This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via e3429b4aad01ad011792d00570a3190d0058e7ff (commit) via 11de35622f930cdf9cd64a786a832076ee251672 (commit) via 042a5fe60a51277d3d1c717c207858dce1d28ff1 (commit) via d381c56dc82e10ce01e68bb24b197dce0fa10580 (commit) via ff21ff90d24de0f648d24bb906c45738b81ce67a (commit) via 9d1708e081d7e7ba490db3620509dcce29cb0ae8 (commit) via b76a8a008dca77f8ea9b68c95b2d04e074dfef64 (commit) via a77870146fcf1e4575a9a0e59a85a10674599e91 (commit) via 9f6849b3adfcc8eb91549427f531bdeb89f6d750 (commit) via 4ed2162324a40bc19faf9e3cf698b8f03d256434 (commit) via 045d54c324ac17edc9074b14c5a1a3187b78c2c3 (commit) via 985741db6140464fe2f74ab76bc94223862eb6ce (commit) via af2cc3be64d82d35978590b316a46b5b206afa0d (commit) from 5321fcbff33f69e98f87bd0a354bab53e2a830bf (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit e3429b4aad01ad011792d00570a3190d0058e7ff Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Jan 10 15:30:49 2019 +0100
clamav: Update to 0.101.1
For details see: https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 11de35622f930cdf9cd64a786a832076ee251672 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 7 01:32:46 2019 +0000
core127: Ship updated tar
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 042a5fe60a51277d3d1c717c207858dce1d28ff1 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Jan 10 14:29:22 2019 +0100
tar: Update to 1.31, including fix for bug #11958
For details see:
http://savannah.gnu.org/forum/forum.php?forum_id=9344
"- Fix heap-buffer-overrun with --one-top-level. - Support for zstd compression. - The -K option interacts properly with member names given in the command line. - Fix CVE-2018-20482"
This patch was reverted because 'tar 1.31' crashed when installing PakFire packages with the option '--no-overwrite-dir'. See: https://bugzilla.ipfire.org/show_bug.cgi?id=11958
Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seems to fix this issue. The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran without problems.
As always, please check and confirm.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d381c56dc82e10ce01e68bb24b197dce0fa10580 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 7 01:28:38 2019 +0000
core127: Ship updated GeoIP functions
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ff21ff90d24de0f648d24bb906c45738b81ce67a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 10 13:00:17 2019 +0100
geoip-functions.pl: Re-write code to lookup the iso country code of a given IP-address.
Drop the usage of the old legacy GeoIP perl module which was not able to handle the new GeoLite2 databases.
Write some code to directly access the databases and extract the required data.
Usage of the GeoIP2 perl module would provide a lot of more functionality which is not used/needed. Unfortunately ir requires at lot of additional perl modules which are not available on IPFire and would only be build and shipped for this module. Buildig all of them will slow down the entire build process, mess up the system and requires a lot more space on disk.
Fixes #11962.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9d1708e081d7e7ba490db3620509dcce29cb0ae8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 10 13:00:16 2019 +0100
GeoIP: Drop legacy GeoIP perl module.
The legacy GeoIP perl module cannot handle the new GeoLite2 databases provided from maxmind and therefore needs to be dropped.
Reference #11960
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b76a8a008dca77f8ea9b68c95b2d04e074dfef64 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 10 13:00:15 2019 +0100
xt_geoip_update: Adjust script to download and use the GeoLite2 database
Fixes #11961.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a77870146fcf1e4575a9a0e59a85a10674599e91 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 10 13:00:14 2019 +0100
xtables-addons: Use shipped xt_geoip_build
Use the shipped xt_geoip_build directly instead of holding a copy in our GIT.
Reference #11959
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9f6849b3adfcc8eb91549427f531bdeb89f6d750 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 10 13:00:13 2019 +0100
xtables-addons: Update to 3.2
Reference #11959
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4ed2162324a40bc19faf9e3cf698b8f03d256434 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 7 00:34:30 2019 +0000
perl-Net-CIDR-Lite: Make rootfile work on other arches
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 045d54c324ac17edc9074b14c5a1a3187b78c2c3 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jan 7 00:31:46 2019 +0000
perl-Net-CIDR-Lite: Fix whitespace
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 985741db6140464fe2f74ab76bc94223862eb6ce Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 10 13:00:12 2019 +0100
perl-Net-CIDR-Lite: New package.
