This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 25d50589747eb20e48057f0a2efdac74b0f2cbb1 (commit) via 61a4972bc6fd1791123bb49a265100874659f3b6 (commit) via 4e04cc87e79f1dd066d9d0502ee9772962696b3b (commit) via 7d9b0ab69750c19d51833537652c6b11fc1bc2ab (commit) via 72c24beae2ef09263ff1da1173e4a785666955ea (commit) via 1eb657a66cd18619f890ceb7cd13e908cd6dfde6 (commit) via edf221cbfc7e4ab5d7e1826dd6fb99bc06b60ea2 (commit) via 0db643ce38ac44520d476bbc20e10a5e84456c1e (commit) via 0ef5f4a09166a1263340c2584a5866ae0b4dbe78 (commit) via 51b63b4186e9a5521437ba65b072e9a0522f1105 (commit) via a1cf33ca8f51a65189df88ec88a2e1b8273d476a (commit) via 907874c4be2c64c584199fbcfa6ec8fdbc1ce4ef (commit) via ad6d02ccc01ea06839e46b845d066ad1f1fca046 (commit) from 8867f9c5e8400d0ec686c68a80d5ef719c316616 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 25d50589747eb20e48057f0a2efdac74b0f2cbb1 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 24 10:46:51 2019 +0000
stripper: Strip all unneeded relocation information
Libraries were treated differently and therfore it could happen that they were not stripped from any unnecessary relocation information at all.
This patch changes that and strips everything from libraries that we do not need.
The ISO was 3MB smaller.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 61a4972bc6fd1791123bb49a265100874659f3b6 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Dec 23 19:19:44 2019 +0100
nano: Update to 4.7
For details see: https://www.nano-editor.org/news.php
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4e04cc87e79f1dd066d9d0502ee9772962696b3b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 19:19:12 2019 +0000
core140: add bind to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7d9b0ab69750c19d51833537652c6b11fc1bc2ab Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Dec 23 15:47:45 2019 +0100
bind: Update to 9.11.14
For details see: https://downloads.isc.org/isc/bind9/9.11.14/RELEASE-NOTES-bind-9.11.14.html
"Bug Fixes
Fixed a bug that caused named to leak memory on reconfiguration when any GeoIP2 database was in use. [GL #1445]
Fixed several possible race conditions discovered by Thread Sanitizer."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 72c24beae2ef09263ff1da1173e4a785666955ea Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 19:16:55 2019 +0000
core140: add file to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1eb657a66cd18619f890ceb7cd13e908cd6dfde6 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Dec 21 11:12:06 2019 +0000
file: Update to 5.38
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit edf221cbfc7e4ab5d7e1826dd6fb99bc06b60ea2 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 19 19:13:42 2019 +0000
dehydrated: Update to 0.6.5
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0db643ce38ac44520d476bbc20e10a5e84456c1e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Dec 19 18:09:42 2019 +0100
rfkill: New package.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0ef5f4a09166a1263340c2584a5866ae0b4dbe78 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 19:13:28 2019 +0000
core140: add ids.cgi and suricata initskript to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 51b63b4186e9a5521437ba65b072e9a0522f1105 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 17 13:06:29 2019 +0100
IDS: Allow to inspect traffic from or to OpenVPN
This commit allows to configure suricata to monitor traffic from or to OpenVPN tunnels. This includes the RW server and all established N2N connections.
Because the RW server and/or each N2N connection uses it's own tun? device, it is only possible to enable monitoring all of them or to disable monitoring entirely.
