From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. e3429b4aad01ad011792d00570a3190d0058e7ff
Date: Thu, 10 Jan 2019 14:46:43 +0000 [thread overview]
Message-ID: <20190110144644.2B2AC84FDD4@people01.i.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 27650 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via e3429b4aad01ad011792d00570a3190d0058e7ff (commit)
via 11de35622f930cdf9cd64a786a832076ee251672 (commit)
via 042a5fe60a51277d3d1c717c207858dce1d28ff1 (commit)
via d381c56dc82e10ce01e68bb24b197dce0fa10580 (commit)
via ff21ff90d24de0f648d24bb906c45738b81ce67a (commit)
via 9d1708e081d7e7ba490db3620509dcce29cb0ae8 (commit)
via b76a8a008dca77f8ea9b68c95b2d04e074dfef64 (commit)
via a77870146fcf1e4575a9a0e59a85a10674599e91 (commit)
via 9f6849b3adfcc8eb91549427f531bdeb89f6d750 (commit)
via 4ed2162324a40bc19faf9e3cf698b8f03d256434 (commit)
via 045d54c324ac17edc9074b14c5a1a3187b78c2c3 (commit)
via 985741db6140464fe2f74ab76bc94223862eb6ce (commit)
via af2cc3be64d82d35978590b316a46b5b206afa0d (commit)
from 5321fcbff33f69e98f87bd0a354bab53e2a830bf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e3429b4aad01ad011792d00570a3190d0058e7ff
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu Jan 10 15:30:49 2019 +0100
clamav: Update to 0.101.1
For details see:
https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 11de35622f930cdf9cd64a786a832076ee251672
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jan 7 01:32:46 2019 +0000
core127: Ship updated tar
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 042a5fe60a51277d3d1c717c207858dce1d28ff1
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu Jan 10 14:29:22 2019 +0100
tar: Update to 1.31, including fix for bug #11958
For details see:
http://savannah.gnu.org/forum/forum.php?forum_id=9344
"- Fix heap-buffer-overrun with --one-top-level.
- Support for zstd compression.
- The -K option interacts properly with member names given in the command line.
- Fix CVE-2018-20482"
This patch was reverted because 'tar 1.31' crashed when installing PakFire packages
with the option '--no-overwrite-dir'.
See: https://bugzilla.ipfire.org/show_bug.cgi?id=11958
Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seems to fix this issue.
The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran without problems.
As always, please check and confirm.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d381c56dc82e10ce01e68bb24b197dce0fa10580
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jan 7 01:28:38 2019 +0000
core127: Ship updated GeoIP functions
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ff21ff90d24de0f648d24bb906c45738b81ce67a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Jan 10 13:00:17 2019 +0100
geoip-functions.pl: Re-write code to lookup the iso country code of a given IP-address.
Drop the usage of the old legacy GeoIP perl module which was not able to handle the
new GeoLite2 databases.
Write some code to directly access the databases and extract the required data.
Usage of the GeoIP2 perl module would provide a lot of more functionality which is not
used/needed. Unfortunately ir requires at lot of additional perl modules which are
not available on IPFire and would only be build and shipped for this module. Buildig all
of them will slow down the entire build process, mess up the system and requires a lot
more space on disk.
Fixes #11962.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9d1708e081d7e7ba490db3620509dcce29cb0ae8
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Jan 10 13:00:16 2019 +0100
GeoIP: Drop legacy GeoIP perl module.
The legacy GeoIP perl module cannot handle the new GeoLite2 databases
provided from maxmind and therefore needs to be dropped.
Reference #11960
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b76a8a008dca77f8ea9b68c95b2d04e074dfef64
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Jan 10 13:00:15 2019 +0100
xt_geoip_update: Adjust script to download and use the GeoLite2 database
Fixes #11961.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a77870146fcf1e4575a9a0e59a85a10674599e91
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Jan 10 13:00:14 2019 +0100
xtables-addons: Use shipped xt_geoip_build
Use the shipped xt_geoip_build directly instead of holding a copy in our GIT.
