Development May 2024

development@lists.ipfire.org

11 participants
32 discussions

New Mirror in Singapore - 10GBPS
by Karibu - Freedif.org 14 May '24

14 May '24

Hello, I’m the admin of the mirror freedif.org 5 <http://freedif.org> and we would like to support ipfire project. I’ve synced and ready to support the project. Will it be possible to be added to the pool of mirror please? Location: Singapore Bandwidth: 10GBPS Admin: Karibu URL: https://mirror.freedif.org/ipfire/ (or HTTP) Let me know if you need further information Thanks Kari -- Sent with Tutanota

2 3

[PATCH] dnsdist: Update to 1.9.4
by Michael Tremer 14 May '24

14 May '24

This release fixes CVE-2024-25581, a denial of service security issue affecting versions 1.9.0, 1.9.1, 1.9.2 and 1.9.3 only. Earlier versions are not affected. When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> --- lfs/dnsdist | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/dnsdist b/lfs/dnsdist index d1b23b75b..5a8c0ac70 100644 --- a/lfs/dnsdist +++ b/lfs/dnsdist @@ -26,7 +26,7 @@ include Config SUMMARY = A highly DNS-, DoS- and abuse-aware loadbalancer -VER = 1.9.3 +VER = 1.9.4 THISAPP = dnsdist-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dnsdist -PAK_VER = 21 +PAK_VER = 23 SUP_ARCH = x86_64 aarch64 @@ -52,7 +52,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 663b8a2161c5a7b94541cd775f135a99997024648c5bb57fd2ec18c7ede29aebda142452f97332300c45af32b5131e4dd5f9c1f904a1d68962398fa9a28c474e +$(DL_FILE)_BLAKE2 = a8cfc5c2da135ed96b857f9f1b6c3caa796b27f66ff7ead6e976b871a5e5db208ef3ce275c23085318bd7ff2f0fa2ec19e28ad36234991d84b8d13e74acb2f34 install : $(TARGET) -- 2.39.2

1 0

[PATCH] unbound: Update to 1.20.0
by Matthias Fischer 14 May '24

14 May '24

For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-20-0 Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- config/rootfiles/common/unbound | 2 +- lfs/unbound | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 95dafc4da..79612c634 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.26 +usr/lib/libunbound.so.8.1.27 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/lfs/unbound b/lfs/unbound index f09e76b1b..904744bc2 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -24,7 +24,7 @@ include Config -VER = 1.19.3 +VER = 1.20.0 THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 5d9cbc26510afc2b92ecce6307cd9924a1b450892f7839f076535177ab35f78059d271e628e2aa995b62f5cf97add2363561a819d6e0181beb6b44421661d8f0 +$(DL_FILE)_BLAKE2 = b272a6b8c0118819d9803f0c7f7a4b7eff77e37682f4a9a0f749cafa08da4d4de01cd7bf71698b8fc5a7cdf5ca03685978e6b4395c586c35d1d13bebb7cbb538 install : $(TARGET) -- 2.34.1

2 1

[PATCH v2] e2fsprogs: Fixes bug#13073 - Update to version 1.47.0
by Adolf Belka 13 May '24

