This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via a3c2794b5bc5fd2e1a318839d357fabae8f719df (commit) via c78c81f1f45a14374093a2969b5d7eea3c7f6740 (commit) via df5c0559f471892bf5b53d5d4f0ade37e2d06d17 (commit) via 7717fb553613bd3f0172c87117124c949ffef477 (commit) via 335921f21f0a03d347d7eba299f769e054be3f16 (commit) via aad04cd04d77531f741c8299e537df3cba7f1ecf (commit) via ac85a00a9c91227695c63b0eb2b73ce80c398303 (commit) from 3f933e235dc5b788635a2fe933e648fb3c2c84df (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit a3c2794b5bc5fd2e1a318839d357fabae8f719df Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 6 21:14:29 2015 +0200
libidn: Update to version 1.30
Fixes #10800
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c78c81f1f45a14374093a2969b5d7eea3c7f6740 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 6 21:13:25 2015 +0200
libgcrypt: Update to version 1.6.3
Fixes #10801
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit df5c0559f471892bf5b53d5d4f0ade37e2d06d17 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 6 21:12:46 2015 +0200
wget: Update to version 1.16.3
Fixes #10799
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7717fb553613bd3f0172c87117124c949ffef477 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 6 18:16:16 2015 +0200
zlib: Update to version 1.2.8
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 335921f21f0a03d347d7eba299f769e054be3f16 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 6 18:03:51 2015 +0200
firewall: Drop the old firewall package
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit aad04cd04d77531f741c8299e537df3cba7f1ecf Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 6 18:02:07 2015 +0200
iptables: Remove package
This is replaced by nftables.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ac85a00a9c91227695c63b0eb2b73ce80c398303 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 6 17:40:04 2015 +0200
pdns-recursor: Drop package
pdns-recursor is not needed any more has we have replaced it mostly by unbound already where ever we are using it. The main reason for that is the lack of support for DNSSEC.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: firewall/firewall.nm | 48 ----- firewall/src/firewall | 111 ---------- firewall/src/functions | 111 ---------- firewall/src/functions.commands | 29 --- firewall/src/functions.config | 70 ------- firewall/src/functions.firewall | 59 ------ firewall/src/functions.ip | 231 --------------------- firewall/src/functions.iptables | 181 ---------------- firewall/src/functions.macros | 75 ------- firewall/src/functions.zones | 102 --------- firewall/src/macros/DHCP | 5 - firewall/src/macros/HTTP | 4 - firewall/src/macros/HTTPS | 4 - firewall/src/macros/WWW | 5 - firewall/src/zones.green | 38 ---- firewall/src/zones.orange | 38 ---- firewall/src/zones.red | 38 ---- firewall/systemd/firewall.service | 13 -- iproute2/iproute2.nm | 8 +- iptables/iptables.nm | 78 ------- libgcrypt/libgcrypt.nm | 2 +- libidn/libidn.nm | 2 +- .../patches/pdns-recursor-fixmakefile.patch | 19 -- .../patches/pdns-recursor-fixsysconfdir.patch | 9 - pdns-recursor/pdns-recursor.nm | 108 ---------- pdns-recursor/pdns-recursor.tmpfiles | 1 - pdns-recursor/recursor.conf | 19 -- pdns-recursor/systemd/pdns-recursor.service | 12 -- pdns/pdns.nm | 6 +- squid/squid.nm | 3 +- wget/wget.nm | 2 +- zlib/zlib.nm | 2 +- 32 files changed, 8 insertions(+), 1425 deletions(-) delete mode 100644 firewall/firewall.nm delete mode 100644 firewall/src/firewall delete mode 100644 firewall/src/functions delete mode 100644 firewall/src/functions.commands delete mode 100644 firewall/src/functions.config delete mode 100644 firewall/src/functions.firewall delete mode 100644 firewall/src/functions.ip delete mode 100644 firewall/src/functions.iptables delete mode 100644 firewall/src/functions.macros delete mode 100644 firewall/src/functions.zones delete mode 100644 firewall/src/macros/DHCP delete mode 100644 firewall/src/macros/HTTP delete mode 100644 firewall/src/macros/HTTPS delete mode 100644 firewall/src/macros/WWW delete mode 100644 firewall/src/zones.green delete mode 100644 firewall/src/zones.orange delete mode 100644 firewall/src/zones.red delete mode 100644 firewall/systemd/firewall.service delete mode 100644 iptables/iptables.nm delete mode 100644 pdns-recursor/patches/pdns-recursor-fixmakefile.patch delete mode 100644 pdns-recursor/patches/pdns-recursor-fixsysconfdir.patch delete mode 100644 pdns-recursor/pdns-recursor.nm delete mode 100644 pdns-recursor/pdns-recursor.tmpfiles delete mode 100644 pdns-recursor/recursor.conf delete mode 100644 pdns-recursor/systemd/pdns-recursor.service
