Development August 2016

development@lists.ipfire.org

11 participants
33 discussions

[PATCH] dnsmasq 2.76: latest patches (015-016)
by Matthias Fischer 17 Aug '16

17 Aug '16

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/dnsmasq | 4 +- ..._IPv6_addresses_sanely_for_--synth-domain.patch | 101 ++++++++++++++ ...ode_to_remove_blatant_copyright_violation.patch | 149 +++++++++++++++++++++ 3 files changed, 253 insertions(+), 1 deletion(-) create mode 100644 src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch create mode 100644 src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch diff --git a/lfs/dnsmasq b/lfs/dnsmasq index 474dacc..7a11061 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2016 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -87,6 +87,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch cd $(DIR_APP) && sed -i src/config.h \ diff --git a/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch b/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch new file mode 100644 index 0000000..7ebef83 --- /dev/null +++ b/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch @@ -0,0 +1,101 @@ +From 6d95099c56a926d672e0407d6017fef9714f40c4 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Thu, 11 Aug 2016 23:38:54 +0100 +Subject: [PATCH] Handle v4-mapped IPv6 addresses sanely for --synth-domain. + +--- + CHANGELOG | 7 ++++++- + man/dnsmasq.8 | 2 ++ + src/domain.c | 34 ++++++++++++++++++++++++---------- + 3 files changed, 32 insertions(+), 11 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 4f89799..2731cc4 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -24,7 +24,12 @@ version 2.77 + Bump zone serial on reloading /etc/hosts and friends + when providing authoritative DNS. Thanks to Harrald + Dunkel for spotting this. +- ++ ++ Handle v4-mapped IPv6 addresses sanely in --synth-domain. ++ These have standard representation like ::ffff:1.2.3.4 ++ and are now converted to names like ++ <prefix>--ffff-1-2-3-4.<domain> ++ + + version 2.76 + Include 0.0.0.0/8 in DNS rebind checks. This range +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index 8910947..91fe672 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -619,6 +619,8 @@ but IPv6 addresses may start with '::' + but DNS labels may not start with '-' so in this case if no prefix is + configured a zero is added in front of the label. ::1 becomes 0--1. + ++V4 mapped IPv6 addresses, which have a representation like ::ffff:1.2.3.4 are handled specially, and become like 0--ffff-1-2-3-4 ++ + The address range can be of the form + <ip address>,<ip address> or <ip address>/<netmask> + .TP +diff --git a/src/domain.c b/src/domain.c +index 1dd5027..a007acd 100644 +--- a/src/domain.c ++++ b/src/domain.c +@@ -77,18 +77,31 @@ int is_name_synthetic(int flags, char *name, struct all_addr *addr) + + *p = 0; + +- /* swap . or : for - */ +- for (p = tail; *p; p++) +- if (*p == '-') +- { +- if (prot == AF_INET) ++ #ifdef HAVE_IPV6 ++ if (prot == AF_INET6 && strstr(tail, "--ffff-") == tail) ++ { ++ /* special hack for v4-mapped. */ ++ memcpy(tail, "::ffff:", 7); ++ for (p = tail + 7; *p; p++) ++ if (*p == '-') + *p = '.'; ++ } ++ else ++#endif ++ { ++ /* swap . or : for - */ ++ for (p = tail; *p; p++) ++ if (*p == '-') ++ { ++ if (prot == AF_INET) ++ *p = '.'; + #ifdef HAVE_IPV6 +- else +- *p = ':'; ++ else ++ *p = ':'; + #endif +- } +- ++ } ++ } ++ + if (hostname_isequal(c->domain, p+1) && inet_pton(prot, tail, addr)) + { + if (prot == AF_INET) +@@ -169,8 +182,9 @@ int is_rev_synth(int flag, struct all_addr *addr, char *name) + inet_ntop(AF_INET6, &addr->addr.addr6, name+1, ADDRSTRLEN); + } + ++ /* V4-mapped have periods.... */ + for (p = name; *p; p++) +- if (*p == ':') ++ if (*p == ':' || *p == '.') + *p = '-'; + + strncat(name, ".", MAXDNAME); +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch b/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch new file