This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via a1484cc31a0f80c0cae7c6585fc6655c8f31996d (commit) via a2b127c3e102c58030b7d2920ae36a14d1726c9e (commit) via 20371c8294f44f6bd06bc97c1c03db94f0722afa (commit) via 30edf752e21f5d27972a891ca69424570a36c049 (commit) via c56eb6cbeff97451baecdb5a2fb6087be24fac60 (commit) via ac36f9f2c1f11e8c998448e4dc57c5abe1e30f51 (commit) via 82760a506b0c8753cdcead81ec1f7579edb46745 (commit) via f48544ef43f80e70b6100a45d2c7688bbf04a71c (commit) via d07fb5668d3df68931d9cedab59e8ac2aac22e72 (commit) via 0b95de5cbfc7a5fd6deb2d4e43bbd442f4823378 (commit) via 8799c54e989288643bb2ef90074423a3b9c41e15 (commit) via 7b30673be3e3006ea915c08b6b2669021b01a81b (commit) via 549f5294c34855354e1983cc3440425eb3305b77 (commit) via c43d3a12ae5204bd19212cc29211e84d135bc03e (commit) via 496dfedfa2df5c30187f0b35ce017929fdc7413b (commit) via 689246f594ceb0e99da7b364c8fe1fda7f46088d (commit) via 405e359ee694530e473106f8960bfcf1dff83e9a (commit) via 1a654c6269e8ed6cc62cd7b516683bb4acb641df (commit) via 0deb3dacdaede1e99dd4a92a789a2b8264eb04b7 (commit) via 91a29ffc1607a430ad0b00d0559e3d55bdfad601 (commit) via fddcbfd4f5020f59ae48207f140d9fe52cde93ec (commit) via 85d5f26fa947c77d465a177a58f3a240fdb0daae (commit) via 45221cc614eb9bccf779d79d01f7dbce6b705045 (commit) via af048d4bf184af129e70586a5e7ed2ac71275621 (commit) via 241d8a753a8deefb3c1db604612a0ae5a0d0d638 (commit) via 2ae78be0817c9e2f667171cfa7e1c87655a28000 (commit) via 73d18835c0a4609fd46e81c4a8b43270bd9b6bc8 (commit) via 9268cddfd284f82df51fd76c48b1810f5980620e (commit) via c5c1f3044708de445b27139776e2c0054b2190df (commit) via eab7754d1e8b7f487ad12556c95f74c9a7cc046c (commit) via 112441db22d07e43c1f6b5e55d9c60f65916ed3a (commit) via 30f411694c8100086ff836a6d13140acdc68d9dd (commit) via f542b163281b8bdd877d2b8e93945f271b2aca50 (commit) via d3a4c2fc5015bad251f0ed608b4d91b701f742f5 (commit) via 5c581bbb87b2245f2c020ee3782a35e2dbe4cbe3 (commit) via db584cb746ba562bcddf1a5adb27770e2aef5f0e (commit) via d5b7826ee84de1920078c032bfe54dd057b16060 (commit) via 58d399710b5cf73f15e5ea6b7cd34717cc5f0a45 (commit) via efcd60effbc93d4fd958d5d3e81ca01ac1844ce9 (commit) via d4df452e1b79007ae5855c78266b22ca3b4fd5b5 (commit) via 654eb3c3c539cfb601b2e620b2819bc15df85563 (commit) via cd26578fc91a68f26866d693e5dc334356733d8e (commit) via 90aa2574773c0ede7ed4e700c4ae22578a30e350 (commit) from 2a8a964609dff38bda7433bae5eecb1f5ecdfa7d (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit a1484cc31a0f80c0cae7c6585fc6655c8f31996d Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 21:11:31 2021 +0100
Core Update 162: Ship ddns
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a2b127c3e102c58030b7d2920ae36a14d1726c9e Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 21:10:57 2021 +0100
Core Update 162: Ship and restart OpenVPN
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 20371c8294f44f6bd06bc97c1c03db94f0722afa Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 23:48:32 2021 +0100
Core Update 162: Remove jwhois, ship currently maintained whois client
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 30edf752e21f5d27972a891ca69424570a36c049 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Aug 6 13:16:42 2021 +0200
jwhois: Remove jwhois and all associated patches
- jwhois being replaced with whois - Removal of jwhois lfs, rootfile and assoicated patch files.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit c56eb6cbeff97451baecdb5a2fb6087be24fac60 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Aug 6 13:16:41 2021 +0200
whois: Installation of aan actively maintained whois client
- This whois client is being actively maintained. This version 5.5.10 was released on June 6th 2021 and regular updates have been ocurring several times per year. - This client has all of its default whois servers compiled into it. These can be seen by reading the source files in the tarball. - Therefore the whois.conf file is available for any additional servers that are decided to be required but as provided is empty. - Installed on a vm testbed and worked to identify the details of ip addresses. Selecting an IP in the WUI logs screen also gets the ip information provided so it is working well with the WUI.
Tested-by:Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit ac36f9f2c1f11e8c998448e4dc57c5abe1e30f51 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Aug 6 13:16:40 2021 +0200
make.sh: Remove jwhois and replace with whois
- jwhois is no longer being maintained. The last release was from 2005 and the last commit was in 2015. https://github.com/jonasob/jwhois - Debian switched to another whois client which is being actively maintained. https://github.com/rfc1036/whois - This patch series is the removal of jwhois and the installation of whois
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 82760a506b0c8753cdcead81ec1f7579edb46745 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 23:42:58 2021 +0100
Core Update 162: Ship dhcpcd
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f48544ef43f80e70b6100a45d2c7688bbf04a71c Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Nov 1 18:30:53 2021 +0100
dhcpcd: Update to 9.4.1
For details see: https://roy.marples.name/git/dhcpcd/shortlog/refs/heads/dhcpcd-9
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
commit d07fb5668d3df68931d9cedab59e8ac2aac22e72 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 23:39:28 2021 +0100
Core Update 162: Ship slang
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 0b95de5cbfc7a5fd6deb2d4e43bbd442f4823378 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Sep 28 23:21:39 2021 +0200
slang: Update to version 2.3.2
- Update from 2.3.0 to 2.3.2 - Update rootfile - Changelog is too large to include here. Details can be found in the changes.txt file in the source tarball.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 8799c54e989288643bb2ef90074423a3b9c41e15 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 23:37:29 2021 +0100
Core Update 162: Ship sshfs
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 7b30673be3e3006ea915c08b6b2669021b01a81b Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Sep 28 23:21:56 2021 +0200
sshfs: Update to version 3.7.2
- Update from 3.7.1 to 3.7.2 - Update of rootfile not required - Changelog Release 3.7.2 (2021-06-08) * Added a secondary check so if a mkdir request fails with EPERM an access request will be tried - returning EEXIST if the access was successful. Fixes: https://github.com/libfuse/sshfs/issues/243
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 549f5294c34855354e1983cc3440425eb3305b77 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Sep 28 23:22:10 2021 +0200
sslh: Update to version 1.22c
- Update from 1.7a (2013) to 1.22c (2021) - Update rootfile - Changelog is too large to include here. Full details can be read in the ChangeLog file in the source tarball
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c43d3a12ae5204bd19212cc29211e84d135bc03e Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Sep 28 23:22:32 2021 +0200
strace: Update to version 5.14
- Update from 5.11 to 5.14 - Update of rootfile not required - Changelog Noteworthy changes in release 5.14 (2021-09-02) * Improvements * Implemented decoding of memfd_secret and quotactl_fd syscalls, introduced in Linux 5.14. * Enhanced prctl syscall decoding. * Enhanced decoding of IFLA_* netlink attributes. * Enhanced decoding of MDBA_ROUTER_PATTR_* mdb router port netlink attributes. * Updated lists of BPF_*, IORING_*, MADV_*, MOUNT_ATTR_*, SCTP_*, and UFFD_* constants. * Updated lists of ioctl commands from Linux 5.14. * Bug fixes * Fixed build using bionic libc. Noteworthy changes in release 5.13 (2021-07-18) * Improvements * Print netlink data in a more structured way. * Implemented decoding of NT_PRSTATUS and NT_FPREGSET regsets of PTRACE_GETREGSET and PTRACE_SETREGSET requests. * Implemented decoding of regs argument of PTRACE_GETREGS, PTRACE_GETREGS64, PTRACE_SETREGS, PTRACE_SETREGS64, PTRACE_GETFPREGS, and PTRACE_SETFPREGS requests. * Implemented powerpc System Call Vectored ABI support. * Implemented decoding of landlock_add_rule, landlock_create_ruleset, and landlock_restrict_self syscalls introduced in Linux 5.13. * Enhanced decoding of perf_event_open syscall. * Updated lists of BPF_*, IORING_*, KEXEC_*, KEY_*, KVM_*, NT_*, PR_*, PTRACE_*, RTM_*, RTPROT_*, TRAP_*, UFFD_*, UFFDIO_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 5.13. * Portability * On powerpc and powerpc64, linux kernel >= 2.6.23 is required. Older versions without a decent PTRACE_GETREGS support will not work. Noteworthy changes in release 5.12 (2021-04-26) * Improvements * Implemented --secontext[=full] option to display SELinux contexts. * Implemented decoding of mount_setattr syscall introduced in Linux 5.12. * Updated decoding of IFLA_BRPORT_* netlink attributes to match Linux 5.12. * Updated lists of DEVCONF_*, IORING_*, KVM_*, MPOL_*, MTD_*, NFT_MSG_*, RESOLVE_*, RTM_*, ST_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 5.12. * Bug fixes * Fixed build using bionic libc. * Portability * Added binutils 2.36 support to --enable-mpers builds. - More details of the above changes can be found in the ChangeLog file in the source tarball
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 496dfedfa2df5c30187f0b35ce017929fdc7413b Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 23:35:06 2021 +0100
Core Update 162: Ship bind and libuv
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 689246f594ceb0e99da7b364c8fe1fda7f46088d Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Nov 11 09:14:49 2021 +0100
libuv: Required for build and run of bind utilities
- Install libuv lfs and rootfile - Add libuv to make.sh - Tested by running bind utilities on a vm testbed
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 405e359ee694530e473106f8960bfcf1dff83e9a Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Nov 11 09:14:48 2021 +0100
bind: Update to version 9.16.22
- Update from 9.11.32 to 9.16.22 - 9.11 is an ESV (Extended Support Version) that will go EOL in December 2021 9.16 is the replacement ESV whose EOL is not yet defined but will be at least 4 years so should be supported until at least March 2024 as the 9.16 branch was started in 2020 - Update rootfile - libuv is now required both to build the bind libraries and for the running of the utilities. - Changelog is difficult to define here as this is a change of branch from 9.11 to 9.16 both of which have been running in parallel. However all the changes from the start of 9.16.0 can be found in the CHANGES file in the source tarball. - nslookup, host and dig utilities tested out by installing this on a vm testbed. All these utilities worked as the previous version nsupdate was not able to be tested other than confirming that running nsupdate opened an interactive session. This utility would be good to be tested by someone familiar with how to run it.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 1a654c6269e8ed6cc62cd7b516683bb4acb641df Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 20 09:21:35 2021 +0000
Run "./make.sh lang"
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0deb3dacdaede1e99dd4a92a789a2b8264eb04b7 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 23:25:13 2021 +0100
Core Update 162: Ship changed firewall initscript
Restarting the firewall is not necessary during the upgrade procedure, and the user is asked to reboot the machine afterwards either way.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 91a29ffc1607a430ad0b00d0559e3d55bdfad601 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 24 17:44:35 2021 +0000
firewall: Remove unused CONNTRACK chain in raw table
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org
commit fddcbfd4f5020f59ae48207f140d9fe52cde93ec Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 23:22:52 2021 +0100
Core Update 162: Ship vpnmain.cgi
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 85d5f26fa947c77d465a177a58f3a240fdb0daae Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jun 14 10:33:46 2021 +0100
ipsec: Prefer curve448 over curve25519
Curve448 provides better cryptographic security. For more details see:
https://bugzilla.ipfire.org/show_bug.cgi?id=12634
Fixes: #12634 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 45221cc614eb9bccf779d79d01f7dbce6b705045 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 23:17:29 2021 +0100
Core Update 162: Ship proxy.cgi
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit af048d4bf184af129e70586a5e7ed2ac71275621 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Oct 10 21:49:49 2021 +0200
proxy.cgi: Fix translation string mix-up
"advproxy advanced web proxy" was meant to be used in the first place, followed by "advproxy advanced web proxy configuration", as it is done in other CGIs.
This patch also fixes a missing German translation, and improves translations of "one X per line" ("eines" != "eins"). :-)
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 241d8a753a8deefb3c1db604612a0ae5a0d0d638 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Oct 20 22:29:23 2021 +0200
meson: Update to version 0.59.2
- Update from 0.58.0 to 0.59.2 - Update rootfile - Changelog is too long to include here. Full details can be read at https://mesonbuild.com/Release-notes-for-0-59-0.html
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 2ae78be0817c9e2f667171cfa7e1c87655a28000 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Oct 20 22:27:58 2021 +0200
bison: Update to version 3.8.2
- Update from 3.7.6 to 3.8.2 - Update rootfile - Changelog Noteworthy changes in release 3.8.2 (2021-09-25) [stable] Fixed portability issues of bison on Cygwin. Improvements in glr2.cc: add support for custom error messages (`%define parse.error custom`), allow linking several parsers together. Noteworthy changes in release 3.8.1 (2021-09-11) [stable] The generation of prototypes for yylex and yyerror in Yacc mode is breaking existing grammar files. To avoid breaking too many grammars, the prototypes are now generated when `-y/--yacc` is used *and* the `POSIXLY_CORRECT` environment variable is defined. Avoid using `-y`/`--yacc` simply to comply with Yacc's file name conventions, rather, use `-o y.tab.c`. Autoconf's AC_PROG_YACC macro uses `-y`. Avoid it if possible, for instance by using gnulib's gl_PROG_BISON. Noteworthy changes in release 3.8 (2021-09-07) [stable] ** Backward incompatible changes In conformance with the recommendations of the Graphviz team (https://marc.info/?l=graphviz-devel&m=129418103126092), `-g`/`--graph` now generates a *.gv file by default, instead of *.dot. A transition started in Bison 3.4. To comply with the latest POSIX standard, in Yacc compatibility mode (options `-y`/`--yacc`) Bison now generates prototypes for yyerror and yylex. In some situations, this is breaking compatibility: if the user has already declared these functions but with some differences (e.g., to declare them as static, or to use specific attributes), the generated parser will fail to compile. To disable these prototypes, #define yyerror (to `yyerror`), and likewise for yylex. ** Deprecated features Support for the YYPRINT macro is removed. It worked only with yacc.c and only for tokens. It was obsoleted by %printer, introduced in Bison 1.50 (November 2002). It has always been recommended to prefer `%define api.value.type foo` to `#define YYSTYPE foo`. The latter is supported in C for compatibility with Yacc, but not in C++. Warnings are now issued if `#define YYSTYPE` is used in C++, and eventually support will be removed. In C++ code, prefer value_type to semantic_type to denote the semantic value type, which is specified by the `api.value.type` %define variable. ** New features *** A skeleton for the D programming language The "lalr1.d" skeleton is now officially part of Bison. It was originally contributed by Oliver Mangold, based on Paolo Bonzini's lalr1.java, and was improved by H. S. Teoh. Adela Vais then took over maintenance and invested a lot of efforts to complete, test and document it. It now supports all the bells and whistles of the other deterministic parsers, which include: pull/push interfaces, verbose and custom error messages, lookahead correction, token constructors, internationalization, locations, printers, token and symbol prefixes, etc. Two examples demonstrate the D parsers: a basic one (examples/d/simple), and an advanced one (examples/d/calc). *** Option -H, --header and directive %header The option `-H`/`--header` supersedes the option `--defines`, and the directive %header supersedes %defines. Both `--defines` and `%defines` are, of course, maintained for backward compatibility. *** Option --html Since version 2.4 Bison can be used to generate HTML reports. However it was a two-step process: first bison must be invoked with option `--xml`, and then xsltproc must be run to the convert the XML reports into HTML. The new option `--html` combines these steps. The xsltproc program must be available. *** A C++ native GLR parser A new version of the C++ GLR parser was added: "glr2.cc". It generates "true C++11", instead of a C++ wrapper around a C parser as does the existing "glr.cc" parser. As a first significant consequence, it supports `%define api.value.type variant`, contrary to glr.cc. It should be upward compatible in terms of interface, feature and performance to "glr.cc". To try it out, simply use %skeleton "glr2.cc" It will eventually replace "glr.cc". However we need user feedback on this skeleton. _Please_ report your results and comments about it. *** Counterexamples Counterexamples now show the rule numbers, and always show ε for rules with an empty right-hand side. For instance exp ↳ 1: e1 e2 "a" ↳ 3: ε • ↳ 1: ε instead of exp ↳ e1 e2 "a" ↳ • ↳ ε *** Lookahead correction in Java The Java skeleton (lalr1.java) now supports LAC, via the `parse.lac` %define variable. *** Abort parsing for memory exhaustion (C) User actions may now use `YYNOMEM` (similar to `YYACCEPT` and `YYABORT`) to abort the current parse with memory exhaustion. *** Printing locations in debug traces (C) The `YYLOCATION_PRINT(File, Loc)` macro prints a location. It is defined when (i) locations are enabled, (ii) the default type for locations is used, (iii) debug traces are enabled, and (iv) `YYLOCATION_PRINT` is not already defined. Users may define `YYLOCATION_PRINT` to cover other cases. *** GLR traces There were no debug traces for deferred calls to user actions. They are logged now. Noteworthy changes in release 3.7.6 (2021-03-08) [stable] ** Bug fixes *** Reused Push Parsers When a push-parser state structure is used for multiple parses, it was possible for some state to leak from one run into the following one. *** Fix Table Generation In some very rare conditions, when there are many useless tokens, it was possible to generate incorrect parsers.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 73d18835c0a4609fd46e81c4a8b43270bd9b6bc8 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Nov 19 17:44:58 2021 +0000
suricata: Handle retransmitted SYN with TSval
Read more in the patch.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9268cddfd284f82df51fd76c48b1810f5980620e Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Nov 19 17:44:57 2021 +0000
IPS: Do not try to show rules when stat on rules tarball fails
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c5c1f3044708de445b27139776e2c0054b2190df Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Nov 19 17:44:55 2021 +0000
suricata: This package is supported on all architectures
There is no need to list them specifically.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit eab7754d1e8b7f487ad12556c95f74c9a7cc046c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Nov 19 17:44:54 2021 +0000
suricata: Drop extra rootfiles
These are all the same and not different from what is in config/rootfiles/common/suricata.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 112441db22d07e43c1f6b5e55d9c60f65916ed3a Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Nov 19 17:44:53 2021 +0000
rust: Drop Cargo home directory after build
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 30f411694c8100086ff836a6d13140acdc68d9dd Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Nov 19 17:44:52 2021 +0000
suricata: Include all default rules
These rules do not drop anything, but only alert when internal parts of the engine trigger an event. This will allow us more insight on what is happening.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f542b163281b8bdd877d2b8e93945f271b2aca50 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 22:51:55 2021 +0100
Core Update 162: Ship jansson
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit d3a4c2fc5015bad251f0ed608b4d91b701f742f5 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Oct 20 22:29:05 2021 +0200
jansson: Update to version 2.14
- Update from 2.12 to 2.14 - Update rootfile - Changelog Version 2.14 Released 2021-09-09 * New Features: - Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. (#520, by Maxim Zhukov) * Fixes: - Handle `sprintf` corner cases (#537, by Tobias Stoeckmann) * Build: - Symbol versioning for all exported symbols (#540, by Simon McVittie) - Fix compiler warnings (#555, by Kelvin Lee) * Documentation: - Small fixes (#544, #546, by @i-ky) - Sphinx 3 compatibility (#543, by Pierce Lopez) Version 2.13.1 Released 2020-05-07 * Build: - Include `jansson_version_str()` and `jansson_version_cmp()` in shared library. (#534) - Include ``scripts/`` in tarball. (#535) Version 2.13 Released 2020-05-05 * New Features: - Add `jansson_version_str()` and `jansson_version_cmp()` for runtime version checking (#465). - Add `json_object_update_new()`, `json_object_update_existing_new()` and `json_object_update_missing_new()` functions (#499). - Add `json_object_update_recursive()` (#505). * Build: - Add ``-Wno-format-truncation`` to suppress format truncation warnings (#489). * Bug fixes: - Remove ``strtod`` macro definition for MinGW (#498). - Add infinite loop check in `json_deep_copy()` (#490). - Add ``pipe`` macro definition for MinGW (#500). - Enhance ``JANSSON_ATTRS`` macro to support earlier C standard(C89) (#501). - Update version detection for sphinx-build (#502). * Documentation: - Fix typos (#483, #494). - Document that call the custom free function to free the return value of `json_dumps()` if you have a custom malloc/free (#490). - Add vcpkg installation instructions (#496). - Document that non-blocking file descriptor is not supported on `json_loadfd()` (#503).