Reference #11959
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9f6849b3adfcc8eb91549427f531bdeb89f6d750
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Jan 10 13:00:13 2019 +0100
xtables-addons: Update to 3.2
Reference #11959
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4ed2162324a40bc19faf9e3cf698b8f03d256434
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jan 7 00:34:30 2019 +0000
perl-Net-CIDR-Lite: Make rootfile work on other arches
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 045d54c324ac17edc9074b14c5a1a3187b78c2c3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jan 7 00:31:46 2019 +0000
perl-Net-CIDR-Lite: Fix whitespace
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 985741db6140464fe2f74ab76bc94223862eb6ce
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Jan 10 13:00:12 2019 +0100
perl-Net-CIDR-Lite: New package.
This is a runtime dependency of the xt_geoip_build perl script
shipped by xtables-addons in version 3.2.
Reference #11960.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit af2cc3be64d82d35978590b316a46b5b206afa0d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jan 6 21:33:43 2019 +0000
IPVS: Enable connection tracking by default
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/geoip-functions.pl | 75 ++++++++++++++++--
config/etc/sysctl.conf | 3 +
config/rootfiles/common/GeoIP | 12 ---
.../common/{HTML-Tagset => perl-Net-CIDR-Lite} | 12 +--
config/rootfiles/core/127/filelists/files | 2 +
.../core/127/filelists/perl-Net-CIDR-Lite | 1 +
.../{oldcore/121 => core/127}/filelists/tar | 0
.../121 => core/127}/filelists/xtables-addons | 0
config/rootfiles/core/127/update.sh | 3 +
config/rootfiles/packages/clamav | 7 +-
lfs/GeoIP | 84 --------------------
lfs/clamav | 6 +-
lfs/{perl-Sort-Naturally => perl-Net-CIDR-Lite} | 12 +--
lfs/tar | 7 +-
lfs/xtables-addons | 8 +-
make.sh | 2 +-
src/patches/tar/01_extract.c.patch | 12 +++
src/scripts/xt_geoip_build | 89 ----------------------
src/scripts/xt_geoip_update | 63 +++++++--------
19 files changed, 148 insertions(+), 250 deletions(-)
delete mode 100644 config/rootfiles/common/GeoIP
copy config/rootfiles/common/{HTML-Tagset => perl-Net-CIDR-Lite} (52%)
create mode 120000 config/rootfiles/core/127/filelists/perl-Net-CIDR-Lite
copy config/rootfiles/{oldcore/121 => core/127}/filelists/tar (100%)
copy config/rootfiles/{oldcore/121 => core/127}/filelists/xtables-addons (100%)
delete mode 100644 lfs/GeoIP
copy lfs/{perl-Sort-Naturally => perl-Net-CIDR-Lite} (95%)
create mode 100644 src/patches/tar/01_extract.c.patch
delete mode 100644 src/scripts/xt_geoip_build
Difference in files:
diff --git a/config/cfgroot/geoip-functions.pl b/config/cfgroot/geoip-functions.pl
index be50d5e14..e8ce8377f 100644
--- a/config/cfgroot/geoip-functions.pl
+++ b/config/cfgroot/geoip-functions.pl
@@ -23,21 +23,82 @@
package GeoIP;
-use Geo::IP::PurePerl;
+require '/var/ipfire/network-functions.pl';
+
use Locale::Codes::Country;
-my $database;
+# Path where all the GeoIP related databases are stored.
+my $geoip_database_dir = "/var/lib/GeoIP";
+
+# Database which contains all IPv4 networks.
+my $address_ipv4_database = "GeoLite2-Country-Blocks-IPv4.csv";
+
+# Database wich contains the locations data.
+my $location_database = "GeoLite2-Country-Locations-en.csv";
sub lookup($) {
my $address = shift;
+ my $location_id;
+ my $country_code;
+
+ # Check if the given address is valid.
+ unless(&Network::check_ip_address($address)) {
+ return;
+ }
+
+ # Open the address database.
+ open(ADDRESS, "$geoip_database_dir/$address_ipv4_database") or die "Could not open $geoip_database_dir/$address_ipv4_database. $!\n";
+
+ # Loop through the file.
+ while(my $line = <ADDRESS>) {
+ # Remove newlines.
+ chomp($line);
+
+ # Split the line content.
+ my ($network, $geoname_id, $registered_country_geoname_id, $represented_country_geoname_id, $is_anonymous_proxy, $is_satellite_provider) = split(/\,/, $line);
+
+ # Check if the given address is part of the current processed network.
+ if (&Network::ip_address_in_network($address, $network)) {
+ # Store the geoname_id for this address.