mode 100644 index 0000000..db27f90 --- /dev/null +++ b/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch @@ -0,0 +1,149 @@ +From 396750cef533cf72c7e6a72e47a9c93e2e431cb7 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Sat, 13 Aug 2016 22:34:11 +0100 +Subject: [PATCH] Refactor openBSD pftables code to remove blatant copyright + violation. + +--- + src/tables.c | 90 +++++++++++++++++++++------------------------------------- + 1 file changed, 32 insertions(+), 58 deletions(-) + +diff --git a/src/tables.c b/src/tables.c +index aae1252..4fa3487 100644 +--- a/src/tables.c ++++ b/src/tables.c +@@ -53,52 +53,6 @@ static char *pfr_strerror(int errnum) + } + } + +-static int pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags) +-{ +- struct pfioc_table io; +- +- if (size < 0 || (size && tbl == NULL)) +- { +- errno = EINVAL; +- return (-1); +- } +- bzero(&io, sizeof io); +- io.pfrio_flags = flags; +- io.pfrio_buffer = tbl; +- io.pfrio_esize = sizeof(*tbl); +- io.pfrio_size = size; +- if (ioctl(dev, DIOCRADDTABLES, &io)) +- return (-1); +- if (nadd != NULL) +- *nadd = io.pfrio_nadd; +- return (0); +-} +- +-static int fill_addr(const struct all_addr *ipaddr, int flags, struct pfr_addr* addr) { +- if ( !addr || !ipaddr) +- { +- my_syslog(LOG_ERR, _("error: fill_addr missused")); +- return -1; +- } +- bzero(addr, sizeof(*addr)); +-#ifdef HAVE_IPV6 +- if (flags & F_IPV6) +- { +- addr->pfra_af = AF_INET6; +- addr->pfra_net = 0x80; +- memcpy(&(addr->pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); +- } +- else +-#endif +- { +- addr->pfra_af = AF_INET; +- addr->pfra_net = 0x20; +- addr->pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; +- } +- return 1; +-} +- +-/*****************************************************************************/ + + void ipset_init(void) + { +@@ -111,14 +65,13 @@ void ipset_init(void) + } + + int add_to_ipset(const char *setname, const struct all_addr *ipaddr, +- int flags, int remove) ++ int flags, int remove) + { + struct pfr_addr addr; + struct pfioc_table io; + struct pfr_table table; +- int n = 0, rc = 0; + +- if ( dev == -1 ) ++ if (dev == -1) + { + my_syslog(LOG_ERR, _("warning: no opened pf devices %s"), pf_device); + return -1; +@@ -126,31 +79,52 @@ int add_to_ipset(const char *setname, const struct all_addr *ipaddr, + + bzero(&table, sizeof(struct pfr_table)); + table.pfrt_flags |= PFR_TFLAG_PERSIST; +- if ( strlen(setname) >= PF_TABLE_NAME_SIZE ) ++ if (strlen(setname) >= PF_TABLE_NAME_SIZE) + { + my_syslog(LOG_ERR, _("error: cannot use table name %s"), setname); + errno = ENAMETOOLONG; + return -1; + } + +- if ( strlcpy(table.pfrt_name, setname, +- sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name)) ++ if (strlcpy(table.pfrt_name, setname, ++ sizeof(table.pfrt_name)) >= sizeof(table.pfrt_name)) + { + my_syslog(LOG_ERR, _("error: cannot strlcpy table name %s"), setname); + return -1; + } + +- if ((rc = pfr_add_tables(&table, 1, &n, 0))) ++ bzero(&io, sizeof io); ++ io.pfrio_flags = 0; ++ io.pfrio_buffer = &table; ++ io.pfrio_esize = sizeof(table); ++ io.pfrio_size = 1; ++ if (ioctl(dev, DIOCRADDTABLES, &io)) + { +- my_syslog(LOG_WARNING, _("warning: pfr_add_tables: %s(%d)"), +- pfr_strerror(errno),rc); ++ my_syslog(LOG_WARNING, _("IPset: error:%s"), pfr_strerror(errno)); ++ + return -1; + } ++ + table.pfrt_flags &= ~PFR_TFLAG_PERSIST; +- if (n) ++ if (io.pfrio_nadd) + my_syslog(LOG_INFO, _("info: table created")); +- +- fill_addr(ipaddr,flags,&addr); ++ ++ bzero(&addr, sizeof(addr)); ++#ifdef HAVE_IPV6 ++ if (flags & F_IPV6) ++ { ++ addr.pfra_af = AF_INET6; ++ addr.pfra_net = 0x80; ++ memcpy(&(addr.pfra_ip6addr), &(ipaddr->addr), sizeof(struct in6_addr)); ++ } ++ else ++#endif ++ { ++ addr.pfra_af = AF_INET; ++ addr.pfra_net = 0x20; ++ addr.pfra_ip4addr.s_addr = ipaddr->addr.addr4.s_addr; ++ } ++ + bzero(&io, sizeof(io)); + io.pfrio_flags = 0; + io.pfrio_table = table; +-- +1.7.10.4 + -- 2.9.3