Difference in files: diff --git a/firewall/firewall.nm b/firewall/firewall.nm deleted file mode 100644 index 53b3c8f..0000000 --- a/firewall/firewall.nm +++ /dev/null @@ -1,48 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team info@ipfire.org # -############################################################################### - -name = firewall -version = 0.1 -release = 2 - -maintainer = Michael Tremer michael.tremer@ipfire.org -groups = Networking/Firewall -url = http://www.ipfire.org/ -license = GPLv3+ -summary = The IPFire Firewall Engine. - -description - This script installs IPFire's firewall. -end - -# No tarball. -sources = - -build - DIR_APP = %{DIR_SOURCE}/src - - build - : # Do nothing. - end - - install - mkdir -pv %{BUILDROOT}/usr/{lib,share}/firewall %{BUILDROOT}/usr/bin - for i in %{DIR_APP}/{functions,zones}*; do \ - install -m 644 -v $i %{BUILDROOT}/usr/lib/firewall; \ - done - cp -avf %{DIR_APP}/macros %{BUILDROOT}/usr/share/firewall/ - install -m 755 -v %{DIR_APP}/firewall %{BUILDROOT}/usr/bin - end -end - -packages - package %{name} - requires = iproute2 iptables - end - - package %{name}-debuginfo - template DEBUGINFO - end -end diff --git a/firewall/src/firewall b/firewall/src/firewall deleted file mode 100644 index 44d0937..0000000 --- a/firewall/src/firewall +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -############################################################################### -# This is the script, that is runned by the user to contol the firewall # -# We only do some actions here and call the functions from the libs. # -# # -# Actions (as known at the moment): # -# - start/stop/restart/reload # -# - show # -# - running? # -# - serveral config # -# - calc (cidr|subnets|...) # -# - ... # -# # -############################################################################### - -PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin - -LIBDIR=/usr/lib/firewall - -function include() { - local file=$1 - local path - for path in $LIBDIR .; do - if [ -f "$path/$file" ]; then - . $path/$file - return # found - fi - done - echo "Couldn't include $file. File was not found!" >&2 - _exit 1 -} - -function usage() { - echo "Usage: $0 [global options] command [command options]" - echo - _exit ${1-1} -} - -include functions - -while [ "$#" -gt 0 ]; do - arg=$1 - shift - case "$arg" in - --debug|-d) - debug 1 - decho "Debug mode is enabled." - ;; - --verbose|-v) - verbose 1 - vecho "${BOLD}Verbose mode is enabled.${NORMAL}" - ;; - calc) - shift - case "$1" in - mask2cidr) - mask_to_cidr $@ - _exit $? - ;; - *) - usage - ;; - esac - ;; - config) - config_load $@ - _exit $? - ;; - help|-h|--help) - usage 0 - ;; - notify) - ;; - reload) - ;; - start|restart) - _start - _exit $@ - ;; - stop) - _stop - _exit $@ - ;; - *) - usage - ;; - esac -done - -error "No command was given." -usage diff --git a/firewall/src/functions b/firewall/src/functions deleted file mode 100644 index d8fb597..0000000 --- a/firewall/src/functions +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -DEBUG= -VERBOSE= -TMPDIR=$(mktemp -d) - -BOLD="\033[1;39m" -NORMAL="\033[0;39m" -ERROR="\033[1;31m" - -function debug() { - if [ -n "$1" ]; then - DEBUG=$1 - verbose $1 - return - else - if [ "$DEBUG" = "1" ]; then - return 0 - else - return 1 - fi - fi - -} - -function verbose() { - if [ -n "$1" ]; then - VERBOSE=$1 - return - else - if [ "$VERBOSE" = "1" ]; then - return 0 - else - return 1 - fi - fi -} - -function decho() { - debug && echo -e "${ERROR}$@${NORMAL}" -} - -function vecho() { - verbose && echo -e "$@" -} - -function error() { - echo -e "${ERROR}ERROR${NORMAL}: $@" >&2 - _exit 1 -} - -function ifs() { - if [ -n "$1" ]; then - IFS_SAVE=$IFS - echo $1 - else - echo $IFS_SAVE - fi -} - -function uppercase() { - tr [a-z] [A-Z] <<< "$@" -} - -include functions.commands -include functions.config -include functions.firewall -include functions.ip -include functions.iptables -include functions.macros -include functions.zones - -function _start() { - local zone - local policy - - firewall_init - zones_local_add - - for zone in $(network zone list); do - zone=$(basename ${zone}) - policy=${zone%%[0-9]*} - zones_${policy}_add ${zone} - done - - iptables_commit -} - -function _stop() { - iptables_flush - iptables_commit -} diff --git a/firewall/src/functions.commands b/firewall/src/functions.commands deleted file mode 100644 index d46a536..0000000 --- a/firewall/src/functions.commands +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function cmd_quiet() { - $@ &>/dev/null -} - -function _exit() { - rm -rf $TMPDIR - exit $@ -} diff --git a/firewall/src/functions.config b/firewall/src/functions.config deleted file mode 100644 index 8abda04..0000000 --- a/firewall/src/functions.config +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -CONFIG_NONE=0 -CONFIG_TEXT=1 -CONFIG_SQLITE=2 - -function config_type() { - if _config_is_sqlite $1; then - echo $CONFIG_SQLITE - else - echo $CONFIG_TEXT - fi -} - -function config_load() { - local file - local type - file=$1 - - if ! [ -f "$file" ]; then - error "Cannot load config file $file. File does not exist!" - exit 1 - fi - - vecho "Loading config file: $file" - - type=$(config_type $file) - if [ "$type" = "$CONFIG_SQLITE" ]; then - eval $(_config_load_sqlite $file) - else - eval $(_config_load_text $file) - fi -} - -function _config_is_sqlite() { - file $1 2>/dev/null | grep -q "SQLite 3.x database" -} - -function _config_dump_sqlite() { - sqlite3 -noheader -column $1 "SELECT * FROM config;" -} - -function _config_load_sqlite() { - _config_dump_sqlite $1 | while read KEY VALUE; do - echo "$KEY=$VALUE" - done -} - -function _config_load_text() { - readhash $1 -} diff --git a/firewall/src/functions.firewall b/firewall/src/functions.firewall deleted file mode 100644 index b98128b..0000000 --- a/firewall/src/functions.firewall +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function firewall_init() { - decho "Initializing firewall interface." - iptables_init - firewall_tcp_state_flags - firewall_connection_tracking -} - -function firewall_tcp_state_flags() { - vecho "Adding ${BOLD}TCP State Flags${NORMAL} chain..." - chain_create BADTCP_LOG - iptables -A BADTCP_LOG -p tcp -j $(iptables_LOG "Illegal TCP state: ") - iptables -A BADTCP_LOG -j DROP - - chain_create BADTCP - iptables -A BADTCP -p tcp --tcp-flags ALL NONE -j BADTCP_LOG - iptables -A BADTCP -p tcp --tcp-flags SYN,FIN SYN,FIN -j BADTCP_LOG - iptables -A BADTCP -p tcp --tcp-flags SYN,RST SYN,RST -j BADTCP_LOG - iptables -A BADTCP -p tcp --tcp-flags FIN,RST FIN,RST -j BADTCP_LOG - iptables -A BADTCP -p tcp --tcp-flags ACK,FIN FIN -j BADTCP_LOG - iptables -A BADTCP -p tcp --tcp-flags ACK,PSH PSH -j BADTCP_LOG - iptables -A BADTCP -p tcp --tcp-flags ACK,URG URG -j BADTCP_LOG - - iptables -A INPUT -p tcp -j BADTCP - iptables -A OUTPUT -p tcp -j BADTCP - iptables -A FORWARD -p tcp -j BADTCP -} - -function firewall_connection_tracking() { - vecho "Adding ${BOLD}Connection Tracking${NORMAL} chain..." - chain_create CONNTRACK - iptables -A CONNTRACK -m state --state ESTABLISHED,RELATED -j ACCEPT - iptables -A CONNTRACK -m state --state INVALID -j $(iptables_LOG "INVALID packet: ") - iptables -A CONNTRACK -m state --state INVALID -j DROP - - iptables -A INPUT -p tcp -j CONNTRACK - iptables -A OUTPUT -p tcp -j CONNTRACK - iptables -A FORWARD -p tcp -j CONNTRACK -} diff --git a/firewall/src/functions.ip b/firewall/src/functions.ip deleted file mode 100644 index 78a29ac..0000000 --- a/firewall/src/functions.ip +++ /dev/null @@ -1,231 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -############################################################################### -# General IP address manipulation functions -# ip_encode - Encodes an IP to an integer -# Parameters: ip address (e.g. 192.168.0.1) -# Returns : integer -# ip_decode - Decodes an integer to an IP -# Parameters: integer -# Returns : ip address -# ip_valid - Checks if given IP is valid -# Parameters: IP -# Returns : boolean -# -# General subnet functions -# ip_range - Enumerates members of an IP range -# Parameters: ip range (e.g. 192.168.0.1-192.168.0.128) -# Returns : several subnets/IPs -# ip_range_explicit - Enumerates ALL IP addresses of an IP range -# Parameters: ip range -# Returns : several IPs -# subnet_network - Calculates the network address of a CIDR -# Parameters: CIDR network (e.g. 192.168.0.0/24) -# Returns : Network address -# subnet_broadcast - Calculates the broadcast address of a CIDR -# Parameters: CIDR network -# Returns : Broadcast address -# ip_in_subnet - Checks if an IP is in given subnet -# Parameters: IP address, subnet -# Returns : Boolean -# mask_to_cidr - Converts a subnet mask to cidr type -# Parameters: subnet (e.g. 255.255.255.0) -# Returns : CIDR (e.g. 24) -# - -function ip_encode() { - IFS=$(ifs .) - - local int=0 - for field in $1; do - int=$(( $(( $int << 8 )) | $field )) - done - - echo $int - IFS=$(ifs) -} - -function ip_decode() { - addr=$1 - - local x - local y - - y=$(($addr & 255)) - for x in 1 2 3; do - addr=$(($addr >> 8)) - y=$(($addr & 255)).$y - done - - echo $y -} - -function ip_range() { - local first - local last - local l - local x - local y - local z - local vlsm - - case "$1" in - !