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 5c581bbb87b2245f2c020ee3782a35e2dbe4cbe3 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 22:49:06 2021 +0100
Core Update 162: Ship libhtp and Suricata, restart the latter
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit db584cb746ba562bcddf1a5adb27770e2aef5f0e Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 23 21:13:12 2021 +0100
Core Update 162: Ship libxcrypt
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit d5b7826ee84de1920078c032bfe54dd057b16060 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Nov 20 13:47:32 2021 +0100
libhtp: Update to 0.5.39
For details see: https://github.com/OISF/libhtp/releases/tag/0.5.39
"0.5.39 (16 Nov 2021) --------------------
- host: ipv6 address is a valid host - util: one char is not always empty line - test and fuzz improvements"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 58d399710b5cf73f15e5ea6b7cd34717cc5f0a45 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Nov 20 13:47:31 2021 +0100
suricata: Update to 5.0.8
For details see: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
"Various security, performance, accuracy and stability issues have been fixed, including two TCP evasion issues. CVE 2021-37592 was assigned."
Changelog:
"5.0.8 -- 2021-11-16
Security #4635: tcp: crafted injected packets cause desync after 3whs Security #4727: Bypass of Payload Detection on TCP RST with options of MD5header Bug #4345: Failed assert in TCPProtoDetectCheckBailConditions size_ts > 1000000UL Bug #4382: fileinfo "stored: false" even if the file is kept on disk Bug #4626: DNP3: intra structure overflow in DNP3DecodeObjectG70V6 Bug #4628: alert count shows up as 0 when stats are disabled Bug #4631: Protocol detection : confusion with SMB in midstream Bug #4639: Failed assertion in SMTP SMTPTransactionComplete Bug #4646: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned Bug #4647: rules: Unable to find the sm in any of the sm lists Bug #4674: rules: mix of drop and pass rules issues Bug #4676: rules: drop rules with noalert not fully dropping Bug #4688: detect: too many prefilter engines lead to FNs Bug #4690: nfs: failed assert self.tx_data.files_logged > 1 Bug #4691: IPv6 : decoder event on invalid fragment length Bug #4696: lua: file info callback returns wrong value Bug #4718: protodetect: SEGV due to NULL ptr deref Bug #4729: ipv6 evasions : fragmentation Bug #4788: Memory leak in SNMP with DetectEngineState Bug #4790: af-packet: threads sometimes get stuck in capture Bug #4794: loopback: different AF_INET6 values per OS Bug #4816: flow-manager: cond_t handling in emergency mode is broken Bug #4831: SWF decompression overread Bug #4833: Wrong list_id with transforms for http_client_body and http file_data Optimization #3429: improve err msg for dataset rules parsing Task #4835: libhtp 0.5.39"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit efcd60effbc93d4fd958d5d3e81ca01ac1844ce9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 24 08:56:23 2021 +0000
core162: add connections.cgi
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d4df452e1b79007ae5855c78266b22ca3b4fd5b5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 24 07:54:47 2021 +0000
connections.cgi: fix connection list if green interface is not present
if green interface not exist the cgi adds empty addresses to the arrays and display nothing.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 654eb3c3c539cfb601b2e620b2819bc15df85563 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 24 07:52:04 2021 +0000
core162: add unbound initskript
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit cd26578fc91a68f26866d693e5dc334356733d8e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 24 07:44:14 2021 +0000
unbound: initskript change server for dns test
if the system time is incorrect DNSSec validation fail but it fails sometimes for pool.ntp.org already but not for ping.ipfire.org.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 90aa2574773c0ede7ed4e700c4ae22578a30e350 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 24 07:42:25 2021 +0000
kernel: update to 5.15.4
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/aarch64/suricata | 28 - config/rootfiles/common/armv6l/suricata | 28 - config/rootfiles/common/bind | 196 ++---- config/rootfiles/common/bison | 14 +- config/rootfiles/common/i586/suricata | 28 - config/rootfiles/common/jansson | 2 +- config/rootfiles/common/jwhois | 25 - config/rootfiles/common/libuv | 12 + config/rootfiles/common/meson | 44 +- config/rootfiles/common/slang | 6 +- config/rootfiles/common/suricata | 24 +- config/rootfiles/common/whois | 4 + config/rootfiles/common/x86_64/suricata | 28 - .../{oldcore/100 => core/162}/filelists/bind | 0 .../{oldcore/104 => core/162}/filelists/ddns | 0 .../{oldcore/125 => core/162}/filelists/dhcpcd | 0 config/rootfiles/core/162/filelists/files | 25 +- config/rootfiles/core/162/filelists/jansson | 1 + .../{oldcore/131 => core/162}/filelists/libhtp | 0 config/rootfiles/core/162/filelists/libuv | 1 + .../{oldcore/155 => core/162}/filelists/libxcrypt | 0 .../{oldcore/66 => core/162}/filelists/slang | 0 config/rootfiles/core/162/filelists/sshfs | 1 + .../{oldcore/131 => core/162}/filelists/suricata | 0 config/rootfiles/core/162/filelists/whois | 1 + config/rootfiles/core/162/update.sh | 12 + config/rootfiles/packages/sslh | 1 + config/suricata/suricata.yaml | 24 +- doc/language_issues.de | 1 - doc/language_issues.en | 1 + doc/language_issues.es | 1 - doc/language_issues.fr | 1 - doc/language_issues.it | 1 - doc/language_issues.nl | 1 - doc/language_issues.pl | 1 - doc/language_issues.ru | 1 - doc/language_issues.tr | 1 - html/cgi-bin/connections.cgi | 32 +- html/cgi-bin/ids.cgi | 16 +- html/cgi-bin/vpnmain.cgi | 4 +- langs/de/cgi-bin/de.pl | 6 +- lfs/Config | 5 +- lfs/bind | 23 +- lfs/bison | 4 +- lfs/dhcpcd | 10 +- lfs/jansson | 4 +- lfs/jwhois | 92 --- lfs/libhtp | 4 +- lfs/{wget => libuv} | 20 +- lfs/linux | 4 +- lfs/meson | 4 +- lfs/slang | 6 +- lfs/sshfs | 4 +- lfs/sslh | 8 +- lfs/strace | 6 +- lfs/suricata | 9 +- lfs/{parted => whois} | 24 +- make.sh | 3 +- src/initscripts/system/firewall | 2 - src/initscripts/system/unbound | 2 +- src/patches/jwhois-4.0-conf_update.patch | 714 --------------------- src/patches/jwhois-4.0-conf_update2.patch | 163 ----- src/patches/jwhois-4.0-connect.patch | 58 -- src/patches/jwhois-4.0-fclose.patch | 12 - src/patches/jwhois-4.0-idna.patch | 43 -- src/patches/jwhois-4.0-ipv6match.patch | 15 - src/patches/jwhois-4.0-multi-homed.patch | 15 - src/patches/jwhois-4.0-select.patch | 27 - ...m-tcp-Handle-retransmitted-SYN-with-TSval.patch | 55 ++ 69 files changed, 358 insertions(+), 1550 deletions(-) delete mode 100644 config/rootfiles/common/aarch64/suricata delete mode 100644 config/rootfiles/common/armv6l/suricata delete mode 100644 config/rootfiles/common/i586/suricata delete mode 100644 config/rootfiles/common/jwhois create mode 100644 config/rootfiles/common/libuv create mode 100644 config/rootfiles/common/whois delete mode 100644 config/rootfiles/common/x86_64/suricata copy config/rootfiles/{oldcore/100 => core/162}/filelists/bind (100%) copy config/rootfiles/{oldcore/104 => core/162}/filelists/ddns (100%) copy config/rootfiles/{oldcore/125 => core/162}/filelists/dhcpcd (100%) create mode 120000 config/rootfiles/core/162/filelists/jansson copy config/rootfiles/{oldcore/131 => core/162}/filelists/libhtp (100%) create mode 120000 config/rootfiles/core/162/filelists/libuv copy config/rootfiles/{oldcore/155 => core/162}/filelists/libxcrypt (100%) copy config/rootfiles/{oldcore/66 => core/162}/filelists/slang (100%) create mode 120000 config/rootfiles/core/162/filelists/sshfs copy config/rootfiles/{oldcore/131 => core/162}/filelists/suricata (100%) create mode 120000 config/rootfiles/core/162/filelists/whois delete mode 100644 lfs/jwhois copy lfs/{wget => libuv} (93%) copy lfs/{parted => whois} (88%) delete mode 100644 src/patches/jwhois-4.0-conf_update.patch delete mode 100644 src/patches/jwhois-4.0-conf_update2.patch delete mode 100644 src/patches/jwhois-4.0-connect.patch delete mode 100644 src/patches/jwhois-4.0-fclose.patch delete mode 100644 src/patches/jwhois-4.0-idna.patch delete mode 100644 src/patches/jwhois-4.0-ipv6match.patch delete mode 100644 src/patches/jwhois-4.0-multi-homed.patch delete mode 100644 src/patches/jwhois-4.0-select.patch create mode 100644 src/patches/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
Difference in files: diff --git a/config/rootfiles/common/aarch64/suricata b/config/rootfiles/common/aarch64/suricata deleted file mode 100644 index 32358483a..000000000 --- a/config/rootfiles/common/aarch64/suricata +++ /dev/null @@ -1,28 +0,0 @@ -etc/suricata -etc/suricata/suricata.yaml -#root/.cargo -#root/.cargo/.package-cache -usr/bin/suricata -#usr/share/doc/suricata -#usr/share/doc/suricata/AUTHORS -#usr/share/doc/suricata/Basic_Setup.txt -#usr/share/doc/suricata/GITGUIDE -#usr/share/doc/suricata/INSTALL -#usr/share/doc/suricata/INSTALL.PF_RING -#usr/share/doc/suricata/INSTALL.WINDOWS -#usr/share/doc/suricata/NEWS -#usr/share/doc/suricata/README -#usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt -#usr/share/doc/suricata/TODO -#usr/share/doc/suricata/Third_Party_Installation_Guides.txt -#usr/share/man/man1/suricata.1 -#usr/share/man/man1/suricatactl-filestore.1 -#usr/share/man/man1/suricatactl.1 -#usr/share/man/man1/suricatasc.1 -var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config -var/log/suricata -#var/log/suricata/certs -#var/log/suricata/files diff --git a/config/rootfiles/common/armv6l/suricata b/config/rootfiles/common/armv6l/suricata deleted file mode 100644 index 32358483a..000000000 --- a/config/rootfiles/common/armv6l/suricata +++ /dev/null @@ -1,28 +0,0 @@ -etc/suricata -etc/suricata/suricata.yaml -#root/.cargo -#root/.cargo/.package-cache -usr/bin/suricata -#usr/share/doc/suricata -#usr/share/doc/suricata/AUTHORS -#usr/share/doc/suricata/Basic_Setup.txt -#usr/share/doc/suricata/GITGUIDE -#usr/share/doc/suricata/INSTALL -#usr/share/doc/suricata/INSTALL.PF_RING -#usr/share/doc/suricata/INSTALL.WINDOWS -#usr/share/doc/suricata/NEWS -#usr/share/doc/suricata/README -#usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt -#usr/share/doc/suricata/TODO -#usr/share/doc/suricata/Third_Party_Installation_Guides.txt -#usr/share/man/man1/suricata.1 -#usr/share/man/man1/suricatactl-filestore.1 -#usr/share/man/man1/suricatactl.1 -#usr/share/man/man1/suricatasc.1 -var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config -var/log/suricata -#var/log/suricata/certs -#var/log/suricata/files diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index 6fb228a5a..a89af5bcb 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -8,7 +8,6 @@ usr/bin/nsupdate #usr/include/bind9/getaddresses.h #usr/include/bind9/version.h #usr/include/dns -#usr/include/dns/acache.h #usr/include/dns/acl.h #usr/include/dns/adb.h #usr/include/dns/badcache.h @@ -29,12 +28,14 @@ usr/bin/nsupdate #usr/include/dns/dlz.h #usr/include/dns/dlz_dlopen.h #usr/include/dns/dns64.h +#usr/include/dns/dnsrps.h #usr/include/dns/dnssec.h #usr/include/dns/dnstap.h #usr/include/dns/ds.h #usr/include/dns/dsdigest.h #usr/include/dns/dyndb.h #usr/include/dns/ecdb.h +#usr/include/dns/ecs.h #usr/include/dns/edns.h #usr/include/dns/enumclass.h #usr/include/dns/enumtype.h @@ -45,11 +46,15 @@ usr/bin/nsupdate #usr/include/dns/ipkeylist.h #usr/include/dns/iptable.h #usr/include/dns/journal.h +#usr/include/dns/kasp.h #usr/include/dns/keydata.h #usr/include/dns/keyflags.h +#usr/include/dns/keymgr.h #usr/include/dns/keytable.h #usr/include/dns/keyvalues.h #usr/include/dns/lib.h +#usr/include/dns/librpz.h +#usr/include/dns/lmdb.h #usr/include/dns/log.h #usr/include/dns/lookup.h #usr/include/dns/master.h @@ -104,22 +109,32 @@ usr/bin/nsupdate #usr/include/dns/xfrin.h #usr/include/dns/zone.h #usr/include/dns/zonekey.h +#usr/include/dns/zoneverify.h #usr/include/dns/zt.h #usr/include/dst #usr/include/dst/dst.h #usr/include/dst/gssapi.h -#usr/include/dst/lib.h #usr/include/dst/result.h +#usr/include/irs +#usr/include/irs/context.h +#usr/include/irs/dnsconf.h +#usr/include/irs/netdb.h +#usr/include/irs/platform.h +#usr/include/irs/resconf.h +#usr/include/irs/types.h +#usr/include/irs/version.h #usr/include/isc #usr/include/isc/aes.h +#usr/include/isc/align.h #usr/include/isc/app.h #usr/include/isc/assertions.h +#usr/include/isc/astack.h #usr/include/isc/atomic.h #usr/include/isc/backtrace.h +#usr/include/isc/barrier.h #usr/include/isc/base32.h #usr/include/isc/base64.h #usr/include/isc/bind9.h -#usr/include/isc/boolean.h #usr/include/isc/buffer.h #usr/include/isc/bufferlist.h #usr/include/isc/cmocka.h @@ -130,7 +145,6 @@ usr/bin/nsupdate #usr/include/isc/deprecated.h #usr/include/isc/dir.h #usr/include/isc/endian.h -#usr/include/isc/entropy.h #usr/include/isc/errno.h #usr/include/isc/error.h #usr/include/isc/event.h @@ -138,18 +152,16 @@ usr/bin/nsupdate #usr/include/isc/file.h #usr/include/isc/formatcheck.h #usr/include/isc/fsaccess.h +#usr/include/isc/fuzz.h #usr/include/isc/hash.h #usr/include/isc/heap.h #usr/include/isc/hex.h -#usr/include/isc/hmacmd5.h -#usr/include/isc/hmacsha.h +#usr/include/isc/hmac.h +#usr/include/isc/hp.h #usr/include/isc/ht.h #usr/include/isc/httpd.h -#usr/include/isc/int.h #usr/include/isc/interfaceiter.h #usr/include/isc/iterated_hash.h -#usr/include/isc/json.h -#usr/include/isc/keyboard.h #usr/include/isc/lang.h #usr/include/isc/lex.h #usr/include/isc/lfsr.h @@ -158,20 +170,21 @@ usr/bin/nsupdate #usr/include/isc/list.h #usr/include/isc/log.h #usr/include/isc/magic.h -#usr/include/isc/md5.h +#usr/include/isc/managers.h +#usr/include/isc/md.h #usr/include/isc/mem.h #usr/include/isc/meminfo.h -#usr/include/isc/msgcat.h -#usr/include/isc/msgs.h #usr/include/isc/mutex.h +#usr/include/isc/mutexatomic.h #usr/include/isc/mutexblock.h #usr/include/isc/net.h #usr/include/isc/netaddr.h #usr/include/isc/netdb.h +#usr/include/isc/netmgr.h #usr/include/isc/netscope.h +#usr/include/isc/nonce.h #usr/include/isc/offset.h #usr/include/isc/once.h -#usr/include/isc/ondestroy.h #usr/include/isc/os.h #usr/include/isc/parseint.h #usr/include/isc/platform.h @@ -192,8 +205,6 @@ usr/bin/nsupdate #usr/include/isc/rwlock.h #usr/include/isc/safe.h #usr/include/isc/serial.h -#usr/include/isc/sha1.h -#usr/include/isc/sha2.h #usr/include/isc/siphash.h #usr/include/isc/sockaddr.h #usr/include/isc/socket.h @@ -201,9 +212,8 @@ usr/bin/nsupdate #usr/include/isc/stats.h #usr/include/isc/stdatomic.h #usr/include/isc/stdio.h -#usr/include/isc/stdlib.h #usr/include/isc/stdtime.h -#usr/include/isc/strerror.h +#usr/include/isc/strerr.h #usr/include/isc/string.h #usr/include/isc/symtab.h #usr/include/isc/syslog.h @@ -214,17 +224,16 @@ usr/bin/nsupdate #usr/include/isc/timer.h #usr/include/isc/tm.h #usr/include/isc/types.h +#usr/include/isc/url.h #usr/include/isc/utf8.h #usr/include/isc/util.h #usr/include/isc/version.h -#usr/include/isc/xml.h #usr/include/isccc #usr/include/isccc/alist.h #usr/include/isccc/base64.h #usr/include/isccc/cc.h #usr/include/isccc/ccmsg.h #usr/include/isccc/events.h -#usr/include/isccc/lib.h #usr/include/isccc/result.h #usr/include/isccc/sexpr.h #usr/include/isccc/symtab.h @@ -237,25 +246,26 @@ usr/bin/nsupdate #usr/include/isccfg/cfg.h #usr/include/isccfg/dnsconf.h #usr/include/isccfg/grammar.h +#usr/include/isccfg/kaspconf.h #usr/include/isccfg/log.h #usr/include/isccfg/namedconf.h #usr/include/isccfg/version.h -#usr/include/lwres -#usr/include/lwres/context.h -#usr/include/lwres/int.h -#usr/include/lwres/ipv6.h -#usr/include/lwres/lang.h -#usr/include/lwres/list.h -#usr/include/lwres/lwbuffer.h -#usr/include/lwres/lwpacket.h -#usr/include/lwres/lwres.h -#usr/include/lwres/net.h -#usr/include/lwres/netdb.h -#usr/include/lwres/platform.h -#usr/include/lwres/result.h -#usr/include/lwres/stdlib.h -#usr/include/lwres/string.h -#usr/include/lwres/version.h +#usr/include/ns +#usr/include/ns/client.h +#usr/include/ns/hooks.h +#usr/include/ns/interfacemgr.h +#usr/include/ns/lib.h +#usr/include/ns/listenlist.h +#usr/include/ns/log.h +#usr/include/ns/notify.h +#usr/include/ns/query.h +#usr/include/ns/server.h +#usr/include/ns/sortlist.h +#usr/include/ns/stats.h +#usr/include/ns/types.h +#usr/include/ns/update.h +#usr/include/ns/version.h +#usr/include/ns/xfrout.h #usr/include/pk11 #usr/include/pk11/constants.h #usr/include/pk11/internal.h @@ -263,119 +273,25 @@ usr/bin/nsupdate #usr/include/pk11/result.h #usr/include/pk11/site.h #usr/include/pkcs11 -#usr/include/pkcs11/cryptoki.h -#usr/include/pkcs11/eddsa.h #usr/include/pkcs11/pkcs11.h +usr/lib/libbind9-9.16.22.so #usr/lib/libbind9.la #usr/lib/libbind9.so -usr/lib/libbind9.so.161 -usr/lib/libbind9.so.161.0.4 +usr/lib/libdns-9.16.22.so #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libdns.so.1115 -usr/lib/libdns.so.1115.0.0 +usr/lib/libirs-9.16.22.so +#usr/lib/libirs.la +#usr/lib/libirs.so +usr/lib/libisc-9.16.22.so #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisc.so.1107 -usr/lib/libisc.so.1107.0.5 +usr/lib/libisccc-9.16.22.so #usr/lib/libisccc.la #usr/lib/libisccc.so -usr/lib/libisccc.so.161 -usr/lib/libisccc.so.161.0.1 +usr/lib/libisccfg-9.16.22.so #usr/lib/libisccfg.la #usr/lib/libisccfg.so -usr/lib/libisccfg.so.163 -usr/lib/libisccfg.so.163.0.8 -#usr/lib/liblwres.la -#usr/lib/liblwres.so -usr/lib/liblwres.so.161 -usr/lib/liblwres.so.161.0.4 -#usr/share/man/man1/dig.1 -#usr/share/man/man1/host.1 -#usr/share/man/man1/nslookup.1 -#usr/share/man/man1/nsupdate.1 -#usr/share/man/man3/lwres.3 -#usr/share/man/man3/lwres_addr_parse.3 -#usr/share/man/man3/lwres_buffer.3 -#usr/share/man/man3/lwres_buffer_add.3 -#usr/share/man/man3/lwres_buffer_back.3 -#usr/share/man/man3/lwres_buffer_clear.3 -#usr/share/man/man3/lwres_buffer_first.3 -#usr/share/man/man3/lwres_buffer_forward.3 -#usr/share/man/man3/lwres_buffer_getmem.3 -#usr/share/man/man3/lwres_buffer_getuint16.3 -#usr/share/man/man3/lwres_buffer_getuint32.3 -#usr/share/man/man3/lwres_buffer_getuint8.3 -#usr/share/man/man3/lwres_buffer_init.3 -#usr/share/man/man3/lwres_buffer_invalidate.3 -#usr/share/man/man3/lwres_buffer_putmem.3 -#usr/share/man/man3/lwres_buffer_putuint16.3 -#usr/share/man/man3/lwres_buffer_putuint32.3 -#usr/share/man/man3/lwres_buffer_putuint8.3 -#usr/share/man/man3/lwres_buffer_subtract.3 -#usr/share/man/man3/lwres_conf_clear.3 -#usr/share/man/man3/lwres_conf_get.3 -#usr/share/man/man3/lwres_conf_init.3 -#usr/share/man/man3/lwres_conf_parse.3 -#usr/share/man/man3/lwres_conf_print.3 -#usr/share/man/man3/lwres_config.3 -#usr/share/man/man3/lwres_context.3 -#usr/share/man/man3/lwres_context_allocmem.3 -#usr/share/man/man3/lwres_context_create.3 -#usr/share/man/man3/lwres_context_destroy.3 -#usr/share/man/man3/lwres_context_freemem.3 -#usr/share/man/man3/lwres_context_initserial.3 -#usr/share/man/man3/lwres_context_nextserial.3 -#usr/share/man/man3/lwres_context_sendrecv.3 -#usr/share/man/man3/lwres_endhostent.3 -#usr/share/man/man3/lwres_endhostent_r.3 -#usr/share/man/man3/lwres_freeaddrinfo.3 -#usr/share/man/man3/lwres_freehostent.3 -#usr/share/man/man3/lwres_gabn.3 -#usr/share/man/man3/lwres_gabnrequest_free.3 -#usr/share/man/man3/lwres_gabnrequest_parse.3 -#usr/share/man/man3/lwres_gabnrequest_render.3 -#usr/share/man/man3/lwres_gabnresponse_free.3 -#usr/share/man/man3/lwres_gabnresponse_parse.3 -#usr/share/man/man3/lwres_gabnresponse_render.3 -#usr/share/man/man3/lwres_gai_strerror.3 -#usr/share/man/man3/lwres_getaddrinfo.3 -#usr/share/man/man3/lwres_getaddrsbyname.3 -#usr/share/man/man3/lwres_gethostbyaddr.3 -#usr/share/man/man3/lwres_gethostbyaddr_r.3 -#usr/share/man/man3/lwres_gethostbyname.3 -#usr/share/man/man3/lwres_gethostbyname2.3 -#usr/share/man/man3/lwres_gethostbyname_r.3 -#usr/share/man/man3/lwres_gethostent.3 -#usr/share/man/man3/lwres_gethostent_r.3 -#usr/share/man/man3/lwres_getipnode.3 -#usr/share/man/man3/lwres_getipnodebyaddr.3 -#usr/share/man/man3/lwres_getipnodebyname.3 -#usr/share/man/man3/lwres_getnamebyaddr.3 -#usr/share/man/man3/lwres_getnameinfo.3 -#usr/share/man/man3/lwres_getrrsetbyname.3 -#usr/share/man/man3/lwres_gnba.3 -#usr/share/man/man3/lwres_gnbarequest_free.3 -#usr/share/man/man3/lwres_gnbarequest_parse.3 -#usr/share/man/man3/lwres_gnbarequest_render.3 -#usr/share/man/man3/lwres_gnbaresponse_free.3 -#usr/share/man/man3/lwres_gnbaresponse_parse.3 -#usr/share/man/man3/lwres_gnbaresponse_render.3 -#usr/share/man/man3/lwres_herror.3 -#usr/share/man/man3/lwres_hstrerror.3 -#usr/share/man/man3/lwres_inetntop.3 -#usr/share/man/man3/lwres_lwpacket_parseheader.3 -#usr/share/man/man3/lwres_lwpacket_renderheader.3 -#usr/share/man/man3/lwres_net_ntop.3 -#usr/share/man/man3/lwres_noop.3 -#usr/share/man/man3/lwres_nooprequest_free.3 -#usr/share/man/man3/lwres_nooprequest_parse.3 -#usr/share/man/man3/lwres_nooprequest_render.3 -#usr/share/man/man3/lwres_noopresponse_free.3 -#usr/share/man/man3/lwres_noopresponse_parse.3 -#usr/share/man/man3/lwres_noopresponse_render.3 -#usr/share/man/man3/lwres_packet.3 -#usr/share/man/man3/lwres_resutil.3 -#usr/share/man/man3/lwres_sethostent.3 -#usr/share/man/man3/lwres_sethostent_r.3 -#usr/share/man/man3/lwres_string_parse.3 +usr/lib/libns-9.16.22.so +#usr/lib/libns.la +#usr/lib/libns.so diff --git a/config/rootfiles/common/bison b/config/rootfiles/common/bison index 2fc2e6d1d..5cbbc1f8d 100644 --- a/config/rootfiles/common/bison +++ b/config/rootfiles/common/bison @@ -9,7 +9,6 @@ #usr/share/bison/m4sugar/foreach.m4 #usr/share/bison/m4sugar/m4sugar.m4 #usr/share/bison/skeletons -#usr/share/bison/skeletons/README-D.txt #usr/share/bison/skeletons/bison.m4 #usr/share/bison/skeletons/c++-skel.m4 #usr/share/bison/skeletons/c++.m4 @@ -20,6 +19,7 @@ #usr/share/bison/skeletons/d.m4 #usr/share/bison/skeletons/glr.c #usr/share/bison/skeletons/glr.cc +#usr/share/bison/skeletons/glr2.cc #usr/share/bison/skeletons/java-skel.m4 #usr/share/bison/skeletons/java.m4 #usr/share/bison/skeletons/lalr1.cc @@ -68,6 +68,10 @@ #usr/share/doc/bison/examples/c/calc/Makefile #usr/share/doc/bison/examples/c/calc/README.md #usr/share/doc/bison/examples/c/calc/calc.y +#usr/share/doc/bison/examples/c/glr +#usr/share/doc/bison/examples/c/glr/Makefile +#usr/share/doc/bison/examples/c/glr/README.md +#usr/share/doc/bison/examples/c/glr/c++-types.y #usr/share/doc/bison/examples/c/lexcalc #usr/share/doc/bison/examples/c/lexcalc/Makefile #usr/share/doc/bison/examples/c/lexcalc/README.md @@ -90,9 +94,13 @@ #usr/share/doc/bison/examples/c/rpcalc/Makefile #usr/share/doc/bison/examples/c/rpcalc/rpcalc.y #usr/share/doc/bison/examples/d -#usr/share/doc/bison/examples/d/Makefile #usr/share/doc/bison/examples/d/README.md -#usr/share/doc/bison/examples/d/calc.y +#usr/share/doc/bison/examples/d/calc +#usr/share/doc/bison/examples/d/calc/Makefile +#usr/share/doc/bison/examples/d/calc/calc.y +#usr/share/doc/bison/examples/d/simple +#usr/share/doc/bison/examples/d/simple/Makefile +#usr/share/doc/bison/examples/d/simple/calc.y #usr/share/doc/bison/examples/java #usr/share/doc/bison/examples/java/README.md #usr/share/doc/bison/examples/java/calc diff --git a/config/rootfiles/common/i586/suricata b/config/rootfiles/common/i586/suricata deleted file mode 100644 index 32358483a..000000000 --- a/config/rootfiles/common/i586/suricata +++ /dev/null @@ -1,28 +0,0 @@ -etc/suricata -etc/suricata/suricata.yaml -#root/.cargo -#root/.cargo/.package-cache -usr/bin/suricata -#usr/share/doc/suricata -#usr/share/doc/suricata/AUTHORS -#usr/share/doc/suricata/Basic_Setup.txt -#usr/share/doc/suricata/GITGUIDE -#usr/share/doc/suricata/INSTALL -#usr/share/doc/suricata/INSTALL.PF_RING -#usr/share/doc/suricata/INSTALL.WINDOWS -#usr/share/doc/suricata/NEWS -#usr/share/doc/suricata/README -#usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt -#usr/share/doc/suricata/TODO -#usr/share/doc/suricata/Third_Party_Installation_Guides.txt -#usr/share/man/man1/suricata.1 -#usr/share/man/man1/suricatactl-filestore.1 -#usr/share/man/man1/suricatactl.1 -#usr/share/man/man1/suricatasc.1 -var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config -var/log/suricata -#var/log/suricata/certs -#var/log/suricata/files diff --git a/config/rootfiles/common/jansson b/config/rootfiles/common/jansson index 005bd2ce5..3691f1d8e 100644 --- a/config/rootfiles/common/jansson +++ b/config/rootfiles/common/jansson @@ -4,5 +4,5 @@ #usr/lib/libjansson.la #usr/lib/libjansson.so usr/lib/libjansson.so.4 -usr/lib/libjansson.so.4.11.1 +usr/lib/libjansson.so.4.14.0 #usr/lib/pkgconfig/jansson.pc diff --git a/config/rootfiles/common/jwhois b/config/rootfiles/common/jwhois deleted file mode 100644 index 135b453b9..000000000 --- a/config/rootfiles/common/jwhois +++ /dev/null @@ -1,25 +0,0 @@ -etc/jwhois.conf -usr/bin/jwhois -usr/bin/whois -#usr/share/info/jwhois.info -#usr/share/locale/es/LC_MESSAGES/jwhois.mo -#usr/share/locale/fr/LC_MESSAGES/jwhois.mo -#usr/share/locale/hu/LC_MESSAGES/jwhois.mo -#usr/share/locale/id/LC_MESSAGES/jwhois.mo -#usr/share/locale/it/LC_MESSAGES/jwhois.mo -#usr/share/locale/nl/LC_MESSAGES/jwhois.mo -#usr/share/locale/pl/LC_MESSAGES/jwhois.mo -#usr/share/locale/pt_BR/LC_MESSAGES/jwhois.mo -#usr/share/locale/ro -#usr/share/locale/ro/LC_MESSAGES -#usr/share/locale/ro/LC_MESSAGES/jwhois.mo -#usr/share/locale/ru/LC_MESSAGES/jwhois.mo -#usr/share/locale/rw/LC_MESSAGES/jwhois.mo -#usr/share/locale/sv/LC_MESSAGES/jwhois.mo -#usr/share/locale/tr/LC_MESSAGES/jwhois.mo -#usr/share/locale/vi/LC_MESSAGES/jwhois.mo -#usr/share/locale/zh_TW/LC_MESSAGES/jwhois.mo -#usr/share/man/man1/jwhois.1 -#usr/share/man/sv -#usr/share/man/sv/man1 -#usr/share/man/sv/man1/jwhois.1 diff --git a/config/rootfiles/common/libuv b/config/rootfiles/common/libuv new file mode 100644 index 000000000..a3a97a974 --- /dev/null +++ b/config/rootfiles/common/libuv @@ -0,0 +1,12 @@ +#usr/include/uv +#usr/include/uv.h +#usr/include/uv/errno.h +#usr/include/uv/linux.h +#usr/include/uv/threadpool.h +#usr/include/uv/unix.h +#usr/include/uv/version.h +#usr/lib/libuv.la +#usr/lib/libuv.so +usr/lib/libuv.so.1 +usr/lib/libuv.so.1.0.0 +#usr/lib/pkgconfig/libuv.pc diff --git a/config/rootfiles/common/meson b/config/rootfiles/common/meson index b655121f1..1abb13713 100644 --- a/config/rootfiles/common/meson +++ b/config/rootfiles/common/meson @@ -1,13 +1,15 @@ #usr/bin/meson -#usr/lib/python3.8/site-packages/meson-0.58.0-py3.8.egg-info -#usr/lib/python3.8/site-packages/meson-0.58.0-py3.8.egg-info/PKG-INFO -#usr/lib/python3.8/site-packages/meson-0.58.0-py3.8.egg-info/SOURCES.txt -#usr/lib/python3.8/site-packages/meson-0.58.0-py3.8.egg-info/dependency_links.txt -#usr/lib/python3.8/site-packages/meson-0.58.0-py3.8.egg-info/entry_points.txt -#usr/lib/python3.8/site-packages/meson-0.58.0-py3.8.egg-info/requires.txt -#usr/lib/python3.8/site-packages/meson-0.58.0-py3.8.egg-info/top_level.txt +#usr/lib/python3.8/site-packages/meson-0.59.2-py3.8.egg-info +#usr/lib/python3.8/site-packages/meson-0.59.2-py3.8.egg-info/PKG-INFO +#usr/lib/python3.8/site-packages/meson-0.59.2-py3.8.egg-info/SOURCES.txt +#usr/lib/python3.8/site-packages/meson-0.59.2-py3.8.egg-info/dependency_links.txt +#usr/lib/python3.8/site-packages/meson-0.59.2-py3.8.egg-info/entry_points.txt +#usr/lib/python3.8/site-packages/meson-0.59.2-py3.8.egg-info/requires.txt +#usr/lib/python3.8/site-packages/meson-0.59.2-py3.8.egg-info/top_level.txt #usr/lib/python3.8/site-packages/mesonbuild #usr/lib/python3.8/site-packages/mesonbuild/__init__.py +#usr/lib/python3.8/site-packages/mesonbuild/_pathlib.py +#usr/lib/python3.8/site-packages/mesonbuild/_typing.py #usr/lib/python3.8/site-packages/mesonbuild/arglist.py #usr/lib/python3.8/site-packages/mesonbuild/ast #usr/lib/python3.8/site-packages/mesonbuild/ast/__init__.py @@ -21,6 +23,8 @@ #usr/lib/python3.8/site-packages/mesonbuild/backend/backends.py #usr/lib/python3.8/site-packages/mesonbuild/backend/ninjabackend.py #usr/lib/python3.8/site-packages/mesonbuild/backend/vs2010backend.py +#usr/lib/python3.8/site-packages/mesonbuild/backend/vs2012backend.py +#usr/lib/python3.8/site-packages/mesonbuild/backend/vs2013backend.py #usr/lib/python3.8/site-packages/mesonbuild/backend/vs2015backend.py #usr/lib/python3.8/site-packages/mesonbuild/backend/vs2017backend.py #usr/lib/python3.8/site-packages/mesonbuild/backend/vs2019backend.py @@ -44,7 +48,9 @@ #usr/lib/python3.8/site-packages/mesonbuild/compilers/cpp.py #usr/lib/python3.8/site-packages/mesonbuild/compilers/cs.py #usr/lib/python3.8/site-packages/mesonbuild/compilers/cuda.py +#usr/lib/python3.8/site-packages/mesonbuild/compilers/cython.py #usr/lib/python3.8/site-packages/mesonbuild/compilers/d.py +#usr/lib/python3.8/site-packages/mesonbuild/compilers/detect.py #usr/lib/python3.8/site-packages/mesonbuild/compilers/fortran.py #usr/lib/python3.8/site-packages/mesonbuild/compilers/java.py #usr/lib/python3.8/site-packages/mesonbuild/compilers/mixins @@ -73,12 +79,19 @@ #usr/lib/python3.8/site-packages/mesonbuild/dependencies/__init__.