This is a runtime dependency of the xt_geoip_build perl script shipped by xtables-addons in version 3.2.
Reference #11960.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit af2cc3be64d82d35978590b316a46b5b206afa0d Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jan 6 21:33:43 2019 +0000
IPVS: Enable connection tracking by default
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/geoip-functions.pl | 75 ++++++++++++++++-- config/etc/sysctl.conf | 3 + config/rootfiles/common/GeoIP | 12 --- .../common/{HTML-Tagset => perl-Net-CIDR-Lite} | 12 +-- config/rootfiles/core/127/filelists/files | 2 + .../core/127/filelists/perl-Net-CIDR-Lite | 1 + .../{oldcore/121 => core/127}/filelists/tar | 0 .../121 => core/127}/filelists/xtables-addons | 0 config/rootfiles/core/127/update.sh | 3 + config/rootfiles/packages/clamav | 7 +- lfs/GeoIP | 84 -------------------- lfs/clamav | 6 +- lfs/{perl-Sort-Naturally => perl-Net-CIDR-Lite} | 12 +-- lfs/tar | 7 +- lfs/xtables-addons | 8 +- make.sh | 2 +- src/patches/tar/01_extract.c.patch | 12 +++ src/scripts/xt_geoip_build | 89 ---------------------- src/scripts/xt_geoip_update | 63 +++++++-------- 19 files changed, 148 insertions(+), 250 deletions(-) delete mode 100644 config/rootfiles/common/GeoIP copy config/rootfiles/common/{HTML-Tagset => perl-Net-CIDR-Lite} (52%) create mode 120000 config/rootfiles/core/127/filelists/perl-Net-CIDR-Lite copy config/rootfiles/{oldcore/121 => core/127}/filelists/tar (100%) copy config/rootfiles/{oldcore/121 => core/127}/filelists/xtables-addons (100%) delete mode 100644 lfs/GeoIP copy lfs/{perl-Sort-Naturally => perl-Net-CIDR-Lite} (95%) create mode 100644 src/patches/tar/01_extract.c.patch delete mode 100644 src/scripts/xt_geoip_build
Difference in files: diff --git a/config/cfgroot/geoip-functions.pl b/config/cfgroot/geoip-functions.pl index be50d5e14..e8ce8377f 100644 --- a/config/cfgroot/geoip-functions.pl +++ b/config/cfgroot/geoip-functions.pl @@ -23,21 +23,82 @@
package GeoIP;
-use Geo::IP::PurePerl; +require '/var/ipfire/network-functions.pl'; + use Locale::Codes::Country;
-my $database; +# Path where all the GeoIP related databases are stored. +my $geoip_database_dir = "/var/lib/GeoIP"; + +# Database which contains all IPv4 networks. +my $address_ipv4_database = "GeoLite2-Country-Blocks-IPv4.csv"; + +# Database wich contains the locations data. +my $location_database = "GeoLite2-Country-Locations-en.csv";
sub lookup($) { my $address = shift; + my $location_id; + my $country_code; + + # Check if the given address is valid. + unless(&Network::check_ip_address($address)) { + return; + } + + # Open the address database. + open(ADDRESS, "$geoip_database_dir/$address_ipv4_database") or die "Could not open $geoip_database_dir/$address_ipv4_database. $!\n"; + + # Loop through the file. + while(my $line = <ADDRESS>) { + # Remove newlines. + chomp($line); + + # Split the line content. + my ($network, $geoname_id, $registered_country_geoname_id, $represented_country_geoname_id, $is_anonymous_proxy, $is_satellite_provider) = split(/,/, $line); + + # Check if the given address is part of the current processed network. + if (&Network::ip_address_in_network($address, $network)) { + # Store the geoname_id for this address. + $location_id = $geoname_id; + + # Break loop. + last; + } + } + + # Return nothing if no location_id could be found. + return unless($location_id); + + # Close filehandle. + close(ADDRESS); + + # Open the location database. + open(LOCATION, "$geoip_database_dir/$location_database") or die "Could not open $geoip_database_dir/$location_database. $!\n";