1 0

[PATCH] Libvirt: load vhost_net before libvirtd start.
by Jonatan Schlag 14 Aug '16

14 Aug '16

If the kernel module vhot_net is loaded, the performance of virtio networking is better then without vhost_net. So the module is loaded before libvirtd ist started to get the benefit of vhost_net. Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org> --- lfs/libvirt | 2 +- src/initscripts/init.d/libvirtd | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/libvirt b/lfs/libvirt index f70b859..854c52c 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = libvirt -PAK_VER = 8 +PAK_VER = 9 DEPS = "libpciaccess libyajl ncat qemu" diff --git a/src/initscripts/init.d/libvirtd b/src/initscripts/init.d/libvirtd index f97d208..40bc6be 100644 --- a/src/initscripts/init.d/libvirtd +++ b/src/initscripts/init.d/libvirtd @@ -18,7 +18,7 @@ case $1 in start) boot_mesg "Load required kernel modules for Libvirt" - modprobe tun + modprobe tun vhost_net evaluate_retval boot_mesg "Starting Libvirt Daemon..." loadproc /usr/sbin/libvirtd -d -- 2.1.4

1 0

[PATCH] Libvirt: fix configuration options
by Jonatan Schlag 14 Aug '16

14 Aug '16

Adds a missed - to -without-dbus and -with-interface. Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org> --- lfs/libvirt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/libvirt b/lfs/libvirt index 7e6b3a6..f70b859 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = libvirt -PAK_VER = 7 +PAK_VER = 8 DEPS = "libpciaccess libyajl ncat qemu" @@ -82,8 +82,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc \ --with-openssl --without-sasl \ --without-uml --without-vbox --without-lxc --without-esx --without-vmware --without-openvz \ - --without-firewalld --without-network -with-interface --with-virtualport --with-macvtap \ - --disable-nls --without-avahi --without-test-suite -without-dbus \ + --without-firewalld --without-network --with-interface --with-virtualport --with-macvtap \ + --disable-nls --without-avahi --without-test-suite --without-dbus \ --with-qemu-user=nobody --with-qemu-group=kvm \ --with-storage-dir --with-storage-fs --without-storage-lvm --without-storage-iscsi \ --without-storage-scsi --without-storage-mpath --without-storage-disk --without-storage-rbd --without-storage-sheepdog --without-storage-gluster --without-storage-zfs -- 2.1.4

1 0

[PATCH] Libvirt: enable storage-fs
by Jonatan Schlag 14 Aug '16

14 Aug '16

Fixes: 11154 Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org> --- lfs/libvirt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/libvirt b/lfs/libvirt index ea8b0e8..7e6b3a6 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = libvirt -PAK_VER = 6 +PAK_VER = 7 DEPS = "libpciaccess libyajl ncat qemu" @@ -85,7 +85,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --without-firewalld --without-network -with-interface --with-virtualport --with-macvtap \ --disable-nls --without-avahi --without-test-suite -without-dbus \ --with-qemu-user=nobody --with-qemu-group=kvm \ - --with-storage-dir --without-storage-fs --without-storage-lvm --without-storage-iscsi \ + --with-storage-dir --with-storage-fs --without-storage-lvm --without-storage-iscsi \ --without-storage-scsi --without-storage-mpath --without-storage-disk --without-storage-rbd --without-storage-sheepdog --without-storage-gluster --without-storage-zfs cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install -- 2.1.4