Fixes #12111.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a1cf33ca8f51a65189df88ec88a2e1b8273d476a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 29 19:10:55 2019 +0000
core140: add suricata and libhtp to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 907874c4be2c64c584199fbcfa6ec8fdbc1ce4ef Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Dec 14 12:24:46 2019 +0100
libhtp: Update to 0.5.32
For details see: https://github.com/OISF/libhtp/releases
Bundled with 'suricata 4.1.6'
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ad6d02ccc01ea06839e46b845d066ad1f1fca046 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Dec 14 12:24:45 2019 +0100
suricata: Update to 4.1.6
Excerpt from 'ChangeLog':
"4.1.6 -- 2019-12-13
Bug #3276: address parsing: memory leak in error path (4.1.x) Bug #3278: segfault when test a nfs pcap file (4.1.x) Bug #3279: ikev2 enabled in config even if Rust is disabled Bug #3325: lua issues on arm (fedora:29) (4.1.x) Bug #3326: Static build with pcap fails (4.1.x) Bug #3327: tcp: empty SACK option leads to decoder event (4.1.x) Bug #3347: BPF filter on command line not honored for pcap file (4.1.x) Bug #3355: DNS: DNS over TCP transactions logged with wrong direction. (4.1.x) Bug #3356: DHCP: Slow down over time due to lack of detect flags (4.1.x) Bug #3369: byte_extract does not work in some situations (4.1.x) Bug #3385: fast-log: icmp type prints wrong value (4.1.x) Bug #3387: suricata is logging tls log repeatedly if custom mode is enabled (4.1.x) Bug #3388: TLS Lua output does not work without TLS log (4.1.x) Bug #3391: Suricata is unable to get MTU from NIC after 4.1.0 (4.1.x) Bug #3393: http: pipelining tx id handling broken (4.1.x) Bug #3394: TCP evasion technique by overlapping a TCP segment with a fake packet (4.1.x) Bug #3395: TCP evasion technique by faking a closed TCP session (4.1.x) Bug #3402: smb: post-GAP some transactions never close (4.1.x) Bug #3403: smb1: 'event only' transactions for bad requests never close (4.1.x) Bug #3404: smtp: file tracking issues when more than one attachment in a tx (4.1.x) Bug #3405: Filehash rule does not fire without filestore keyword Bug #3410: intermittent abort()s at shutdown and in unix-socket (4.1.x) Bug #3412: detect/asn1: crashes on packets smaller than offset setting (4.1.x) Task #3367: configure: Rust 1.37+ has cargo-vendor support bundled into cargo (4.1.x)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/bind | 4 +- config/rootfiles/common/libhtp | 3 + config/rootfiles/common/rfkill | 2 + .../{oldcore/100 => core/140}/filelists/bind | 0 .../{oldcore/106 => core/140}/filelists/file | 0 config/rootfiles/core/140/filelists/files | 2 + .../{oldcore/131 => core/140}/filelists/libhtp | 0 .../{oldcore/131 => core/140}/filelists/suricata | 0 html/cgi-bin/ids.cgi | 10 +- lfs/bind | 4 +- lfs/dehydrated | 6 +- lfs/file | 6 +- lfs/libhtp | 6 +- lfs/nano | 6 +- lfs/{wget => rfkill} | 16 +- lfs/suricata | 4 +- make.sh | 1 + src/initscripts/system/suricata | 18 +- src/patches/rfkill-5.0-use_uapi_rfkill.patch | 341 +++++++++++++++++++++ src/stripper | 12 +- 20 files changed, 405 insertions(+), 36 deletions(-) create mode 100644 config/rootfiles/common/rfkill copy config/rootfiles/{oldcore/100 => core/140}/filelists/bind (100%) copy config/rootfiles/{oldcore/106 => core/140}/filelists/file (100%) copy config/rootfiles/{oldcore/131 => core/140}/filelists/libhtp (100%) copy config/rootfiles/{oldcore/131 => core/140}/filelists/suricata (100%) copy lfs/{wget => rfkill} (92%) create mode 100644 src/patches/rfkill-5.0-use_uapi_rfkill.patch
