This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via bae9b5dcca5aacabab861d4584288cb4ba7fd0c1 (commit) via b67cf71b2de584df24faf4765f2c0647b713003f (commit) via 26674f2d5cb72699c5594c19cb6eb44de0ed3b2c (commit) via b84666930e0d3a21fd982ae9203f97bc13b7760a (commit) via c8ddb9ef1fe7a0f1771be8bec01f43a981a25138 (commit) from cf5356763f57b9070d2f84200f614af91c3beee2 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit bae9b5dcca5aacabab861d4584288cb4ba7fd0c1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 17 06:40:03 2022 +0100
rules.pl: Adjust check against loading the same lists multiple times.
This check now has been moved to the ipset_restore() function, which will help to keep the code clean and maintain-able.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit b67cf71b2de584df24faf4765f2c0647b713003f Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Thu Feb 17 13:40:43 2022 +0100
manualpages: Drop p2p-block entry
The p2p-block CGI has been removed. Therefore the link to its manual page can be removed as well.
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 26674f2d5cb72699c5594c19cb6eb44de0ed3b2c Author: Peter Müller peter.mueller@ipfire.org Date: Thu Feb 17 19:23:15 2022 +0000
Core Update 165: Fixed symlink after renaming Perl packages
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit b84666930e0d3a21fd982ae9203f97bc13b7760a Author: Peter Müller peter.mueller@ipfire.org Date: Thu Feb 17 19:22:49 2022 +0000
Core Update 165: Ship bind
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c8ddb9ef1fe7a0f1771be8bec01f43a981a25138 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Feb 17 17:46:26 2022 +0100
bind: Update to 9.16.26
For details see: https://downloads.isc.org/isc/bind9/9.16.26/doc/arm/html/notes.html#notes-fo...
"Notes for BIND 9.16.26 Feature Changes
The DLZ API has been updated: EDNS Client-Subnet (ECS) options sent by a client are now included in the client information sent to DLZ modules when processing queries. [GL #3082]
Bug Fixes
Previously, recvmmsg support was enabled in libuv 1.35.0 and 1.36.0, but not in libuv versions 1.37.0 or greater, reducing the maximum query-response performance. This has been fixed. [GL #3095]
A failed view configuration during a named reconfiguration procedure could cause inconsistencies in BIND internal structures, causing a crash or other unexpected errors. This has been fixed. [GL #3060]
Previously, named logged a “quota reached” message when it hit its hard quota on the number of connections. That message was accidentally removed but has now been restored. [GL #3125]
Build errors were introduced in some DLZ modules due to an incomplete change in the previous release. This has been fixed. [GL #3111]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/manualpages | 1 - config/firewall/rules.pl | 43 +++++++++------------- config/rootfiles/common/bind | 14 +++---- .../{oldcore/100 => core/165}/filelists/bind | 0 config/rootfiles/core/165/filelists/libwww-perl | 1 - config/rootfiles/core/165/filelists/perl-libwww | 1 + lfs/bind | 4 +- 7 files changed, 27 insertions(+), 37 deletions(-) copy config/rootfiles/{oldcore/100 => core/165}/filelists/bind (100%) delete mode 120000 config/rootfiles/core/165/filelists/libwww-perl create mode 120000 config/rootfiles/core/165/filelists/perl-libwww
Difference in files: diff --git a/config/cfgroot/manualpages b/config/cfgroot/manualpages index 4bfec8ab7..6c2e54b55 100644 --- a/config/cfgroot/manualpages +++ b/config/cfgroot/manualpages @@ -61,7 +61,6 @@ firewall=configuration/firewall fwhosts=configuration/firewall/fwgroups optionsfw=configuration/firewall/options ids=configuration/firewall/ips -p2p-block=configuration/firewall/p2p-block location-block=configuration/firewall/geoip-block wireless=configuration/firewall/accesstoblue iptables=configuration/firewall/iptables diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 25d01e0e3..927c1f2ba 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -404,14 +404,8 @@ sub buildrules { # Grab location code from hash. my $loc_src = $$hash{$key}[4];
- # Check if the network list for this country already has been loaded. - unless($loaded_ipset_lists{$loc_src}) { - # Call function to load the networks list for this country. - &ipset_restore($loc_src); - - # Store to the hash that this list has been loaded. - $loaded_ipset_lists{$loc_src} = "1"; - } + # Call function to load the networks list for this country. + &ipset_restore($loc_src);