1 0

[PATCH] squid 3.5.20: latest patches
by Matthias Fischer 12 Aug '16

12 Aug '16

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/squid | 3 +- ...=> squid-3.5.20-fix-max-file-descriptors.patch} | 4 +- src/patches/squid/squid-3.5-14070.patch | 44 ++++++++++++++++++++++ 3 files changed, 48 insertions(+), 3 deletions(-) rename src/patches/{squid-3.5.17-fix-max-file-descriptors.patch => squid-3.5.20-fix-max-file-descriptors.patch} (92%) create mode 100644 src/patches/squid/squid-3.5-14070.patch diff --git a/lfs/squid b/lfs/squid index a88f0c5..c07afe8 100644 --- a/lfs/squid +++ b/lfs/squid @@ -73,7 +73,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14067.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14068.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14069.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.17-fix-max-file-descriptors.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14070.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.20-fix-max-file-descriptors.patch cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi diff --git a/src/patches/squid-3.5.17-fix-max-file-descriptors.patch b/src/patches/squid-3.5.20-fix-max-file-descriptors.patch similarity index 92% rename from src/patches/squid-3.5.17-fix-max-file-descriptors.patch rename to src/patches/squid-3.5.20-fix-max-file-descriptors.patch index b0efa76..b740b61 100644 --- a/src/patches/squid-3.5.17-fix-max-file-descriptors.patch +++ b/src/patches/squid-3.5.20-fix-max-file-descriptors.patch @@ -1,6 +1,6 @@ --- configure.ac.~ Wed Apr 20 14:26:07 2016 +++ configure.ac Fri Apr 22 17:20:46 2016 -@@ -3131,6 +3131,9 @@ +@@ -3135,6 +3135,9 @@ ;; esac @@ -10,7 +10,7 @@ dnl --with-maxfd present for compatibility with Squid-2. dnl undocumented in ./configure --help to encourage using the Squid-3 directive AC_ARG_WITH(maxfd,, -@@ -3161,8 +3164,6 @@ +@@ -3165,8 +3168,6 @@ esac ]) diff --git a/src/patches/squid/squid-3.5-14070.patch b/src/patches/squid/squid-3.5-14070.patch new file mode 100644 index 0000000..5fcc39f --- /dev/null +++ b/src/patches/squid/squid-3.5-14070.patch @@ -0,0 +1,44 @@ +------------------------------------------------------------ +revno: 14070 +revision-id: squid3(a)treenet.co.nz-20160805145933-0cpyy47o8955lamx +parent: squidadm(a)squid-cache.org-20160723121351-iuc8hwstrqd0l1dv +author: Christos Tsantilas <chtsanti(a)users.sourceforge.net> +committer: Amos Jeffries <squid3(a)treenet.co.nz> +branch nick: 3.5 +timestamp: Sat 2016-08-06 02:59:33 +1200 +message: + Squid segfault via Ftp::Client::readControlReply(). + + Ftp::Client::scheduleReadControlReply(), which may called from the + asynchronous start() or readControlReply()/handleControlReply() + handlers, does not check whether the control connection is still usable + before using it. + + This is a Measurement Factory project. +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3(a)treenet.co.nz-20160805145933-0cpyy47o8955lamx +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 1c21ce821f9cbc22b3e8ff2b1029f7084b5f0643 +# timestamp: 2016-08-05 15:00:22 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squidadm(a)squid-cache.org-20160723121351-\ +# iuc8hwstrqd0l1dv +# +# Begin patch +=== modified file 'src/clients/FtpClient.cc' +--- src/clients/FtpClient.cc 2016-02-19 23:15:41 +0000 ++++ src/clients/FtpClient.cc 2016-08-05 14:59:33 +0000 +@@ -314,6 +314,11 @@ + /* We've already read some reply data */ + handleControlReply(); + } else { ++ ++ if (!Comm::IsConnOpen(ctrl.conn)) { ++ debugs(9, 3, "cannot read without ctrl " << ctrl.conn); ++ return; ++ } + /* + * Cancel the timeout on the Data socket (if any) and + * establish one on the control socket. + -- 2.9.2