Difference in files: diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index df6bbf4b6..e5435bd02 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -272,11 +272,11 @@ usr/lib/libbind9.so.161.0.4 #usr/lib/libdns.la #usr/lib/libdns.so usr/lib/libdns.so.1107 -usr/lib/libdns.so.1107.1.0 +usr/lib/libdns.so.1107.1.1 #usr/lib/libisc.la #usr/lib/libisc.so usr/lib/libisc.so.1104 -usr/lib/libisc.so.1104.0.0 +usr/lib/libisc.so.1104.0.1 #usr/lib/libisccc.la #usr/lib/libisccc.so usr/lib/libisccc.so.161 diff --git a/config/rootfiles/common/libhtp b/config/rootfiles/common/libhtp index 9211ea713..a99aa940e 100644 --- a/config/rootfiles/common/libhtp +++ b/config/rootfiles/common/libhtp @@ -15,6 +15,9 @@ #usr/include/htp/htp_urlencoded.h #usr/include/htp/htp_utf8_decoder.h #usr/include/htp/htp_version.h +#usr/include/htp/lzma +#usr/include/htp/lzma/7zTypes.h +#usr/include/htp/lzma/LzmaDec.h #usr/lib/libhtp.la #usr/lib/libhtp.so usr/lib/libhtp.so.2 diff --git a/config/rootfiles/common/rfkill b/config/rootfiles/common/rfkill new file mode 100644 index 000000000..8887a02f6 --- /dev/null +++ b/config/rootfiles/common/rfkill @@ -0,0 +1,2 @@ +usr/sbin/rfkill +#usr/share/man/man8/rfkill.8.gz diff --git a/config/rootfiles/core/140/filelists/bind b/config/rootfiles/core/140/filelists/bind new file mode 120000 index 000000000..48a0ebaef --- /dev/null +++ b/config/rootfiles/core/140/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/core/140/filelists/file b/config/rootfiles/core/140/filelists/file new file mode 120000 index 000000000..0c60e43aa --- /dev/null +++ b/config/rootfiles/core/140/filelists/file @@ -0,0 +1 @@ +../../../common/file \ No newline at end of file diff --git a/config/rootfiles/core/140/filelists/files b/config/rootfiles/core/140/filelists/files index a9d2bcbc2..80c52449b 100644 --- a/config/rootfiles/core/140/filelists/files +++ b/config/rootfiles/core/140/filelists/files @@ -4,3 +4,5 @@ srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs etc/rc.d/init.d/networking/red.up/06-safe-search etc/rc.d/init.d/unbound +etc/rc.d/init.d/suricata +srv/web/ipfire/cgi-bin/ids.cgi diff --git a/config/rootfiles/core/140/filelists/libhtp b/config/rootfiles/core/140/filelists/libhtp new file mode 120000 index 000000000..676e2c5e8 --- /dev/null +++ b/config/rootfiles/core/140/filelists/libhtp @@ -0,0 +1 @@ +../../../common/libhtp \ No newline at end of file diff --git a/config/rootfiles/core/140/filelists/suricata b/config/rootfiles/core/140/filelists/suricata new file mode 120000 index 000000000..f671f6993 --- /dev/null +++ b/config/rootfiles/core/140/filelists/suricata @@ -0,0 +1 @@ +../../../common/suricata \ No newline at end of file diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index da009f891..2a8a7cb26 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -49,6 +49,11 @@ my %ignored=(); # the list of zones in an array. my @network_zones = &IDS::get_available_network_zones();
+# Check if openvpn is started and add it to the array of network zones. +if ( -e "/var/run/openvpn.pid") { + push(@network_zones, "ovpn"); +} + my $errormessage;
# Create files if they does not exist yet. @@ -59,7 +64,8 @@ my %colourhash = ( 'red' => $Header::colourred, 'green' => $Header::colourgreen, 'blue' => $Header::colourblue, - 'orange' => $Header::colourorange + 'orange' => $Header::colourorange, + 'ovpn' => $Header::colourovpn );
&Header::showhttpheaders(); @@ -839,7 +845,7 @@ END $checked_input = "checked = 'checked'"; }
- print "<td class='base' width='25%'>\n"; + print "<td class='base' width='20%'>\n"; print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>\n"; print " $Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n"; print "</td>\n"; diff --git a/lfs/bind b/lfs/bind index 6bb23a143..249328843 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@
include Config
-VER = 9.11.13 +VER = 9.11.14
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 17de0d024ab1eac377f1c2854dc25057 +$(DL_FILE)_MD5 = 5aa75bcb6cdad102f151cae4a53f117f
install : $(TARGET)
diff --git a/lfs/dehydrated b/lfs/dehydrated index cfbdf679a..232588461 100644 --- a/lfs/dehydrated +++ b/lfs/dehydrated @@ -24,7 +24,7 @@
include Config
-VER = 0.6.2 +VER = 0.6.5
THISAPP = dehydrated-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dehydrated -PAK_VER = 1 +PAK_VER = 2