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/base.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/boost.py +#usr/lib/python3.8/site-packages/mesonbuild/dependencies/cmake.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/coarrays.py +#usr/lib/python3.8/site-packages/mesonbuild/dependencies/configtool.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/cuda.py +#usr/lib/python3.8/site-packages/mesonbuild/dependencies/detect.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/dev.py +#usr/lib/python3.8/site-packages/mesonbuild/dependencies/dub.py +#usr/lib/python3.8/site-packages/mesonbuild/dependencies/factory.py +#usr/lib/python3.8/site-packages/mesonbuild/dependencies/framework.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/hdf5.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/misc.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/mpi.py +#usr/lib/python3.8/site-packages/mesonbuild/dependencies/pkgconfig.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/platform.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/qt.py #usr/lib/python3.8/site-packages/mesonbuild/dependencies/scalapack.py @@ -89,11 +102,24 @@ #usr/lib/python3.8/site-packages/mesonbuild/interpreter #usr/lib/python3.8/site-packages/mesonbuild/interpreter/__init__.py #usr/lib/python3.8/site-packages/mesonbuild/interpreter/compiler.py +#usr/lib/python3.8/site-packages/mesonbuild/interpreter/dependencyfallbacks.py #usr/lib/python3.8/site-packages/mesonbuild/interpreter/interpreter.py #usr/lib/python3.8/site-packages/mesonbuild/interpreter/interpreterobjects.py +#usr/lib/python3.8/site-packages/mesonbuild/interpreter/kwargs.py #usr/lib/python3.8/site-packages/mesonbuild/interpreter/mesonmain.py -#usr/lib/python3.8/site-packages/mesonbuild/interpreterbase.py -#usr/lib/python3.8/site-packages/mesonbuild/linkers.py +#usr/lib/python3.8/site-packages/mesonbuild/interpreterbase +#usr/lib/python3.8/site-packages/mesonbuild/interpreterbase/__init__.py +#usr/lib/python3.8/site-packages/mesonbuild/interpreterbase/_unholder.py +#usr/lib/python3.8/site-packages/mesonbuild/interpreterbase/baseobjects.py +#usr/lib/python3.8/site-packages/mesonbuild/interpreterbase/decorators.py +#usr/lib/python3.8/site-packages/mesonbuild/interpreterbase/disabler.py +#usr/lib/python3.8/site-packages/mesonbuild/interpreterbase/exceptions.py +#usr/lib/python3.8/site-packages/mesonbuild/interpreterbase/helpers.py +#usr/lib/python3.8/site-packages/mesonbuild/interpreterbase/interpreterbase.py +#usr/lib/python3.8/site-packages/mesonbuild/linkers +#usr/lib/python3.8/site-packages/mesonbuild/linkers/__init__.py +#usr/lib/python3.8/site-packages/mesonbuild/linkers/detect.py +#usr/lib/python3.8/site-packages/mesonbuild/linkers/linkers.py #usr/lib/python3.8/site-packages/mesonbuild/mcompile.py #usr/lib/python3.8/site-packages/mesonbuild/mconf.py #usr/lib/python3.8/site-packages/mesonbuild/mdevenv.py diff --git a/config/rootfiles/common/slang b/config/rootfiles/common/slang index 71802d443..072e1baf4 100644 --- a/config/rootfiles/common/slang +++ b/config/rootfiles/common/slang @@ -4,7 +4,7 @@ #usr/include/slcurses.h #usr/lib/libslang.so usr/lib/libslang.so.2 -usr/lib/libslang.so.2.3.0 +usr/lib/libslang.so.2.3.2 #usr/lib/pkgconfig/slang.pc #usr/lib/slang #usr/lib/slang/v2 @@ -158,6 +158,10 @@ usr/lib/slang/v2/modules/zlib-module.so #usr/share/slsh/slsmg.sl #usr/share/slsh/socket.sl #usr/share/slsh/stats.sl +#usr/share/slsh/statslib +#usr/share/slsh/statslib/ad_test.sl +#usr/share/slsh/statslib/ks_test.sl +#usr/share/slsh/statslib/kuiper.sl #usr/share/slsh/stkcheck.sl #usr/share/slsh/structfuns.sl #usr/share/slsh/sysconf.sl diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 32358483a..7c512b033 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -1,7 +1,5 @@ etc/suricata etc/suricata/suricata.yaml -#root/.cargo -#root/.cargo/.package-cache usr/bin/suricata #usr/share/doc/suricata #usr/share/doc/suricata/AUTHORS @@ -19,6 +17,28 @@ usr/bin/suricata #usr/share/man/man1/suricatactl-filestore.1 #usr/share/man/man1/suricatactl.1 #usr/share/man/man1/suricatasc.1 +usr/share/suricata/ +#usr/share/suricata/classification.config +#usr/share/suricata/reference.config +#usr/share/suricata/rules +#usr/share/suricata/rules/app-layer-events.rules +#usr/share/suricata/rules/decoder-events.rules +#usr/share/suricata/rules/dhcp-events.rules +#usr/share/suricata/rules/dnp3-events.rules +#usr/share/suricata/rules/dns-events.rules +#usr/share/suricata/rules/files.rules +#usr/share/suricata/rules/http2-events.rules +#usr/share/suricata/rules/http-events.rules +#usr/share/suricata/rules/ipsec-events.rules +#usr/share/suricata/rules/kerberos-events.rules +#usr/share/suricata/rules/modbus-events.rules +#usr/share/suricata/rules/mqtt-events.rules +#usr/share/suricata/rules/nfs-events.rules +#usr/share/suricata/rules/ntp-events.rules +#usr/share/suricata/rules/smb-events.rules +#usr/share/suricata/rules/smtp-events.rules +#usr/share/suricata/rules/stream-events.rules +#usr/share/suricata/rules/tls-events.rules var/lib/suricata var/lib/suricata/classification.config var/lib/suricata/reference.config diff --git a/config/rootfiles/common/whois b/config/rootfiles/common/whois new file mode 100644 index 000000000..c5a16daf1 --- /dev/null +++ b/config/rootfiles/common/whois @@ -0,0 +1,4 @@ +etc/whois.conf +usr/bin/whois +#usr/share/man/man1/whois.1 +#usr/share/man/man5/whois.conf.5 diff --git a/config/rootfiles/common/x86_64/suricata b/config/rootfiles/common/x86_64/suricata deleted file mode 100644 index 32358483a..000000000 --- a/config/rootfiles/common/x86_64/suricata +++ /dev/null @@ -1,28 +0,0 @@ -etc/suricata -etc/suricata/suricata.yaml -#root/.cargo -#root/.cargo/.package-cache -usr/bin/suricata -#usr/share/doc/suricata -#usr/share/doc/suricata/AUTHORS -#usr/share/doc/suricata/Basic_Setup.txt -#usr/share/doc/suricata/GITGUIDE -#usr/share/doc/suricata/INSTALL -#usr/share/doc/suricata/INSTALL.PF_RING -#usr/share/doc/suricata/INSTALL.WINDOWS -#usr/share/doc/suricata/NEWS -#usr/share/doc/suricata/README -#usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt -#usr/share/doc/suricata/TODO -#usr/share/doc/suricata/Third_Party_Installation_Guides.txt -#usr/share/man/man1/suricata.1 -#usr/share/man/man1/suricatactl-filestore.1 -#usr/share/man/man1/suricatactl.1 -#usr/share/man/man1/suricatasc.1 -var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config -var/log/suricata -#var/log/suricata/certs -#var/log/suricata/files diff --git a/config/rootfiles/core/162/filelists/bind b/config/rootfiles/core/162/filelists/bind new file mode 120000 index 000000000..48a0ebaef --- /dev/null +++ b/config/rootfiles/core/162/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/core/162/filelists/ddns b/config/rootfiles/core/162/filelists/ddns new file mode 120000 index 000000000..739516420 --- /dev/null +++ b/config/rootfiles/core/162/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/162/filelists/dhcpcd b/config/rootfiles/core/162/filelists/dhcpcd new file mode 120000 index 000000000..1e799dabb --- /dev/null +++ b/config/rootfiles/core/162/filelists/dhcpcd @@ -0,0 +1 @@ +../../../common/dhcpcd \ No newline at end of file diff --git a/config/rootfiles/core/162/filelists/files b/config/rootfiles/core/162/filelists/files index 49ebb7481..96b65142a 100644 --- a/config/rootfiles/core/162/filelists/files +++ b/config/rootfiles/core/162/filelists/files @@ -1,10 +1,15 @@ -/etc/rc.d/init.d/mountkernfs -/srv/web/ipfire/cgi-bin/fwhosts.cgi -/srv/web/ipfire/cgi-bin/logs.cgi/log.dat -/srv/web/ipfire/cgi-bin/ovpnmain.cgi -/srv/web/ipfire/html/themes/ipfire/include/css/style.css -/srv/web/ipfire/html/themes/ipfire/include/functions.pl -/var/ipfire/general-functions.pl -/var/ipfire/header.pl -/var/ipfire/location-functions.pl -/var/ipfire/qos/bin/makeqosscripts.pl +etc/rc.d/init.d/firewall +etc/rc.d/init.d/mountkernfs +etc/rc.d/init.d/unbound +srv/web/ipfire/cgi-bin/connections.cgi +srv/web/ipfire/cgi-bin/fwhosts.cgi +srv/web/ipfire/cgi-bin/logs.cgi/log.dat +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/proxy.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +srv/web/ipfire/html/themes/ipfire/include/css/style.css +srv/web/ipfire/html/themes/ipfire/include/functions.pl +var/ipfire/general-functions.pl +var/ipfire/header.pl +var/ipfire/location-functions.pl +var/ipfire/qos/bin/makeqosscripts.pl diff --git a/config/rootfiles/core/162/filelists/jansson b/config/rootfiles/core/162/filelists/jansson new file mode 120000 index 000000000..21f73bd0c --- /dev/null +++ b/config/rootfiles/core/162/filelists/jansson @@ -0,0 +1 @@ +../../../common/jansson \ No newline at end of file diff --git a/config/rootfiles/core/162/filelists/libhtp b/config/rootfiles/core/162/filelists/libhtp new file mode 120000 index 000000000..676e2c5e8 --- /dev/null +++ b/config/rootfiles/core/162/filelists/libhtp @@ -0,0 +1 @@ +../../../common/libhtp \ No newline at end of file diff --git a/config/rootfiles/core/162/filelists/libuv b/config/rootfiles/core/162/filelists/libuv new file mode 120000 index 000000000..c74f52510 --- /dev/null +++ b/config/rootfiles/core/162/filelists/libuv @@ -0,0 +1 @@ +../../../common/libuv \ No newline at end of file diff --git a/config/rootfiles/core/162/filelists/libxcrypt b/config/rootfiles/core/162/filelists/libxcrypt new file mode 120000 index 000000000..ad93616b5 --- /dev/null +++ b/config/rootfiles/core/162/filelists/libxcrypt @@ -0,0 +1 @@ +../../../common/libxcrypt \ No newline at end of file diff --git a/config/rootfiles/core/162/filelists/slang b/config/rootfiles/core/162/filelists/slang new file mode 120000 index 000000000..228e45ed4 --- /dev/null +++ b/config/rootfiles/core/162/filelists/slang @@ -0,0 +1 @@ +../../../common/slang \ No newline at end of file diff --git a/config/rootfiles/core/162/filelists/sshfs b/config/rootfiles/core/162/filelists/sshfs new file mode 120000 index 000000000..d451748c3 --- /dev/null +++ b/config/rootfiles/core/162/filelists/sshfs @@ -0,0 +1 @@ +../../../common/sshfs \ No newline at end of file diff --git a/config/rootfiles/core/162/filelists/suricata b/config/rootfiles/core/162/filelists/suricata new file mode 120000 index 000000000..f671f6993 --- /dev/null +++ b/config/rootfiles/core/162/filelists/suricata @@ -0,0 +1 @@ +../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/core/162/filelists/whois b/config/rootfiles/core/162/filelists/whois new file mode 120000 index 000000000..60cbd1894 --- /dev/null +++ b/config/rootfiles/core/162/filelists/whois @@ -0,0 +1 @@ +../../../common/whois \ No newline at end of file diff --git a/config/rootfiles/core/162/update.sh b/config/rootfiles/core/162/update.sh index dd52d09d5..0bceb17cf 100644 --- a/config/rootfiles/core/162/update.sh +++ b/config/rootfiles/core/162/update.sh @@ -83,7 +83,15 @@ rm -rf /boot/uInit-*-ipfire-* rm -rf /boot/dtb-*-ipfire-* rm -rf /lib/modules
+# Remove files +rm -rf \ + /etc/jwhois.conf \ + /usr/bin/jwhois \ + /usr/bin/whois + # Stop services +/usr/local/bin/openvpnctrl -k +/usr/local/bin/openvpnctrl -kn2n