*) - echo $1 - return - ;; - [0-9]*.*.*.*-*.*.*.*) - ;; - *) - echo $1 - return - ;; - esac - - first=$(ip_encode ${1%-*}) - last=$(ip_encode ${1#*-}) - - if [ $first -gt $last ]; then - error "Invalid IP address range: $1" - fi - - l=$(( $last + 1 )) - - while [ $l -gt $first ]; do - vlsm= - x=31 - y=2 - z=1 - - while [ $(( $first % $y )) -eq 0 ] && [ $l -gt $(( $first + $y )) ]; do - vlsm=/$x - x=$(( $x - 1 )) - z=$y - y=$(( $y * 2 )) - done - - echo $(ip_decode $first)$vlsm - first=$(($first + $z)) - done -} - -function ip_range_explicit() { - local first - local last - - case $1 in - [0-9]*.*.*.*-*.*.*.*) - ;; - *) - echo $1 - return - ;; - esac - - first=$(ip_encode ${1%-*}) - last=$(ip_encode ${1#*-}) - - if [ $first -gt $last ]; then - error "Invalid IP address range: $1" - fi - - while ! [ $first -gt $last ]; do - echo $(ip_decode $first) - first=$(($first + 1)) - done -} - -function _netmask() { - local vlsm - vlsm=${1#*/} - [ $vlsm -eq 0 ] && echo 0 || echo $(( -1 << $(( 32 - $vlsm )) )) -} - -function subnet_network() { - local encodedaddr - encodedaddr=$(ip_encode ${1%/*}) - local netmask - netmask=$(_netmask $1) - - echo $(ip_decode $(($encodedaddr & $netmask))) -} - -function _broadcast() { - local x - x=$(( 32 - ${1#*/} )) - [ $x -eq 32 ] && echo -1 || echo $(( $(( 1 << $x )) - 1 )) -} - -function subnet_broadcast() { - local encodedaddr - encodedaddr=$(ip_encode ${1%/*}) - local netmask - netmask=$(_netmask $1) - local broadcast - broadcast=$(_broadcast $1) - - echo $(ip_decode $(( $(($encodedaddr & $netmask)) | $broadcast ))) -} - -function ip_in_subnet() { - local netmask - netmask=$(_netmask $2) - [ $(( $(ip_encode $1) & $netmask)) = $(( $(ip_encode ${2%/*}) & $netmask )) ] -} - -function mask_to_cidr() { - local mask - mask=$(ip_encode $1) - local cidr - cidr=0 - local x - x=$(( 128 << 24 )) # 0x80000000 - - while [ $(( $x & $mask )) -ne 0 ]; do - [ $mask -eq $x ] && mask=0 || mask=$(( $mask << 1 )) - cidr=$(($cidr + 1)) - done - - if [ $(( $mask & 2147483647 )) -ne 0 ]; then # 2147483647 = 0x7fffffff - echo "Invalid net mask: $1" >&2 - else - echo $cidr - fi -} - -function ip_valid() { - local x - IFS=$(ifs .) - for x in $1; do - case $x in - [0-9]|[0-9][0-9]|[1-2][0-9][0-9]) - [ $x -lt 256 ] || { IFS=$(ifs); return 1; } - ;; - *) - IFS=$(ifs) - return 1 - ;; - esac - done - IFS=$(ifs) - return 0 -} diff --git a/firewall/src/functions.iptables b/firewall/src/functions.iptables deleted file mode 100644 index 630bcce..0000000 --- a/firewall/src/functions.iptables +++ /dev/null @@ -1,181 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -IPTABLES_FILE=$TMPDIR/iptables - -function iptables() { - local arg - local args - local table - - table=filter - - # Parsing arguments - while [ $# -gt 0 ]; do - arg=${1} - shift - case "${arg}" in - -t) - table=${1} - shift - ;; - -A) - args="${args} -A $(uppercase ${1})" - shift - ;; - *) - args="${args} ${arg}" - ;; - esac - done - echo "${args:1:${#args}}" >> ${IPTABLES_FILE}-${table} -} - -function iptables_flush() { - decho "Flushing iptables" - iptables "* filter" - chain_create INPUT ACCEPT - chain_create OUTPUT ACCEPT - chain_create FORWARD ACCEPT -} - -function iptables_init() { - iptables "* filter" - chain_create -t filter INPUT DROP - chain_create -t filter OUTPUT DROP - chain_create -t filter FORWARD DROP - - iptables -t mangle "* mangle" - chain_create -t mangle PREROUTING ACCEPT - chain_create -t mangle INPUT ACCEPT - chain_create -t mangle OUTPUT ACCEPT - chain_create -t mangle FORWARD ACCEPT - chain_create -t mangle POSTROUTING ACCEPT - - iptables -t nat "* nat" - chain_create -t nat PREROUTING ACCEPT - chain_create -t nat OUTPUT ACCEPT - chain_create -t nat POSTROUTING ACCEPT -} - -function iptables_commit() { - local chain - - vecho "Committing firewall configuration." - iptables -t filter "COMMIT" - iptables -t mangle "COMMIT" - iptables -t nat "COMMIT" - - for table in filter mangle nat; do - [ -e ${IPTABLES_FILE}-${table} ] || continue - cat ${IPTABLES_FILE}-${table} >> $IPTABLES_FILE - done - - decho "Dumping iptables output" - if debug; then - counter=1 - cat $IPTABLES_FILE | while read LINE; do - printf "%4d | %s\n" "$counter" "$LINE" - counter=$(( $counter + 1 )) - done - fi - - iptables-restore $(debug && echo "-v") < $IPTABLES_FILE -} - -function chain_create() { - local args - if [ "${1}" = "-t" ]; then - args="${1} ${2}" - shift 2 - fi - iptables ${args} ":$1 ${2--} [0:0]" -} - -function iptables_LOG() { - local prefix - prefix=$1 - - if [ "$LOG_FACILITY" = "syslog" ]; then - echo -n "LOG" - [ -n "$prefix" ] && echo -n " --log-prefix "$prefix"" - else - echo -n "NFLOG" - [ -n "$prefix" ] && echo -n " --nflog-prefix "$prefix"" - echo -n " --nflog-threshold 30" - fi - echo -} - -function iptables_protocol() { - local PROTO - PROTO=$1 - for proto in tcp udp esp ah; do - if [ "$PROTO" = "$proto" ]; then - echo "-p $PROTO" - break - fi - done -} - -IPTABLES_PORT=0 -IPTABLES_MULTIPORT=1 -IPTABLES_PORTRANGE=2 - -function _iptables_port_range() { - grep -q ":" <<< $@ -} - -function _iptables_port_multiport() { - grep -q "," <<< $@ -} - -function _iptables_port() { - if _iptables_port_range "$@"; then - echo $IPTABLES_PORTRANGE - elif _iptables_port_multiport "$@"; then - echo $IPTABLES_MULTIPORT - else - echo $IPTABLES_PORT - fi -} - -function iptables_source_port() { - [ -z "$@" ] && return - local type - type=$(_iptables_port $@) - if [ "$type" = "$IPTABLES_MULTIPORT" ]; then - echo "-m multiport --source-ports $@" - else - echo "--sport $@" - fi -} - -function iptables_destination_port() { - [ -z "$@" ] && return - local type - type=$(_iptables_port $@) - if [ "$type" = "$IPTABLES_MULTIPORT" ]; then - echo "-m multiport --destination-ports $@" - else - echo "--dport $@" - fi -} diff --git a/firewall/src/functions.macros b/firewall/src/functions.macros deleted file mode 100644 index 2ea6f37..0000000 --- a/firewall/src/functions.macros +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function macro() { - local file - local line - local rules - - file=$1 - if [ "${file:0:1}" != "/" ]; then - file="/usr/share/firewall/macros/$file" - fi - shift - - if _config_is_sqlite $file; then - rules=$(macro_parse $@ < $file) - else - rules=$(sqlite3 -noheader -column $file | macro_parse $@) - fi - - while read line <<< ${rules}; do - iptables ${line} - done -} - -function macro_parse() { - local STRING - grep -v "^#" | while read ACTION SOURCE DESTINATION PROTOCOL LOCAL_PORT REMOTE_PORT RATE; do - STRING="" - - # Handle inlcudes - if [ "$ACTION" = "INCLUDE" ]; then - marco $SOURCE $@ - fi - - # Protocol - STRING="$STRING $(iptables_protocol $PROTOCOL)" - # Ports - if [ -n "$PORT_SWITCH" ]; then - # Switch ports for upload rule - STRING="$STRING $(iptables_source_port $REMOTE_PORT)" - STRING="$STRING $(iptables_destination_port $LOCAL_PORT)" - else - STRING="$STRING $(iptables_source_port $LOCAL_PORT)" - STRING="$STRING $(iptables_destination_port $REMOTE_PORT)" - fi - - if [ "$ACTION" = "ACCEPT" ]; then - STRING="$STRING -j ACCEPT" - - elif [ "$ACTION" = "DROP" ]; then - STRING="$STRING -j DROP" - - fi - [ -n "$STRING" ] && echo "$STRING $@" - done -} diff --git a/firewall/src/functions.zones b/firewall/src/functions.zones deleted file mode 100644 index fbc41a1..0000000 --- a/firewall/src/functions.zones +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -include zones.green -include zones.orange -include zones.red - -function zones_global_add() { - local device - local name - - device=$1 - - vecho "Adding zone "$device"" - - name=$(uppercase "ZONE_$device") - - ### FILTER - chain_create $name - iptables -A INPUT -i $device -j $name - iptables -A FORWARD -i $device -j $name - iptables -A FORWARD -o $device -j $name - iptables -A OUTPUT -o $device -j $name - - # Leave some space for own rules - chain_create ${name}_CUSTOM - iptables -A $name -j ${name}_CUSTOM - - # Intrusion Preventions System - chain_create ${name}_IPS - iptables -A $name -i $device -j ${name}_IPS - - # Portforwarding - chain_create ${name}_PORTFW - iptables -A $name -i $device -j ${name}_PORTFW - - # Outgoing firewall - chain_create ${name}_OUTFW - iptables -A $name -o $device -j ${name}_OUTFW - - # Policy rules - chain_create ${name}_POLICY - iptables -A $name -j ${name}_POLICY - - ### MANGLE - chain_create -t mangle $name - iptables -t mangle -A PREROUTING -i $device -j $name - iptables -t mangle -A POSTROUTING -o $device -j $name - - # Quality of Service - chain_create -t mangle ${name}_QOS_INC - iptables -t mangle -A $name -i $device -j ${name}_QOS_INC - chain_create -t mangle ${name}_QOS_OUT - iptables -t mangle -A $name -o $device -j ${name}_QOS_OUT - - ### NAT - chain_create -t nat ${name} - iptables -t nat -A PREROUTING -i $device -j ${name} - iptables -t nat -A POSTROUTING -o $device -j ${name} - - # Network Address Translation - chain_create -t nat ${name}_NAT - iptables -t nat -A $name -i $device -j ${name}_NAT - - # Portforwarding - chain_create -t nat ${name}_PORTFW - iptables -t nat -A $name -i $device -j ${name}_PORTFW - - # UPNP - chain_create -t nat ${name}_UPNP - iptables -t nat -A $name -j ${name}_UPNP -} - - -### LOCAL ZONE -function