13 May '24

- Previously this patch was reverted due to Grub not being able to boot with it. This was fixed in Grub-2.12 - Confirmed on my vm testbed that a CU186 install with this e2fsprogs version was able to complete the install when the reboot button at the end of the first install stage was completed. - Update from version 1.46.5 to 1.47.0 - Update of rootfile not required - Changelog E2fsprogs 1.47.0 (February 5, 2023) Updates/Fixes since v1.46.6: UI and Features Add support for the orphan_file feature, which speeds up workloads that are deleting or truncating a large number files in parallel. This compat feature was first supported in the v5.15 Linux kernel. The mke2fs program (via the mke2fs.conf file) now enables the metadata_csum_seed and orphan_file features by default. The metadata_csum_seed feature is an incompat feature which is first supported in the Linux kernel starting in the 4.4 kernel and e2fsprogs 1.43. Mke2fs now supports the extended option "assume_storage_prezeroed" which causes mke2fs to skip zeroing the journal and inode tables and to mark the inode tables as zeroed. Add support to tune2fs and e2label to set the label and UUID for a mounted file system using a ioctl, which is more reliable than modifying the superblock via writing to the block device. The kernel support for setting the label landed in v5.17, while the support for adding the UUID landed in v6.0. If the ioctls are not supported, tune2fs and e2label will fall back old strategy of directly modifying the superblock. Allow tune2fs to disable the casefold feature after scanning all of the directories do not have the Casefold flag set. Fixes Fix a potential unbalanced mutex unlock when there is a short read while using the bounce buffer when using direct I/O. Performance, Internal Implementation, Development Support etc. Fix various Coverity and compiler warnings. Add the new function ext2fs_xattrs_read_inode() which takes an in-memory inode to avoid needing to reread an inode that was already read into memory. Teach debugfs logdump command the -n option which forces printing a specified number of transactions, even when a block missing a magic number would have stopped the logdump. (This is for debugging journalling problems.) E2fsprogs 1.46.6 (February 1, 2023) Updates/Fixes since v1.46.5: UI and Features Debugfs's ncheck command now allows the inode number to be surrounded by angle brackets, to be consistent with other debugfs commands. Debugfs no longer prints a scary message when debugfs -c (which enables "catastrophic mode") is used. This was intended to allow debugfs to operate on very badly corrupted file systems, but it is now sometimes used to suppress reading the block and inode bitmaps when they are not needed. Resize2fs will round down the requested new file system size to the nearest cluster boundary when resizing bigalloc file systems. Improve error messages issued by badblocks. Fuse2fs now supports an offset=<bytes> option which allows operating on a file system image which is located starting at the specified offset from the beginning of the image. Fixes Pre-v6.2 Linux kernels had long-standing bug in how the extended attribute hash was calculated when there were non-ASCII characters in the xattr name, when the hash would be different depending on whether the C 'char' type was signed or unsigned. To address this bug, starting with e2fsprogs 1.46.6+ and Linux 6.2+, we will accept either the signed or unsigned hash variant, but only set the unsigned hash variant. Since extended attribute names are in practice composed of ASCII characters, other than various tests (such as generic/454), most users will hopefully not notice this change. Avoid triggering udev in dumpe2fs and "resize2fs -P" for file systems with MMP enabled by opening the device read-only when reading the MMP block. Fix MMP handling so it can notice when another writer has modify the MMP block out from under it when stopping a MMP sessions. Fix tune2fs so it will detect another device stealing the MMP sessions while rewriting metadata checksums. E2fsck will now check to make sure the journal inode does not have the encrypt flag set. Fix a deadlock bug in e2fsck's error handler when there are errors trying to write to the file system. Fix a bug where e2fsck could fail when specifying an undo file and an explicit superblock number. Fix e2image so it won't potentially loop forever for certain invalid file systems. Fix resize2fs to honor the E2FSPROGS_FAKE_TIME environment variable. This allows embedded system builders who use resize2fs as part of their image build process to create reproducible images. Fix tune2fs to avoid a crash if the journal replay fails and to make sure its exit status is non-zero if there is some failure. Fix tune2fs, fuse2fs, and debugsfs to update j_tail_sequence when replaying the journal. Add additional bullet-proofing for very badly corrupted file systems. Try avoid UBSAN warnings, null pointer derferences, and other memory bugs. (Addresses CVE-2022-1304) Don't fail when the source directory for mke2fs -d doesn't support extended attributese. Check for and handle malloc() failures when computing the log filename in e2fsck and in the libss library. Fix tune2fs and e2fsck to accept pathames which include '=' characters. Previously arguments to tune2fs and e2fsck which included '=' characters are presumed to be blkid specifiers such as UUID=xxx or LABEL=yyy. If a specifier is both a valid pathname name and blkid tag name specifier, priority is given to a blkid resolved pathname. Improve tune2fs's error messages. Fix a bug in tune2fs which could cause it to crash if device goes off-line just as it being opened. Fix the fsck driver so if it is interrupted while running fsck -N it doesn't end up kllling all processes on the system. Fix a crash in badblocks when the user specifies an overly large number of blocks tested at a time in read/write or nondestructive mode. Update and clarify's chattr's man page and usage message. Fix spelling typo's in a variety of different man pages and comments. Performance, Internal Implementation, Development Support etc. Update to autoconf 2.71. Update flags used to create shared library on Darwin/MacOS. Speed up e2fsck's clonning of multiply-claimed blocks so it is substantially faster on very large file systems. Add tests/fuzz directory with fuzzers from oss-fuzz. Add a Github Actions configuration file so that Github will run CI tests on Linux, Windows and MacOS on a push to the e2fsprogs github repo. Make the mtab parsing in ext2fs_check_mount_point() more careful so it won't get confused when a block device shows up in the mnt_name field for a virtual file system. Fix the libss's Makefile to create the man page directory before trying to install its man page. Fix various Coverity and compiler warnings. Make tests more portable on various different OS's and system configurations (e.g., with SELinux enabled, MacOS, and Windows) Use mallinfo2() instead of mallinfo() where avilable, since mallinfo() is deprecated on newer glibc versions. E2fsck will no longer do a full scan of disconnected directory when trying to print the parent directory, which is pointless and can slow down e2fsck if there are a large number of disconnected directories. Debugfs will now print the extended attribute's e_hash field. Fix the setup-schroot script to work on non-Linux platforms. Fix ext2fs_compare_generic_bmap() so it correctly compares all of the bits in the bitmap, and so that it works correctly when comparing a bitarray bitmap with a rbtree-based bitmap. (Fortunately, none of the programs in e2fsprogs uses bitmap comparison functions.) Fix memory leaks on error paths. Add support for the configure option --enable-largefile so that e2fsprogs can utilize largefile support for the MUSL C library. Add an note that the dict library code has been modified, as required by the Kazlib license. Synchronized changes from Android's AOSP e2fsprogs tree. Updated config.guess and config.sub with newer versions from the FSF. Add Friulian translation. Update Chinese, Czech, Dutch, French, German, Malay, Polish, Serbian, Spanish, Swedish, and Ukrainian translations. Fixes: bug#13073 Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- lfs/e2fsprogs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/e2fsprogs b/lfs/e2fsprogs index 4758b5401..ce1ba19a4 100644 --- a/lfs/e2fsprogs +++ b/lfs/e2fsprogs @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.46.5 +VER = 1.47.0 THISAPP = e2fsprogs-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 8d8c02e891c464782a7cff518c41d793fc73366b57e17d80ffc5afd96e6144e354290e667e9710509a9dde4e5dab7e7185c5bf084c5bfd26219f05e5e92e0830 +$(DL_FILE)_BLAKE2 = 84f58b05a9f0e14e1a66c6e5171ff23b022f51c4e9a02d4d6d1d26c91909f3c7ec9c9f0462663a4457b4479043774502b8891f691e58a61f4ef6bf9ba33f33aa install : $(TARGET) -- 2.44.0