# Extract files extract_files @@ -110,7 +118,11 @@ ldconfig /usr/local/bin/sshctrl
# Start services +/usr/local/bin/openvpnctrl -s +/usr/local/bin/openvpnctrl -sn2n /etc/init.d/sshd restart +/etc/init.d/suricata restart +/etc/init.d/unbound restart
# remove lm_sensor config after collectd was started # to reserch sensors at next boot with updated kernel diff --git a/config/rootfiles/packages/sslh b/config/rootfiles/packages/sslh index 2c67aad3a..21a1b155b 100644 --- a/config/rootfiles/packages/sslh +++ b/config/rootfiles/packages/sslh @@ -1,2 +1,3 @@ etc/rc.d/init.d/sslh usr/sbin/sslh +#usr/share/man/man8/sslh.8.gz diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 6f37671c8..0ad36e705 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -46,8 +46,28 @@ vars: ## default-rule-path: /var/lib/suricata rule-files: - # Include enabled ruleset files from external file. - include: /var/ipfire/suricata/suricata-used-rulefiles.yaml + # Default rules + - /usr/share/suricata/rules/app-layer-events.rules + - /usr/share/suricata/rules/decoder-events.rules + - /usr/share/suricata/rules/dhcp-events.rules + - /usr/share/suricata/rules/dnp3-events.rules + - /usr/share/suricata/rules/dns-events.rules + - /usr/share/suricata/rules/files.rules + - /usr/share/suricata/rules/http2-events.rules + - /usr/share/suricata/rules/http-events.rules + - /usr/share/suricata/rules/ipsec-events.rules + - /usr/share/suricata/rules/kerberos-events.rules + - /usr/share/suricata/rules/modbus-events.rules + - /usr/share/suricata/rules/mqtt-events.rules + - /usr/share/suricata/rules/nfs-events.rules + - /usr/share/suricata/rules/ntp-events.rules + - /usr/share/suricata/rules/smb-events.rules + - /usr/share/suricata/rules/smtp-events.rules + - /usr/share/suricata/rules/stream-events.rules + - /usr/share/suricata/rules/tls-events.rules + + # Include enabled ruleset files from external file + - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
classification-file: /var/lib/suricata/classification.config reference-config-file: /var/lib/suricata/reference.config diff --git a/doc/language_issues.de b/doc/language_issues.de index d1aacc1e6..d0275b5ef 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -522,7 +522,6 @@ WARNING: translation string unused: noservicename WARNING: translation string unused: not set WARNING: translation string unused: o-no WARNING: translation string unused: o-yes -WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: openvpn disabled diff --git a/doc/language_issues.en b/doc/language_issues.en index 34a95b358..e2d131a8e 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1349,6 +1349,7 @@ WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week WARNING: untranslated string: one year = One Year +WARNING: untranslated string: online help en = Online help (in english) WARNING: untranslated string: only digits allowed in holdoff field = Only digits allowed in holdoff field WARNING: untranslated string: only digits allowed in max retries field = Only digits allowed in max retries field. WARNING: untranslated string: only digits allowed in the idle timeout = Only digits allowed in the idle timeout. diff --git a/doc/language_issues.es b/doc/language_issues.es index 55d46c597..39b9bef48 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -493,7 +493,6 @@ WARNING: translation string unused: not set WARNING: translation string unused: notes WARNING: translation string unused: o-no WARNING: translation string unused: o-yes -WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: optional data diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 632eaa891..6a300858d 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -557,7 +557,6 @@ WARNING: translation string unused: notes WARNING: translation string unused: o-no WARNING: translation string unused: o-yes WARNING: translation string unused: okay -WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: openvpn disabled diff --git a/doc/language_issues.it b/doc/language_issues.it index a97016dcc..993c76b82 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -526,7 +526,6 @@ WARNING: translation string unused: not set WARNING: translation string unused: notes WARNING: translation string unused: o-no WARNING: translation string unused: o-yes -WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: openvpn disabled diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 6c2715bc4..664a2dd62 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -523,7 +523,6 @@ WARNING: translation string unused: not set WARNING: translation string unused: notes WARNING: translation string unused: o-no WARNING: translation string unused: o-yes -WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: openvpn disabled diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 79d2045d3..f10f9ff4a 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -466,7 +466,6 @@ WARNING: translation string unused: not set WARNING: translation string unused: notes WARNING: translation string unused: o-no WARNING: translation string unused: o-yes -WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: optional data diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 52b116c60..2e889e41e 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -462,7 +462,6 @@ WARNING: translation string unused: not set WARNING: translation string unused: notes WARNING: translation string unused: o-no WARNING: translation string unused: o-yes -WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: optional data diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 019dd7be0..5e216f765 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -555,7 +555,6 @@ WARNING: translation string unused: not set WARNING: translation string unused: notes WARNING: translation string unused: o-no WARNING: translation string unused: o-yes -WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: openvpn disabled diff --git a/html/cgi-bin/connections.cgi b/html/cgi-bin/connections.cgi index 00038f1a0..10ac8748c 100644 --- a/html/cgi-bin/connections.cgi +++ b/html/cgi-bin/connections.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2012 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -154,19 +154,21 @@ push(@network, $netsettings{'GREEN_ADDRESS'}); push(@masklen, "255.255.255.255" ); push(@colour, ${Header::colourfw} );
-# Add Green Network to Array -push(@network, $netsettings{'GREEN_NETADDRESS'}); -push(@masklen, $netsettings{'GREEN_NETMASK'} ); -push(@colour, ${Header::colourgreen} ); - -# Add Green Routes to Array -my @routes = grep (/$netsettings{'GREEN_DEV'}/, @all_routes); -foreach my $route (@routes) { - chomp($route); - my @temp = split(/[\t ]+/, $route); - push(@network, $temp[0]); - push(@masklen, $temp[2]); +if ($netsettings{'GREEN_DEV'}) { + # Add Green Network to Array + push(@network, $netsettings{'GREEN_NETADDRESS'}); + push(@masklen, $netsettings{'GREEN_NETMASK'} ); push(@colour, ${Header::colourgreen} ); + + # Add Green Routes to Array + my @routes = grep (/$netsettings{'GREEN_DEV'}/, @all_routes); + foreach my $route (@routes) { + chomp($route); + my @temp = split(/[\t ]+/, $route); + push(@network, $temp[0]); + push(@masklen, $temp[2]); + push(@colour, ${Header::colourgreen} ); + } }
# Add Blue Firewall Interface @@ -181,7 +183,7 @@ if ($netsettings{'BLUE_DEV'}) { push(@colour, ${Header::colourblue} );
# Add Blue Routes to Array - @routes = grep(/$netsettings{'BLUE_DEV'}/, @all_routes); + my @routes = grep(/$netsettings{'BLUE_DEV'}/, @all_routes); foreach my $route (@routes) { chomp($route); my @temp = split(/[\t ]+/, $route); @@ -202,7 +204,7 @@ if ($netsettings{'ORANGE_DEV'}) { push(@masklen, $netsettings{'ORANGE_NETMASK'} ); push(@colour, ${Header::colourorange} ); # Add Orange Routes to Array - @routes = grep(/$netsettings{'ORANGE_DEV'}/, @all_routes); + my @routes = grep(/$netsettings{'ORANGE_DEV'}/, @all_routes); foreach my $route (@routes) { chomp($route); my @temp = split(/[\t ]+/, $route); diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 85c5ddd86..4e8b28fd8 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -1091,13 +1091,14 @@ if (%idsrules) { # Call stat on the rulestarball. my $stat = stat("$IDS::rulestarball");
- # Get timestamp the file creation. - my $mtime = $stat->mtime; + if (defined $stat) { + # Get timestamp the file creation. + my $mtime = $stat->mtime;
- # Convert into human read-able format. - my $rulesdate = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime)); + # Convert into human read-able format. + my $rulesdate = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime));
- &Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'} ($rulesdate)" ); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'} ($rulesdate)" );
print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
@@ -1189,7 +1190,7 @@ if (%idsrules) { # Close display table print "</table>";
-print <<END + print <<END <table width='100%'> <tr> <td width='100%' align='right'><input type='submit' name='RULESET' value='$Lang::tr{'ids apply'}'></td> @@ -1198,7 +1199,8 @@ print <<END </form> END ; - &Header::closebox(); + &Header::closebox(); + } }
&Header::closebigbox(); diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 7bb0d1b35..004e3ad1f 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -2360,11 +2360,11 @@ END #use default advanced value $cgiparams{'IKE_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18]; $cgiparams{'IKE_INTEGRITY'} = 'sha2_512|sha2_256'; #[19]; - $cgiparams{'IKE_GROUPTYPE'} = 'curve448|curve25519|4096|3072|2048'; #[20]; + $cgiparams{'IKE_GROUPTYPE'} = 'curve448|curve448|4096|3072|2048'; #[20]; $cgiparams{'IKE_LIFETIME'} = '3'; #[16]; $cgiparams{'ESP_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21]; $cgiparams{'ESP_INTEGRITY'} = 'sha2_512|sha2_256'; #[22]; - $cgiparams{'ESP_GROUPTYPE'} = 'curve448|curve25519|4096|3072|2048'; #[23]; + $cgiparams{'ESP_GROUPTYPE'} = 'curve448|curve25519|4096|3072|2048'; #[23]; $cgiparams{'ESP_KEYLIFE'} = '1'; #[17]; $cgiparams{'COMPRESSION'} = 'off'; #[13]; $cgiparams{'ONLY_PROPOSED'} = 'on'; #[24]; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index cbc3f7b6c..e350bc651 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -251,9 +251,9 @@ 'advproxy access' => 'Zugriff', 'advproxy admin mail' => 'Cache-Administrator E-Mail-Adresse', 'advproxy advanced proxy' => 'Advanced Proxy', -'advproxy advanced web proxy' => 'Advanced Web Proxy', -'advproxy advanced web proxy configuration' => 'Proxy-Konfiguration', -'advproxy allowed subnets' => 'Erlaubte Subnetze (eins pro Zeile)', +'advproxy advanced web proxy' => 'Web-Proxy', +'advproxy advanced web proxy configuration' => 'Web Proxy-Einstellungen', +'advproxy allowed subnets' => 'Erlaubte Subnetze (eines pro Zeile)', 'advproxy allowed web browsers' => 'Zulässige Clients für Web-Zugriffe', 'advproxy asbased anomaly detection' => 'Anomalieerkennungen auf Basis Autonomer Systeme', 'advproxy back to main page' => 'Zurück zur Hauptseite', diff --git a/lfs/Config b/lfs/Config index a2d3cddc5..8b2e5dabb 100644 --- a/lfs/Config +++ b/lfs/Config @@ -143,6 +143,9 @@ ifeq "$(BUILD_ARCH)" "aarch64" GOARCH = arm64 endif
+# Rust +export CARGOPATH = $(HOME)/.cargo + ############################################################################### # Common Macro Definitions ############################################################################### @@ -184,7 +187,7 @@ define POSTBUILD @echo "Updating linker cache..." @type -p ldconfig >/dev/null && ldconfig || : @echo "Install done; saving file list to $(TARGET) ..." - @rm -rf $(GOPATH) + @rm -rf $(GOPATH) $(CARGOPATH) @$(FIND_FILES) > $(DIR_SRC)/lsalrnew @diff $(DIR_SRC)/lsalr $(DIR_SRC)/lsalrnew | grep '^> ' | sed 's/^> //' > $(TARGET)_diff @cp -f $(DIR_SRC)/lsalrnew $(DIR_SRC)/lsalr diff --git a/lfs/bind b/lfs/bind index 0545066b7..8544f0f1f 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,10 +25,10 @@
include Config
-VER = 9.11.32 +VER = 9.16.22
THISAPP = bind-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0d029dd06ca60c6739c3189c999ef757 +$(DL_FILE)_MD5 = 6a45478b33c04c830d4263635d8cd137
install : $(TARGET)
@@ -72,7 +72,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) cd $(DIR_APP) && STD_CDEFINES="$(CPPFLAGS)" \ ./configure \ @@ -80,25 +80,28 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-threads \ --with-libtool \ --without-python \ + --disable-linux-caps \ --disable-static
- # Build everything + # Build required libraries cd $(DIR_APP) && make -C lib/isc $(MAKETUNING) - cd $(DIR_APP) && make -C lib/dns $(MAKETUNING) cd $(DIR_APP) && make -C lib/isccc $(MAKETUNING) + cd $(DIR_APP) && make -C lib/dns $(MAKETUNING) + cd $(DIR_APP) && make -C lib/ns $(MAKETUNING) cd $(DIR_APP) && make -C lib/isccfg $(MAKETUNING) cd $(DIR_APP) && make -C lib/bind9 $(MAKETUNING) - cd $(DIR_APP) && make -C lib/lwres $(MAKETUNING) + cd $(DIR_APP) && make -C lib/irs $(MAKETUNING) cd $(DIR_APP) && make -C bin/dig $(MAKETUNING) cd $(DIR_APP) && make -C bin/nsupdate $(MAKETUNING)
- # Install everything + # Install utility programs cd $(DIR_APP) && make -C lib/isc install - cd $(DIR_APP) && make -C lib/dns install cd $(DIR_APP) && make -C lib/isccc install + cd $(DIR_APP) && make -C lib/dns install + cd $(DIR_APP) && make -C lib/ns install cd $(DIR_APP) && make -C lib/isccfg install cd $(DIR_APP) && make -C lib/bind9 install - cd $(DIR_APP) && make -C lib/lwres install + cd $(DIR_APP) && make -C lib/irs install cd $(DIR_APP) && make -C bin/dig install cd $(DIR_APP) && make -C bin/nsupdate install
diff --git a/lfs/bison b/lfs/bison index 3a2681406..26df21aa8 100644 --- a/lfs/bison +++ b/lfs/bison @@ -24,7 +24,7 @@
include Config
-VER = 3.7.6 +VER = 3.8.2
THISAPP = bison-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects =$(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d61aa92e3562cb7292b004ce96173cf7 +$(DL_FILE)_MD5 = c28f119f405a2304ff0a7ccdcc629713
install : $(TARGET)
diff --git a/lfs/dhcpcd b/lfs/dhcpcd index 352308692..8c4a593ad 100644 --- a/lfs/dhcpcd +++ b/lfs/dhcpcd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 9.4.0 +VER = 9.4.1
THISAPP = dhcpcd-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c36715fc629bc40aa94aae06fa1724c2 +$(DL_FILE)_MD5 = 2b2f46648bc96979f96127f0e0e07d9b
install : $(TARGET)
@@ -70,7 +70,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix="" --sysconfdir=/var/ipfire/dhcpc \ + cd $(DIR_APP) && ./configure \ + --prefix="" \ + --sysconfdir=/var/ipfire/dhcpc \ --dbdir=/var/ipfire/dhcpc \ --libexecdir=/var/ipfire/dhcpc \ --mandir=/usr/share/man diff --git a/lfs/jansson b/lfs/jansson index 2c95c62ef..b2b02ff26 100644 --- a/lfs/jansson +++ b/lfs/jansson @@ -24,7 +24,7 @@
