " $mainNET_IPaddr "
4353- then
4354- netwkIPv4AddrX=" ${mainNET_IPaddr%/* } "
4355- netwkIPv4AddrX=" ${netwkIPv4AddrX% .* } "
4356- else
4357- netwkIPv4AddrX=" ${mainLAN_IPaddr% .* } "
4366+ then netwkIPaddr1stOctet=" ${mainNET_IPaddr%% .* } "
4367+ else netwkIPaddr1stOctet=" ${mainLAN_IPaddr%% .* } "
43584368 fi
4359- netwkIPv4AddrX=" ${netwkIPv4AddrX} .${IPv4octet_RegEx} "
4360- netwkIPv4AddrRegEx=" $( echo " $netwkIPv4AddrX " | sed ' s/\./\\./g' ) "
4361- mainLANIPaddrRegEx=" $( echo " $mainLAN_IPaddr " | sed ' s/\./\\./g' ) "
43624369
4363- local idxField=' [<>][0-9]+[<>]' # <1> or >12<
4364- local tailFlag=' [<>][13]' # >1 or >3 (ALL / WebUI)
4365- cidrIPaddrRegEx=" ${IPv4addrs_RegEx} /([0-9]|[1-2][0-9]|3[0-2])"
4370+ # # 24-bit IP address subnet block for network CIDR ##
4371+ netwkIPv4addrX=" ${netwkIPaddr1stOctet} .${IPv4octet_RegEx} .${IPv4octet_RegEx} .${IPv4octet_RegEx} "
4372+ netwkIPv4addrRegEx=" $( echo " $netwkIPv4addrX " | sed ' s/\./\\./g' ) "
4373+ cidrIPaddrRegEx=" ${netwkIPv4addrRegEx} /([89]|[12][0-9]|3[01])"
4374+ lanIPaddrRegEx3=" >${cidrIPaddrRegEx}${ruleTailFlag} "
43664375
4367- lanIPaddrRegEx1=" ${idxField}${mainLANIPaddrRegEx}${tailFlag} "
4368- lanIPaddrRegEx2=" ${idxField}${mainLANIPaddrRegEx} /([0-9]|[1-2][0-9]|3[0-2])${tailFlag} "
4369- lanIPaddrRegEx3=" ${idxField}${cidrIPaddrRegEx}${tailFlag} "
4376+ # # 8-bit IP address subnet block with private LAN IP ##
4377+ mainLANIPaddrRegEx=" $( echo " $mainLAN_IPaddr " | sed ' s/\./\\./g' ) "
4378+ lanIPaddrRegEx1=" >${mainLANIPaddrRegEx}${ruleTailFlag} "
4379+ lanIPaddrRegEx2=" >${mainLANIPaddrRegEx} /(2[4-9]|3[0-2])${ruleTailFlag} "
43704380
4381+ # # Look for a rule with the private LAN IP address ##
43714382 if echo " $restrictRuleList " | grep -qE " $lanIPaddrRegEx1 |$lanIPaddrRegEx2 "
43724383 then return 0 ; fi
43734384
4385+ # # Look for the private LAN IP address within a network CIDR block ##
43744386 cidrIPaddrEntry=" $( echo " $restrictRuleList " | grep -oE " $lanIPaddrRegEx3 " ) "
43754387 if [ -n " $cidrIPaddrEntry "
43764388 then
@@ -4382,10 +4394,12 @@ _CheckWebGUILoginAccessOK_()
43824394 done
43834395 fi
43844396
4385- printf " \n${REDct} *WARNING*: The \" Enable Access Restrictions\" option is currently active.${NOct} "
4386- printf " \nTo allow webGUI login access you must add the router IP address ${GRNct}${mainLAN_IPaddr}${NOct}
4387- with the \" ${GRNct} Web UI${NOct} \" access type on the \" Access restriction list\" panel."
4388- printf " \n[See ${GRNct} 'Administration -> System -> Access restriction list'${NOct} ]"
4397+ printf " \n${REDct} *WARNING*: The WebUI \" Enable Access Restrictions\" option is currently active.${NOct} "
4398+ printf " \nTo allow WebUI login access you must add the router IP address \" ${GRNct}${mainLAN_IPaddr}${NOct} \" "
4399+ printf " \nwith the \" ${GRNct} Web UI${NOct} \" access type on the \" Access restriction list\" panel, or add a"
4400+ printf " \nCIDR IP address subnet that includes the router IP address \" ${GRNct}${mainLAN_IPaddr}${NOct} \" and"
4401+ printf " \nmake sure to assign at least the \" ${GRNct} Web UI${NOct} \" access type to the CIDR entry."