1 0

[PATCH] dnsmasq 2.76: latest patches (013-014)
by Matthias Fischer 07 Aug '16

07 Aug '16

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/dnsmasq | 2 + ...allow_to_exclude_ip_addresses_from_answer.patch | 184 +++++++++++++++++++++ ...rial_when_reloading_etc_hosts_and_friends.patch | 41 +++++ 3 files changed, 227 insertions(+) create mode 100644 src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch create mode 100644 src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch diff --git a/lfs/dnsmasq b/lfs/dnsmasq index eb0f0ba..474dacc 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -85,6 +85,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch cd $(DIR_APP) && sed -i src/config.h \ diff --git a/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch b/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch new file mode 100644 index 0000000..bb5fe5d --- /dev/null +++ b/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch @@ -0,0 +1,184 @@ +From 094bfaeb4ff69cae99387bc2ea07ff57632c89f5 Mon Sep 17 00:00:00 2001 +From: Mathias Kresin <dev(a)kresin.me> +Date: Sun, 24 Jul 2016 14:15:22 +0100 +Subject: [PATCH] auth-zone: allow to exclude ip addresses from answer. + +--- + man/dnsmasq.8 | 6 +++++- + src/auth.c | 61 ++++++++++++++++++++++++++++++++++++--------------------- + src/dnsmasq.h | 1 + + src/option.c | 21 ++++++++++++++++++-- + 4 files changed, 64 insertions(+), 25 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index ac8d921..8910947 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -739,7 +739,7 @@ a return code of SERVFAIL. Note that + setting this may affect DNS behaviour in bad ways, it is not an + extra-logging flag and should not be set in production. + .TP +-.B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....]] ++.B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....][,exclude:<subnet>[/<prefix length>]].....] + Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain + will be served. If subnet(s) are given, A and AAAA records must be in one of the + specified subnets. +@@ -756,6 +756,10 @@ appear in the zone, but RFC1918 IPv4 addresses which should not. + Interface-name and address-literal subnet specifications may be used + freely in the same --auth-zone declaration. + ++It's possible to exclude certain IP addresses from responses. It can be ++used, to make sure that answers contain only global routeable IP ++addresses (by excluding loopback, RFC1918 and ULA addresses). ++ + The subnet(s) are also used to define in-addr.arpa and + ip6.arpa domains which are served for reverse-DNS queries. If not + specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6. +diff --git a/src/auth.c b/src/auth.c +index 3c5c37f..f1ca2f5 100644 +--- a/src/auth.c ++++ b/src/auth.c +@@ -18,36 +18,53 @@ + + #ifdef HAVE_AUTH + +-static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u) ++static struct addrlist *find_addrlist(struct addrlist *list, int flag, struct all_addr *addr_u) + { +- struct addrlist *subnet; +- +- for (subnet = zone->subnet; subnet; subnet = subnet->next) +- { +- if (!(subnet->flags & ADDRLIST_IPV6)) +- { +- struct in_addr netmask, addr = addr_u->addr.addr4; +- +- if (!(flag & F_IPV4)) +- continue; +- +- netmask.s_addr = htonl(~(in_addr_t)0 << (32 - subnet->prefixlen)); +- +- if (is_same_net(addr, subnet->addr.addr.addr4, netmask)) +- return subnet; +- } ++ do { ++ if (!(list->flags & ADDRLIST_IPV6)) ++ { ++ struct in_addr netmask, addr = addr_u->addr.addr4; ++ ++ if (!(flag & F_IPV4)) ++ continue; ++ ++ netmask.s_addr = htonl(~(in_addr_t)0 << (32 - list->prefixlen)); ++ ++ if (is_same_net(addr, list->addr.addr.addr4, netmask)) ++ return list; ++ } + #ifdef HAVE_IPV6 +- else if (is_same_net6(&(addr_u->addr.addr6), &subnet->addr.addr.addr6, subnet->prefixlen)) +- return subnet; ++ else if (is_same_net6(&(addr_u->addr.addr6), &list->addr.addr.addr6, list->prefixlen)) ++ return list; + #endif +- +- } ++ ++ } while ((list = list->next)); ++ + return NULL; + } + ++static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u) ++{ ++ if (!zone->subnet) ++ return NULL; ++ ++ return find_addrlist(zone->subnet, flag, addr_u); ++} ++ ++static struct addrlist *find_exclude(struct auth_zone *zone, int flag, struct all_addr *addr_u) ++{ ++ if (!zone->exclude) ++ return NULL; ++ ++ return find_addrlist(zone->exclude, flag, addr_u); ++} ++ + static int filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u) + { +- /* No zones specified, no filter */ ++ if (find_exclude(zone, flag, addr_u)) ++ return 0; ++ ++ /* No subnets specified, no filter */ + if (!zone->subnet) + return 1; + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 2bda5d0..27385a9 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -340,6 +340,7 @@ struct auth_zone { + struct auth_name_list *next; + } *interface_names; + struct addrlist *subnet; ++ struct addrlist *exclude; + struct auth_zone *next; + }; + +diff --git a/src/option.c b/src/option.c +index d8c57d6..6cedef3 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -1906,6 +1906,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + new = opt_malloc(sizeof(struct auth_zone)); + new->domain = opt_string_alloc(arg); + new->subnet = NULL; ++ new->exclude = NULL; + new->interface_names = NULL; + new->next = daemon->auth_zones; + daemon->auth_zones = new; +@@ -1913,6 +1914,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + while ((arg = comma)) + { + int prefixlen = 0; ++ int is_exclude = 0; + char *prefix; + struct addrlist *subnet = NULL; + struct all_addr addr; +@@ -1923,6 +1925,12 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + if (prefix && !atoi_check(prefix, &prefixlen)) + ret_err(gen_err); + ++ if (strstr(arg, "exclude:") == arg) ++ { ++ is_exclude = 1; ++ arg = arg+8; ++ } ++ + if (inet_pton(AF_INET, arg, &addr.addr.addr4)) + { + subnet = opt_malloc(sizeof(struct addrlist)); +@@ -1960,8 +1968,17 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + if (subnet) + { + subnet->addr = addr; +- subnet->next = new->subnet; +- new->subnet = subnet; ++ ++ if (is_exclude) ++ { ++ subnet->next = new->exclude; ++ new->exclude = subnet; ++ } ++ else ++ { ++ subnet->next = new->subnet; ++ new->subnet = subnet; ++ } + } + } + break; +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch b/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch new file mode 100644 index 0000000..054323b --- /dev/null +++ b/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch @@ -0,0 +1,41 @@ +From c8328ecde896575b3cb81cf537747df531f90771 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon(a)thekelleys.org.uk> +Date: Fri, 5 Aug 2016 16:54:58 +0100 +Subject: [PATCH] Bump auth zone serial when reloading /etc/hosts and friends. + +--- + CHANGELOG | 4 ++++ + src/dnsmasq.c | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/CHANGELOG b/CHANGELOG +index 9f1e404..4f89799 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -20,6 +20,10 @@ version 2.77 + Fix problem with --dnssec-timestamp whereby receipt + of SIGHUP would erroneously engage timestamp checking. + Thanks to Kevin Darbyshire-Bryant for this work. ++ ++ Bump zone serial on reloading /etc/hosts and friends ++ when providing authoritative DNS. Thanks to Harrald ++ Dunkel for spotting this. + + + version 2.76 +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index a47273f..3580bea 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -1226,6 +1226,8 @@ static void async_event(int pipe, time_t now) + switch (ev.event) + { + case EVENT_RELOAD: ++ daemon->soa_sn++; /* Bump zone serial, as it may have changed. */ ++ + #ifdef HAVE_DNSSEC + if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME)) + { +-- +1.7.10.4 + -- 2.9.2