include Config
-VER = 2.12 +VER = 2.14
THISAPP = jansson-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0ed1f3a924604aae68067c214b0010ef +$(DL_FILE)_MD5 = 6cbfc54c2ab3b4d7284e188e185c2b0b
install : $(TARGET)
diff --git a/lfs/libhtp b/lfs/libhtp index 242953254..95264df09 100644 --- a/lfs/libhtp +++ b/lfs/libhtp @@ -24,7 +24,7 @@
include Config
-VER = 0.5.38 +VER = 0.5.39
THISAPP = libhtp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4d3bee196a8adcb10bfd874ec6bd9ca0 +$(DL_FILE)_MD5 = f18e1a3f36b97beb63616ad1a5c2a9d8
install : $(TARGET)
diff --git a/lfs/jwhois b/lfs/libuv similarity index 76% rename from lfs/jwhois rename to lfs/libuv index ed12681c7..515fc80a6 100644 --- a/lfs/jwhois +++ b/lfs/libuv @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -18,20 +18,22 @@ # # ###############################################################################
+ ############################################################################### # Definitions ###############################################################################
include Config
-VER = 4.0 +VER = 1.42.0
-THISAPP = jwhois-$(VER) +THISAPP = libuv-v$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP)
+ ############################################################################### # Top-level Rules ############################################################################### @@ -40,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 977d0ba90ee058a7998c94d933fc9546 +$(DL_FILE)_MD5 = 484dec4a06e183c20be815019ce9ddd0
install : $(TARGET)
@@ -71,22 +73,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) - - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/jwhois-4.0-conf_update.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/jwhois-4.0-conf_update2.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/jwhois-4.0-connect.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/jwhois-4.0-fclose.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/jwhois-4.0-idna.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/jwhois-4.0-ipv6match.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/jwhois-4.0-multi-homed.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/jwhois-4.0-select.patch - - cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc + cd $(DIR_APP) && ./autogen.sh + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --disable-static cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install - - # Add alias for whois command. - ln -svf jwhois /usr/bin/whois - @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/linux b/lfs/linux index 2378bb6b0..284ca11b2 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,7 +24,7 @@
include Config
-VER = 5.15.3 +VER = 5.15.4 ARM_PATCHES = 5.15-ipfire2
THISAPP = linux-$(VER) @@ -77,7 +77,7 @@ objects =$(DL_FILE) \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_MD5 = 3a96b55f9996f442da3fd165d01acefe +$(DL_FILE)_MD5 = 7ab1a51d6c48fc062e9e33c143dfa825 arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 9cab549a71b19b07e0c5c103ccf3c321
install : $(TARGET) diff --git a/lfs/meson b/lfs/meson index 73e73a44d..16b7737ec 100644 --- a/lfs/meson +++ b/lfs/meson @@ -24,7 +24,7 @@
include Config
-VER = 0.58.0 +VER = 0.59.2
THISAPP = meson-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 18ac55e3d6a5acb17b5737eb2a15bb5b +$(DL_FILE)_MD5 = 9d65e09b53b1dfab6339a0982176935d
install : $(TARGET)
diff --git a/lfs/slang b/lfs/slang index a4ff3a1e3..1166d2d3a 100644 --- a/lfs/slang +++ b/lfs/slang @@ -24,10 +24,10 @@
include Config
-VER = 2.3.0 +VER = 2.3.2
THISAPP = slang-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 80f4e64189b6f28fd420b829b44a6723 +$(DL_FILE)_MD5 = c2d5a7aa0246627da490be4e399c87cb
install : $(TARGET)
diff --git a/lfs/sshfs b/lfs/sshfs index 23b68c541..f9a585572 100644 --- a/lfs/sshfs +++ b/lfs/sshfs @@ -24,7 +24,7 @@
include Config
-VER = 3.7.1 +VER = 3.7.2
THISAPP = sshfs-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 22ac23d05ca7c56fb568627f086374d0 +$(DL_FILE)_MD5 = 86dcc81a1381c3e6863c97e684501bb6
install : $(TARGET)
diff --git a/lfs/sslh b/lfs/sslh index c5e8cdd63..07f419007 100644 --- a/lfs/sslh +++ b/lfs/sslh @@ -24,7 +24,7 @@
include Config
-VER = 1.7a +VER = 1.22c
THISAPP = sslh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = sslh -PAK_VER = 5 +PAK_VER = 6
DEPS =
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ee124654412198a5e11fe28acf10634d +$(DL_FILE)_MD5 = ddfebd2436e4f5e53d1810285d75f1b8
install : $(TARGET)
@@ -78,7 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && make CFLAGS="$(CFLAGS)" $(MAKETUNING) USELIBWRAP= - cd $(DIR_APP) && install -v -m 755 sslh /usr/sbin + cd $(DIR_APP) && make install
#install initscripts $(call INSTALL_INITSCRIPT,sslh) diff --git a/lfs/strace b/lfs/strace index d24918626..82b84e78f 100644 --- a/lfs/strace +++ b/lfs/strace @@ -24,7 +24,7 @@
include Config
-VER = 5.11 +VER = 5.14 SUP_ARCHES = x86_64 i586 armv6l aarch64
THISAPP = strace-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = strace -PAK_VER = 5 +PAK_VER = 6
DEPS = elfutils
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f5a317fd535465cf9130d0547661f5c4 +$(DL_FILE)_MD5 = 36c1c17f31855617b7898d2fd5abb9e2
install : $(TARGET)
diff --git a/lfs/suricata b/lfs/suricata index c7f189bf4..f5b68da8f 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,14 +24,13 @@
include Config
-VER = 5.0.7 +VER = 5.0.8
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) -SUP_ARCH = x86_64 i586 aarch64 armv6l
############################################################################### # Top-level Rules @@ -41,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f6ff77e4dcf8035853209ceeba9b530c +$(DL_FILE)_MD5 = d48387c2e0b5e502852b077369d947c5
install : $(TARGET)
@@ -71,6 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \ --prefix=/usr \ --sysconfdir=/etc \ @@ -96,9 +96,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Install IPFire related config file. install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata
- # Remove shipped rules. - rm -rvf /usr/share/suricata - # Create emtpy rules directory. -mkdir -p /var/lib/suricata
diff --git a/lfs/whois b/lfs/whois new file mode 100644 index 000000000..b526b90f4 --- /dev/null +++ b/lfs/whois @@ -0,0 +1,84 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 5.5.10 + +THISAPP = whois_$(VER) +DL_FILE = $(THISAPP).tar.xz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +PROG = whois + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 4db48a482a06261ffa358d9f52c9bd7e + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + $(UPDATE_AUTOMAKE) + + cd $(DIR_SRC)/$(PROG) && make $(MAKETUNING) \ + CONFIG_FILE=/etc/whois.conf \ + whois + cd $(DIR_SRC)/$(PROG) && make prefix=/usr install-whois + cd $(DIR_SRC)/$(PROG) && install -v -m 644 whois.conf -t /etc/ + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 0844e8d34..e6f948ba0 100755 --- a/make.sh +++ b/make.sh @@ -1128,7 +1128,7 @@ buildbase() { lfsmake2 gperf lfsmake2 gzip lfsmake2 hostname - lfsmake2 jwhois + lfsmake2 whois lfsmake2 kbd lfsmake2 less lfsmake2 pkg-config @@ -1217,6 +1217,7 @@ buildipfire() { lfsmake2 aprutil lfsmake2 unbound lfsmake2 gnutls + lfsmake2 libuv lfsmake2 bind lfsmake2 dhcp lfsmake2 dhcpcd diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 776e70d6e..75ea8abdf 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -112,8 +112,6 @@ iptables_init() { iptables -A CONNTRACK -m conntrack --ctstate ESTABLISHED -j ACCEPT iptables -A CONNTRACK -m conntrack --ctstate INVALID -j DROP iptables -A CONNTRACK -p icmp -m conntrack --ctstate RELATED -j ACCEPT - iptables -t raw -N CONNTRACK - iptables -t raw -A PREROUTING -j CONNTRACK
# Restore any connection marks iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index b379bf331..1b42ac720 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -267,7 +267,7 @@ get_memory_amount() {
fix_time_if_dns_fails() { # If DNS is working, everything is fine - if resolve "ping.ipfire.org" &>/dev/null; then + if resolve "ipfire.pool.ntp.org" &>/dev/null; then return 0 fi
diff --git a/src/patches/jwhois-4.0-conf_update.patch b/src/patches/jwhois-4.0-conf_update.patch deleted file mode 100644 index 512d30006..000000000 --- a/src/patches/jwhois-4.0-conf_update.patch +++ /dev/null @@ -1,714 +0,0 @@ -diff -up jwhois-4.0/example/jwhois.conf.orig jwhois-4.0/example/jwhois.conf ---- jwhois-4.0/example/jwhois.conf.orig 2007-03-26 11:12:08.000000000 +0200 -+++ jwhois-4.0/example/jwhois.conf 2010-12-20 14:26:06.450882316 +0100 -@@ -17,6 +17,11 @@ whois-servers { - type = regex; - - # -+ # Catch ENUM domains -+ # -+ "\([0-9]\.\)+e164\.arpa" = "struct enum-blocks"; -+ -+ # - # You can use the special value `struct' to redirect the query - # to another block which optionally can use another type of matching. - # Here we use it to have IPv4 numbers matched using CIDR blocks instead -@@ -27,6 +32,7 @@ whois-servers { - "^CORE-[0-9]+$" = "struct handles"; - "^CO[CH]O-[0-9]+$" = "struct handles"; - ".*-[A-Z]+$" = "struct handles"; -+ ".*-6BONE$" = "struct handles"; - - # - # Catch AS numbers -@@ -81,6 +87,7 @@ whois-servers { - # Pseudo-ccTLDs must be listed above gTLDs - # - "\.ae\.org$" = "whois.centralnic.net"; -+ "\.ar\.com$" = "whois.centralnic.com"; - "\.br\.com$" = "whois.centralnic.net"; - "\.cn\.com$" = "whois.centralnic.net"; - "\.de\.com$" = "whois.centralnic.net"; -@@ -103,17 +110,30 @@ whois-servers { - "\.uy\.com$" = "whois.centralnic.net"; - "\.web\.com$" = "whois.centralnic.net"; - "\.za\.com$" = "whois.centralnic.net"; -+ "\.za\.net$" = "whois.za.net"; -+ "\.za\.org$" = "whois.za.org"; - - "\.ac$" = "whois.nic.ac"; -- "\.ae$" = "whois.uaenic.ae"; -+ "\.ae$" = "whois.aeda.net.ae"; -+ "\.co\.ae$" = "whois.aeda.net.ae"; -+ "\.net\.ae$" = "whois.aeda.net.ae"; -+ "\.org\.ae$" = "whois.aeda.net.ae"; -+ "\.sch\.ae$" = "whois.aeda.net.ae"; -+ "\.ac\.ae$" = "whois.aeda.net.ae"; -+ "\.mil\.ae$" = "whois.aeda.net.ae"; -+ "\.gov\.ae$" = "whois.aeda.net.ae"; -+ "\.1\.7\.9\.e164\.arpa$" = "whois.aeda.net.ae"; - "\.aero$" = "whois.aero"; -- "\.af$" = "whois.nic.af"; -+ "\.af$" = "whois.cocca.cx"; - "\.ag$" = "whois.nic.ag"; -- "\.ai$" = "whois.offshore.ai"; -- "\.al$" = "whois.ripe.net"; -+ "\.ai$" = "whois.ai"; -+ "\.al$" = "www.ert.gov.al"; - "\.am$" = "whois.amnic.net"; -+ "\.edu\.ar$" = "www.riu.edu.ar"; - "\.ar$" = "www.nic.ar"; -+ "\.arpa$" = "whois.iana.org"; - "\.as$" = "whois.nic.as"; -+ "\.asia$" = "whois.nic.asia"; - "\.at$" = "whois.nic.at"; - "\.asn\.au$" = "whois.ausregistry.net.au"; - "\.com\.au$" = "whois.ausregistry.net.au"; -@@ -125,30 +145,40 @@ whois-servers { - "\.ba$" = "whois.ripe.net"; - "\.be$" = "whois.dns.be"; - "\.bg$" = "whois.register.bg"; -- "\.bi$" = "www.nic.bi"; -- "\.biz$" = "whois.neulevel.biz"; -+ "\.bi$" = "whois.nic.bi"; -+ "\.biz$" = "whois.biz"; - "\.bj$" = "whois.nic.bj"; - "\.bm$" = "rwhois.ibl.bm 4321"; -+ "\.bo$" = "whois.nic.bo"; - "\.br$" = "whois.nic.br"; -+ "\.bs$" = "www.register.bs"; - "\.bv$" = "whois.ripe.net"; -- "\.by$" = "whois.ripe.net"; -+ "\.by$" = "www.domain.by"; - "\.bz$" = "whois.belizenic.bz"; -+ "\.co\.ca$" = "whois.co.ca"; - "\.ca$" = "whois.cira.ca"; - "\.cat$" = "whois.cat"; -- "\.cc$" = "whois.nic.cc"; -+ "\.cc$" { -+ whois-server = "ccwhois.verisign-grs.com"; -+ query-format = "domain $*"; -+ } - "\.cd$" = "whois.nic.cd"; - "\.cg$" = "www.nic.cg"; - "\.ch$" = "whois.nic.ch"; - "\.ci$" = "whois.nic.ci"; - "\.ck$" = "whois.nic.ck"; - "\.cl$" = "whois.nic.cl"; -+ "\.co\.cm$" = "whois.netcom.cm"; -+ "\.com\.cm$" = "whois.netcom.cm"; -+ "\.net\.cm$" = "whois.netcom.cm"; - "\.edu\.cn$" = "whois.edu.cn"; -- "\.cn$" = "whois.cnnic.net.cn"; -+ "\.cn$" = "whois.cnnic.cn"; - "\.com$" { - whois-server = "whois.verisign-grs.com"; - query-format = "domain $*"; - } - "\.coop$" = "whois.nic.coop"; -+ "\.cu$" = "www.nic.cu"; - "\.cx$" = "whois.nic.cx"; - "\.cy$" = "whois.ripe.net"; - "\.cz$" = "whois.nic.cz"; -@@ -156,12 +186,15 @@ whois-servers { - whois-server = "whois.denic.de"; - query-format = "-C UTF-8 -T dn,ace $*"; - } -- "\.dk$" = "whois.dk-hostmaster.dk"; -+ "\.dk$" { -+ whois-server = "whois.dk-hostmaster.dk"; -+ query-format = "--show-handles $*"; -+ } - "\.dm$" = "whois.nic.dm"; - "\.do$" = "whois.nic.do"; -- "\.dz$" = "whois.ripe.net"; -+ "\.dz$" = "www.nic.dz"; - "\.ec$" = "www.nic.ec"; -- "\.edu$" = "whois.educause.net"; -+ "\.edu$" = "whois.educause.edu"; - "\.ee$" = "whois.eenet.ee"; - "\.eg$" = "whois.ripe.net"; - "\.es$" = "www.nic.es"; -@@ -171,17 +204,20 @@ whois-servers { - "\.fm$" = "www.dot.fm"; - "\.fo$" = "whois.ripe.net"; - "\.fr$" = "whois.nic.fr"; -- "\.gi$" = "www.nic.gi"; -+ "\.gd$" = "whois.adamsnames.com"; -+ "\.gi$" = "whois2.afilias-grs.net"; - "\.gov$" = "whois.nic.gov"; -- "\.gg$" = "whois.isles.net"; -+ "\.gg$" = "whois.gg"; - "\.gm$" = "whois.ripe.net"; - "\.gp$" = "whois.nic.gp"; - "\.gr$" = "whois.ripe.net"; -- "\.gs$" = "203.119.12.22"; -+ "\.gs$" = "whois.nic.gs"; - "\.gt$" = "www.gt"; -- "\.hk$" = "whois.hkdnr.net.hk"; -+ "\.hk$" = "whois.hkirc.hk"; - "\.hm$" = "whois.registry.hm"; -+ "\.hn$" = "whois2.afilias-grs.net"; - "\.hr$" = "www.dns.hr"; -+ "\.ht$" = "whois.nic.ht"; - "\.hu$" = "whois.nic.hu"; - "\.id$" = "whois.idnic.net.id"; - "\.ie$" = "whois.domainregistry.ie"; -@@ -195,69 +231,94 @@ whois-servers { - "\.is$" = "whois.isnic.is"; - "\.it$" = "whois.nic.it"; - "\.je$" = "whois.isles.net"; -+ "\.jobs$" { -+ whois-server = "jobswhois.verisign-grs.com"; -+ query-format = "domain $*"; -+ } - "\.jp$" { - whois-server = "whois.jprs.jp"; - query-format = "$* /e"; - } -+ "\.ke$" = "whois.kenic.or.ke"; -+ "\.kp$" = "whois.kcce.kp"; - "\.kg$" = "whois.domain.kg"; -- "\.ki$" = "whois.nic.ki"; -+ "\.ki$" = "whois.cocca.cx"; - "\.kr$" = "whois.krnic.net"; - "\.kz$" = "whois.nic.kz"; - "\.la$" = "whois.nic.la"; - "\.lb$" = "cgi.aub.edu.lb"; -+ "\.lc$" = "whois2.afilias-grs.net"; - "\.li$" = "whois.nic.li"; - "\.lk$" = "whois.nic.lk"; - "\.lt$" = "whois.domreg.lt"; - "\.lu$" = "whois.dns.lu"; - "\.lv$" = "whois.nic.lv"; - "\.ly$" = "whois.nic.ly"; -- "\.ma$" = "whois.ripe.net"; -+ "\.ma$" = "whois.iam.net.ma"; -+ "\.md$" = "whois.nic.md"; -+ "\.me$" = "whois.nic.me"; - "\.mil$" = "whois.nic.mil"; - "\.mk$" = "whois.ripe.net"; - "\.mm$" = "whois.nic.mm"; -+ "\.mn$" = "whois2.afilias-grs.net"; - "\.mobi$" = "whois.dotmobiregistry.net"; -- "\.ms$" = "whois.adamsnames.tc"; -- "\.mt$" = "www.um.edu.mt"; -+ "\.ms$" = "whois.nic.ms"; -+ "\.mt$" = "whois.nic.org.mt"; - "\.mu$" = "whois.nic.mu"; - "\.museum$" = "whois.museum"; - "\.mw$" = "www.tarsus.net"; - "\.mx$" = "whois.nic.mx"; -- "\.my$" = "whois.mynic.net.my"; -+ "\.my$" = "whois.domainregistry.my"; - "\.na$" = "whois.na-nic.com.na"; -- "\.name$" = "whois.nic.name"; -+ "\.name$" { -+ whois-server = "whois.nic.name"; -+ query-format = "domain = $*"; -+ } - "\.net$" { - whois-server = "whois.verisign-grs.com"; - query-format = "domain $*"; - } -- "\.ng$" = "whois.rg.net"; -+ "\.nf$" = "whois.cocca.cx"; -+ "\.ng$" = "whois.nic.net.ng"; - "\.nl$" = "whois.domain-registry.nl"; - "\.no$" = "whois.norid.no"; - "\.nu$" = "whois.nic.nu"; - "\.nz$" = "whois.srs.net.nz"; - "\.org$" = "whois.publicinterestregistry.net"; -- "\.pe$" = "whois.nic.pe"; -+ "\.pa$" = "www.nic.pa"; -+ "\.pe$" = "kero.yachay.pe"; - "\.pk$" = "pknic.net.pk"; - "\.pl$" = "whois.dns.pl"; - "\.pm$" = "whois.nic.pm"; -+ "\.pr$" = "whois.nic.pr"; - "\.pro$" = "whois.registrypro.pro"; -+ "\.ps$" = "www.nic.ps"; - "\.pt$" = "whois.dns.pt"; - "\.pw$" = "whois.nic.pw"; - "\.re$" = "whois.nic.re"; - "\.ro$" = "whois.rotld.ro"; -+ "\.edu.ru$" = "whois.informika.ru"; - "\.ru$" = "whois.ripn.net"; - "\.rw$" = "www.nic.rw"; - "\.sa$" = "saudinic.net.sa"; -+ "\.sb$" = "whois.nic.sb"; -+ "\.sc$" = "whois2.afilias-grs.net"; - "\.se$" = "whois.iis.se"; -- "\.sg$" = "whois.nic.net.sg"; -+ "\.sg$" = "whois.sgnic.sg"; - "\.sh$" = "whois.nic.sh"; - "\.si$" = "whois.arnes.si"; - "\.sj$" = "whois.ripe.net"; -- "\.sk$" = "whois.ripe.net"; -+ "\.sk$" = "whois.sk-nic.sk"; -+ "\.sl$" = "whois.nic.sl"; - "\.sm$" = "whois.ripe.net"; -+ "\.sn$" = "whois.nic.sn"; -+ "\.so$" = "whois.nic.so"; - "\.sr$" = "whois.register.sr"; - "\.st$" = "whois.nic.st"; - "\.su$" = "whois.ripn.net"; -+ "\.sv$" = "www.svnet.org.sv"; - "\.tc$" = "whois.adamsnames.tc"; -+ "\.tel$" = "whois.nic.tel"; - "\.tf$" = "whois.afnic.fr"; - "\.tg$" = "www.nic.tg"; - "\.th$" = "whois.thnic.net"; -@@ -268,8 +329,12 @@ whois-servers { - "\.tn$" = "whois.ripe.net"; - "\.to$" = "whois.tonic.to"; - "\.tr$" = "whois.nic.tr"; -+ "\.travel$" = "whois.nic.travel"; - "\.tt$" = "www.nic.tt"; -- "\.tv$" = "whois.nic.tv"; -+ "\.tv$" { -+ whois-server = "tvwhois.verisign-grs.com"; -+ query-format = "domain $*"; -+ } - "\.tw$" = "whois.twnic.net"; - "\.ua$" = "whois.com.ua"; - "\.ug$" = "whois.co.ug"; -@@ -279,9 +344,12 @@ whois-servers { - "\.fed\.us$" = "whois.nic.gov"; - "\.us$" = "whois.nic.us"; - "\.com\.uy$" = "dns.antel.net.uy"; -- "\.uy$" = "www.rau.edu.uy"; # is a whois server -- "\.uz$" = "www.noc.uz"; -+ "\.uy$" = "whois.nic.org.uy"; -+ "\.co\.uz$" = "whois.reg.uz"; -+ "\.com\.uz$" = "whois.reg.uz"; -+ "\.uz$" = "whois.cctld.uz"; - "\.va$" = "whois.ripe.net"; -+ "\.vc$" = "whois2.afilias-grs.net"; - "\.ve$" = "whois.nic.ve"; - "\.vi$" = "www.nic.vi"; - "\.vg$" = "whois.adamsnames.tc"; -@@ -289,12 +357,15 @@ whois-servers { - "\.vu$" = "www.vunic.vu"; - "\.wf$" = "whois.nic.wf"; - "\.ws$" = "whois.worldsite.ws"; -+ "\.xn--mgbaam7a8h$" = "whois.aeda.net.ae"; - "\.yt$" = "whois.nic.yt"; -- "\.yu$" = "whois.ripe.net"; -+ "\.yu$" = "www.nic.yu"; - "\.ac\.za$" = "whois.ac.za"; - "\.org\.za$" = "rwhois.org.za 4321"; - "\.co\.za$" = "whois.co.za"; -+ "\.nom\.za$" = "www.nom.za"; - # "\.za$" = "whois.frd.ac.za"; -+ "\.co\.zw$" = "www.zispa.co.zw"; - - # - # Specify different port numbers to connect to by postfixing the IP -@@ -311,6 +382,16 @@ whois-servers { - } - - # -+# enum-blocks -+# -+enum-blocks { -+ type = regex; -+ -+ "\.9\.4\.e164\.arpa$" = "whois.enum.denic.de"; -+ "\.1\.6\.e164\.arpa$" = "whois-check.enum.com.au"; -+} -+ -+# - # cidr-blocks contains a list of all known CIDR blocks assigned to - # RIPE or APNIC. Default all queries to ARIN which has most other blocks. - # -@@ -580,7 +661,7 @@ cidr-blocks { - cidr6-blocks { - type = cidr6; - -- "2001:0000::/23" = "whois.iana.org"; -+ "2001:0000::/23" = "whois.iana.org"; # correct, but nothing usable is returned - "2001:0200::/23" = "whois.apnic.net"; - "2001:0400::/23" = "whois.arin.net"; - "2001:0600::/23" = "whois.ripe.net"; -@@ -593,13 +674,13 @@ cidr6-blocks { - "2001:1600::/23" = "whois.ripe.net"; - "2001:1800::/23" = "whois.arin.net"; - "2001:1A00::/23" = "whois.ripe.net"; -- "2001:1C00::/23" = "whois.ripe.net"; -- "2001:1E00::/23" = "whois.ripe.net"; -+ "2001:1C00::/22" = "whois.ripe.net"; - "2001:2000::/20" = "whois.ripe.net"; - "2001:3000::/21" = "whois.ripe.net"; - "2001:3800::/22" = "whois.ripe.net"; -+ "2001:3C00::/22" = "whois.arin.net"; # not correct, but shows better information - "2001:4000::/23" = "whois.ripe.net"; -- "2001:4200::/23" = "whois.arin.net"; -+ "2001:4200::/23" = "whois.afrinic.net"; - "2001:4400::/23" = "whois.apnic.net"; - "2001:4600::/23" = "whois.ripe.net"; - "2001:4800::/23" = "whois.arin.net"; -@@ -610,23 +691,47 @@ cidr6-blocks { - "2001:A000::/20" = "whois.apnic.net"; - "2001:B000::/20" = "whois.apnic.net"; - -+ "2002:0000::/16" = "whois.arin.net"; # not correct, but shows better information -+ - "2003:0000::/18" = "whois.ripe.net"; - -- "2400:0000::/19" = "whois.apnic.net"; -- "2400:2000::/19" = "whois.apnic.net"; -- "2400:4000::/21" = "whois.apnic.net"; -- "2404:0000::/23" = "whois.apnic.net"; -- -- "2600:0000::/22" = "whois.arin.net"; -- "2604:0000::/22" = "whois.arin.net"; -- "2608:0000::/22" = "whois.arin.net"; -- "260C:0000::/22" = "whois.arin.net"; -+ "2400:0000::/12" = "whois.apnic.net"; -+ -+ "2600:0000::/12" = "whois.arin.net"; - "2610:0000::/23" = "whois.arin.net"; -+ "2620:0000::/23" = "whois.arin.net"; -+ -+ "2800:0000::/12" = "whois.lacnic.net"; - -- "2800:0000::/23" = "whois.lacnic.net"; -+ "2C00:0000::/12" = "whois.afrinic.net"; - -- "2A00:0000::/21" = "whois.ripe.net"; -- "2A01:0000::/16" = "whois.ripe.net"; -+ # -+ # IPv6 blocks by carriers used for SixXS; -+ # see e.g. http://www.sixxs.net/pops/ -+ # -+ "2001:0610::/32" = "whois.sixxs.net"; -+ "2001:06A0::/32" = "whois.sixxs.net"; -+ "2001:06A8::/32" = "whois.sixxs.net"; -+ "2001:06F8::/32" = "whois.sixxs.net"; -+ "2001:0770::/32" = "whois.sixxs.net"; -+ "2001:07B8::/32" = "whois.sixxs.net"; -+ "2001:0808::/32" = "whois.sixxs.net"; -+ "2001:0838::/32" = "whois.sixxs.net"; -+ "2001:0960::/32" = "whois.sixxs.net"; -+ "2001:0A60::/32" = "whois.sixxs.net"; -+ "2001:0AD0::/32" = "whois.sixxs.net"; -+ "2001:0B18::/32" = "whois.sixxs.net"; -+ "2001:1418::/32" = "whois.sixxs.net"; -+ "2001:14B8::/32" = "whois.sixxs.net"; -+ "2001:15C0::/32" = "whois.sixxs.net"; -+ "2001:16D8::/32" = "whois.sixxs.net"; -+ "2001:1938::/32" = "whois.sixxs.net"; -+ "2001:4830::/32" = "whois.sixxs.net"; -+ "2001:4978::/32" = "whois.sixxs.net"; -+ "2001:41E0::/32" = "whois.sixxs.net"; -+ "2001:4428::/32" = "whois.sixxs.net"; -+ "2A01:0198::/32" = "whois.sixxs.net"; -+ "2A01:0348::/32" = "whois.sixxs.net"; - - # - # Experimental IPv6 network 6bone (RFC2471) -@@ -662,7 +767,7 @@ handles { - ".*-NICAT$" = "whois.nic.at"; - ".*-CZ$" = "whois.nic.cz"; - ".*-NICIR$" = "whois.nic.ir"; -- ".*-UYNIC$" = "www.rau.edu.uy"; -+ ".*-UYNIC$" = "whois.nic.org.uy"; - ".*-ITNIC$" = "whois.nic.it"; - ".*-FRNIC$" = "whois.nic.fr"; - ".*-LACNIC$" = "whois.lacnic.net"; -@@ -671,6 +776,49 @@ handles { - whois-server = "saudinic.net.sa"; - query-format = "PERSON $*"; - } -+ ".*-SIXXS$" = "whois.sixxs.net"; -+ ".*-6BONE$" = "whois.6bone.net"; -+ ".*-IRNIC$" = "whois.nic.ir"; -+ ".*-RIPN$" = "whois.ripn.net"; -+ ".*-AFRINIC$" = "whois.afrinic.net"; -+ "^C[0-9]+-LRMS$" { -+ whois-server = "whois.afilias.info"; -+ query-format = "CONTACT ID $*"; -+ } -+ "^D[0-9]+-LRMS$" { -+ whois-server = "whois.afilias.info"; -+ query-format = "DOMAIN ID $*"; -+ } -+ "^H[0-9]+-LRMS$" { -+ whois-server = "whois.afilias.info"; -+ query-format = "HOST ID $*"; -+ } -+ "^R[0-9]+-LRMS$" { -+ whois-server = "whois.afilias.info"; -+ query-format = "REGISTRAR ID $*"; -+ } -+ ".*-KENIC$" = "whois.kenic.or.ke"; -+ ".*-UANIC$" = "whois.com.ua"; -+ ".*-COOP$" { -+ whois-server = "whois.nic.coop"; -+ query-format = "CONTACT $*"; -+ } -+ ".*CONTACT-NAME$" { -+ whois-server = "whois.nic.name"; -+ query-format = "contact = $*"; -+ } -+ ".*REGISTRAR-NAME$" { -+ whois-server = "whois.nic.name"; -+ query-format = "registrar = $*"; -+ } -+ "^C[0-9]+-AERO$" { -+ whois-server = "whois.aero"; -+ query-format = "CONTACT ID $*"; -+ } -+ "^D[0-9]+-AERO$" { -+ whois-server = "whois.aero"; -+ query-format = "DOMAIN ID $*"; -+ } - } - - # -@@ -678,11 +826,6 @@ handles { - # each host. - # - server-options { -- "rwhois\.nic\.ve" { -- rwhois = true; -- rwhois-display = "dump"; -- rwhois-limit = 10; -- } - "rwhois\.exodus\.net" { - rwhois = true; - } -@@ -754,13 +897,6 @@ server-options { - form-element = "name"; - } - -- "www\.um\.edu\.mt" { -- http = "true"; -- http-method = "GET"; -- http-action = "/cgi-bin/nic/whois"; -- form-element = "domain"; -- } -- - "www\.gt" { - http = "true"; - http-method = "GET"; -@@ -777,13 +913,6 @@ server-options { - query-format = "Upit=${+2}"; # All but last domain segment - } - -- "whois\.offshore\.ai" { -- http = "true"; -- http-method = "POST"; -- http-action = "/cgi-bin/whois.pl"; -- form-element = "domain-name"; -- } -- - "www\.io\.io" { - http = "true"; - http-method = "GET"; -@@ -813,11 +942,12 @@ server-options { - form-element = "query"; - } - -- "www\.nic\.bi" { -- http = "true"; -- http-method = "POST"; -- http-action = "/cgi-bin/whoisbi.pl"; # Formatting problems in Lynx -- form-element = "DOMAINWHOIS"; -+ "whois\.nic\.bi" { -+ http = "true"; # I can't connect on port 43 -+ http-method = "GET"; -+ http-action = "/register/whois.hei"; -+ form-element = "query"; -+ form-extra = "type=domain"; - } - - "www\.nic\.cg" { -@@ -848,13 +978,6 @@ server-options { - form-element = "name"; - } - -- "www\.noc\.uz" { -- http = "true"; -- http-method = "POST"; -- http-action = "/whois.php4"; -- form-element = "dname"; -- } -- - "www\.nic\.vi" { - http = "true"; - http-method = "POST"; -@@ -878,9 +1001,9 @@ server-options { - - "www\.nic\.tg" { - http = "true"; -- http-method = "GET"; -- http-action = "/moteur/info_dom.php"; -- form-element = "domaine"; -+ http-method = "POST"; -+ http-action = "/nictg/indexplus.php?pg=verifdom&op=whois"; -+ query-format = "tosearch=${+2}&typedom=.tg"; - } - - "cgi\.aub\.edu\.lb" { -@@ -910,33 +1033,152 @@ server-options { - form-element = "nombre"; - } - -- "www\.denic\.de" { -- http = "true"; -- http-method = "POST"; -- http-action = "/en/whois/data.jsp"; -- form-element = "domainname"; -- form-extra = "service=WhoisData&lang=en&submit=Accept"; -- } - "whois\.denic\.de" { - whois-server = "whois.denic.de"; - query-format = "-C UTF-8 -T dn,ace $*"; - answer-charset = "UTF-8"; - } -+ -+ "whois\.enum\.denic\.de" { -+ whois-server = "whois.enum.denic.de"; -+ query-format = "-C UTF-8 -T dn $*"; -+ answer-charset = "UTF-8"; -+ } -+ - "whois\.nic\.ad\.jp" { - query-format = "$*/e"; - } -+ - "whois\.nic\.ch" { - answer-charset = "UTF-8"; - } -+ - "whois\.nic\.li" { - answer-charset = "UTF-8"; - } -+ - "whois\.centralnic\.*" { - whois-redirect = ".*Whois Server: \(.*\)"; - } -+ - ".*\.verisign-grs\.com" { - whois-redirect = ".*Whois Server: \(.*\)"; - } -+ -+ "whois\.sixxs\.net" { -+ whois-redirect = ".*ReferralServer: whois://\(.*\)"; -+ } -+ -+ "whois2\.afilias-grs\.net" { -+ whois-redirect = "Whois Server:\(.