+ $location_id = $geoname_id;
+
+ # Break loop.
+ last;
+ }
+ }
+
+ # Return nothing if no location_id could be found.
+ return unless($location_id);
+
+ # Close filehandle.
+ close(ADDRESS);
+
+ # Open the location database.
+ open(LOCATION, "$geoip_database_dir/$location_database") or die "Could not open $geoip_database_dir/$location_database. $!\n";
- # Load the database into memory if not already done
- if (!$database) {
- $database = Geo::IP::PurePerl->new(GEOIP_MEMORY_CACHE);
+ # Loop through the file.
+ while(my $line = <LOCATION>) {
+ # Remove newlines.
+ chomp($line);
+
+ # Split the line content.
+ my ($geoname_id, $locale_code, $continent_code, $continent_name, $country_iso_code, $country_name, $is_in_european_union) = split(/\,/, $line);
+
+ # Check if the correct location_id has been found.
+ if ($geoname_id eq $location_id) {
+ # Store the county code.
+ $country_code = $country_iso_code;
+
+ # Break loop.
+ last;
+ }
}
- # Return the name of the country
- return $database->country_code_by_name($address);
+ # Close filehandle.
+ close(LOCATION);
+
+ # Return the obtained country code.
+ return $country_code;
}
# Function to get the flag icon for a specified country code.
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 4066af767..dd087d2d9 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -26,6 +26,9 @@ net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.log_martians = 1
+# Enable connection tracking for IPVS
+net.ipv4.vs.conntrack = 1
+
kernel.printk = 1 4 1 7
vm.swappiness=1
vm.mmap_min_addr = 4096
diff --git a/config/rootfiles/common/GeoIP b/config/rootfiles/common/GeoIP
deleted file mode 100644
index d76ba645e..000000000
--- a/config/rootfiles/common/GeoIP
+++ /dev/null
@@ -1,12 +0,0 @@
-#usr/bin/geoip-lookup
-#usr/lib/perl5/site_perl/5.12.3/Geo
-#usr/lib/perl5/site_perl/5.12.3/Geo/IP
-usr/lib/perl5/site_perl/5.12.3/Geo/IP/PurePerl.pm
-#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Geo
-#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Geo/IP
-#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Geo/IP/PurePerl
-#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Geo/IP/PurePerl/.packlist
-#usr/share/GeoIP
-usr/share/GeoIP/GeoIP.dat
-#usr/share/man/man1/geoip-lookup.1
-#usr/share/man/man3/Geo::IP::PurePerl.3
diff --git a/config/rootfiles/common/perl-Net-CIDR-Lite b/config/rootfiles/common/perl-Net-CIDR-Lite
new file mode 100644
index 000000000..691a7693f
--- /dev/null
+++ b/config/rootfiles/common/perl-Net-CIDR-Lite
@@ -0,0 +1,6 @@
+#usr/lib/perl5/site_perl/5.12.3/Net/CIDR
+usr/lib/perl5/site_perl/5.12.3/Net/CIDR/Lite.pm
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/CIDR
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/CIDR/Lite
+#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/CIDR/Lite/.packlist
+#usr/share/man/man3/Net::CIDR::Lite.3
diff --git a/config/rootfiles/core/127/filelists/files b/config/rootfiles/core/127/filelists/files
index d3de58f52..6126e32e1 100644
--- a/config/rootfiles/core/127/filelists/files
+++ b/config/rootfiles/core/127/filelists/files
@@ -9,9 +9,11 @@ etc/rc.d/init.d/unbound
etc/rc.d/rc0.d/K77conntrackd
etc/rc.d/rc3.d/S22conntrackd
etc/rc.d/rc6.d/K77conntrackd
+etc/sysctl.conf
srv/web/ipfire/cgi-bin/dnsforward.cgi
srv/web/ipfire/cgi-bin/ids.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
var/ipfire/backup/include
+var/ipfire/geoip-functions.pl