2 2

[PATCH] Add new package libusbredir
by Jonatan Schlag 07 Aug '16

07 Aug '16

This package adds support for the use redirection of spice. It is now possible to attach USB devices of the host where the spice client run to the virtual machine. This feature is also enabled in qemu. Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org> --- config/rootfiles/packages/libusbredir | 18 ++++++++ lfs/libusbredir | 84 +++++++++++++++++++++++++++++++++++ lfs/qemu | 6 +-- make.sh | 1 + 4 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 config/rootfiles/packages/libusbredir create mode 100644 lfs/libusbredir diff --git a/config/rootfiles/packages/libusbredir b/config/rootfiles/packages/libusbredir new file mode 100644 index 0000000..af3710a --- /dev/null +++ b/config/rootfiles/packages/libusbredir @@ -0,0 +1,18 @@ +#usr/include/usbredirfilter.h +#usr/include/usbredirhost.h +#usr/include/usbredirparser.h +#usr/include/usbredirproto.h +#usr/lib/libusbredirhost.a +#usr/lib/libusbredirhost.la +usr/lib/libusbredirhost.so +usr/lib/libusbredirhost.so.1 +usr/lib/libusbredirhost.so.1.0.0 +#usr/lib/libusbredirparser.a +#usr/lib/libusbredirparser.la +usr/lib/libusbredirparser.so +usr/lib/libusbredirparser.so.1 +usr/lib/libusbredirparser.so.1.0.0 +#usr/lib/pkgconfig/libusbredirhost.pc +#usr/lib/pkgconfig/libusbredirparser-0.5.pc +usr/sbin/usbredirserver +#usr/share/man/man1/usbredirserver.1 diff --git a/lfs/libusbredir b/lfs/libusbredir new file mode 100644 index 0000000..6512d27 --- /dev/null +++ b/lfs/libusbredir @@ -0,0 +1,84 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2016 IPFire Team <info(a)ipfire.org> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <http://www.gnu.org/licenses/>. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.7.1 + +THISAPP = usbredir-$(VER) +DL_FILE = $(THISAPP).tar.bz2 +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = libusbredir +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 35cfb1720967727dea523b943cc4126b + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/qemu b/lfs/qemu index 62010ee..fb4f4b3 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -33,9 +33,9 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = qemu -PAK_VER = 20 +PAK_VER = 21 -DEPS = "sdl spice" +DEPS = "libusbredir sdl spice" ############################################################################### # Top-level Rules @@ -81,7 +81,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \ --enable-kvm --disable-bluez --disable-attr \ --target-list="i386-linux-user x86_64-linux-user arm-linux-user i386-softmmu x86_64-softmmu arm-softmmu" \ - --extra-cflags="$(CFLAGS)" --enable-spice + --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/make.sh b/make.sh index c6b1b5b..a992c2f 100755 --- a/make.sh +++ b/make.sh @@ -708,6 +708,7 @@ buildipfire() { ipfiremake spice-protocol ipfiremake spice ipfiremake sdl + ipfiremake libusbredir ipfiremake qemu ipfiremake sane ipfiremake netpbm -- 2.1.4