- # Load the database into memory if not already done - if (!$database) { - $database = Geo::IP::PurePerl->new(GEOIP_MEMORY_CACHE); + # Loop through the file. + while(my $line = <LOCATION>) { + # Remove newlines. + chomp($line); + + # Split the line content. + my ($geoname_id, $locale_code, $continent_code, $continent_name, $country_iso_code, $country_name, $is_in_european_union) = split(/,/, $line); + + # Check if the correct location_id has been found. + if ($geoname_id eq $location_id) { + # Store the county code. + $country_code = $country_iso_code; + + # Break loop. + last; + } }
- # Return the name of the country - return $database->country_code_by_name($address); + # Close filehandle. + close(LOCATION); + + # Return the obtained country code. + return $country_code; }
# Function to get the flag icon for a specified country code. diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 4066af767..dd087d2d9 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -26,6 +26,9 @@ net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.log_martians = 1
+# Enable connection tracking for IPVS +net.ipv4.vs.conntrack = 1 + kernel.printk = 1 4 1 7 vm.swappiness=1 vm.mmap_min_addr = 4096 diff --git a/config/rootfiles/common/GeoIP b/config/rootfiles/common/GeoIP deleted file mode 100644 index d76ba645e..000000000 --- a/config/rootfiles/common/GeoIP +++ /dev/null @@ -1,12 +0,0 @@ -#usr/bin/geoip-lookup -#usr/lib/perl5/site_perl/5.12.3/Geo -#usr/lib/perl5/site_perl/5.12.3/Geo/IP -usr/lib/perl5/site_perl/5.12.3/Geo/IP/PurePerl.pm -#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Geo -#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Geo/IP -#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Geo/IP/PurePerl -#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Geo/IP/PurePerl/.packlist -#usr/share/GeoIP -usr/share/GeoIP/GeoIP.dat -#usr/share/man/man1/geoip-lookup.1 -#usr/share/man/man3/Geo::IP::PurePerl.3 diff --git a/config/rootfiles/common/perl-Net-CIDR-Lite b/config/rootfiles/common/perl-Net-CIDR-Lite new file mode 100644 index 000000000..691a7693f --- /dev/null +++ b/config/rootfiles/common/perl-Net-CIDR-Lite @@ -0,0 +1,6 @@ +#usr/lib/perl5/site_perl/5.12.3/Net/CIDR +usr/lib/perl5/site_perl/5.12.3/Net/CIDR/Lite.pm +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/CIDR +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/CIDR/Lite +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/CIDR/Lite/.packlist +#usr/share/man/man3/Net::CIDR::Lite.3 diff --git a/config/rootfiles/core/127/filelists/files b/config/rootfiles/core/127/filelists/files index d3de58f52..6126e32e1 100644 --- a/config/rootfiles/core/127/filelists/files +++ b/config/rootfiles/core/127/filelists/files @@ -9,9 +9,11 @@ etc/rc.d/init.d/unbound etc/rc.d/rc0.d/K77conntrackd etc/rc.d/rc3.d/S22conntrackd etc/rc.d/rc6.d/K77conntrackd +etc/sysctl.conf srv/web/ipfire/cgi-bin/dnsforward.cgi srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi var/ipfire/backup/include +var/ipfire/geoip-functions.pl diff --git a/config/rootfiles/core/127/filelists/perl-Net-CIDR-Lite b/config/rootfiles/core/127/filelists/perl-Net-CIDR-Lite new file mode 120000 index 000000000..a51cf8773 --- /dev/null +++ b/config/rootfiles/core/127/filelists/perl-Net-CIDR-Lite @@ -0,0 +1 @@ +../../../common/perl-Net-CIDR-Lite \ No newline at end of file diff --git a/config/rootfiles/core/127/filelists/tar b/config/rootfiles/core/127/filelists/tar new file mode 120000 index 000000000..3e585d2eb --- /dev/null +++ b/config/rootfiles/core/127/filelists/tar @@ -0,0 +1 @@ +../../../common/tar \ No newline at end of file diff --git a/config/rootfiles/core/127/filelists/xtables-addons b/config/rootfiles/core/127/filelists/xtables-addons new file mode 120000 index 000000000..2e24c4298 --- /dev/null +++ b/config/rootfiles/core/127/filelists/xtables-addons @@ -0,0 +1 @@ +../../../common/xtables-addons \ No newline at end of file diff --git a/config/rootfiles/core/127/update.sh b/config/rootfiles/core/127/update.sh index a8a206eab..1b4ce2918 100644 --- a/config/rootfiles/core/127/update.sh +++ b/config/rootfiles/core/127/update.sh @@ -52,6 +52,9 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/proxy.cgi /etc/init.d/unbound restart /etc/init.d/squid start
+# Reload sysctl.conf +sysctl -p + # Finish /etc/init.d/fireinfo start sendprofile diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index 3f35f9b17..e95d4dc6e 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -8,11 +8,12 @@ usr/bin/clamscan usr/bin/clamsubmit usr/bin/freshclam usr/bin/sigtool +#usr/include/clamav-types.h #usr/include/clamav.h #usr/lib/libclamav.la usr/lib/libclamav.so usr/lib/libclamav.so.9 -usr/lib/libclamav.so.9.0.0 +usr/lib/libclamav.so.9.0.1 #usr/lib/libclammspack.la usr/lib/libclammspack.so usr/lib/libclammspack.so.0 @@ -20,11 +21,11 @@ usr/lib/libclammspack.so.0.1.0 #usr/lib/libclamunrar.la usr/lib/libclamunrar.so usr/lib/libclamunrar.so.9 -usr/lib/libclamunrar.so.9.0.0 +usr/lib/libclamunrar.so.9.0.1 #usr/lib/libclamunrar_iface.la usr/lib/libclamunrar_iface.so usr/lib/libclamunrar_iface.so.9 -usr/lib/libclamunrar_iface.so.9.0.0 +usr/lib/libclamunrar_iface.so.9.0.1 #usr/lib/pkgconfig/libclamav.pc usr/sbin/clamd #usr/share/man/man1/clambc.1 diff --git a/lfs/clamav b/lfs/clamav index 20ff9ddf3..a6e44ebf2 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -24,7 +24,7 @@
include Config
-VER = 0.101.0 +VER = 0.101.1
THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 42 +PAK_VER = 43
DEPS = ""
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 47c36d13ac814b9e29ed6f5fc1691373 +$(DL_FILE)_MD5 = 9c137d6172f6e132e08e61fe25b636f8
install : $(TARGET)
diff --git a/lfs/GeoIP b/lfs/perl-Net-CIDR-Lite similarity index 83% rename from lfs/GeoIP rename to lfs/perl-Net-CIDR-Lite index ce758d8a5..a3c20b42b 100644 --- a/lfs/GeoIP +++ b/lfs/perl-Net-CIDR-Lite @@ -24,11 +24,10 @@
include Config
-VER = 1.25 -DATVER = 30062018 +VER = 0.21
-THISAPP = Geo-IP-PurePerl-$(VER) -DL_FILE = $(THISAPP).tar.gz +THISAPP = Net-CIDR-Lite-$(VER) +DL_FILE = ${THISAPP}.tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -37,13 +36,11 @@ TARGET = $(DIR_INFO)/$(THISAPP) # Top-level Rules ###############################################################################
-objects = $(DL_FILE) GeoIP.dat-$(DATVER).gz +objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE) -GeoIP.dat-$(DATVER).gz = $(DL_FROM)/GeoIP.dat-$(DATVER).gz
-$(DL_FILE)_MD5 = a47a1b71f7cd7c46cca9efcc448e0726 -GeoIP.dat-$(DATVER).gz_MD5 = d538e57ad9268fdc7955c6cf9a37c4a9 +$(DL_FILE)_MD5 = 12280b3754886b876918f03f53aee4f5
install : $(TARGET)
@@ -53,6 +50,9 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
+dist: + @$(PAK) + ############################################################################### # Downloading, checking, md5sum ############################################################################### @@ -73,12 +73,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/geoip_1_25_change_database_path.patch cd $(DIR_APP) && perl Makefile.PL cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install - cd $(DIR_APP) && mkdir -p /usr/share/GeoIP && \ - zcat $(DIR_DL)/GeoIP.dat-$(DATVER).gz > /usr/share/GeoIP/GeoIP.dat - cd $(DIR_APP) && chmod 777 /srv/web/ipfire/html/images/flags @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/tar b/lfs/tar index cbab6c2a9..953613d51 100644 --- a/lfs/tar +++ b/lfs/tar @@ -24,7 +24,7 @@
