From 0732f55d7c110181e1119e17e8bb71d0bab57859 Mon Sep 17 00:00:00 2001
From: Martin Lensment <mlensment@gmail.com>
Date: Wed, 17 Jun 2015 16:41:36 +0300
Subject: [PATCH 1/2] Sanitize cert before saving #2687

---
 app/controllers/admin/certificates_controller.rb | 2 +-
 app/models/certificate.rb                        | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/controllers/admin/certificates_controller.rb b/app/controllers/admin/certificates_controller.rb
index c2b6b5cc9..bedf5094b 100644
--- a/app/controllers/admin/certificates_controller.rb
+++ b/app/controllers/admin/certificates_controller.rb
@@ -15,7 +15,7 @@ class Admin::CertificatesController < AdminController
     crt = certificate_params[:crt].open.read if certificate_params[:crt]
     csr = certificate_params[:csr].open.read if certificate_params[:csr]
 
-    @certificate = @api_user.certificates.build(csr: csr, crt: crt)
+    @certificate = @api_user.certificates.build(csr: Certificate.sanitize(csr), crt: Certificate.sanitize(crt))
     if @api_user.save
       flash[:notice] = I18n.t('record_created')
       redirect_to [:admin, @api_user, @certificate]
diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index b354f87f2..f789a00df 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -132,6 +132,11 @@ class Certificate < ActiveRecord::Base
   end
 
   class << self
+    def sanitize(c)
+      return nil unless c
+      c.gsub("\r", '')
+    end
+
     def update_crl
       update_id_crl
       update_registry_crl

From 85b4a7e190ef896ea45b9db51048b864b5f3dfbe Mon Sep 17 00:00:00 2001
From: Priit Tark <priit@gitlab.eu>
Date: Thu, 18 Jun 2015 13:11:55 +0300
Subject: [PATCH 2/2] Iptables syntax fix #2348

---
 doc/debian_build_doc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/debian_build_doc.md b/doc/debian_build_doc.md
index fbfe721fb..505e8f80a 100644
--- a/doc/debian_build_doc.md
+++ b/doc/debian_build_doc.md
@@ -108,7 +108,7 @@ BLOCKCOUNT=100
 # The flag --src is an alias for this option. Multiple addresses can be specified, 
 # but this will expand to multiple rules (when adding with -A), 
 # or will cause multiple rules to be deleted (with -D). 
-REGISTRAR_HANDLE_SOURCE = 'x.x.x.x'
+REGISTRAR_HANDLE_SOURCE="x.x.x.x"
 # default action can be DROP or REJECT or something else.
 DACTION="REJECT"
 $IPT -A INPUT -p tcp --dport 700 -i eth0 -m state --state NEW -m recent --set