*\)"; -+ } -+ -+ "whois\.registrar\.telekom\.de" { -+ query-format = "full $*"; -+ } -+ -+ "whois\.rrpproxy\.net" { -+ answer-charset = "UTF-8"; -+ } -+ -+ "www\.nom\.za" { -+ http = "true"; -+ http-method = "POST"; -+ http-action = "/do.php"; -+ query-format = "chkDomain=${+3}&chkAvail=Check"; -+ } -+ -+ "www\.nic\.pa" { -+ http = "true"; -+ http-method = "GET"; -+ http-action = "/egh/whois.php"; -+ form-element = "nombre_d"; -+ } -+ -+ "www\.nic\.dz" { -+ http = "true"; -+ http-method = "POST"; -+ http-action = "/index.php?option=com_content&task=view&id=37&Itemid=51"; -+ form-element = "domain_name"; -+ } -+ -+ "www\.nic\.yu" { -+ http = "true"; -+ http-method = "GET"; -+ http-action = "/cgi-bin/checkavail.cgi"; -+ form-element = "domain"; -+ } -+ -+ "whois\.dotster\.com" { -+ answer-charset = "UTF-8"; -+ } -+ -+ "www\.ert\.gov\.al" { -+ http = "true"; -+ http-method = "POST"; -+ http-action = "/ert_eng/domain_res.html"; -+ query-format = "Domain=${+2}"; -+ } -+ -+ "www\.nic\.cu" { -+ http = "true"; -+ http-method = "GET"; -+ http-action = "/dom_det.php"; -+ form-element = "domsrch"; -+ } -+ -+ "www\.nic\.ps" { -+ http = "true"; -+ http-method = "GET"; -+ http-action = "/whois/domain_whois.php"; -+ form-element = "dname"; -+ } -+ -+ "www\.svnet\.org\.sv" { -+ http = "true"; -+ http-method = "POST"; -+ http-action = "/registro/consultas/whois.php"; -+ form-element = "subdominio"; -+ } -+ -+ "www\.zispa\.co\.zw" { -+ http = "true"; -+ http-method = "GET"; -+ http-action = "/cgi-bin/search"; -+ form-element = "domain"; -+ } -+ -+ "www\.riu\.edu\.ar" { -+ http = "true"; -+ http-method = "POST"; -+ http-action = "/cgi-bin/verdom.pl.nuevo"; -+ query-format = "username=${+3}"; -+ } -+ -+ "www\.register\.bs" { -+ http = "true"; -+ http-method = "POST"; -+ http-action = "/cgi-bin/search.pl"; -+ form-element = "name"; -+ } -+ -+ "www\.domain\.by" { -+ http = "true"; -+ http-method = "POST"; -+ http-action = "/cgi-bin/registry.cgi"; -+ query-format = "domain=${+2}&lang=e&mode=slquest"; -+ } -+ -+ "www\.nic\.ac" { -+ http = "true"; -+ http-method = "GET"; -+ http-action = "/cgi-bin/whois"; -+ form-element = "textfield"; -+ } -+ -+ "whois\.1api\.net" { -+ answer-charset = "UTF-8"; -+ } - } - - # diff --git a/src/patches/jwhois-4.0-conf_update2.patch b/src/patches/jwhois-4.0-conf_update2.patch deleted file mode 100644 index 72dd300ff..000000000 --- a/src/patches/jwhois-4.0-conf_update2.patch +++ /dev/null @@ -1,163 +0,0 @@ -Patch by Robert Scheck robert@fedoraproject.org for jwhois >= 4.0, which adds various new -IDN top-level-domains, updates some whois servers of ccTLDs and corrects the answer charset -setting for some whois servers, too. - ---- jwhois-4.0/example/jwhois.conf 2011-05-22 20:36:19.000000000 +0200 -+++ jwhois-4.0/example/jwhois.conf.conf_update2 2011-05-22 23:46:21.000000000 +0200 -@@ -122,7 +122,6 @@ - "\.ac\.ae$" = "whois.aeda.net.ae"; - "\.mil\.ae$" = "whois.aeda.net.ae"; - "\.gov\.ae$" = "whois.aeda.net.ae"; -- "\.1\.7\.9\.e164\.arpa$" = "whois.aeda.net.ae"; - "\.aero$" = "whois.aero"; - "\.af$" = "whois.cocca.cx"; - "\.ag$" = "whois.nic.ag"; -@@ -192,7 +191,7 @@ - } - "\.dm$" = "whois.nic.dm"; - "\.do$" = "whois.nic.do"; -- "\.dz$" = "www.nic.dz"; -+ "\.dz$" = "whois.nic.dz"; - "\.ec$" = "www.nic.ec"; - "\.edu$" = "whois.educause.edu"; - "\.ee$" = "whois.eenet.ee"; -@@ -243,7 +242,7 @@ - "\.kp$" = "whois.kcce.kp"; - "\.kg$" = "whois.domain.kg"; - "\.ki$" = "whois.cocca.cx"; -- "\.kr$" = "whois.krnic.net"; -+ "\.kr$" = "whois.kr"; - "\.kz$" = "whois.nic.kz"; - "\.la$" = "whois.nic.la"; - "\.lb$" = "cgi.aub.edu.lb"; -@@ -292,13 +291,14 @@ - "\.pm$" = "whois.nic.pm"; - "\.pr$" = "whois.nic.pr"; - "\.pro$" = "whois.registrypro.pro"; -- "\.ps$" = "www.nic.ps"; -+ "\.ps$" = "whois.pnina.ps"; - "\.pt$" = "whois.dns.pt"; - "\.pw$" = "whois.nic.pw"; - "\.re$" = "whois.nic.re"; - "\.ro$" = "whois.rotld.ro"; -+ "\.rs$" = "whois.rnids.rs"; - "\.edu.ru$" = "whois.informika.ru"; -- "\.ru$" = "whois.ripn.net"; -+ "\.ru$" = "whois.tcinet.ru"; - "\.rw$" = "www.nic.rw"; - "\.sa$" = "saudinic.net.sa"; - "\.sb$" = "whois.nic.sb"; -@@ -317,6 +317,7 @@ - "\.st$" = "whois.nic.st"; - "\.su$" = "whois.ripn.net"; - "\.sv$" = "www.svnet.org.sv"; -+ "\.sy$" = "whois.tld.sy"; - "\.tc$" = "whois.adamsnames.tc"; - "\.tel$" = "whois.nic.tel"; - "\.tf$" = "whois.afnic.fr"; -@@ -335,7 +336,7 @@ - whois-server = "tvwhois.verisign-grs.com"; - query-format = "domain $*"; - } -- "\.tw$" = "whois.twnic.net"; -+ "\.tw$" = "whois.twnic.net.tw"; - "\.ua$" = "whois.com.ua"; - "\.ug$" = "whois.co.ug"; - "\.ac\.uk$" = "whois.ja.net"; -@@ -357,9 +358,25 @@ - "\.vu$" = "www.vunic.vu"; - "\.wf$" = "whois.nic.wf"; - "\.ws$" = "whois.worldsite.ws"; -+ "\.xn--3e0b707e$" = "whois.kr"; -+ "\.xn--90a3ac$" = "whois.rnids.rs"; -+ "\.xn--clchc0ea0b2g2a9gcd$" = "whois.sgnic.sg"; -+ "\.xn--fiqs8s$" = "cwhois.cnnic.cn"; -+ "\.xn--fiqz9s$" = "cwhois.cnnic.cn"; -+ "\.xn--fzc2c9e2c$" = "whois.nic.lk"; -+ "\.xn--j6w193g$" = "whois.hkirc.hk"; -+ "\.xn--kprw13d$" = "whois.twnic.net.tw"; -+ "\.xn--kpry57d$" = "whois.twnic.net.tw"; -+ "\.xn--lgbbat1ad8j$" = "whois.nic.dz"; - "\.xn--mgbaam7a8h$" = "whois.aeda.net.ae"; -+ "\.xn--mgberp4a5d4ar$" = "whois.nic.net.sa"; -+ "\.xn--o3cw4h$" = "whois.thnic.co.th"; -+ "\.xn--ogbpf8fl$" = "whois.tld.sy"; -+ "\.xn--p1ai$" = "whois.tcinet.ru"; -+ "\.xn--xkc2al3hye2a$" = "whois.nic.lk"; -+ "\.xn--yfro4i67o$" = "whois.sgnic.sg"; -+ "\.xn--ygbi2ammx$" = "whois.pnina.ps"; - "\.yt$" = "whois.nic.yt"; -- "\.yu$" = "www.nic.yu"; - "\.ac\.za$" = "whois.ac.za"; - "\.org\.za$" = "rwhois.org.za 4321"; - "\.co\.za$" = "whois.co.za"; -@@ -389,6 +406,7 @@ - - "\.9\.4\.e164\.arpa$" = "whois.enum.denic.de"; - "\.1\.6\.e164\.arpa$" = "whois-check.enum.com.au"; -+ "\.1\.7\.9\.e164\.arpa$" = "whois.aeda.net.ae"; - } - - # -@@ -1095,20 +1113,6 @@ - form-element = "nombre_d"; - } - -- "www\.nic\.dz" { -- http = "true"; -- http-method = "POST"; -- http-action = "/index.php?option=com_content&task=view&id=37&Itemid=51"; -- form-element = "domain_name"; -- } -- -- "www\.nic\.yu" { -- http = "true"; -- http-method = "GET"; -- http-action = "/cgi-bin/checkavail.cgi"; -- form-element = "domain"; -- } -- - "whois\.dotster\.com" { - answer-charset = "UTF-8"; - } -@@ -1127,13 +1131,6 @@ - form-element = "domsrch"; - } - -- "www\.nic\.ps" { -- http = "true"; -- http-method = "GET"; -- http-action = "/whois/domain_whois.php"; -- form-element = "dname"; -- } -- - "www\.svnet\.org\.sv" { - http = "true"; - http-method = "POST"; -@@ -1179,6 +1176,26 @@ - "whois\.1api\.net" { - answer-charset = "UTF-8"; - } -+ -+ "whois\.kr" { -+ answer-charset = "EUC-KR"; -+ } -+ -+ "whois\.nic\.or\.kr" { -+ answer-charset = "EUC-KR"; -+ } -+ -+ "whois\.nic\.dz" { -+ answer-charset = "UTF-8"; -+ } -+ -+ "whois\.nic\.lk" { -+ answer-charset = "ISO-8859-11"; -+ } -+ -+ "whois\.iana\.org" { -+ answer-charset = "UTF-8"; -+ } - } - - # diff --git a/src/patches/jwhois-4.0-connect.patch b/src/patches/jwhois-4.0-connect.patch deleted file mode 100644 index 2a639d779..000000000 --- a/src/patches/jwhois-4.0-connect.patch +++ /dev/null @@ -1,58 +0,0 @@ -This fixes somewhat reversed logic of trying to connect to WHOIS server. -Tue Nov 20 2007, Lubomir Kundrak lkundrak@redhat.com - ---- jwhois-4.0/src/utils.c.connect 2007-06-26 09:00:20.000000000 +0200 -+++ jwhois-4.0/src/utils.c 2007-11-20 17:05:33.000000000 +0100 -@@ -247,7 +247,7 @@ make_connect(const char *host, int port) - { - return -1; - } -- while (res) -+ for (; res; res = res->ai_next) - { - sa = res->ai_addr; - sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); -@@ -266,15 +266,15 @@ make_connect(const char *host, int port) - flags = fcntl(sockfd, F_GETFL, 0); - if (fcntl(sockfd, F_SETFL, flags|O_NONBLOCK) == -1) - { -+ close (sockfd); - return -1; - } - -- - error = connect(sockfd, res->ai_addr, res->ai_addrlen); -- - if (error < 0 && errno != EINPROGRESS) - { -- break; -+ close (sockfd); -+ continue; - } - - FD_ZERO(&fdset); -@@ -283,18 +283,20 @@ make_connect(const char *host, int port) - error = select(FD_SETSIZE, NULL, &fdset, NULL, &timeout); - if (error == 0) - { -- break; -+ close (sockfd); -+ return -1; - } - - retlen = sizeof(retval); - error = getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &retval, &retlen); - if (error < 0 || retval) - { -- break; -+ close (sockfd); -+ return -1; - } -- res = res->ai_next; -+ -+ break; - } -- if (error < 0 || retval) return -1; - #endif - - return sockfd; diff --git a/src/patches/jwhois-4.0-fclose.patch b/src/patches/jwhois-4.0-fclose.patch deleted file mode 100644 index e9c896f68..000000000 --- a/src/patches/jwhois-4.0-fclose.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up jwhois-4.0/src/init.c_old jwhois-4.0/src/init.c ---- jwhois-4.0/src/init.c_old 2007-06-26 08:59:17.000000000 +0200 -+++ jwhois-4.0/src/init.c 2009-01-27 15:49:35.000000000 +0100 -@@ -283,6 +283,8 @@ parse_args(int *argc, char ***argv) - if (in) - jconfig_parse_file(in); - -+ fclose(in); -+ - if (verbose>1) - { - printf("[Debug: Cache = %s]\n", cache?"On":"Off"); diff --git a/src/patches/jwhois-4.0-idna.patch b/src/patches/jwhois-4.0-idna.patch deleted file mode 100644 index ff13a4f71..000000000 --- a/src/patches/jwhois-4.0-idna.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff -up jwhois-4.0/src/jwhois.c.orig jwhois-4.0/src/jwhois.c ---- jwhois-4.0/src/jwhois.c.orig 2007-06-26 08:59:35.000000000 +0200 -+++ jwhois-4.0/src/jwhois.c 2011-05-24 12:29:37.398892451 +0200 -@@ -98,7 +98,7 @@ main(int argc, char **argv) - - /* Parse remaining arguments and place them into the wq - structure. */ -- while (optind < argc) -+ while (optind < argc-1) - { - count += strlen(argv[optind])+1; - if (!qstring) -@@ -116,19 +116,25 @@ main(int argc, char **argv) - strcat(qstring, " "); - optind++; - } -- qstring[strlen(qstring)-1] = '\0'; - #ifdef LIBIDN -- rc = idna_to_ascii_lz(qstring, &idn, 0); -+ rc = idna_to_ascii_lz(argv[optind], &idn, 0); - if (rc != IDNA_SUCCESS) - { -- printf("[IDN encoding of '%s' failed with error code %d]\n", qstring, rc); -+ printf("[IDN encoding of '%s' failed with error code %d]\n", argv[optind], rc); - exit(1); - } -- wq.query = strdup(idn); -+ qstring = realloc(qstring, count+strlen(idn)+1); -+ memcpy(qstring+count, -+ idn, -+ strlen(idn)+1); - free(idn); - #else -- wq.query = qstring; -+ qstring = realloc(qstring, count+strlen(argv[optind])+1); -+ memcpy(qstring+count, -+ argv[optind], -+ strlen(argv[optind])+1); - #endif -+ wq.query = qstring; - - if (ghost) - { diff --git a/src/patches/jwhois-4.0-ipv6match.patch b/src/patches/jwhois-4.0-ipv6match.patch deleted file mode 100644 index 0e5ad0e9a..000000000 --- a/src/patches/jwhois-4.0-ipv6match.patch +++ /dev/null @@ -1,15 +0,0 @@ -When IPv6 address mask did not end on an octed boundary, the the opposite -part of last byte of host address was taken into account when a match was -attempted. -- Lubomir Kundrak lkundrak@redhat.com - ---- jwhois-4.0/src/lookup.c.ipv6-match 2007-12-04 17:09:57.000000000 +0100 -+++ jwhois-4.0/src/lookup.c 2007-12-04 17:10:20.000000000 +0100 -@@ -149,7 +149,7 @@ static int ipv6_address_is_in_network(co - } - /* i == bits / 8 */ - if (bits % 8 != 0 -- && (addr->s6_addr[i] & (0xFFu << (bits % 8))) != net->s6_addr[i]) -+ && (addr->s6_addr[i] & (0xFFu << 8-(bits % 8))) != net->s6_addr[i]) - return 0; - return 1; - } diff --git a/src/patches/jwhois-4.0-multi-homed.patch b/src/patches/jwhois-4.0-multi-homed.patch deleted file mode 100644 index 05d6f46af..000000000 --- a/src/patches/jwhois-4.0-multi-homed.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up jwhois-4.0/src/utils.c.orig jwhois-4.0/src/utils.c ---- jwhois-4.0/src/utils.c.orig 2010-09-29 16:19:24.453608330 +0200 -+++ jwhois-4.0/src/utils.c 2010-09-29 16:20:10.686608189 +0200 -@@ -292,7 +292,10 @@ make_connect(const char *host, int port) - if (error < 0 || retval) - { - close (sockfd); -- return -1; -+ if (retval == ENETUNREACH) -+ continue; -+ else -+ return -1; - } - - break; diff --git a/src/patches/jwhois-4.0-select.patch b/src/patches/jwhois-4.0-select.patch deleted file mode 100644 index b60ec9692..000000000 --- a/src/patches/jwhois-4.0-select.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -ur jwhois-4.0.old/src/whois.c jwhois-4.0/src/whois.c ---- jwhois-4.0.old/src/whois.c 2007-06-26 03:00:29.000000000 -0400 -+++ jwhois-4.0/src/whois.c 2009-04-29 11:42:56.000000000 -0400 -@@ -115,6 +115,7 @@ - unsigned int count, start_count; - int ret; - char data[MAXBUFSIZE]; -+ fd_set rfds; - - count = 0; - -@@ -124,7 +125,15 @@ - - do - { -+ FD_ZERO(&rfds); -+ FD_SET(fd, &rfds); -+ ret = select(fd + 1, &rfds, NULL, NULL, NULL); -+ -+ if (ret <= 0) -+ return -1; -+ - ret = read(fd, data, MAXBUFSIZE-1); -+ - if (ret >= 0) - { - count += ret; diff --git a/src/patches/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch b/src/patches/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch new file mode 100644 index 000000000..fcea77cfa --- /dev/null +++ b/src/patches/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch @@ -0,0 +1,55 @@ +From 511648b3d7a4b5a5b4d55b92dffd63fcb23903a0 Mon Sep 17 00:00:00 2001 +From: Michael Tremer michael.tremer@ipfire.org +Date: Fri, 19 Nov 2021 17:17:47 +0000 +Subject: [PATCH] stream: tcp: Handle retransmitted SYN with TSval + +For connections that use TCP timestamps for which the first SYN packet +does not reach the server, any replies to retransmitted SYNs will be +tropped. + +This is happening in StateSynSentValidateTimestamp, where the timestamp +value in a SYN-ACK packet must match the one from the SYN packet. +However, since the server never received the first SYN packet, it will +respond with an updated timestamp from any of the following SYN packets. + +The timestamp value inside suricata is not being updated at any time +which should happen. This patch fixes that problem. + +This problem was introduced in 9f0294fadca3dcc18c919424242a41e01f3e8318. + +Signed-off-by: Michael Tremer michael.tremer@ipfire.org +--- + src/stream-tcp.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/src/stream-tcp.c b/src/stream-tcp.c +index 1cff19fa5..af681760b 100644 +--- a/src/stream-tcp.c ++++ b/src/stream-tcp.c +@@ -1643,6 +1643,23 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p, + "ssn->client.last_ack %"PRIu32"", ssn, + ssn->client.isn, ssn->client.next_seq, + ssn->client.last_ack); ++ } else if (PKT_IS_TOSERVER(p)) { ++ /* ++ * On retransmitted SYN packets, the timestamp value must be updated, ++ * to avoid dropping any SYN+ACK packets that respond to a retransmitted SYN ++ * with an updated timestamp in StateSynSentValidateTimestamp. ++ */ ++ if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_TIMESTAMP) && TCP_HAS_TS(p)) { ++ uint32_t ts_val = TCP_GET_TSVAL(p); ++ ++ // Check whether packets have been received in the correct order (only ever update) ++ if (ssn->client.last_ts < ts_val) { ++ ssn->client.last_ts = ts_val; ++ ssn->client.last_pkt_ts = p->ts.tv_sec; ++ } ++ ++ SCLogDebug("ssn %p: Retransmitted SYN. Updated timestamp from packet %"PRIu64, ssn, p->pcap_cnt); ++ } + } + + /** \todo check if it's correct or set event */ +-- +2.30.2 +
hooks/post-receive -- IPFire 2.x development tree