2 3

[PATCH v2] Add new package libusbredir
by Jonatan Schlag 07 Aug '16

07 Aug '16

This package adds support for the use redirection of spice. It is now possible to attach USB devices of the host where the spice client run to the virtual machine. The binary is not needed for this functionality and that's why they is not shipped with the package This feature is also enabled in qemu. Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org> --- config/rootfiles/packages/libusbredir | 18 ++++++++ lfs/libusbredir | 84 +++++++++++++++++++++++++++++++++++ lfs/qemu | 6 +-- make.sh | 1 + 4 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 config/rootfiles/packages/libusbredir create mode 100644 lfs/libusbredir diff --git a/config/rootfiles/packages/libusbredir b/config/rootfiles/packages/libusbredir new file mode 100644 index 0000000..d08e0b6 --- /dev/null +++ b/config/rootfiles/packages/libusbredir @@ -0,0 +1,18 @@ +#usr/include/usbredirfilter.h +#usr/include/usbredirhost.h +#usr/include/usbredirparser.h +#usr/include/usbredirproto.h +#usr/lib/libusbredirhost.a +#usr/lib/libusbredirhost.la +usr/lib/libusbredirhost.so +usr/lib/libusbredirhost.so.1 +usr/lib/libusbredirhost.so.1.0.0 +#usr/lib/libusbredirparser.a +#usr/lib/libusbredirparser.la +usr/lib/libusbredirparser.so +usr/lib/libusbredirparser.so.1 +usr/lib/libusbredirparser.so.1.0.0 +#usr/lib/pkgconfig/libusbredirhost.pc +#usr/lib/pkgconfig/libusbredirparser-0.5.pc +#usr/sbin/usbredirserver +#usr/share/man/man1/usbredirserver.1 diff --git a/lfs/libusbredir b/lfs/libusbredir new file mode 100644 index 0000000..652a60d --- /dev/null +++ b/lfs/libusbredir @@ -0,0 +1,84 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2016 IPFire Team <info(a)ipfire.org> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <http://www.gnu.org/licenses/>. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.7.1 + +THISAPP = usbredir-$(VER) +DL_FILE = $(THISAPP).tar.bz2 +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = libusbredir +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 35cfb1720967727dea523b943cc4126b + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/qemu b/lfs/qemu index 62010ee..fb4f4b3 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -33,9 +33,9 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = qemu -PAK_VER = 20 +PAK_VER = 21 -DEPS = "sdl spice" +DEPS = "libusbredir sdl spice" ############################################################################### # Top-level Rules @@ -81,7 +81,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \ --enable-kvm --disable-bluez --disable-attr \ --target-list="i386-linux-user x86_64-linux-user arm-linux-user i386-softmmu x86_64-softmmu arm-softmmu" \ - --extra-cflags="$(CFLAGS)" --enable-spice + --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/make.sh b/make.sh index fdda3e5..efbdfb8 100755 --- a/make.sh +++ b/make.sh @@ -708,6 +708,7 @@ buildipfire() { ipfiremake spice-protocol ipfiremake spice ipfiremake sdl + ipfiremake libusbredir ipfiremake qemu ipfiremake sane ipfiremake netpbm -- 2.1.4

1 0

[PATCH] New package: Unbound 1.5.9 Repacement for dnsmasq
by Marcel Lorenz 06 Aug '16

