This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 94c09bd9c425dc11bada0548a5d066df6a73cd91 (commit) via dba780a78460ff19ba0f332ed4cab7b1db321af2 (commit) via 75612f0644da16bc26cd2f7f0483ba73ae741404 (commit) from a42dfb216d63b80ff0d03b1359424d65e3c133dc (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 94c09bd9c425dc11bada0548a5d066df6a73cd91 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 29 13:25:55 2019 +0000
core138: add firewall-lib.pl to update
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dba780a78460ff19ba0f332ed4cab7b1db321af2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Apr 16 21:08:05 2019 +0200
firewall-lib.pl: Populate GeoIP rules only if location is available.
In case a GeoIP related firewall rule should be created, the script now will check if the given location is still available.
Fixes #12054.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 75612f0644da16bc26cd2f7f0483ba73ae741404 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 29 13:22:31 2019 +0000
start core138
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/firewall/firewall-lib.pl | 40 ++++++++++++++++++---- config/rootfiles/core/{137 => 138}/exclude | 0 config/rootfiles/core/138/filelists/files | 5 +++ .../rootfiles/{oldcore/130 => core/138}/update.sh | 18 +++++++--- config/rootfiles/{core => oldcore}/137/exclude | 0 .../{core => oldcore}/137/filelists/IO-Socket-SSL | 0 .../{core => oldcore}/137/filelists/Net_SSLeay | 0 .../{core => oldcore}/137/filelists/aarch64/linux | 0 .../137/filelists/aarch64/linux-initrd | 0 .../137/filelists/armv5tel/linux-initrd-kirkwood | 0 .../137/filelists/armv5tel/linux-initrd-multi | 0 .../137/filelists/armv5tel/linux-kirkwood | 0 .../137/filelists/armv5tel/linux-multi | 0 .../rootfiles/{core => oldcore}/137/filelists/bind | 0 .../{core => oldcore}/137/filelists/collectd | 0 .../{core => oldcore}/137/filelists/dhcpcd | 0 .../{core => oldcore}/137/filelists/files | 0 .../{core => oldcore}/137/filelists/i586/linux | 0 .../137/filelists/i586/linux-initrd | 0 .../{core => oldcore}/137/filelists/iproute2 | 0 .../{core => oldcore}/137/filelists/ipset | 0 .../{core => oldcore}/137/filelists/iptables | 0 .../rootfiles/{core => oldcore}/137/filelists/knot | 0 .../{core => oldcore}/137/filelists/libhtp | 0 .../137/filelists/libnetfilter_queue | 0 .../{core => oldcore}/137/filelists/libpcap | 0 .../{core => oldcore}/137/filelists/libssh | 0 .../rootfiles/{core => oldcore}/137/filelists/pcre | 0 .../{core => oldcore}/137/filelists/strongswan | 0 .../{core => oldcore}/137/filelists/suricata | 0 .../{core => oldcore}/137/filelists/tzdata | 0 .../{core => oldcore}/137/filelists/unbound | 0 .../{core => oldcore}/137/filelists/wpa_supplicant | 0 .../{core => oldcore}/137/filelists/x86_64/linux | 0 .../137/filelists/x86_64/linux-initrd | 0 config/rootfiles/{core => oldcore}/137/update.sh | 0 make.sh | 2 +- 37 files changed, 54 insertions(+), 11 deletions(-) copy config/rootfiles/core/{137 => 138}/exclude (100%) create mode 100644 config/rootfiles/core/138/filelists/files copy config/rootfiles/{oldcore/130 => core/138}/update.sh (89%) rename config/rootfiles/{core => oldcore}/137/exclude (100%) rename config/rootfiles/{core => oldcore}/137/filelists/IO-Socket-SSL (100%) rename config/rootfiles/{core => oldcore}/137/filelists/Net_SSLeay (100%) rename config/rootfiles/{core => oldcore}/137/filelists/aarch64/linux (100%) rename config/rootfiles/{core => oldcore}/137/filelists/aarch64/linux-initrd (100%) rename config/rootfiles/{core => oldcore}/137/filelists/armv5tel/linux-initrd-kirkwood (100%) rename config/rootfiles/{core => oldcore}/137/filelists/armv5tel/linux-initrd-multi (100%) rename config/rootfiles/{core => oldcore}/137/filelists/armv5tel/linux-kirkwood (100%) rename config/rootfiles/{core => oldcore}/137/filelists/armv5tel/linux-multi (100%) rename config/rootfiles/{core => oldcore}/137/filelists/bind (100%) rename config/rootfiles/{core => oldcore}/137/filelists/collectd (100%) rename config/rootfiles/{core => oldcore}/137/filelists/dhcpcd (100%) rename config/rootfiles/{core => oldcore}/137/filelists/files (100%) rename config/rootfiles/{core => oldcore}/137/filelists/i586/linux (100%) rename config/rootfiles/{core => oldcore}/137/filelists/i586/linux-initrd (100%) rename config/rootfiles/{core => oldcore}/137/filelists/iproute2 (100%) rename config/rootfiles/{core => oldcore}/137/filelists/ipset (100%) rename config/rootfiles/{core => oldcore}/137/filelists/iptables (100%) rename config/rootfiles/{core => oldcore}/137/filelists/knot (100%) rename config/rootfiles/{core => oldcore}/137/filelists/libhtp (100%) rename config/rootfiles/{core => oldcore}/137/filelists/libnetfilter_queue (100%) rename config/rootfiles/{core => oldcore}/137/filelists/libpcap (100%) rename config/rootfiles/{core => oldcore}/137/filelists/libssh (100%) rename config/rootfiles/{core => oldcore}/137/filelists/pcre (100%) rename config/rootfiles/{core => oldcore}/137/filelists/strongswan (100%) rename config/rootfiles/{core => oldcore}/137/filelists/suricata (100%) rename config/rootfiles/{core => oldcore}/137/filelists/tzdata (100%) rename config/rootfiles/{core => oldcore}/137/filelists/unbound (100%) rename config/rootfiles/{core => oldcore}/137/filelists/wpa_supplicant (100%) rename config/rootfiles/{core => oldcore}/137/filelists/x86_64/linux (100%) rename config/rootfiles/{core => oldcore}/137/filelists/x86_64/linux-initrd (100%) rename config/rootfiles/{core => oldcore}/137/update.sh (100%)
Difference in files: diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index e4de219a4..e76ab24db 100644 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -72,6 +72,9 @@ my $netsettings = "${General::swroot}/ethernet/settings"; &General::readhasharray("$configsrvgrp", %customservicegrp); &General::get_aliases(%aliases);
+# Get all available GeoIP locations. +my @available_geoip_locations = &get_geoip_locations(); + sub get_srv_prot { my $val=shift; @@ -458,17 +461,23 @@ sub get_address
# Handle rule options with GeoIP as source. } elsif ($key eq "cust_geoip_src") { - # Get external interface. - my $external_interface = &get_external_interface(); + # Check if the given GeoIP location is available. + if(&geoip_location_is_available($value)) { + # Get external interface. + my $external_interface = &get_external_interface();
- push(@ret, ["-m geoip --src-cc $value", "$external_interface"]); + push(@ret, ["-m geoip --src-cc $value", "$external_interface"]); + }
# Handle rule options with GeoIP as target. } elsif ($key eq "cust_geoip_tgt") { - # Get external interface. - my $external_interface = &get_external_interface(); + # Check if the given GeoIP location is available. + if(&geoip_location_is_available($value)) { + # Get external interface. + my $external_interface = &get_external_interface();
- push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]); + push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]); + }
# If nothing was selected, we assume "any". } else { @@ -612,4 +621,23 @@ sub get_geoip_locations() { return &GeoIP::get_geoip_locations(); }
+# Function to check if a database of a given GeoIP location is +# available. +sub geoip_location_is_available($) { + my ($location) = @_; + + # Loop through the global array of available GeoIP locations. + foreach my $geoip_location (@available_geoip_locations) { + # Check if the current processed location is the searched one. + if($location eq $geoip_location) { + # If it is part of the array, return "1" - True. + return 1; + } + } + + # If we got here, the given location is not part of the array of available + # zones. Return nothing. + return; +} + return 1; diff --git a/config/rootfiles/core/137/exclude b/config/rootfiles/core/138/exclude similarity index 100% rename from config/rootfiles/core/137/exclude rename to config/rootfiles/core/138/exclude diff --git a/config/rootfiles/core/138/filelists/files b/config/rootfiles/core/138/filelists/files new file mode 100644 index 000000000..e780b00b0 --- /dev/null +++ b/config/rootfiles/core/138/filelists/files @@ -0,0 +1,5 @@ +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs +usr/lib/firewall/firewall-lib.pl diff --git a/config/rootfiles/core/138/update.sh b/config/rootfiles/core/138/update.sh new file mode 100644 index 000000000..5ba7e330f --- /dev/null +++ b/config/rootfiles/core/138/update.sh @@ -0,0 +1,75 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2019 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=138 + +exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + # don't start pakfire again at error + killall -KILL pak_update + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + + +# Remove files + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Start services + +# This update needs a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/137/exclude b/config/rootfiles/oldcore/137/exclude new file mode 100644 index 000000000..b22159878 --- /dev/null +++ b/config/rootfiles/oldcore/137/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/137/filelists/IO-Socket-SSL b/config/rootfiles/oldcore/137/filelists/IO-Socket-SSL similarity index 100% rename from config/rootfiles/core/137/filelists/IO-Socket-SSL rename to config/rootfiles/oldcore/137/filelists/IO-Socket-SSL diff --git a/config/rootfiles/core/137/filelists/Net_SSLeay b/config/rootfiles/oldcore/137/filelists/Net_SSLeay similarity index 100% rename from config/rootfiles/core/137/filelists/Net_SSLeay rename to config/rootfiles/oldcore/137/filelists/Net_SSLeay diff --git a/config/rootfiles/core/137/filelists/aarch64/linux b/config/rootfiles/oldcore/137/filelists/aarch64/linux similarity index 100% rename from config/rootfiles/core/137/filelists/aarch64/linux rename to config/rootfiles/oldcore/137/filelists/aarch64/linux diff --git a/config/rootfiles/core/137/filelists/aarch64/linux-initrd b/config/rootfiles/oldcore/137/filelists/aarch64/linux-initrd similarity index 100% rename from config/rootfiles/core/137/filelists/aarch64/linux-initrd rename to config/rootfiles/oldcore/137/filelists/aarch64/linux-initrd diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood b/config/rootfiles/oldcore/137/filelists/armv5tel/linux-initrd-kirkwood similarity index 100% rename from config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood rename to config/rootfiles/oldcore/137/filelists/armv5tel/linux-initrd-kirkwood diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi b/config/rootfiles/oldcore/137/filelists/armv5tel/linux-initrd-multi similarity index 100% rename from config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi rename to config/rootfiles/oldcore/137/filelists/armv5tel/linux-initrd-multi diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood b/config/rootfiles/oldcore/137/filelists/armv5tel/linux-kirkwood similarity index 100% rename from config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood rename to config/rootfiles/oldcore/137/filelists/armv5tel/linux-kirkwood diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-multi b/config/rootfiles/oldcore/137/filelists/armv5tel/linux-multi similarity index 100% rename from config/rootfiles/core/137/filelists/armv5tel/linux-multi rename to config/rootfiles/oldcore/137/filelists/armv5tel/linux-multi diff --git a/config/rootfiles/core/137/filelists/bind b/config/rootfiles/oldcore/137/filelists/bind similarity index 100% rename from config/rootfiles/core/137/filelists/bind rename to config/rootfiles/oldcore/137/filelists/bind diff --git a/config/rootfiles/core/137/filelists/collectd b/config/rootfiles/oldcore/137/filelists/collectd similarity index 100% rename from config/rootfiles/core/137/filelists/collectd rename to config/rootfiles/oldcore/137/filelists/collectd diff --git a/config/rootfiles/core/137/filelists/dhcpcd b/config/rootfiles/oldcore/137/filelists/dhcpcd similarity index 100% rename from config/rootfiles/core/137/filelists/dhcpcd rename to config/rootfiles/oldcore/137/filelists/dhcpcd diff --git a/config/rootfiles/core/137/filelists/files b/config/rootfiles/oldcore/137/filelists/files similarity index 100% rename from config/rootfiles/core/137/filelists/files rename to config/rootfiles/oldcore/137/filelists/files diff --git a/config/rootfiles/core/137/filelists/i586/linux b/config/rootfiles/oldcore/137/filelists/i586/linux similarity index 100% rename from config/rootfiles/core/137/filelists/i586/linux rename to config/rootfiles/oldcore/137/filelists/i586/linux diff --git a/config/rootfiles/core/137/filelists/i586/linux-initrd b/config/rootfiles/oldcore/137/filelists/i586/linux-initrd similarity index 100% rename from config/rootfiles/core/137/filelists/i586/linux-initrd rename to config/rootfiles/oldcore/137/filelists/i586/linux-initrd diff --git a/config/rootfiles/core/137/filelists/iproute2 b/config/rootfiles/oldcore/137/filelists/iproute2 similarity index 100% rename from config/rootfiles/core/137/filelists/iproute2 rename