diff --git a/config/rootfiles/core/127/filelists/perl-Net-CIDR-Lite b/config/rootfiles/core/127/filelists/perl-Net-CIDR-Lite
new file mode 120000
index 000000000..a51cf8773
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/perl-Net-CIDR-Lite
@@ -0,0 +1 @@
+../../../common/perl-Net-CIDR-Lite
\ No newline at end of file
diff --git a/config/rootfiles/core/127/filelists/tar b/config/rootfiles/core/127/filelists/tar
new file mode 120000
index 000000000..3e585d2eb
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/tar
@@ -0,0 +1 @@
+../../../common/tar
\ No newline at end of file
diff --git a/config/rootfiles/core/127/filelists/xtables-addons b/config/rootfiles/core/127/filelists/xtables-addons
new file mode 120000
index 000000000..2e24c4298
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/xtables-addons
@@ -0,0 +1 @@
+../../../common/xtables-addons
\ No newline at end of file
diff --git a/config/rootfiles/core/127/update.sh b/config/rootfiles/core/127/update.sh
index a8a206eab..1b4ce2918 100644
--- a/config/rootfiles/core/127/update.sh
+++ b/config/rootfiles/core/127/update.sh
@@ -52,6 +52,9 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/proxy.cgi
/etc/init.d/unbound restart
/etc/init.d/squid start
+# Reload sysctl.conf
+sysctl -p
+
# Finish
/etc/init.d/fireinfo start
sendprofile
diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index 3f35f9b17..e95d4dc6e 100644
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -8,11 +8,12 @@ usr/bin/clamscan
usr/bin/clamsubmit
usr/bin/freshclam
usr/bin/sigtool
+#usr/include/clamav-types.h
#usr/include/clamav.h
#usr/lib/libclamav.la
usr/lib/libclamav.so
usr/lib/libclamav.so.9
-usr/lib/libclamav.so.9.0.0
+usr/lib/libclamav.so.9.0.1
#usr/lib/libclammspack.la
usr/lib/libclammspack.so
usr/lib/libclammspack.so.0
@@ -20,11 +21,11 @@ usr/lib/libclammspack.so.0.1.0
#usr/lib/libclamunrar.la
usr/lib/libclamunrar.so
usr/lib/libclamunrar.so.9
-usr/lib/libclamunrar.so.9.0.0
+usr/lib/libclamunrar.so.9.0.1
#usr/lib/libclamunrar_iface.la
usr/lib/libclamunrar_iface.so
usr/lib/libclamunrar_iface.so.9
-usr/lib/libclamunrar_iface.so.9.0.0
+usr/lib/libclamunrar_iface.so.9.0.1
#usr/lib/pkgconfig/libclamav.pc
usr/sbin/clamd
#usr/share/man/man1/clambc.1
diff --git a/lfs/clamav b/lfs/clamav
index 20ff9ddf3..a6e44ebf2 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -24,7 +24,7 @@
include Config
-VER = 0.101.0
+VER = 0.101.1
THISAPP = clamav-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
-PAK_VER = 42
+PAK_VER = 43
DEPS = ""
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 47c36d13ac814b9e29ed6f5fc1691373
+$(DL_FILE)_MD5 = 9c137d6172f6e132e08e61fe25b636f8
install : $(TARGET)
diff --git a/lfs/GeoIP b/lfs/perl-Net-CIDR-Lite
similarity index 83%
rename from lfs/GeoIP
rename to lfs/perl-Net-CIDR-Lite
index ce758d8a5..a3c20b42b 100644
--- a/lfs/GeoIP
+++ b/lfs/perl-Net-CIDR-Lite
@@ -24,11 +24,10 @@
include Config
-VER = 1.25
-DATVER = 30062018
+VER = 0.21
-THISAPP = Geo-IP-PurePerl-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+THISAPP = Net-CIDR-Lite-$(VER)
+DL_FILE = ${THISAPP}.tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
@@ -37,13 +36,11 @@ TARGET = $(DIR_INFO)/$(THISAPP)
# Top-level Rules
###############################################################################
-objects = $(DL_FILE) GeoIP.dat-$(DATVER).gz
+objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-GeoIP.dat-$(DATVER).gz = $(DL_FROM)/GeoIP.dat-$(DATVER).gz