06 Aug '16

Hi, i have build Unbound 1.5.9 as addon for IPFire. Later this can completly replace dnsmaqs on IPFire. I myself run unbound over 6 weeks on more than 8 IPfire installations wihtout any problems! (x86 and x64). In this time i optimizing the config and the scripts. Now i think it's time to push my work to the mailing list... :) Addon Description: Unbound is a validating, recursive, and caching DNS resolver. It is designed as a set of modular components that incorporate modern features, such as enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver library API as an integral part of the architecture. https://www.unbound.net/ http://www.linuxfromscratch.org/blfs/view/svn/server/unbound.html Configuration: The main config file is the "/etc/unbound/unbound.conf" (default). I created a cleared config file with no descriptions and with all necessary and useful settings. (The original unbound.conf was renamed to unbound_org.conf). Unbound runs with this config in chroot mode under a separate user ("unbound" created while installing the addon). The config file is prepared for IPv6, but is disabled with "do-ip6: no". The logfile is located at /etc/unbound/log/. In chroot mode the only working location! The logrotate script moves the log daily to /var/log/unbound/. Nice statistcis are possible for IPFire's WebIF. Take a look to https://www.unbound.net/documentation/howto_statistics.html. I have written two addintional scripts and the init scripts to integrate Unbound into IPFire. The second deamon is a watcher for the dhcpd lease file. It is only started if the DNS-Update (RFC2136) in WebIF is enabled. The unbound init script checks the WebIf valve and stats the watcher daemon automatically. I need a working solution to start a deamon from Webif with nobody rights when click "save" on dhcp server section. New folders: /etc/unbound - main config folder /etc/unbound/blocklists - for block lists, named as "*.conf" /etc/unbound/log - contains undbound.log /etc/unbound/zones - for extra zone files, named as "*.conf" and contains local.conf /var/log/unbound - contains the older logfiles The /etc/unbound/forward.conf can be edit for extra DNS-Server independently from IPFire setup. More than 2 servers are possible. Needed scripts: /usr/sbin/unbound-switch Switching between dnsmasq and unbound. Creates and removes the autostart links for unbound und dnsmasq and switches the network init script /usr/sbin/unbound-zone Reading current IPFire's network, domain and static hosts config and create IPFire's DNS-Zone file (/etc/unbound/zones/local.conf) /src/initscripts/init.d/unbound The init script for unbound under IPFire. This Srcipt creates the needed interface.conf and dnssec.conf under /etc/unbound/. These values are read from the files /var/ipfire/ethernet/settings and /var/ipfire/red/resolv.conf /src/initscripts/init.d/network-unbound A copy from /src/initscripts/init.d/network with removed workarounds for dnsmasq. It's not a perfect solution, but i have no better idea to remove error messages in boot log. /src/initscripts/init.d/unbound-dhcpd The init script for python written dhcp watcher daemon /usr/sbin/watcherdhcpd.py This script and the additional python files comes from the OPNsense Firewall disribution. I modified the watcher script to work with universal standard times in the IPFire's dhcp lease file (/var/state/dhcp/dhcpd.leases) Additional python files under /usr/lib/python2.7/site-packages daemonize.py for demonizing the python watcher script dhcpd.py needed file for watcherdhcpd.py (read the lease file) params.py needed file for watcherdhcpd.py (procces python daemon args) Special init scipt options (default settings): CONTROL_INTERFACE_FILE=1 - enable or disable creation/updating of /etc/unbound/interfaces.conf CONTROL_ACCESS_FILE=1 - enable or disable creation/updating of /etc/unbound/access.conf USE_CUSTOM_FORWARDS=0 - enable or disable the unsing of custom DNS forwards file /etc/unbound/forward.conf ENABLE_DNSSEC=1 - enable or disable DNSSEC (deactivates unbounds validator module) /etc/unbound/dnssec.conf As an goodie, my patch include a block list for microsoft (skynet) windows telemetry hosts to disable phone home. The /etc/unbound/blocklists/ms-telemetry.conf file can be removed or renamed if not needed. The second goodie: the /etc/fcron.weekly/update_unbound_anchor script downloads an ad-server block list zone file for unbound from http://pgl.yoyo.org/adservers/#unbound. This is a very nice block list for ads. If not needed remove the line: "curl -sS -L --compressed "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0…" > /etc/unbound/blocklists/ad-servers.conf" from the file. I hope this small description is useful for all. Hints and suggestions are welcome. Greetings, Marcel -- 1.9.1

2 2

[PATCH v2] Libvirt: Remove delay from start command in install.sh
by Jonatan Schlag 03 Aug '16

03 Aug '16

Fixes: #11152 Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org> --- lfs/libvirt | 2 +- src/paks/libvirt/install.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/libvirt b/lfs/libvirt index c551bc2..ea8b0e8 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = libvirt -PAK_VER = 5 +PAK_VER = 6 DEPS = "libpciaccess libyajl ncat qemu" diff --git a/src/paks/libvirt/install.sh b/src/paks/libvirt/install.sh index 1034b6b..4a693b9 100644 --- a/src/paks/libvirt/install.sh +++ b/src/paks/libvirt/install.sh @@ -45,7 +45,7 @@ chown -R nobody:kvm /var/lib/libvirt/images # restore the backup restore_backup ${NAME} -start_service --delay 300 --background libvirtd +start_service --background libvirtd ln -svf /etc/init.d/libvirtd /etc/rc.d/rc0.d/K20libvirtd ln -svf /etc/init.d/libvirtd /etc/rc.d/rc3.d/S70libvirtd ln -svf /etc/init.d/libvirtd /etc/rc.d/rc6.d/K20libvirtd -- 2.1.4

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development August 2016