4402+ printf " \n[See router WebUI: ${GRNct} 'Administration -> System -> Access restriction list'${NOct} ]"
43894403 printf " \nAn alternative method would be to disable the \" Enable Access Restrictions\" option.\n"
43904404
43914405 return 1
@@ -5958,8 +5972,9 @@ _Calculate_NextRunTime_()
59585972 force_recalc=true
59595973 fi
59605974
5961- # Check for available firmware update
5962- if ! fwNewUpdateVersion=" $( _GetLatestFWUpdateVersionFromRouter_ 1) " ; then
5975+ # Check for available firmware update #
5976+ if ! fwNewUpdateVersion=" $( _GetLatestFWUpdateVersionFromRouter_ 1) "
5977+ then
59635978 fwNewUpdateVersion=" NONE FOUND"
59645979 fi
59655980
@@ -5972,7 +5987,9 @@ _Calculate_NextRunTime_()
59725987 elif [ " $fwNewUpdateVersion " = " NONE FOUND"
59735988 then
59745989 ExpectedFWUpdateRuntime=" ${REDct} NONE FOUND${NOct} "
5975- elif [ " $force_recalc " = " true" || [ " $ExpectedFWUpdateRuntime " = " TBD" || [ -z " $ExpectedFWUpdateRuntime "
5990+ elif [ " $force_recalc " = " true" || \
5991+ [ -z " $ExpectedFWUpdateRuntime " || \
5992+ [ " $ExpectedFWUpdateRuntime " = " TBD"
59765993 then
59775994 # If conditions are met (cron job enabled and update available), calculate the next runtime
59785995 fwNewUpdateNotificationDate=" $( Get_Custom_Setting FW_New_Update_Notification_Date) "
@@ -7227,11 +7244,8 @@ _high_risk_phrases_interactive_()
72277244 local changelog_contents=" $1 "
72287245 local changelog_flat
72297246
7230- changelog_flat=" $(
7231- printf ' %s' " $changelog_contents "
7232- | tr ' \n' ' '
7233- | tr -s ' '
7234- ) "
7247+ changelog_flat=" $( printf ' %s' " $changelog_contents " | \
7248+ tr ' \n' ' ' | tr -s ' ' ) "
72357249
72367250 if echo " $changelog_flat " | grep -Eiq " $high_risk_terms "
72377251 then
@@ -7280,11 +7294,8 @@ _high_risk_phrases_nointeractive_()
72807294 local changelog_contents=" $1 "
72817295 local changelog_flat
72827296
7283- changelog_flat=" $(
7284- printf ' %s' " $changelog_contents "
7285- | tr ' \n' ' '
7286- | tr -s ' '
7287- ) "
7297+ changelog_flat=" $( printf ' %s' " $changelog_contents " | \
7298+ tr ' \n' ' ' | tr -s ' ' ) "
72887299
72897300 if echo " $changelog_flat " | grep -Eiq " $high_risk_terms "
72907301 then
@@ -7305,16 +7316,17 @@ _high_risk_phrases_nointeractive_()
73057316 fi
73067317}
73077318
7308- # #-------------------------------------== ---##
7309- # # Modified by ExtremeFiretop [2024 -May-18 ] ##
7310- # #-------------------------------------== ---##
7319+ # #----------------------------------------##
7320+ # # Modified by Martinski W. [2025 -May-31 ] ##
7321+ # #----------------------------------------##
73117322_ChangelogVerificationCheck_ ()
73127323{
73137324 local mode=" $1 " # Mode should be 'auto' or 'interactive' #
73147325 local current_version formatted_current_version
73157326 local release_version formatted_release_version
73167327 local checkChangeLogSetting=" $( Get_Custom_Setting " CheckChangeLog" ) "
73177328 local changeLogFName changeLogFPath changeLogTag
7329+ local matchNum1 matchNum2 lineNum1 lineNum2
73187330
73197331 if [ " $checkChangeLogSetting " = " ENABLED"
73207332 then
@@ -7336,14 +7348,16 @@ _ChangelogVerificationCheck_()
73367348 else
73377349 changeLogTag=" NG"
73387350 fi
7339- changeLogFName=" Changelog-${changeLogTag} .txt"
7340- changeLogFPath=" $( /usr/bin/find -L " ${FW_BIN_DIR} " " $changeLogFName " ) "
73417351
7342- # force 3006 changelog if tag is NG but $release_version says 3006
7343- if [ " $changeLogTag " = " NG" && echo " $release_version " | grep -qE " ^3006[.]"
7352+ # force 3006 changelog if tag is NG but $release_version says 3006 #
7353+ if [ " $changeLogTag " = " NG" && \
7354+ echo " $release_version " | grep -qE " ^3006[.]"