push(@source_options, $source); } elsif($source) { @@ -424,14 +418,8 @@ sub buildrules { # Grab location code from hash. my $loc_dst = $$hash{$key}[6];
- # Check if the network list for this country already has been loaded. - unless($loaded_ipset_lists{$loc_dst}) { - # Call function to load the networks list for this country. - &ipset_restore($loc_dst); - - # Store to the hash that this list has been loaded. - $loaded_ipset_lists{$loc_dst} = "1"; - } + # Call function to load the networks list for this country. + &ipset_restore($loc_dst);
push(@destination_options, $destination); } elsif ($destination) { @@ -677,14 +665,8 @@ sub locationblock { # is enabled. foreach my $location (@locations) { if(exists $locationsettings{$location} && $locationsettings{$location} eq "on") { - # Check if the network list for this country already has been loaded. - unless($loaded_ipset_lists{$location}) { - # Call function to load the networks list for this country. - &ipset_restore($location); - - # Store to the hash that this list has been loaded. - $loaded_ipset_lists{$location} = "1"; - } + # Call function to load the networks list for this country. + &ipset_restore($location);
# Call iptables and create rule to use the loaded ipset list. run("$IPTABLES -A LOCATIONBLOCK -m set --match-set CC_$location src -j DROP"); @@ -906,14 +888,23 @@ sub firewall_is_in_subnet { }
sub ipset_restore ($) { - my ($ccode) = @_; + my ($list) = @_;
my $file_prefix = "ipset4"; - my $db_file = "$Location::Functions::ipset_db_directory/$ccode.$file_prefix"; + my $db_file = "$Location::Functions::ipset_db_directory/$list.$file_prefix"; + + # Check if the network list already has been loaded. + if($loaded_ipset_lists{$list}) { + # It already has been loaded - so there is nothing to do. + return; + }
# Check if the generated file exists. if (-f $db_file) { # Run ipset and restore the list of the given country code. run("$IPSET restore < $db_file"); + + # Store the restored list name to the hash to prevent from loading it again. + $loaded_ipset_lists{$list} = "1"; } } diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index 4ea64dc0c..c0e56854a 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -274,24 +274,24 @@ usr/bin/nsupdate #usr/include/pk11/site.h #usr/include/pkcs11 #usr/include/pkcs11/pkcs11.h -usr/lib/libbind9-9.16.25.so +usr/lib/libbind9-9.16.26.so #usr/lib/libbind9.la #usr/lib/libbind9.so -usr/lib/libdns-9.16.25.so +usr/lib/libdns-9.16.26.so #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libirs-9.16.25.so +usr/lib/libirs-9.16.26.so #usr/lib/libirs.la #usr/lib/libirs.so -usr/lib/libisc-9.16.25.so +usr/lib/libisc-9.16.26.so #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisccc-9.16.25.so +usr/lib/libisccc-9.16.26.so #usr/lib/libisccc.la #usr/lib/libisccc.so -usr/lib/libisccfg-9.16.25.so +usr/lib/libisccfg-9.16.26.so #usr/lib/libisccfg.la #usr/lib/libisccfg.so -usr/lib/libns-9.16.25.so +usr/lib/libns-9.16.26.so #usr/lib/libns.la #usr/lib/libns.so diff --git a/config/rootfiles/core/165/filelists/bind b/config/rootfiles/core/165/filelists/bind new file mode 120000 index 000000000..48a0ebaef --- /dev/null +++ b/config/rootfiles/core/165/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/core/165/filelists/libwww-perl b/config/rootfiles/core/165/filelists/libwww-perl deleted file mode 120000 index ad77c8c4a..000000000 --- a/config/rootfiles/core/165/filelists/libwww-perl +++ /dev/null @@ -1 +0,0 @@ -../../../common/libwww-perl \ No newline at end of file diff --git a/config/rootfiles/core/165/filelists/perl-libwww b/config/rootfiles/core/165/filelists/perl-libwww new file mode 120000 index 000000000..6b8bff6e1 --- /dev/null +++ b/config/rootfiles/core/165/filelists/perl-libwww @@ -0,0 +1 @@ +../../../common/perl-libwww \ No newline at end of file diff --git a/lfs/bind b/lfs/bind index fc6e7654e..72c85f5f5 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@
include Config
-VER = 9.16.25 +VER = 9.16.26
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 361a54fc5ebeb3a1af77abec08b33661 +$(DL_FILE)_MD5 = 799696f44e0d61659fa0efaa3c5fe5d8
install : $(TARGET)
hooks/post-receive -- IPFire 2.x development tree