-$(DL_FILE)_MD5 = a47a1b71f7cd7c46cca9efcc448e0726
-GeoIP.dat-$(DATVER).gz_MD5 = d538e57ad9268fdc7955c6cf9a37c4a9
+$(DL_FILE)_MD5 = 12280b3754886b876918f03f53aee4f5
install : $(TARGET)
@@ -53,6 +50,9 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
+dist:
+ @$(PAK)
+
###############################################################################
# Downloading, checking, md5sum
###############################################################################
@@ -73,12 +73,8 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/geoip_1_25_change_database_path.patch
cd $(DIR_APP) && perl Makefile.PL
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
- cd $(DIR_APP) && mkdir -p /usr/share/GeoIP && \
- zcat $(DIR_DL)/GeoIP.dat-$(DATVER).gz > /usr/share/GeoIP/GeoIP.dat
- cd $(DIR_APP) && chmod 777 /srv/web/ipfire/html/images/flags
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/tar b/lfs/tar
index cbab6c2a9..953613d51 100644
--- a/lfs/tar
+++ b/lfs/tar
@@ -24,7 +24,7 @@
include Config
-VER = 1.30
+VER = 1.31
THISAPP = tar-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8404e4c1fc5a3000228ab2b8ad674a65
+$(DL_FILE)_MD5 = 77afa35b696c8d760331fa0e12c2fac9
install : $(TARGET)
@@ -80,6 +80,9 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/tar/01_extract.c.patch
+
cd $(DIR_APP) && ./configure $(EXTRA_CONFIG) FORCE_UNSAFE_CONFIGURE=1
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
diff --git a/lfs/xtables-addons b/lfs/xtables-addons
index af2784c1a..da67aa761 100644
--- a/lfs/xtables-addons
+++ b/lfs/xtables-addons
@@ -27,7 +27,7 @@ include Config
VERSUFIX = ipfire$(KCFG)
MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/extra/
-VER = 2.13
+VER = 3.2
THISAPP = xtables-addons-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = be20b0b9c4b001b364431a836e361d33
+$(DL_FILE)_MD5 = 80ea89ba8d5a001a8d71c7f05b2f0141
install : $(TARGET)
@@ -94,6 +94,10 @@ ifeq "$(USPACE)" "1"
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
+
+ # Install xt_geoip_build.
+ cd $(DIR_APP) && install -m 755 GeoIP/xt_geoip_build \
+ /usr/local/bin/
else
cd $(DIR_APP) && ./configure \
--with-kbuild=/usr/src/linux-$(KVER)/
diff --git a/make.sh b/make.sh
index fd626a999..1d9163dce 100755
--- a/make.sh
+++ b/make.sh
@@ -1305,7 +1305,6 @@ buildipfire() {
lfsmake2 python-daemon
lfsmake2 python-ipaddress
lfsmake2 glib
- lfsmake2 GeoIP
lfsmake2 ntp
lfsmake2 openssh
lfsmake2 fontconfig
@@ -1434,6 +1433,7 @@ buildipfire() {
lfsmake2 mpd
lfsmake2 libmpdclient
lfsmake2 mpc
+ lfsmake2 perl-Net-CIDR-Lite
lfsmake2 perl-Net-SMTP-SSL
lfsmake2 perl-MIME-Base64
lfsmake2 perl-Authen-SASL
diff --git a/src/patches/tar/01_extract.c.patch b/src/patches/tar/01_extract.c.patch
new file mode 100644
index 000000000..21c3cd86f
--- /dev/null
+++ b/src/patches/tar/01_extract.c.patch
@@ -0,0 +1,12 @@
+--- tar-1.31/src/extract.c 2019-01-02 18:07:48.000000000 +0000
++++ tar-1.31.patched/src/extract.c 2019-01-09 16:17:20.368612005 +0000
+@@ -782,7 +782,8 @@
+ case OVERWRITE_OLD_FILES:
+ if (0 < remove_any_file (file_name, ORDINARY_REMOVE_OPTION))
+ return RECOVER_OK;
+- break;
++ errno = e;
++ return RECOVER_NO;
+
+ case UNLINK_FIRST_OLD_FILES:
+ break;
diff --git a/src/scripts/xt_geoip_build b/src/scripts/xt_geoip_build
deleted file mode 100644
index 202156f13..000000000
--- a/src/scripts/xt_geoip_build
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/usr/bin/perl