73447355 then
73457356 changeLogTag=" 3006"
73467357 fi
7358+
7359+ changeLogFName=" Changelog-${changeLogTag} .txt"
7360+ changeLogFPath=" $( /usr/bin/find -L " ${FW_BIN_DIR} " " $changeLogFName " ) "
73477361 fi
73487362
73497363 if [ ! -f " $changeLogFPath "
@@ -7360,23 +7374,24 @@ _ChangelogVerificationCheck_()
73607374 # For Gnuton, the whole file is relevant as it only contains the current version #
73617375 changelog_contents=" $( cat " $changeLogFPath " ) "
73627376 else
7363- # find the first two matching line numbers
7364- match1=$( grep -nE " $date_pattern " " $changeLogFPath " | head -1)
7365- match2=$( grep -nE " $date_pattern " " $changeLogFPath " | head -2 | tail -1)
7366-
7367- # split on the first colon
7368- line1=${match1%%:* }
7369- line2=${match2%%:* }
7370-
7371- if [ -n " $line1 " && [ -n " $line2 " && [ " $line1 " -le " $line2 " ; then
7372- changelog_contents=" $(
7373- sed -n " ${line1} ,${line2} p" " $changeLogFPath "
7374- ) "
7377+ # find the first two matching line numbers #
7378+ matchNum1=" $( grep -nE " $date_pattern " " $changeLogFPath " | head -1) "
7379+ matchNum2=" $( grep -nE " $date_pattern " " $changeLogFPath " | head -2 | tail -1) "
7380+
7381+ # split on the first colon #
7382+ lineNum1=" ${matchNum1%%:* } "
7383+ lineNum2=" ${matchNum2%%:* } "
7384+
7385+ if [ -n " $lineNum1 " && \
7386+ [ -n " $lineNum2 " && \
7387+ [ " $lineNum1 " -le " $lineNum2 "
7388+ then
7389+ changelog_contents=" $( sed -n " ${lineNum1} ,${lineNum2} p" " $changeLogFPath " ) "
73757390 else
73767391 Say " Could not find two date markers in changelog. Using entire file"
73777392 changelog_contents=" $( cat " $changeLogFPath " ) "
73787393 fi
7379- fi
7394+ fi
73807395
73817396 if [ " $mode " = " interactive"
73827397 then
@@ -7444,8 +7459,9 @@ _ManageChangelogMerlin_()
74447459 fi
74457460
74467461 release_version=" $( Get_Custom_Setting " FW_New_Update_Notification_Vers" ) "
7447- # force 3006 changelog if tag is NG but $release_version says 3006
7448- if [ " $changeLogTag " = " NG" && echo " $release_version " | grep -qE " ^3006[.]"
7462+ # force 3006 changelog if tag is NG but $release_version says 3006 #
7463+ if [ " $changeLogTag " = " NG" && \
7464+ echo " $release_version " | grep -qE " ^3006[.]"
74497465 then
74507466 changeLogTag=" 3006"
74517467 MerlinChangeLogURL=" ${CL_URL_3006} "
@@ -7951,7 +7967,7 @@ _RemoveCronJobsFromAddOns_()
79517967}
79527968
79537969# #----------------------------------------##
7954- # # Modified by Martinski W. [2024-Aug-02 ] ##
7970+ # # Modified by Martinski W. [2025-May-31 ] ##
79557971# #----------------------------------------##
79567972_EntwareServicesHandler_ ()
79577973{
@@ -7991,7 +8007,10 @@ _EntwareServicesHandler_()
79918007 }
79928008
79938009 if [ ! -x /opt/bin/opkg ] || [ ! -x " $entwOPT_unslung "
7994- then return 0 ; fi # # Entware is NOT found ##
8010+ then
8011+ Say " Entware is not found. Skipping check for services."
8012+ return 0
8013+ fi
79958014
79968015 servicesList=" $( /usr/bin/find -L " $entwOPT_init " " *" 2> /dev/null | /bin/grep -E " (${entwOPT_init} /S[0-9]+|${entwOPT_init} /.*[.]sh$)" ) "
79978016 [ -z " $servicesList " && return 0
@@ -9798,9 +9817,9 @@ _SetDefaultBuildType_()
97989817 fi
97999818}
98009819
9801- # #---------------------------------------##
9802- # # Added by ExtremeFiretop [2025-May-21] ##
9803- # #---------------------------------------##
9820+ # #------------------------------------------ ##
9821+ # # Modified by ExtremeFiretop [2025-May-21] ##
9822+ # #------------------------------------------ ##
98049823_DisableFWAutoUpdateChecks_ ()
98059824{
98069825 _DelFWAutoUpdateHook_
@@ -9817,9 +9836,9 @@ _DisableFWAutoUpdateChecks_()
98179836 fi
98189837}
98199838
9820- # #---------------------------------------##
9821- # # Added by ExtremeFiretop [2025-May-21] ##
9822- # #---------------------------------------##
9839+ # #------------------------------------------ ##
9840+ # # Modified by ExtremeFiretop [2025-May-21] ##
9841+ # #------------------------------------------ ##
98239842_EnableFWAutoUpdateChecks_ ()
98249843{
98259844 _AddFWAutoUpdateHook_
0 commit comments