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d4db13d5965054b0a231bf95285c6cf0 +$(DL_FILE)_MD5 = cedf07369517c317c4e1075540b94699
install : $(TARGET)
diff --git a/lfs/file b/lfs/file index 8be0b632c..4a3323830 100644 --- a/lfs/file +++ b/lfs/file @@ -24,7 +24,7 @@
include Config
-VER = 5.30 +VER = 5.38
THISAPP = file-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f35eaf05489ae566eafc4d26bb1dcd90 +$(DL_FILE)_MD5 = 3217633ed09c7cd35ed8d04191675574
install : $(TARGET)
@@ -70,7 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && ./configure --prefix=/usr --disable-bzlib cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/lfs/libhtp b/lfs/libhtp index bec93a935..8a7ad6dfc 100644 --- a/lfs/libhtp +++ b/lfs/libhtp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2019 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 0.5.30 +VER = 0.5.32
THISAPP = libhtp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ec0d8c57f9c611719e07668bbad7e685 +$(DL_FILE)_MD5 = db2e049c8e3b5e4826e18b75a0dc0f62
install : $(TARGET)
diff --git a/lfs/nano b/lfs/nano index 198aeb5d0..02ba358c4 100644 --- a/lfs/nano +++ b/lfs/nano @@ -24,7 +24,7 @@
include Config
-VER = 4.6 +VER = 4.7
THISAPP = nano-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nano -PAK_VER = 27 +PAK_VER = 28
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9e87ae93cc7a5c7f5e64f97db089ae1b +$(DL_FILE)_MD5 = 8622b7b733dc5d9645f5ceaec24e6ba6
install : $(TARGET)
diff --git a/lfs/rfkill b/lfs/rfkill new file mode 100644 index 000000000..bfd4e8516 --- /dev/null +++ b/lfs/rfkill @@ -0,0 +1,81 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.5 + +THISAPP = rfkill-$(VER) +DL_FILE = $(THISAPP).tar.xz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = ce834c00c049cd86a04ab115c92ef548 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + + # Apply upstream patches. + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/rfkill-5.0-use_uapi_rfkill.patch + + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/suricata b/lfs/suricata index 12dcfe08c..b3d22003b 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@
include Config
-VER = 4.1.5 +VER = 4.1.6
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0dfd68f6f4314c5c2eed7128112eff3b +$(DL_FILE)_MD5 = da5de1e8053f05cbd295793210117d34
install : $(TARGET)
diff --git a/make.sh b/make.sh index c30ce7813..e1ac4c6b9 100755 --- a/make.sh +++ b/make.sh @@ -1633,6 +1633,7 @@ buildipfire() { lfsmake2 tshark lfsmake2 geoip-generator lfsmake2 speedtest-cli + lfsmake2 rfkill }
buildinstaller() { diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata index 5a567f2d7..5dc408262 100644 --- a/src/initscripts/system/suricata +++ b/src/initscripts/system/suricata @@ -29,7 +29,7 @@ IPS_OUTPUT_CHAIN="IPS_OUTPUT" NFQ_OPTS="--queue-bypass "
# Array containing the 4 possible network zones. -network_zones=( red green blue orange ) +network_zones=( red green blue orange ovpn )
# Array to store the network zones weather the IPS is enabled for. enabled_ips_zones=() @@ -86,6 +86,22 @@ function generate_fw_rules { if [ "$zone" == "red" ] && [ "$RED_TYPE" == "PPPOE" ]; then # Set device name to ppp0. network_device="ppp0" + elif [ "$zone" == "ovpn" ]; then + # Get all virtual net devices because the RW server and each + # N2N connection creates it's own tun device. + for virt_dev in /sys/devices/virtual/net/*; do + # Cut-off the directory. + dev="${virt_dev##*/}" + + # Only process tun devices. + if [[ $dev =~ "tun" ]]; then + # Add the network device to the array of enabled zones. + enabled_ips_zones+=( "$dev" ) + fi + done + + # Process next zone. + continue else # Generate variable name which contains the device name. zone_name="$zone_upper" diff --git a/src/patches/rfkill-5.0-use_uapi_rfkill.patch b/src/patches/rfkill-5.0-use_uapi_rfkill.patch new file mode 100644 index 000000000..4c3d3e144 --- /dev/null +++ b/src/patches/rfkill-5.0-use_uapi_rfkill.patch @@ -0,0 +1,341 @@ +From fd06998396d631f028fd8f8d7bcb2b442c578292 Mon Sep 17 00:00:00 2001 +From: Johannes Berg johannes@sipsolutions.net +Date: Thu, 8 Jan 2015 09:02:42 +0100 +Subject: use uapi rfkill.h + +--- + rfkill.h | 295 ++------------------------------------------------------------- + 1 file changed, 6 insertions(+), 289 deletions(-) + +diff --git a/rfkill.h b/rfkill.h +index d253b4e..058757f 100644 +--- a/rfkill.h ++++ b/rfkill.h +@@ -1,6 +1,3 @@ +-#ifndef __RFKILL_H +-#define __RFKILL_H +- + /* + * Copyright (C) 2006 - 2007 Ivo van Doorn + * Copyright (C) 2007 Dmitry Torokhov +@@ -18,6 +15,9 @@ + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ ++#ifndef _UAPI__RFKILL_H ++#define _UAPI__RFKILL_H ++ + + #include <linux/types.h> + +@@ -29,7 +29,7 @@ + /** + * enum rfkill_type - type of rfkill switch. + * +- * @RFKILL_TYPE_ALL: toggles all switches (userspace only) ++ * @RFKILL_TYPE_ALL: toggles all switches (requests only - not a switch type) + * @RFKILL_TYPE_WLAN: switch is on a 802.11 wireless network device. + * @RFKILL_TYPE_BLUETOOTH: switch is on a bluetooth device. + * @RFKILL_TYPE_UWB: switch is on a ultra wideband device. +@@ -83,7 +83,7 @@ struct rfkill_event { + __u8 type; + __u8 op; + __u8 soft, hard; +-} __packed; ++} __attribute__((packed)); + + /* + * We are planning to be backward and forward compatible with changes +@@ -105,288 +105,5 @@ struct rfkill_event { + #define RFKILL_IOCTL_NOINPUT _IO(RFKILL_IOC_MAGIC, RFKILL_IOC_NOINPUT) + + /* and that's all userspace gets */ +-#ifdef __KERNEL__ +-/* don't allow anyone to use these in the kernel */ +-enum rfkill_user_states { +- RFKILL_USER_STATE_SOFT_BLOCKED = RFKILL_STATE_SOFT_BLOCKED, +- RFKILL_USER_STATE_UNBLOCKED = RFKILL_STATE_UNBLOCKED, +- RFKILL_USER_STATE_HARD_BLOCKED = RFKILL_STATE_HARD_BLOCKED, +-}; +-#undef RFKILL_STATE_SOFT_BLOCKED +-#undef RFKILL_STATE_UNBLOCKED +-#undef RFKILL_STATE_HARD_BLOCKED +- +-#include <linux/kernel.h> +-#include <linux/list.h> +-#include <linux/mutex.h> +-#include <linux/device.h> +-#include <linux/leds.h> +-#include <linux/err.h> +- +-/* this is opaque */ +-struct rfkill; +- +-/** +- * struct rfkill_ops - rfkill driver methods +- * +- * @poll: poll the rfkill block state(s) -- only assign this method +- * when you need polling. When called, simply call one of the +- * rfkill_set{,_hw,_sw}_state family of functions. If the hw +- * is getting unblocked you need to take into account the return +- * value of those functions to make sure the software block is +- * properly used. +- * @query: query the rfkill block state(s) and call exactly one of the +- * rfkill_set{,_hw,_sw}_state family of functions. Assign this +- * method if input events can cause hardware state changes to make +- * the rfkill core query your driver before setting a requested +- * block. +- * @set_block: turn the transmitter on (blocked == false) or off +- * (blocked == true) -- ignore and return 0 when hard blocked. +- * This callback must be assigned. +- */ +-struct rfkill_ops { +- void (*poll)(struct rfkill *rfkill, void *data); +- void (*query)(struct rfkill *rfkill, void *data); +- int (*set_block)(void *data, bool blocked); +-}; +- +-#if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE) +-/** +- * rfkill_alloc - allocate rfkill structure +- * @name: name of the struct -- the string is not copied internally +- * @parent: device that has rf switch on it +- * @type: type of the switch (RFKILL_TYPE_*) +- * @ops: rfkill methods +- * @ops_data: data passed to each method +- * +- * This function should be called by the transmitter driver to allocate an +- * rfkill structure. Returns %NULL on failure. +- */ +-struct rfkill * __must_check rfkill_alloc(const char *name, +- struct device *parent, +- const enum rfkill_type type, +- const struct rfkill_ops *ops, +- void *ops_data); +- +-/** +- * rfkill_register - Register a rfkill