2 1

[PATCH suggestion] Fix init.d script for sslh add-on version sslh-1.22c-7
by clearskiesnow 12 May '24

12 May '24

Hi, in the hopes of reviving the sslh add-on and avoiding its removal, here's the only change needed to fix its startup init script: src/initscripts/packages/sslh diff sslh sslh.new 39c39 < -p "${LOCAL_IP_ADDRESS}:443" -s localhost:222 -l localhost:444 ---> -p "${LOCAL_IP_ADDRESS}:443" --ssh=localhost:222 --tls=localhost:444

2 1

[PATCH] mympd: update to 15.0.1
by Arne Fitzenreiter 10 May '24

10 May '24

Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> --- config/rootfiles/packages/mympd | 2 ++ lfs/mympd | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/config/rootfiles/packages/mympd b/config/rootfiles/packages/mympd index b0ac2859f..3b93618b7 100644 --- a/config/rootfiles/packages/mympd +++ b/config/rootfiles/packages/mympd @@ -3,6 +3,8 @@ usr/bin/mympd usr/bin/mympd-config usr/bin/mympd-script #usr/lib/systemd/system/mympd.service +#usr/lib/systemd/user +#usr/lib/systemd/user/mympd.service #usr/share/doc/mympd #usr/share/doc/mympd/CHANGELOG.md #usr/share/doc/mympd/LICENSE.md diff --git a/lfs/mympd b/lfs/mympd index 012f867da..1dd1c530d 100644 --- a/lfs/mympd +++ b/lfs/mympd @@ -26,7 +26,7 @@ include Config SUMMARY = Webfrontend for Music Player Daemon -VER = 14.1.2 +VER = 15.0.1 THISAPP = myMPD-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mympd -PAK_VER = 5 +PAK_VER = 6 DEPS = mpd libmpdclient @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 59a5d62ed1e91d422f091f331bd935b0988715fd641b81f48e19a37694cc14da2c78d4563bb149767afd873bcebdfaccfd984b63f45a6bb321214eebb3807ddf +$(DL_FILE)_BLAKE2 = ebd28edb73a884cbb30a5ceefc20813c678c28b03601f97ac9889c2c242dd7a2f7934d98b1f92bf148283ad9f026ac0994b75a1d046d3694160871523dc8a7ca install : $(TARGET) -- 2.39.2