to config/rootfiles/oldcore/137/filelists/iproute2 diff --git a/config/rootfiles/core/137/filelists/ipset b/config/rootfiles/oldcore/137/filelists/ipset similarity index 100% rename from config/rootfiles/core/137/filelists/ipset rename to config/rootfiles/oldcore/137/filelists/ipset diff --git a/config/rootfiles/core/137/filelists/iptables b/config/rootfiles/oldcore/137/filelists/iptables similarity index 100% rename from config/rootfiles/core/137/filelists/iptables rename to config/rootfiles/oldcore/137/filelists/iptables diff --git a/config/rootfiles/core/137/filelists/knot b/config/rootfiles/oldcore/137/filelists/knot similarity index 100% rename from config/rootfiles/core/137/filelists/knot rename to config/rootfiles/oldcore/137/filelists/knot diff --git a/config/rootfiles/core/137/filelists/libhtp b/config/rootfiles/oldcore/137/filelists/libhtp similarity index 100% rename from config/rootfiles/core/137/filelists/libhtp rename to config/rootfiles/oldcore/137/filelists/libhtp diff --git a/config/rootfiles/core/137/filelists/libnetfilter_queue b/config/rootfiles/oldcore/137/filelists/libnetfilter_queue similarity index 100% rename from config/rootfiles/core/137/filelists/libnetfilter_queue rename to config/rootfiles/oldcore/137/filelists/libnetfilter_queue diff --git a/config/rootfiles/core/137/filelists/libpcap b/config/rootfiles/oldcore/137/filelists/libpcap similarity index 100% rename from config/rootfiles/core/137/filelists/libpcap rename to config/rootfiles/oldcore/137/filelists/libpcap diff --git a/config/rootfiles/core/137/filelists/libssh b/config/rootfiles/oldcore/137/filelists/libssh similarity index 100% rename from config/rootfiles/core/137/filelists/libssh rename to config/rootfiles/oldcore/137/filelists/libssh diff --git a/config/rootfiles/core/137/filelists/pcre b/config/rootfiles/oldcore/137/filelists/pcre similarity index 100% rename from config/rootfiles/core/137/filelists/pcre rename to config/rootfiles/oldcore/137/filelists/pcre diff --git a/config/rootfiles/core/137/filelists/strongswan b/config/rootfiles/oldcore/137/filelists/strongswan similarity index 100% rename from config/rootfiles/core/137/filelists/strongswan rename to config/rootfiles/oldcore/137/filelists/strongswan diff --git a/config/rootfiles/core/137/filelists/suricata b/config/rootfiles/oldcore/137/filelists/suricata similarity index 100% rename from config/rootfiles/core/137/filelists/suricata rename to config/rootfiles/oldcore/137/filelists/suricata diff --git a/config/rootfiles/core/137/filelists/tzdata b/config/rootfiles/oldcore/137/filelists/tzdata similarity index 100% rename from config/rootfiles/core/137/filelists/tzdata rename to config/rootfiles/oldcore/137/filelists/tzdata diff --git a/config/rootfiles/core/137/filelists/unbound b/config/rootfiles/oldcore/137/filelists/unbound similarity index 100% rename from config/rootfiles/core/137/filelists/unbound rename to config/rootfiles/oldcore/137/filelists/unbound diff --git a/config/rootfiles/core/137/filelists/wpa_supplicant b/config/rootfiles/oldcore/137/filelists/wpa_supplicant similarity index 100% rename from config/rootfiles/core/137/filelists/wpa_supplicant rename to config/rootfiles/oldcore/137/filelists/wpa_supplicant diff --git a/config/rootfiles/core/137/filelists/x86_64/linux b/config/rootfiles/oldcore/137/filelists/x86_64/linux similarity index 100% rename from config/rootfiles/core/137/filelists/x86_64/linux rename to config/rootfiles/oldcore/137/filelists/x86_64/linux diff --git a/config/rootfiles/core/137/filelists/x86_64/linux-initrd b/config/rootfiles/oldcore/137/filelists/x86_64/linux-initrd similarity index 100% rename from config/rootfiles/core/137/filelists/x86_64/linux-initrd rename to config/rootfiles/oldcore/137/filelists/x86_64/linux-initrd diff --git a/config/rootfiles/core/137/update.sh b/config/rootfiles/oldcore/137/update.sh similarity index 100% rename from config/rootfiles/core/137/update.sh rename to config/rootfiles/oldcore/137/update.sh diff --git a/make.sh b/make.sh index 170b16504..da674fcb6 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.23" # Version number -CORE="137" # Core Level (Filename) +CORE="138" # Core Level (Filename) PAKFIRE_CORE="137" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan
hooks/post-receive -- IPFire 2.x development tree