zones_local_add() { - - decho "Adding zone "local"" - - # Accept everything on lo - iptables -A INPUT -i lo -j ACCEPT - iptables -A OUTPUT -o lo -j ACCEPT - -} diff --git a/firewall/src/macros/DHCP b/firewall/src/macros/DHCP deleted file mode 100644 index 41d8a87..0000000 --- a/firewall/src/macros/DHCP +++ /dev/null @@ -1,5 +0,0 @@ -# IPFire Macro -# This macro handles the dynamic host configuration protocol. -# ACTION SRC DST PROTO LOCAL_PORT REMOTE_PORT RATE -CUSTOM - - tcp 68 67 -CUSTOM - - udp 68 67 diff --git a/firewall/src/macros/HTTP b/firewall/src/macros/HTTP deleted file mode 100644 index bce11f9..0000000 --- a/firewall/src/macros/HTTP +++ /dev/null @@ -1,4 +0,0 @@ -# IPFire Macro -# This macro handles plaintext HTTP (WWW) traffic. -# ACTION SRC DST PROTO LOCAL_PORT REMOTE_PORT RATE -CUSTOM - - tcp - 80 diff --git a/firewall/src/macros/HTTPS b/firewall/src/macros/HTTPS deleted file mode 100644 index 65b2e9e..0000000 --- a/firewall/src/macros/HTTPS +++ /dev/null @@ -1,4 +0,0 @@ -# IPFire Macro -# This macro handles secure HTTP (WWW) traffic. -# ACTION SRC DST PROTO LOCAL_PORT REMOTE_PORT RATE -CUSTOM - - tcp - 443 diff --git a/firewall/src/macros/WWW b/firewall/src/macros/WWW deleted file mode 100644 index ca72d0f..0000000 --- a/firewall/src/macros/WWW +++ /dev/null @@ -1,5 +0,0 @@ -# IPFire Macro -# This macro handles WWW traffic. -# ACTION SRC DST PROTO SRC_PORT DST_PORT RATE -INCLUDE HTTP -INCLUDE HTTPS diff --git a/firewall/src/zones.green b/firewall/src/zones.green deleted file mode 100644 index 5566587..0000000 --- a/firewall/src/zones.green +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function zones_green_add() { - # $1 = device - - zones_global_add $1 - zones_policy_green $1 - -} - -function zones_policy_green() { - local device - - device=$1 - - # Accept any traffic from green - iptables -A ZONE_${device}_POLICY -i $device -j ACCEPT - iptables -A ZONE_${device}_POLICY -o $device -j ACCEPT -} diff --git a/firewall/src/zones.orange b/firewall/src/zones.orange deleted file mode 100644 index 55f5acc..0000000 --- a/firewall/src/zones.orange +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function zones_orange_add() { - # $1 = device - - zones_global_add $1 - zones_policy_orange $1 - -} - -function zones_policy_orange() { - local device - local name - - device=$1 - name=$(uppercase "$device") - - : # TODO -} diff --git a/firewall/src/zones.red b/firewall/src/zones.red deleted file mode 100644 index 549300c..0000000 --- a/firewall/src/zones.red +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function zones_red_add() { - # $1 = device - - zones_global_add $1 - zones_policy_red $1 - -} - -function zones_policy_red() { - local device - local name - - device=$1 - name=$(uppercase "$device") - - : # TODO -} diff --git a/firewall/systemd/firewall.service b/firewall/systemd/firewall.service deleted file mode 100644 index bdce760..0000000 --- a/firewall/systemd/firewall.service +++ /dev/null @@ -1,13 +0,0 @@ - -[Unit] -Description=Firewall -After=network.target - -[Service] -ExecStart=/usr/bin/firewall start -ExecStop=/usr/bin/firewall stop -ExecReload=/usr/bin/firewall restart - -[Install] -WantedBy=multi-user.target - diff --git a/iproute2/iproute2.nm b/iproute2/iproute2.nm index f11c7a8..27d8dea 100644 --- a/iproute2/iproute2.nm +++ b/iproute2/iproute2.nm @@ -5,7 +5,7 @@
name = iproute2 version = 3.14.0 -release = 1 +release = 2
groups = Networking/Tools url = http://www.linuxfoundation.org/en/Net:Iproute2 @@ -28,7 +28,6 @@ build libdb-devel libnl-devel linux-atm-devel >= 2.5.1 - iptables-devel >= 1.4.19 end
prepare_cmds @@ -60,10 +59,7 @@ build ln -svf lnstat %{BUILDROOT}%{sbindir}/rtstat
# Install libs. - for lib in tc/q_atm.so tc/m_xt.so; do - install -v -m 755 ${lib} %{BUILDROOT}%{libdir}/tc - done - ln -svf m_xt.so %{BUILDROOT}%{libdir}/tc/m_ipt.so + install -v -m 755 tc/q_atm.so %{BUILDROOT}%{libdir}/tc
# libnetlink install -v -m 644 include/libnetlink.h %{BUILDROOT}%{includedir} diff --git a/iptables/iptables.nm b/iptables/iptables.nm deleted file mode 100644 index 0350b17..0000000 --- a/iptables/iptables.nm +++ /dev/null @@ -1,78 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team info@ipfire.org # -############################################################################### - -name = iptables -version = 1.4.19.1 -release = 1 - -groups = Networking/Tools -url = http://www.netfilter.org/ -license = GPL+ -summary = Tools for managing Linux kernel packet filtering capabilities. - -description - The iptables utility controls the network packet filtering code in the - Linux kernel. If you need to set up firewalls and/or IP masquerading, - you should install this package. -end - -source_dl = http://ftp.netfilter.org/pub/iptables/ -sources = %{thisapp}.tar.bz2 - -build - requires - libnfnetlink-devel - libselinux-devel - end - - CFLAGS += -fno-strict-aliasing - - configure_options += \ - --libexecdir=/%{lib} \ - --sysconfdir=/etc \ - --with-pkgconfigdir=%{libdir}/pkgconfig \ - --mandir=/usr/share/man \ - --with-kernel=/usr \ - --with-kbuild=/usr \ - --with-ksource=/usr \ - --enable-devel \ - --enable-libipq - - prepare_cmds - # Make more space for target name on output. - sed -e "s/%-9s/%-18s/g" -i iptables/ip{,6}tables.c - - sed -i extensions/GNUmakefile* \ - -e "s@ip6t_NETMAP_LIBADD.