1 0

[PATCH 1/9] ipsec-interfaces: Don't throw away errors when creating routes
by Michael Tremer 10 May '24

10 May '24

This partly reverts 87a97a431915849cf6d19e1b7137b4fb0b6dd91d. Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> --- src/scripts/ipsec-interfaces | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/scripts/ipsec-interfaces b/src/scripts/ipsec-interfaces index 974d3ac84..b05b2009c 100644 --- a/src/scripts/ipsec-interfaces +++ b/src/scripts/ipsec-interfaces @@ -115,7 +115,7 @@ main() { # We are done when IPsec is not enabled if [ "${ENABLED}" = "on" ]; then # Enable route table lookup - ip rule add lookup "${ROUTE_TABLE}" prio "${ROUTE_TABLE_PRIO}" >/dev/null 2>&1 + ip rule add lookup "${ROUTE_TABLE}" prio "${ROUTE_TABLE_PRIO}" while IFS="," read -r "${VARS[@]}"; do # Check if the connection is enabled @@ -158,7 +158,7 @@ main() { log "Creating route to ${rightsubnet} (via ${address} and ${RED_INTF})" ip route add table "${ROUTE_TABLE}" "${rightsubnet}" proto static \ - dev "${RED_INTF}" src "${address}" >/dev/null 2>&1 + dev "${RED_INTF}" src "${address}" done # No interface processing required -- 2.39.2

2 17

Re: New Mirror in Singapore - 10GBPS
by Karibu - Freedif.org 08 May '24

08 May '24

Hello Michael and thanks for reaching out. I am using Github to share the details of the mirror but I'll set up a page on the root domain, it will be easier indeed. For the 2nd point, I may have option for a better routing, I will reach out to them. Do note that I tend to open a mirror where I see lower connectivity in Singapore or nearby but I am able to offer good speed and reliability. I totally understand your concerns and I am able to maintain trust for various opensource projects like Gimp, VLC, GNU, Kali, LinuxMint and others for more than 5 years. I will revert back to you once I've made progress on those. Probably by early next week. Thank youKari -- Sent with Tutanota 8 May 2024, 03:59 by michael.tremer(a)ipfire.org: > Hello Kari, > > Thank you for offering a mirror, but as far as I can see, this is not entirely fit for our purposes: > > * First of all, there is no page that describes who is hosting this mirror. There is only a default page of Apache running on Debian on http://freedif.org/. Who is Karibu? > > * This mirror seems to be hosted on a residential internet connection at https://myrepublic.net/sg/. It seems to have rather poor peering as traffic from Europe is being routed all the way through the US, Japan and Hong Kong. Some other IP addresses that I have tested go a more direct route so that I am assuming that routing from other places in the world isn’t great either. > > Are these things that you can fix? > > -Michael > >> On 3 May 2024, at 15:25, Karibu - Freedif.org <karibu(a)freedif.org> wrote: >> >> >> Hello, >> I’m the admin of the mirror freedif.org 5 and we would like to support ipfire project. >> I’ve synced and ready to support the project. >> >> Will it be possible to be added to the pool of mirror please? >> >> Location: Singapore >> Bandwidth: 10GBPS >> Admin: Karibu >> URL: https://mirror.freedif.org/ipfire/ (or HTTP) >> >> Let me know if you need further information >> Thanks >> Kari >> -- >> Sent with Tutanota >>