include Config
-VER = 1.30 +VER = 1.31
THISAPP = tar-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8404e4c1fc5a3000228ab2b8ad674a65 +$(DL_FILE)_MD5 = 77afa35b696c8d760331fa0e12c2fac9
install : $(TARGET)
@@ -80,6 +80,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/tar/01_extract.c.patch + cd $(DIR_APP) && ./configure $(EXTRA_CONFIG) FORCE_UNSAFE_CONFIGURE=1 cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/xtables-addons b/lfs/xtables-addons index af2784c1a..da67aa761 100644 --- a/lfs/xtables-addons +++ b/lfs/xtables-addons @@ -27,7 +27,7 @@ include Config VERSUFIX = ipfire$(KCFG) MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/extra/
-VER = 2.13 +VER = 3.2
THISAPP = xtables-addons-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = be20b0b9c4b001b364431a836e361d33 +$(DL_FILE)_MD5 = 80ea89ba8d5a001a8d71c7f05b2f0141
install : $(TARGET)
@@ -94,6 +94,10 @@ ifeq "$(USPACE)" "1"
cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install + + # Install xt_geoip_build. + cd $(DIR_APP) && install -m 755 GeoIP/xt_geoip_build \ + /usr/local/bin/ else cd $(DIR_APP) && ./configure \ --with-kbuild=/usr/src/linux-$(KVER)/ diff --git a/make.sh b/make.sh index fd626a999..1d9163dce 100755 --- a/make.sh +++ b/make.sh @@ -1305,7 +1305,6 @@ buildipfire() { lfsmake2 python-daemon lfsmake2 python-ipaddress lfsmake2 glib - lfsmake2 GeoIP lfsmake2 ntp lfsmake2 openssh lfsmake2 fontconfig @@ -1434,6 +1433,7 @@ buildipfire() { lfsmake2 mpd lfsmake2 libmpdclient lfsmake2 mpc + lfsmake2 perl-Net-CIDR-Lite lfsmake2 perl-Net-SMTP-SSL lfsmake2 perl-MIME-Base64 lfsmake2 perl-Authen-SASL diff --git a/src/patches/tar/01_extract.c.patch b/src/patches/tar/01_extract.c.patch new file mode 100644 index 000000000..21c3cd86f --- /dev/null +++ b/src/patches/tar/01_extract.c.patch @@ -0,0 +1,12 @@ +--- tar-1.31/src/extract.c 2019-01-02 18:07:48.000000000 +0000 ++++ tar-1.31.patched/src/extract.c 2019-01-09 16:17:20.368612005 +0000 +@@ -782,7 +782,8 @@ + case OVERWRITE_OLD_FILES: + if (0 < remove_any_file (file_name, ORDINARY_REMOVE_OPTION)) + return RECOVER_OK; +- break; ++ errno = e; ++ return RECOVER_NO; + + case UNLINK_FIRST_OLD_FILES: + break; diff --git a/src/scripts/xt_geoip_build b/src/scripts/xt_geoip_build deleted file mode 100644 index 202156f13..000000000 --- a/src/scripts/xt_geoip_build +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -# -# Converter for MaxMind CSV database to binary, for xt_geoip -# Copyright © Jan Engelhardt, 2008-2011 -# -use Getopt::Long; -use IO::Handle; -use Text::CSV_XS; # or trade for Text::CSV -use strict; - -my $csv = Text::CSV_XS->new({ - allow_whitespace => 1, - binary => 1, - eol => $/, -}); # or Text::CSV -my $target_dir = "."; - -&Getopt::Long::Configure(qw(bundling)); -&GetOptions( - "D=s" => $target_dir, -); - -if (!-d $target_dir) { - print STDERR "Target directory $target_dir does not exist.\n"; - exit 1; -} - -my $dir = "$target_dir/LE"; -if (!-e $dir && !mkdir($dir)) { - print STDERR "Could not mkdir $dir: $!