Development December 2015

development@lists.ipfire.org

13 participants
44 discussions

migrate to php 5.6.x
by Daniel Weismüller 03 Dec '15

03 Dec '15

Hi Marcel I saw that you try migrate our used PHP to PHP 5.6.x. In my opinion this is over due so I'm very proud to see that. How goes your work on it? Is it possible for you to make a new clean git branch for it? It would be much easier for others to work on it or implement it in future core updates with a clean branch. If you need help or testers feel free to ask on development(a)list.ipfire.org - Daniel

1 0

[PATCH] Midnight Commander: Update to 4.8.15
by Matthias Fischer 02 Dec '15

02 Dec '15

Midnight Commander: Update to 4.8.15 Changelog: http://www.midnight-commander.org/wiki/NEWS-4.8.15 Installed and running without problems (Core 94). Regards, Matthias Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/mc | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/lfs/mc b/lfs/mc index 4dc937c..34d8a59 100644 --- a/lfs/mc +++ b/lfs/mc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2014 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2015 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.8.13 +VER = 4.8.15 THISAPP = mc-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mc -PAK_VER = 10 +PAK_VER = 12 DEPS = "" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = d967caa12765eb86e52a6a63ca202500 +$(DL_FILE)_MD5 = 7c1935433866fdf59a3c2d9b7dae81ad install : $(TARGET) @@ -54,7 +54,7 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects)) md5 : $(subst %,%_MD5,$(objects)) -dist: +dist: @$(PAK) ############################################################################### @@ -80,7 +80,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure --prefix=/usr \ --sysconfdir=/etc \ --without-x --disable-nls \ - --with-samba \ --with-screen=ncurses cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install -- 2.6.3

