This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 0c29a8ab5843a2f04c070b400e2ccd3de0a4f8a2 (commit) via 3bf2f1822d654e98d5341c1134479b04edcc8db2 (commit) via d1d60e001a1123e115fe0f262690fcbd79ecdcfd (commit) via 6bc2225a5dc26c9de683c59dcdc1b92ff6ce3267 (commit) via 62be0cda19fe2a18b08141916f73ff8209ead737 (commit) via 0296bbea84ae3fc1d85d4b9249490c02f602b7ea (commit) via 40607f812638f5abd7b4b2313e7e6c1e61502f33 (commit) via bf8378e4b7593916b83fd5dfb517708bbdb67101 (commit) via 678a797077eb4026a26126c98944edd67dbd99fe (commit) via 2493a758239e07c9af39510c0745ad9bf38aa688 (commit) from e2f8251726f7b4b567021a8631f153e014442f0c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 0c29a8ab5843a2f04c070b400e2ccd3de0a4f8a2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Aug 17 20:37:07 2016 +0200
kernel: add hyper-v: mark tsc unstable patch
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3bf2f1822d654e98d5341c1134479b04edcc8db2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Aug 17 19:52:09 2016 +0200
kernel: update to 3.14.76
this kernel has important tcp and ext4 fixes.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d1d60e001a1123e115fe0f262690fcbd79ecdcfd Merge: 6bc2225 40607f8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Aug 17 19:51:01 2016 +0200
Merge branch 'core104' into next
commit 6bc2225a5dc26c9de683c59dcdc1b92ff6ce3267 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Aug 14 11:25:01 2016 +0200
Libvirt: load vhost_net before libvirtd start.
If the kernel module vhot_net is loaded, the performance of virtio networking is better then without vhost_net. So the module is loaded before libvirtd ist started to get the benefit of vhost_net.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 62be0cda19fe2a18b08141916f73ff8209ead737 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Aug 14 11:10:36 2016 +0200
Libvirt: fix configuration options
Adds a missed - to -without-dbus and -with-interface.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0296bbea84ae3fc1d85d4b9249490c02f602b7ea Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Aug 14 10:55:38 2016 +0200
Libvirt: enable storage-fs
Fixes: 11154
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit bf8378e4b7593916b83fd5dfb517708bbdb67101 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Aug 7 13:09:39 2016 +0200
dnsmasq 2.76: latest patches (013-014)
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 678a797077eb4026a26126c98944edd67dbd99fe Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Aug 7 15:29:44 2016 +0200
Add new package libusbredir
This package adds support for the use redirection of spice. It is now possible to attach USB devices of the host where the spice client run to the virtual machine.
The binary is not needed for this functionality and that's why they is not shipped with the package
This feature is also enabled in qemu.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/104/update.sh | 5 - config/rootfiles/packages/libusbredir | 18 ++ lfs/dnsmasq | 2 + lfs/{intltool => libusbredir} | 15 +- lfs/libvirt | 8 +- lfs/linux | 19 ++- lfs/qemu | 6 +- make.sh | 3 +- src/initscripts/init.d/libvirtd | 2 +- ...allow_to_exclude_ip_addresses_from_answer.patch | 184 +++++++++++++++++++++ ...rial_when_reloading_etc_hosts_and_friends.patch | 41 +++++ ...x-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch | 47 ++++++ 12 files changed, 319 insertions(+), 31 deletions(-) create mode 100644 config/rootfiles/packages/libusbredir copy lfs/{intltool => libusbredir} (93%) create mode 100644 src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch create mode 100644 src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch create mode 100644 src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch
Difference in files: diff --git a/config/rootfiles/core/104/update.sh b/config/rootfiles/core/104/update.sh index 3988a9d..0223923 100644 --- a/config/rootfiles/core/104/update.sh +++ b/config/rootfiles/core/104/update.sh @@ -139,11 +139,6 @@ esac # Extract files tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
-# Update customservices -cp /var/ipfire/fwhosts/customservices /var/ipfire/fwhosts/customservices.old -echo 35,Submission (TCP),587,TCP,BLANK,0 >> /var/ipfire/fwhosts/customservices -echo 36,SSMTP,465,TCP,BLANK,0 >> /var/ipfire/fwhosts/customservices - # Remove some old files rm -f /bin/groups /lib/libshadow.so.0*
diff --git a/config/rootfiles/packages/libusbredir b/config/rootfiles/packages/libusbredir new file mode 100644 index 0000000..d08e0b6 --- /dev/null +++ b/config/rootfiles/packages/libusbredir @@ -0,0 +1,18 @@ +#usr/include/usbredirfilter.h +#usr/include/usbredirhost.h +#usr/include/usbredirparser.h +#usr/include/usbredirproto.h +#usr/lib/libusbredirhost.a +#usr/lib/libusbredirhost.la +usr/lib/libusbredirhost.so +usr/lib/libusbredirhost.so.1 +usr/lib/libusbredirhost.so.1.0.0 +#usr/lib/libusbredirparser.a +#usr/lib/libusbredirparser.la +usr/lib/libusbredirparser.so +usr/lib/libusbredirparser.so.1 +usr/lib/libusbredirparser.so.1.0.0 +#usr/lib/pkgconfig/libusbredirhost.pc +#usr/lib/pkgconfig/libusbredirparser-0.5.pc +#usr/sbin/usbredirserver +#usr/share/man/man1/usbredirserver.1 diff --git a/lfs/dnsmasq b/lfs/dnsmasq index eb0f0ba..474dacc 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -85,6 +85,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \ diff --git a/lfs/libusbredir b/lfs/libusbredir new file mode 100644 index 0000000..652a60d --- /dev/null +++ b/lfs/libusbredir @@ -0,0 +1,84 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2016 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.7.1 + +THISAPP = usbredir-$(VER) +DL_FILE = $(THISAPP).tar.bz2 +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = libusbredir +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 35cfb1720967727dea523b943cc4126b + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/libvirt b/lfs/libvirt index ea8b0e8..854c52c 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = libvirt -PAK_VER = 6 +PAK_VER = 9
DEPS = "libpciaccess libyajl ncat qemu"
@@ -82,10 +82,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc \ --with-openssl --without-sasl \ --without-uml --without-vbox --without-lxc --without-esx --without-vmware --without-openvz \ - --without-firewalld --without-network -with-interface --with-virtualport --with-macvtap \ - --disable-nls --without-avahi --without-test-suite -without-dbus \ + --without-firewalld --without-network --with-interface --with-virtualport --with-macvtap \ + --disable-nls --without-avahi --without-test-suite --without-dbus \ --with-qemu-user=nobody --with-qemu-group=kvm \ - --with-storage-dir --without-storage-fs --without-storage-lvm --without-storage-iscsi \ + --with-storage-dir --with-storage-fs --without-storage-lvm --without-storage-iscsi \ --without-storage-scsi --without-storage-mpath --without-storage-disk --without-storage-rbd --without-storage-sheepdog --without-storage-gluster --without-storage-zfs cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install diff --git a/lfs/linux b/lfs/linux index c643da4..cfea069 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,10 +24,10 @@
include Config
-VER = 3.14.74 -RPI_PATCHES = 3.14.74-grsec-ipfire1 -A7M_PATCHES = 3.14.74-grsec-ipfire1 -GRS_PATCHES = grsecurity-3.1ipfire-3.14.74-v1.patch.xz +VER = 3.14.76 +RPI_PATCHES = 3.14.76-grsec-ipfire1 +A7M_PATCHES = 3.14.76-grsec-ipfire1 +GRS_PATCHES = grsecurity-3.1ipfire-3.14.76-v1.patch.xz
THISAPP = linux-$(VER) @@ -37,7 +37,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = CXXFLAGS =
-PAK_VER = 69 +PAK_VER = 70 DEPS = ""