\n"; - exit 1; -} - -&dump(&collect()); - -sub collect -{ - my %country; - - while (my $row = $csv->getline(*ARGV)) { - if (!defined($country{$row->[4]})) { - $country{$row->[4]} = { - name => $row->[5], - pool_v4 => [], - pool_v6 => [], - }; - } - my $c = $country{$row->[4]}; - - push(@{$c->{pool_v4}}, [$row->[2], $row->[3]]); - - if ($. % 4096 == 0) { - print STDERR "\r\e[2K$. entries"; - } - } - - print STDERR "\r\e[2K$. entries total\n"; - return %country; -} - -sub dump -{ - my $country = shift @_; - - foreach my $iso_code (sort keys %$country) { - &dump_one($iso_code, $country->{$iso_code}); - } -} - -sub dump_one -{ - my($iso_code, $country) = @_; - my($file, $fh_le, $fh_be); - - printf "%5u IPv4 ranges for %s %s\n", - scalar(@{$country->{pool_v4}}), - $iso_code, $country->{name}; - - $file = "$target_dir/LE/".uc($iso_code).".iv4"; - if (!open($fh_le, "> $file")) { - print STDERR "Error opening $file: $!\n"; - exit 1; - } - foreach my $range (@{$country->{pool_v4}}) { - print $fh_le pack("VV", $range->[0], $range->[1]); - #print $fh_be pack("NN", $range->[0], $range->[1]); - } - close $fh_le; -} diff --git a/src/scripts/xt_geoip_update b/src/scripts/xt_geoip_update index 0aea4d03e..73484c7a0 100644 --- a/src/scripts/xt_geoip_update +++ b/src/scripts/xt_geoip_update @@ -24,13 +24,10 @@ TMP_FILE=$(mktemp -p $TMP_PATH)
SCRIPT_PATH=/usr/local/bin DEST_PATH=/usr/share/xt_geoip +DB_PATH=/var/lib/GeoIP
-DL_URL=https://geolite.maxmind.com/download/geoip/database -DL_FILE=GeoIPCountryCSV.zip - -CSV_FILE=GeoIPCountryWhois.csv - -ARCH=LE +DL_URL=http://geolite.maxmind.com/download/geoip/database/ +DL_FILE=GeoLite2-Country-CSV.zip
eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
@@ -57,42 +54,41 @@ function download() { # Get the latest GeoIP database from server. wget $DL_URL/$DL_FILE $PROXYSETTINGS -O $TMP_FILE
- # Extract files. + # Extract files to database path. unzip $TMP_FILE -d $TMP_PATH
return 0 }
-function build() { - echo "Convert database..." +function install() { + echo "Install CSV database..."
- # Check if the csv file exists. - if [ ! -e $TMP_PATH/$CSV_FILE ]; then - echo "$TMP_PATH/$CSV_FILE not found. Exiting." - return 1 + # Check if the database dir exists. + if [ ! -e "$DB_PATH" ]; then + mkdir -p $DB_PATH &>/dev/null fi
- # Run script to convert the CSV file into several xtables - # compatible binary files. - if ! $SCRIPT_PATH/xt_geoip_build $TMP_PATH/$CSV_FILE -D $TMP_PATH; then - echo "Could not convert ruleset. Aborting." >&2 + # Check if the directory for binary databases exists. + if [ ! -e "$DEST_PATH" ]; then + mkdir -p $DEST_PATH &>/dev/null + fi + + # Install CSV databases. + if ! cp -af $TMP_PATH/*/* $DB_PATH &>/dev/null; then + echo "Could not copy files. Aborting." >&2 return 1 fi
return 0 }
-function install() { - echo "Install databases..." - - # Check if our destination exist. - if [ ! -e "$DEST_PATH" ]; then - mkdir -p $DEST_PATH &>/dev/null - fi +function build() { + echo "Convert database..."
- # Install databases. - if ! cp -af $TMP_PATH/$ARCH $DEST_PATH &>/dev/null; then - echo "Could not copy files. Aborting." >&2 + # Run script to convert the CSV file into several xtables + # compatible binary files. + if ! $SCRIPT_PATH/xt_geoip_build -S $DB_PATH -D $DEST_PATH; then + echo "Could not convert ruleset. Aborting." >&2 return 1 fi
@@ -113,23 +109,18 @@ function main() { # Download ruleset. download || exit $?
- # Convert the ruleset. - if ! build; then - # Do cleanup. - cleanup || exit $? - exit 1 - fi - - # Install the converted ruleset. if ! install; then # Do cleanup. cleanup || exit $? exit 1 fi
- # Finaly remove temporary files. + # Remove temporary files. cleanup || exit $?
+ # Convert the ruleset. + build || exit $? + return 0 }
hooks/post-receive -- IPFire 2.x development tree