2 3

[PATCH] dnsmasq 2.75: latest upstream patches
by Matthias Fischer 01 Dec '15

01 Dec '15

dnsmasq 275: latest upstream patches Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/dnsmasq | 6 +++ ..._5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch | 26 ++++++++++++ ...11-Catch_errors_from_sendmsg_in_DHCP_code.patch | 32 +++++++++++++++ ...12-Update_list_of_subnet_for_--bogus-priv.patch | 48 ++++++++++++++++++++++ ...y_address_from_DNS_overlays_A_record_from.patch | 43 +++++++++++++++++++ ...14-Handle_unknown_DS_hash_algos_correctly.patch | 39 ++++++++++++++++++ .../015-Fix_crash_at_start_up_with_conf-dir.patch | 38 +++++++++++++++++ 7 files changed, 232 insertions(+) create mode 100644 src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch create mode 100644 src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch create mode 100644 src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch create mode 100644 src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch create mode 100644 src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch create mode 100644 src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch diff --git a/lfs/dnsmasq b/lfs/dnsmasq index db56091..d166392 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -82,6 +82,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/007-handle_signed_dangling_CNAME_replies_to_DS_queries.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/008-DHCPv6_option_56_does_not_hold_an_address_list.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/009-Respect_the_--no_resolv_flag_in_inotify_code.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch cd $(DIR_APP) && sed -i src/config.h \ diff --git a/src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch b/src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch new file mode 100644 index 0000000..281697f --- /dev/null +++ b/src/patches/dnsmasq/010-Rationalise_5e3e464ac4022ee0b3794513abe510817e2cf3ca.patch @@ -0,0 +1,26 @@ +From 27b78d990b7cd901866ad6f1a17b9d633a95fdce Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Sat, 26 Sep 2015 21:40:45 +0100 +Subject: [PATCH] Rationalise 5e3e464ac4022ee0b3794513abe510817e2cf3ca + +--- + src/rfc3315.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/rfc3315.c b/src/rfc3315.c +index 3f1f9ee..3ed8623 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -1324,8 +1324,7 @@ static struct dhcp_netid *add_options(struct state *state, int do_refresh) + if (opt_cfg->opt == OPTION6_DNS_SERVER) + done_dns = 1; + +- /* Empty DNS_SERVER option will not set DHOPT_ADDR6 */ +- if ((opt_cfg->flags & DHOPT_ADDR6) || opt_cfg->opt == OPTION6_DNS_SERVER) ++ if (opt_cfg->flags & DHOPT_ADDR6) + { + int len, j; + struct in6_addr *a; +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch b/src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch new file mode 100644 index 0000000..631495f --- /dev/null +++ b/src/patches/dnsmasq/011-Catch_errors_from_sendmsg_in_DHCP_code.patch @@ -0,0 +1,32 @@ +From 98079ea89851da1df4966dfdfa1852a98da02912 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Tue, 13 Oct 2015 20:30:32 +0100 +Subject: [PATCH] Catch errors from sendmsg in DHCP code. Logs, eg, iptables + DROPS of dest 255.255.255.255 + +--- + src/dhcp.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/dhcp.c b/src/dhcp.c +index e6fceb1..1c85e42 100644 +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -452,8 +452,13 @@ void dhcp_packet(time_t now, int pxe_fd) + #endif + + while(retry_send(sendmsg(fd, &msg, 0))); ++ ++ /* This can fail when, eg, iptables DROPS destination 255.255.255.255 */ ++ if (errno != 0) ++ my_syslog(MS_DHCP | LOG_WARNING, _("Error sending DHCP packet to %s: %s"), ++ inet_ntoa(dest.sin_addr), strerror(errno)); + } +- ++ + /* check against secondary interface addresses */ + static int check_listen_addrs(struct in_addr local, int if_index, char *label, + struct in_addr netmask, struct in_addr broadcast, void *vparam) +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch b/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch new file mode 100644 index 0000000..3ba98fc --- /dev/null +++ b/src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch @@ -0,0 +1,48 @@ +From 90477fb79420a34124b66ebd808c578817a30e4c Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Tue, 20 Oct 2015 21:21:32 +0100 +Subject: [PATCH] Update list of subnet for --bogus-priv + +RFC6303 specifies & recommends following zones not be forwarded +to globally facing servers. ++------------------------------+-----------------------+ +| Zone | Description | ++------------------------------+-----------------------+ +| 0.IN-ADDR.ARPA | IPv4 "THIS" NETWORK | +| 127.IN-ADDR.ARPA | IPv4 Loopback NETWORK | +| 254.169.IN-ADDR.ARPA | IPv4 LINK LOCAL | +| 2.0.192.IN-ADDR.ARPA | IPv4 TEST-NET-1 | +| 100.51.198.IN-ADDR.ARPA | IPv4 TEST-NET-2 | +| 113.0.203.IN-ADDR.ARPA | IPv4 TEST-NET-3 | +| 255.255.255.255.IN-ADDR.ARPA | IPv4 BROADCAST | ++------------------------------+-----------------------+ + +Signed-off-by: Kevin Darbyshire-Bryant <kevin(a)darbyshire-bryant.me.uk> +--- + src/rfc1035.