structure. +- * @rfkill: rfkill structure to be registered +- * +- * This function should be called by the transmitter driver to register +- * the rfkill structure. Before calling this function the driver needs +- * to be ready to service method calls from rfkill. +- * +- * If rfkill_init_sw_state() is not called before registration, +- * set_block() will be called to initialize the software blocked state +- * to a default value. +- * +- * If the hardware blocked state is not set before registration, +- * it is assumed to be unblocked. +- */ +-int __must_check rfkill_register(struct rfkill *rfkill); +- +-/** +- * rfkill_pause_polling(struct rfkill *rfkill) +- * +- * Pause polling -- say transmitter is off for other reasons. +- * NOTE: not necessary for suspend/resume -- in that case the +- * core stops polling anyway +- */ +-void rfkill_pause_polling(struct rfkill *rfkill); +- +-/** +- * rfkill_resume_polling(struct rfkill *rfkill) +- * +- * Pause polling -- say transmitter is off for other reasons. +- * NOTE: not necessary for suspend/resume -- in that case the +- * core stops polling anyway +- */ +-void rfkill_resume_polling(struct rfkill *rfkill); +- +- +-/** +- * rfkill_unregister - Unregister a rfkill structure. +- * @rfkill: rfkill structure to be unregistered +- * +- * This function should be called by the network driver during device +- * teardown to destroy rfkill structure. Until it returns, the driver +- * needs to be able to service method calls. +- */ +-void rfkill_unregister(struct rfkill *rfkill); +- +-/** +- * rfkill_destroy - free rfkill structure +- * @rfkill: rfkill structure to be destroyed +- * +- * Destroys the rfkill structure. +- */ +-void rfkill_destroy(struct rfkill *rfkill); +- +-/** +- * rfkill_set_hw_state - Set the internal rfkill hardware block state +- * @rfkill: pointer to the rfkill class to modify. +- * @state: the current hardware block state to set +- * +- * rfkill drivers that get events when the hard-blocked state changes +- * use this function to notify the rfkill core (and through that also +- * userspace) of the current state. They should also use this after +- * resume if the state could have changed. +- * +- * You need not (but may) call this function if poll_state is assigned. +- * +- * This function can be called in any context, even from within rfkill +- * callbacks. +- * +- * The function returns the combined block state (true if transmitter +- * should be blocked) so that drivers need not keep track of the soft +- * block state -- which they might not be able to. +- */ +-bool rfkill_set_hw_state(struct rfkill *rfkill, bool blocked); +- +-/** +- * rfkill_set_sw_state - Set the internal rfkill software block state +- * @rfkill: pointer to the rfkill class to modify. +- * @state: the current software block state to set +- * +- * rfkill drivers that get events when the soft-blocked state changes +- * (yes, some platforms directly act on input but allow changing again) +- * use this function to notify the rfkill core (and through that also +- * userspace) of the current state. +- * +- * Drivers should also call this function after resume if the state has +- * been changed by the user. This only makes sense for "persistent" +- * devices (see rfkill_init_sw_state()). +- * +- * This function can be called in any context, even from within rfkill +- * callbacks. +- * +- * The function returns the combined block state (true if transmitter +- * should be blocked). +- */ +-bool rfkill_set_sw_state(struct rfkill *rfkill, bool blocked); +- +-/** +- * rfkill_init_sw_state - Initialize persistent software block state +- * @rfkill: pointer to the rfkill class to modify. +- * @state: the current software block state to set +- * +- * rfkill drivers that preserve their software block state over power off +- * use this function to notify the rfkill core (and through that also +- * userspace) of their initial state. It should only be used