*@& -L../libiptc/.libs@" - end - - install_cmds - # install ip*tables.h header files - mkdir -pv %{BUILDROOT}/usr/include/{iptables,libiptc} - install -v -m 644 include/ip{,6}tables.h \ - %{BUILDROOT}/usr/include - install -v -m 644 include/iptables/internal.h \ - %{BUILDROOT}/usr/include/iptables/ - install -v -m 644 include/libiptc/*.h \ - %{BUILDROOT}/usr/include/libiptc - - # Remove relative symlinks. - ln -svf ../sbin/xtables-multi %{BUILDROOT}/usr/bin/iptables-xml - end -end - -packages - package %{name} - groups += Base - end - - package %{name}-devel - template DEVEL - end - - package %{name}-debuginfo - template DEBUGINFO - end -end diff --git a/libgcrypt/libgcrypt.nm b/libgcrypt/libgcrypt.nm index 6bb11ca..1f6e017 100644 --- a/libgcrypt/libgcrypt.nm +++ b/libgcrypt/libgcrypt.nm @@ -4,7 +4,7 @@ ###############################################################################
name = libgcrypt -version = 1.6.2 +version = 1.6.3 release = 1
groups = System/Libraries diff --git a/libidn/libidn.nm b/libidn/libidn.nm index 50e537d..4cd9dd4 100644 --- a/libidn/libidn.nm +++ b/libidn/libidn.nm @@ -4,7 +4,7 @@ ###############################################################################
name = libidn -version = 1.25 +version = 1.30 release = 1
groups = System/Libraries diff --git a/pdns-recursor/patches/pdns-recursor-fixmakefile.patch b/pdns-recursor/patches/pdns-recursor-fixmakefile.patch deleted file mode 100644 index 2c39187..0000000 --- a/pdns-recursor/patches/pdns-recursor-fixmakefile.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -up pdns-recursor-3.2-rc2/Makefile.orig pdns-recursor-3.2-rc2/Makefile ---- pdns-recursor-3.2-rc2/Makefile.orig 2010-03-01 16:52:23.000000000 +0100 -+++ pdns-recursor-3.2-rc2/Makefile 2010-03-01 16:53:10.000000000 +0100 -@@ -71,15 +71,12 @@ basic_checks: - install: all - -mkdir -p $(DESTDIR)/$(SBINDIR) - mv pdns_recursor $(DESTDIR)/$(SBINDIR) -- strip $(DESTDIR)/$(SBINDIR)/pdns_recursor - mkdir -p $(DESTDIR)/$(BINDIR) - mv rec_control $(DESTDIR)/$(BINDIR) -- strip $(DESTDIR)/$(BINDIR)/rec_control - -mkdir -p $(DESTDIR)/$(CONFIGDIR) - $(DESTDIR)/$(SBINDIR)/pdns_recursor --config > $(DESTDIR)/$(CONFIGDIR)/recursor.conf-dist - -mkdir -p $(DESTDIR)/usr/share/man/man1 - cp pdns_recursor.1 rec_control.1 $(DESTDIR)/usr/share/man/man1 -- $(OS_SPECIFIC_INSTALL) - - clean: binclean - -rm -f dep *~ *.gcda *.gcno optional/*.gcda optional/*.gcno diff --git a/pdns-recursor/patches/pdns-recursor-fixsysconfdir.patch b/pdns-recursor/patches/pdns-recursor-fixsysconfdir.patch deleted file mode 100644 index 1ea6f3f..0000000 --- a/pdns-recursor/patches/pdns-recursor-fixsysconfdir.patch +++ /dev/null @@ -1,9 +0,0 @@ -diff -up pdns-recursor-3.2-rc2/config.h.orig pdns-recursor-3.2-rc2/config.h ---- pdns-recursor-3.2-rc2/config.h.orig 2010-03-01 16:54:06.000000000 +0100 -+++ pdns-recursor-3.2-rc2/config.h 2010-03-01 16:54:18.000000000 +0100 -@@ -1,4 +1,4 @@ --#define SYSCONFDIR "/etc/powerdns/" -+#define SYSCONFDIR "/etc/pdns-recursor/" - #define LOCALSTATEDIR "/var/run/" - #define VERSION "3.2" - #define RECURSOR diff --git a/pdns-recursor/pdns-recursor.nm b/pdns-recursor/pdns-recursor.nm deleted file mode 100644 index cbcaa2e..0000000 --- a/pdns-recursor/pdns-recursor.nm +++ /dev/null @@ -1,108 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team info@ipfire.org # -############################################################################### - -name = pdns-recursor -version = 3.3 -release = 9 - -groups = Networking/DNS -url = http://powerdns.com/ -license = GPLv2 -summary = A modern, advanced and high performance recursing nameserver. - -description - PowerDNS Recursor is a non authoritative/recursing DNS server. Use this - package if you need a dns cache for your network. -end - -source_dl = http://downloads.powerdns.com/releases/ -sources = %{thisapp}.tar.bz2 - -build - requires - gcc-c++ - boost-devel - lua-devel - shadow-utils - end - - prepare_cmds - %{create_user} - end - - build - LUA=1 LUA_CPPFLAGS_CONFIG= LUA_LIBS_CONFIG=-llua \ - make OPTFLAGS="%{CFLAGS}" #%{PARALLELISMFLAGS} - end - - install - make install DESTDIR=%{BUILDROOT} \ - CONFIGDIR="%{sysconfdir}/pdns" - - # Remove sysvinit file - rm -rf %{BUILDROOT}/etc/init.d - - # Remove shipped config file - rm -rf %{BUILDROOT}%{sysconfdir}/pdns/recursor.conf-dist - - # Install our default config file - cp -vf %{DIR_SOURCE}/recursor.conf \ - %{BUILDROOT}%{sysconfdir}/pdns/recursor.conf - - # Create folder for chroot - mkdir -pv %{BUILDROOT}/var/lib/pdns-recursor - - # Create directory for socket and stuff. - mkdir -pv %{BUILDROOT}/run/pdns-recursor - chown -v pdns-recursor.pdns-recursor %{BUILDROOT}/run/pdns-recursor - end -end - -create_user - getent group pdns-recursor >/dev/null || groupadd -r pdns-recursor - getent passwd pdns-recursor >/dev/null || \ - useradd -r -g pdns-recursor -d /var/lib/pdns-recursor -s /sbin/nologin \ - pdns-recursor -end - -packages - package %{name} - configfiles - %{sysconfdir}/pdns/recursor.conf - end - - prerequires - shadow-utils - systemd-units - end - - script prein - %{create_user} - end - - script postin - /bin/systemctl daemon-reload >/dev/null 2>&1 || : - /bin/systemctl --no-reload enable pdns-recursor.service >/dev/null 2>&1 || : - end - - script preun - /bin/systemctl --no-reload disable pdns-recursor.service >/dev/null 2>&1 || : - /bin/systemctl stop pdns-recursor.service >/dev/null 2>&1 || : - end - - script postun - /bin/systemctl daemon-reload >/dev/null 2>&1 || : - end - - script postup - /bin/systemctl daemon-reload >/dev/null 2>&1 || : - /bin/systemctl try-restart pdns-recursor.service >/dev/null 2>&1 || : - end - end - - package %{name}-debuginfo - template DEBUGINFO - end -end diff --git a/pdns-recursor/pdns-recursor.tmpfiles b/pdns-recursor/pdns-recursor.tmpfiles deleted file mode 100644 index 2fbee00..0000000 --- a/pdns-recursor/pdns-recursor.tmpfiles +++ /dev/null @@ -1 +0,0 @@ -d /run/pdns-recursor 0755 pdns-recursor pdns-recursor - diff --git a/pdns-recursor/recursor.conf b/pdns-recursor/recursor.conf deleted file mode 100644 index 284da99..0000000 --- a/pdns-recursor/recursor.conf +++ /dev/null @@ -1,19 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team info@ipfire.org # -############################################################################### - -# Listen settings -local-address=::1 -local-port=54 - -# Socket settings -socket-dir=/run/pdns-recursor -socket-group=pdns-recursor -socket-owner=pdns-recursor -socket-mode=660 - -# Security settings -chroot=/var/lib/pdns-recursor -setgid=pdns-recursor -setuid=pdns-recursor diff --git a/pdns-recursor/systemd/pdns-recursor.service b/pdns-recursor/systemd/pdns-recursor.service deleted file mode 100644 index 095b595..0000000 --- a/pdns-recursor/systemd/pdns-recursor.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Power DNS Recursor Daemon -After=network.target - -[Service] -ExecStart=/usr/sbin/pdns_recursor --config-dir=/etc/pdns --daemon=no -ExecStopPost=/bin/rm -f /run/pdns-recursor/pdns_recursor.pid -ExecStopPost=/bin/rm -f /run/pdns-recursor/pdns_recursor.controlsocket -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/pdns/pdns.nm b/pdns/pdns.nm index 7d27149..3c25e9d 100644 --- a/pdns/pdns.nm +++ b/pdns/pdns.nm @@ -5,7 +5,7 @@
name = pdns version = 3.3.1 -release = 1 +release = 2
groups = Networking/DNS url = http://powerdns.com/ @@ -99,10 +99,6 @@ packages sqlite end
- requires - pdns-recursor >= 3.3-8 - end - configfiles %{sysconfdir}/pdns/pdns.conf end diff --git a/squid/squid.nm b/squid/squid.nm index 7a8fa12..52821cf 100644 --- a/squid/squid.nm +++ b/squid/squid.nm @@ -6,7 +6,7 @@ name = squid major_ver = 3.1 version = %{major_ver}.19 -release = 1 +release = 2
maintainer = Christian Schmidt christian.schmidt@ipfire.org groups = Networking/Daemons @@ -32,7 +32,6 @@ build openssl-devel openldap-devel samba-devel - iptables-devel pam-devel libcap-devel /usr/bin/smbclient diff --git a/wget/wget.nm b/wget/wget.nm index dfdf4cd..4c51337 100644 --- a/wget/wget.nm +++ b/wget/wget.nm @@ -4,7 +4,7 @@ ###############################################################################
name = wget -version = 1.16 +version = 1.16.3 release = 1
groups = Applications/Internet diff --git a/zlib/zlib.nm b/zlib/zlib.nm index 1737687..6c7fc3c 100644 --- a/zlib/zlib.nm +++ b/zlib/zlib.nm @@ -4,7 +4,7 @@ ###############################################################################
name = zlib -version = 1.2.7 +version = 1.2.8 release = 1
groups = System/Libraries
hooks/post-receive -- IPFire 3.x development tree