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 6a51b30..4eb1772 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -756,10 +756,14 @@ int private_net(struct in_addr addr, int ban_localhost) + return + (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ || + ((ip_addr & 0xFF000000) == 0x00000000) /* RFC 5735 section 3. "here" network */ || +- ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ || + ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ || + ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ || +- ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ ; ++ ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ || ++ ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ || ++ ((ip_addr & 0xFFFFFF00) == 0xC0000200) /* 192.0.2.0/24 (test-net) */ || ++ ((ip_addr & 0xFFFFFF00) == 0xC6336400) /* 198.51.100.0/24(test-net) */ || ++ ((ip_addr & 0xFFFFFF00) == 0xCB007100) /* 203.0.113.0/24 (test-net) */ || ++ ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF) /* 255.255.255.255/32 (broadcast)*/ ; + } + + static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name, int *doctored) +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch b/src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch new file mode 100644 index 0000000..736cf38 --- /dev/null +++ b/src/patches/dnsmasq/013-Fix_crash_when_empty_address_from_DNS_overlays_A_record_from.patch @@ -0,0 +1,43 @@ +From 41a8d9e99be9f2cc8b02051dd322cb45e0faac87 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin+ml-cerowrt(a)etorok.net> +Date: Sat, 14 Nov 2015 17:45:48 +0000 +Subject: [PATCH] Fix crash when empty address from DNS overlays A record from + hosts. + +--- + CHANGELOG | 5 +++++ + src/cache.c | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index d6e309f..93c73d0 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -13,6 +13,11 @@ version 2.76 + was a dangling symbolic link, even of --no-resolv set. + Thanks to Alexander Kurtz for spotting the problem. + ++ Fix crash when an A or AAAA record is defined locally, ++ in a hosts file, and an upstream server sends a reply ++ that the same name is empty. Thanks to Edwin TÃ¶rÃ¶k for ++ the patch. ++ + + version 2.75 + Fix reversion on 2.74 which caused 100% CPU use when a +diff --git a/src/cache.c b/src/cache.c +index 178d654..1b76b67 100644 +--- a/src/cache.c ++++ b/src/cache.c +@@ -481,7 +481,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr, + existing record is for an A or AAAA and + the record we're trying to insert is the same, + just drop the insert, but don't error the whole process. */ +- if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD)) ++ if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr) + { + if ((flags & F_IPV4) && (new->flags & F_IPV4) && + new->addr.addr.addr.addr4.s_addr == addr->addr.addr4.s_addr) +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch b/src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch new file mode 100644 index 0000000..8b17431 --- /dev/null +++ b/src/patches/dnsmasq/014-Handle_unknown_DS_hash_algos_correctly.patch @@ -0,0 +1,39 @@ +From 67ab3285b5d9a1b1e20e034cf272867fdab8a0f9 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Fri, 20 Nov 2015 23:20:47 +0000 +Subject: [PATCH] Handle unknown DS hash algos correctly. + +When we can validate a DS RRset, but don't speak the hash algo it +contains, treat that the same as an NSEC/3 proving that the DS +doesn't exist. 4025 5.2 +--- + src/dnssec.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/dnssec.c b/src/dnssec.c +index 67ce486..b4dc14e 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -1005,6 +1005,19 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch + if (crecp->flags & F_NEG) + return STAT_INSECURE_DS; + ++ /* 4035 5.2 ++ If the validator does not support any of the algorithms listed in an ++ authenticated DS RRset, then the resolver has no supported ++ authentication path leading from the parent to the child. The ++ resolver should treat this case as it would the case of an ++ authenticated NSEC RRset proving that no DS RRset exists, */ ++ for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS)) ++ if (hash_find(ds_digest_name(recp1->addr.ds.digest))) ++ break; ++ ++ if (!recp1) ++ return STAT_INSECURE_DS; ++ + /* NOTE, we need to find ONE DNSKEY which matches the DS */ + for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--) + { +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch b/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch new file mode 100644 index 0000000..a9102c1 --- /dev/null +++ b/src/patches/dnsmasq/015-Fix_crash_at_start_up_with_conf-dir.patch @@ -0,0 +1,38 @@ +From 0007ee90646a5a78a96ee729932e89d31c69513a Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Sat, 21 Nov 2015 21:47:41 +0000 +Subject: [PATCH] Fix crash at start up with conf-dir=/path,* + +Thanks to Brian Carpenter and American Fuzzy Lop for finding the bug. +--- + src/option.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/option.c b/src/option.c +index 746cd11..71beb98 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -1515,10 +1515,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + li = opt_malloc(sizeof(struct list)); + if (*arg == '*') + { +- li->next = match_suffix; +- match_suffix = li; +- /* Have to copy: buffer is overwritten */ +- li->suffix = opt_string_alloc(arg+1); ++ /* "*" with no suffix is a no-op */ ++ if (arg[1] == 0) ++ free(li); ++ else ++ { ++ li->next = match_suffix; ++ match_suffix = li; ++ /* Have to copy: buffer is overwritten */ ++ li->suffix = opt_string_alloc(arg+1); ++ } + } + else + { +-- +1.7.10.4 + -- 2.6.3

2 1

Bug in /srv/web/ipfire/cgi-bin/routing.cgi in Core 95
by R. W. Rodolico 01 Dec '15

01 Dec '15

Line 123 has one too many closing parenths. It currently reads: if (!&General::validipandmask($settings{'IP'}))){ and it should read if (!&General::validipandmask($settings{'IP'})){ (one less closing parentheses). Rod Attached is a diff. I did not know which parameters to give it, so gave it diff -Naur. If you tell me the correct ones, I'll use it in the future. Rod -- Rod Rodolico Daily Data, Inc. POB 140465 Dallas TX 75214-0465 214.827.2170 http://www.dailydata.net

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development December 2015