before +- * registration. +- * +- * In addition, it marks the device as "persistent", an attribute which +- * can be read by userspace. Persistent devices are expected to preserve +- * their own state when suspended. +- */ +-void rfkill_init_sw_state(struct rfkill *rfkill, bool blocked); +- +-/** +- * rfkill_set_states - Set the internal rfkill block states +- * @rfkill: pointer to the rfkill class to modify. +- * @sw: the current software block state to set +- * @hw: the current hardware block state to set +- * +- * This function can be called in any context, even from within rfkill +- * callbacks. +- */ +-void rfkill_set_states(struct rfkill *rfkill, bool sw, bool hw); +- +-/** +- * rfkill_blocked - query rfkill block +- * +- * @rfkill: rfkill struct to query +- */ +-bool rfkill_blocked(struct rfkill *rfkill); +-#else /* !RFKILL */ +-static inline struct rfkill * __must_check +-rfkill_alloc(const char *name, +- struct device *parent, +- const enum rfkill_type type, +- const struct rfkill_ops *ops, +- void *ops_data) +-{ +- return ERR_PTR(-ENODEV); +-} +- +-static inline int __must_check rfkill_register(struct rfkill *rfkill) +-{ +- if (rfkill == ERR_PTR(-ENODEV)) +- return 0; +- return -EINVAL; +-} +- +-static inline void rfkill_pause_polling(struct rfkill *rfkill) +-{ +-} +- +-static inline void rfkill_resume_polling(struct rfkill *rfkill) +-{ +-} +- +-static inline void rfkill_unregister(struct rfkill *rfkill) +-{ +-} +- +-static inline void rfkill_destroy(struct rfkill *rfkill) +-{ +-} +- +-static inline bool rfkill_set_hw_state(struct rfkill *rfkill, bool blocked) +-{ +- return blocked; +-} +- +-static inline bool rfkill_set_sw_state(struct rfkill *rfkill, bool blocked) +-{ +- return blocked; +-} +- +-static inline void rfkill_init_sw_state(struct rfkill *rfkill, bool blocked) +-{ +-} +- +-static inline void rfkill_set_states(struct rfkill *rfkill, bool sw, bool hw) +-{ +-} +- +-static inline bool rfkill_blocked(struct rfkill *rfkill) +-{ +- return false; +-} +-#endif /* RFKILL || RFKILL_MODULE */ +- +- +-#ifdef CONFIG_RFKILL_LEDS +-/** +- * rfkill_get_led_trigger_name - Get the LED trigger name for the button's LED. +- * This function might return a NULL pointer if registering of the +- * LED trigger failed. Use this as "default_trigger" for the LED. +- */ +-const char *rfkill_get_led_trigger_name(struct rfkill *rfkill); +- +-/** +- * rfkill_set_led_trigger_name -- set the LED trigger name +- * @rfkill: rfkill struct +- * @name: LED trigger name +- * +- * This function sets the LED trigger name of the radio LED +- * trigger that rfkill creates. It is optional, but if called +- * must be called before rfkill_register() to be effective. +- */ +-void rfkill_set_led_trigger_name(struct rfkill *rfkill, const char *name); +-#else +-static inline const char *rfkill_get_led_trigger_name(struct rfkill *rfkill) +-{ +- return NULL; +-} +- +-static inline void +-rfkill_set_led_trigger_name(struct rfkill *rfkill, const char *name) +-{ +-} +-#endif +- +-#endif /* __KERNEL__ */ + +-#endif /* RFKILL_H */ ++#endif /* _UAPI__RFKILL_H */ +-- +cgit v1.2.1 + diff --git a/src/stripper b/src/stripper index f121d3591..ac5f58ca5 100755 --- a/src/stripper +++ b/src/stripper @@ -17,7 +17,7 @@ done
function _strip() { local file=${1} - local cmd="${STRIP-strip}" + local strip="${STRIP-strip}"
local exclude l for exclude in ${excludes}; do @@ -27,17 +27,19 @@ function _strip() { fi done
+ local cmd=( "${strip}" ) + case "$(file -bi ${file})" in - application/x-sharedlib*|application/x-archive*) - cmd="${cmd} --strip-debug --remove-section=.comment --remove-section=.note" + application/x-archive*) + cmd+=( "--strip-debug" "--remove-section=.comment" "--remove-section=.note" ) ;; *) - cmd="${cmd} --strip-unneeded" + cmd+=( "--strip-all" ) ;; esac
echo "Stripping ${file}..." - ${cmd} ${file} + ${cmd[*]} ${file} }
for dir in ${dirs}; do
hooks/post-receive -- IPFire 2.x development tree