KERNEL_ARCH = $(MACHINE) @@ -83,10 +83,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES). arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = f83028755dc380862a91fe75e64b01aa -rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 32b1101dc51f89c1fb3bfb1907f4bce5 -arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = b9a638c68cefd4c08dfcb9c4434458b1 -$(GRS_PATCHES)_MD5 = 5f4595575e159dd730b222d204cc9b39 +$(DL_FILE)_MD5 = 1624610ba8a7b83e8be73cee58a5ca5b +rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 4a7b9c86a565662e2c340086c0c20fa4 +arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = 873a8d057dbf850693e695df778d608c +$(GRS_PATCHES)_MD5 = e45c8c839449672fa607ad7b59ccc5c7
install : $(TARGET)
@@ -199,6 +199,7 @@ endif cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/0023-hyperv-Fix-error-return-code-in-netvsc_init_buf.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/0024-hyperv-Fix-a-bug-in-netvsc_send.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/0025-Drivers-hv-vmbus-Support-per-channel-driver-state.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch
# fix empty symbol crc's cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-genksyms_fix_typeof_handling.patch diff --git a/lfs/qemu b/lfs/qemu index 62010ee..fb4f4b3 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -33,9 +33,9 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = qemu -PAK_VER = 20 +PAK_VER = 21
-DEPS = "sdl spice" +DEPS = "libusbredir sdl spice"
############################################################################### # Top-level Rules @@ -81,7 +81,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \ --enable-kvm --disable-bluez --disable-attr \ --target-list="i386-linux-user x86_64-linux-user arm-linux-user i386-softmmu x86_64-softmmu arm-softmmu" \ - --extra-cflags="$(CFLAGS)" --enable-spice + --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install
diff --git a/make.sh b/make.sh index fdda3e5..1c832d0 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.19" # Version number CORE="104" # Core Level (Filename) -PAKFIRE_CORE="103" # Core Level (PAKFIRE) +PAKFIRE_CORE="104" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir @@ -708,6 +708,7 @@ buildipfire() { ipfiremake spice-protocol ipfiremake spice ipfiremake sdl + ipfiremake libusbredir ipfiremake qemu ipfiremake sane ipfiremake netpbm diff --git a/src/initscripts/init.d/libvirtd b/src/initscripts/init.d/libvirtd index f97d208..40bc6be 100644 --- a/src/initscripts/init.d/libvirtd +++ b/src/initscripts/init.d/libvirtd @@ -18,7 +18,7 @@ case $1 in start) boot_mesg "Load required kernel modules for Libvirt" - modprobe tun + modprobe tun vhost_net evaluate_retval boot_mesg "Starting Libvirt Daemon..." loadproc /usr/sbin/libvirtd -d diff --git a/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch b/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch new file mode 100644 index 0000000..bb5fe5d --- /dev/null +++ b/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch @@ -0,0 +1,184 @@ +From 094bfaeb4ff69cae99387bc2ea07ff57632c89f5 Mon Sep 17 00:00:00 2001 +From: Mathias Kresin dev@kresin.me +Date: Sun, 24 Jul 2016 14:15:22 +0100 +Subject: [PATCH] auth-zone: allow to exclude ip addresses from answer. + +--- + man/dnsmasq.8 | 6 +++++- + src/auth.c | 61 ++++++++++++++++++++++++++++++++++++--------------------- + src/dnsmasq.h | 1 + + src/option.c | 21 ++++++++++++++++++-- + 4 files changed, 64 insertions(+), 25 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index ac8d921..8910947 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -739,7 +739,7 @@ a return code of SERVFAIL. Note that + setting this may affect DNS behaviour in bad ways, it is not an + extra-logging flag and should not be set in production. + .TP +-.B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....]] ++.B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....][,exclude:<subnet>[/<prefix length>]].....] + Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain + will be served. If subnet(s) are given, A and AAAA records must be in one of the + specified subnets. +@@ -756,6 +756,10 @@ appear in the zone, but RFC1918 IPv4 addresses which should not. + Interface-name and address-literal subnet specifications may be used + freely in the same --auth-zone declaration. + ++It's possible to exclude certain IP addresses from responses. It can be ++used, to make sure that answers contain only global routeable IP ++addresses (by excluding loopback, RFC1918 and ULA addresses). ++ + The subnet(s) are also used to define in-addr.arpa and + ip6.arpa domains which are served for reverse-DNS queries. If not + specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6. +diff --git a/src/auth.c b/src/auth.c +index 3c5c37f..f1ca2f5 100644 +--- a/src/auth.c ++++ b/src/auth.c +@@ -18,36 +18,53 @@ + + #ifdef HAVE_AUTH + +-static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u) ++static struct addrlist *find_addrlist(struct addrlist *list, int flag, struct all_addr *addr_u) + { +- struct addrlist *subnet; +- +- for (subnet = zone->subnet; subnet; subnet = subnet->next) +- { +- if (!(subnet->flags & ADDRLIST_IPV6)) +- { +- struct in_addr netmask, addr = addr_u->addr.addr4; +- +- if (!(flag & F_IPV4)) +- continue; +- +- netmask.s_addr = htonl(~(in_addr_t)0 << (32 - subnet->prefixlen)); +- +- if (is_same_net(addr, subnet->addr.addr.addr4, netmask)) +- return subnet; +- } ++ do { ++ if (!(list->flags & ADDRLIST_IPV6)) ++ { ++ struct in_addr netmask, addr = addr_u->addr.addr4; ++ ++ if (!(flag & F_IPV4)) ++ continue; ++ ++ netmask.s_addr = htonl(~(in_addr_t)0 << (32 - list->prefixlen)); ++ ++ if (is_same_net(addr, list->addr.addr.addr4, netmask)) ++ return list; ++ } + #ifdef HAVE_IPV6 +- else if (is_same_net6(&(addr_u->addr.addr6), &subnet->addr.addr.addr6, subnet->prefixlen)) +- return subnet; ++ else if (is_same_net6(&(addr_u->addr.addr6), &list->addr.addr.addr6, list->prefixlen)) ++ return list; + #endif +- +- } ++ ++ } while ((list = list->next)); ++ + return NULL; + } + ++static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u) ++{ ++ if (!zone->subnet) ++ return NULL; ++ ++ return find_addrlist(zone->subnet, flag, addr_u); ++} ++ ++static struct addrlist *find_exclude(struct auth_zone *zone, int flag, struct all_addr *addr_u) ++{ ++ if (!zone->exclude) ++ return NULL; ++ ++ return find_addrlist(zone->exclude, flag, addr_u); ++} ++ + static int filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u) + { +- /* No zones specified, no filter */ ++ if (find_exclude(zone, flag, addr_u)) ++ return 0; ++ ++ /* No subnets specified, no filter */ + if (!zone->subnet) + return 1; + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 2bda5d0..27385a9 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -340,6 +340,7 @@ struct auth_zone { + struct auth_name_list *next; + } *interface_names; + struct addrlist *subnet; ++ struct addrlist *exclude; + struct auth_zone *next; + }; + +diff --git a/src/option.c b/src/option.c +index d8c57d6..6cedef3 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -1906,6 +1906,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + new = opt_malloc(sizeof(struct auth_zone)); + new->domain = opt_string_alloc(arg); + new->subnet = NULL; ++ new->exclude = NULL; + new->interface_names = NULL; + new->next = daemon->auth_zones; + daemon->auth_zones = new; +@@ -1913,6 +1914,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + while ((arg = comma)) + { + int prefixlen = 0; ++ int is_exclude = 0; + char *prefix; + struct addrlist *subnet = NULL; + struct all_addr addr; +@@ -1923,6 +1925,12 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + if (prefix && !atoi_check(prefix, &prefixlen)) + ret_err(gen_err); + ++ if (strstr(arg, "exclude:") == arg) ++ { ++ is_exclude = 1; ++ arg = arg+8; ++ } ++ + if (inet_pton(AF_INET, arg, &addr.addr.addr4)) + { + subnet = opt_malloc(sizeof(struct addrlist)); +@@ -1960,8 +1968,17 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + if (subnet) + { + subnet->addr = addr; +- subnet->next = new->subnet; +- new->subnet = subnet; ++ ++ if (is_exclude) ++ { ++ subnet->next = new->exclude; ++ new->exclude = subnet; ++ } ++ else ++ { ++ subnet->next = new->subnet; ++ new->subnet = subnet; ++ } + } + } + break; +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch b/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch new file mode 100644 index 0000000..054323b --- /dev/null +++ b/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch @@ -0,0 +1,41 @@ +From c8328ecde896575b3cb81cf537747df531f90771 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Fri, 5 Aug 2016 16:54:58 +0100 +Subject: [PATCH] Bump auth zone serial when reloading /etc/hosts and friends. + +--- + CHANGELOG | 4 ++++ + src/dnsmasq.c | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/CHANGELOG b/CHANGELOG +index 9f1e404..4f89799 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -20,6 +20,10 @@ version 2.77 + Fix problem with --dnssec-timestamp whereby receipt + of SIGHUP would erroneously engage timestamp checking. + Thanks to Kevin Darbyshire-Bryant for this work. ++ ++ Bump zone serial on reloading /etc/hosts and friends ++ when providing authoritative DNS. Thanks to Harrald ++ Dunkel for spotting this. + + + version 2.76 +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index a47273f..3580bea 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -1226,6 +1226,8 @@ static void async_event(int pipe, time_t now) + switch (ev.event) + { + case EVENT_RELOAD: ++ daemon->soa_sn++; /* Bump zone serial, as it may have changed. */ ++ + #ifdef HAVE_DNSSEC + if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME)) + { +-- +1.7.10.4 + diff --git a/src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch b/src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch new file mode 100644 index 0000000..d12f46b --- /dev/null +++ b/src/patches/linux-hyperv_Mark_the_Hyoer-V_TSC_as_unstable.patch @@ -0,0 +1,47 @@ +From 88c9281a9fba67636ab26c1fd6afbc78a632374f Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov vkuznets@redhat.com +Date: Wed, 19 Aug 2015 09:54:24 -0700 +Subject: x86/hyperv: Mark the Hyper-V TSC as unstable + +The Hyper-V top-level functional specification states, that +"algorithms should be resilient to sudden jumps forward or +backward in the TSC value", this means that we should consider +TSC as unstable. In some cases tsc tests are able to detect the +instability, it was detected in 543 out of 646 boots in my +testing: + + Measured 6277 cycles TSC warp between CPUs, turning off TSC clock. + tsc: Marking TSC unstable due to check_tsc_sync_source failed + +This is, however, just a heuristic. On Hyper-V platform there +are two good clocksources: MSR-based hyperv_clocksource and +recently introduced TSC page. + +Signed-off-by: Vitaly Kuznetsov vkuznets@redhat.com +Cc: Haiyang Zhang haiyangz@microsoft.com +Cc: K. Y. Srinivasan kys@microsoft.com +Cc: Linus Torvalds torvalds@linux-foundation.org +Cc: Peter Zijlstra peterz@infradead.org +Cc: Thomas Gleixner tglx@linutronix.de +Cc: devel@linuxdriverproject.org +Link: http://lkml.kernel.org/r/1440003264-9949-1-git-send-email-vkuznets@redhat.co... +Signed-off-by: Ingo Molnar mingo@kernel.org +--- + arch/x86/kernel/cpu/mshyperv.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c +index aad4bd8..6fd023d 100644 +--- a/arch/x86/kernel/cpu/mshyperv.c ++++ b/arch/x86/kernel/cpu/mshyperv.c +@@ -141,6 +141,7 @@ static void __init ms_hyperv_init_platform(void) + no_timer_check = 1; + #endif + ++ mark_tsc_unstable("running on Hyper-V"); + } + + const __refconst struct hypervisor_x86 x86_hyper_ms_hyperv = { +-- +cgit v0.12 +
hooks/post-receive -- IPFire 2.x development tree