1 0

[PATCH] bacula: Update to version 13.0.4
by Adolf Belka 06 May '24

06 May '24

- Update from version 11.0.6 to 13.0.4 - Update of rootfile - Version 13.x has now been released for 12 months so updating the File Daemon to 13.x should be good. - Version 11.x was released 40 months ago. - Changelog The changes are all related to the Director and the Storage Daemon. The changelog states that older file daemons "should" be compatible with 13.x DIR & SD. This change ensures IPfire "is" compatible with the 13.x DIR & SD. Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/rootfiles/packages/bacula | 6 +++--- lfs/bacula | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config/rootfiles/packages/bacula b/config/rootfiles/packages/bacula index 2a092cccd..0a3f3b3f7 100644 --- a/config/rootfiles/packages/bacula +++ b/config/rootfiles/packages/bacula @@ -21,13 +21,13 @@ etc/rc.d/init.d/bacula #opt/bacula #opt/bacula/log #usr/lib/bpipe-fd.so -usr/lib/libbac-11.0.6.so +usr/lib/libbac-13.0.4.so #usr/lib/libbac.la usr/lib/libbac.so -usr/lib/libbaccfg-11.0.6.so +usr/lib/libbaccfg-13.0.4.so #usr/lib/libbaccfg.la usr/lib/libbaccfg.so -usr/lib/libbacfind-11.0.6.so +usr/lib/libbacfind-13.0.4.so #usr/lib/libbacfind.la usr/lib/libbacfind.so #usr/sbin/bacula diff --git a/lfs/bacula b/lfs/bacula index 5fb085a61..f2a794a29 100644 --- a/lfs/bacula +++ b/lfs/bacula @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Enterprise-ready Network Backup Software -VER = 11.0.6 +VER = 13.0.4 THISAPP = bacula-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = bacula -PAK_VER = 12 +PAK_VER = 13 DEPS = @@ -51,7 +51,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 60b1c1f4de3cef7470f0f33aa9d361393cee176222bb911d93bac108b8e3a6e38d73acdcc8b773a06d8820039d2e12a4216a5773a4fab4a9c35095607bd6b7c6 +$(DL_FILE)_BLAKE2 = e54a754280178f74f97fdbb3c91a596b632d80739fedd5f847d183f0852ea9e82bba55ad9a745ee1ceb945bd527d33b117bc3c866783bd3073166bd20607a72a install : $(TARGET) -- 2.44.0

1 0

[PATCH] update.sh: Add SPAMHAUS_DROP if SPAMHAUS_EDROP was previously used
by Adolf Belka 04 May '24

04 May '24

- I realised that the previous patch for update.sh related to the ipblocklist removal of ALIENVAULT and SPAMHAUS_EDROP only removed the SPAMHAUS_EDROP setting. It makes sense to add SPAMHAUS_DROP to the settings file if SPAMHAUS_EDROP was previously used and SPAMHAUS_DROP was not selected. - This patch adds the above change. Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/rootfiles/core/186/update.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/rootfiles/core/186/update.sh b/config/rootfiles/core/186/update.sh index 444b041a4..5d7add89f 100644 --- a/config/rootfiles/core/186/update.sh +++ b/config/rootfiles/core/186/update.sh @@ -141,6 +141,7 @@ fi # Remove any entry for ALIENVAULT or SPAMHAUS_EDROP from the ipblocklist modified file # and the associated ipblocklist files from the /var/lib/ipblocklist directory +# If SPAMHAUS_EDROP was used and SPAMHAUS_DROP not used then add SPAMHAUS_DROP to settings file sed -i '/ALIENVAULT=/d' /var/ipfire/ipblocklist/modified sed -i '/SPAMHAUS_EDROP=/d' /var/ipfire/ipblocklist/modified if [ -e /var/lib/ipblocklist/ALIENVAULT.conf ]; then @@ -148,6 +149,9 @@ if [ -e /var/lib/ipblocklist/ALIENVAULT.conf ]; then fi if [ -e /var/lib/ipblocklist/SPAMHAUS_EDROP.conf ]; then rm /var/lib/ipblocklist/SPAMHAUS_EDROP.conf + if [ ! -e /var/lib/ipblocklist/SPAMHAUS_DROP.conf ]; then + echo "SPAMHAUS_DROP=on" >> /var/ipfire/ipblocklist/settings + fi fi # This update needs a reboot... -- 2.44.0

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development May 2024