-#
-# Converter for MaxMind CSV database to binary, for xt_geoip
-# Copyright © Jan Engelhardt, 2008-2011
-#
-use Getopt::Long;
-use IO::Handle;
-use Text::CSV_XS; # or trade for Text::CSV
-use strict;
-
-my $csv = Text::CSV_XS->new({
- allow_whitespace => 1,
- binary => 1,
- eol => $/,
-}); # or Text::CSV
-my $target_dir = ".";
-
-&Getopt::Long::Configure(qw(bundling));
-&GetOptions(
- "D=s" => \$target_dir,
-);
-
-if (!-d $target_dir) {
- print STDERR "Target directory $target_dir does not exist.\n";
- exit 1;
-}
-
-my $dir = "$target_dir/LE";
-if (!-e $dir && !mkdir($dir)) {
- print STDERR "Could not mkdir $dir: $!\n";
- exit 1;
-}
-
-&dump(&collect());
-
-sub collect
-{
- my %country;
-
- while (my $row = $csv->getline(*ARGV)) {
- if (!defined($country{$row->[4]})) {
- $country{$row->[4]} = {
- name => $row->[5],
- pool_v4 => [],
- pool_v6 => [],
- };
- }
- my $c = $country{$row->[4]};
-
- push(@{$c->{pool_v4}}, [$row->[2], $row->[3]]);
-
- if ($. % 4096 == 0) {
- print STDERR "\r\e[2K$. entries";
- }
- }
-
- print STDERR "\r\e[2K$. entries total\n";
- return \%country;
-}
-
-sub dump
-{
- my $country = shift @_;
-
- foreach my $iso_code (sort keys %$country) {
- &dump_one($iso_code, $country->{$iso_code});
- }
-}
-
-sub dump_one
-{
- my($iso_code, $country) = @_;
- my($file, $fh_le, $fh_be);
-
- printf "%5u IPv4 ranges for %s %s\n",
- scalar(@{$country->{pool_v4}}),
- $iso_code, $country->{name};
-
- $file = "$target_dir/LE/".uc($iso_code).".iv4";
- if (!open($fh_le, "> $file")) {
- print STDERR "Error opening $file: $!\n";
- exit 1;
- }
- foreach my $range (@{$country->{pool_v4}}) {
- print $fh_le pack("VV", $range->[0], $range->[1]);
- #print $fh_be pack("NN", $range->[0], $range->[1]);
- }
- close $fh_le;
-}
diff --git a/src/scripts/xt_geoip_update b/src/scripts/xt_geoip_update
index 0aea4d03e..73484c7a0 100644
--- a/src/scripts/xt_geoip_update
+++ b/src/scripts/xt_geoip_update
@@ -24,13 +24,10 @@ TMP_FILE=$(mktemp -p $TMP_PATH)
SCRIPT_PATH=/usr/local/bin
DEST_PATH=/usr/share/xt_geoip
+DB_PATH=/var/lib/GeoIP
-DL_URL=https://geolite.maxmind.com/download/geoip/database
-DL_FILE=GeoIPCountryCSV.zip
-
-CSV_FILE=GeoIPCountryWhois.csv
-
-ARCH=LE
+DL_URL=http://geolite.maxmind.com/download/geoip/database/
+DL_FILE=GeoLite2-Country-CSV.zip
eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
@@ -57,42 +54,41 @@ function download() {
# Get the latest GeoIP database from server.
wget $DL_URL/$DL_FILE $PROXYSETTINGS -O $TMP_FILE
- # Extract files.
+ # Extract files to database path.
unzip $TMP_FILE -d $TMP_PATH
return 0
}
-function build() {
- echo "Convert database..."
+function install() {
+ echo "Install CSV database..."
- # Check if the csv file exists.
- if [ ! -e $TMP_PATH/$CSV_FILE ]; then
- echo "$TMP_PATH/$CSV_FILE not found. Exiting."
- return 1
+ # Check if the database dir exists.
+ if [ ! -e "$DB_PATH" ]; then
+ mkdir -p $DB_PATH &>/dev/null
fi
- # Run script to convert the CSV file into several xtables
- # compatible binary files.
- if ! $SCRIPT_PATH/xt_geoip_build $TMP_PATH/$CSV_FILE -D $TMP_PATH; then
- echo "Could not convert ruleset. Aborting." >&2
+ # Check if the directory for binary databases exists.
+ if [ ! -e "$DEST_PATH" ]; then
+ mkdir -p $DEST_PATH &>/dev/null
+ fi
+
+ # Install CSV databases.
+ if ! cp -af $TMP_PATH/*/* $DB_PATH &>/dev/null; then
+ echo "Could not copy files. Aborting." >&2
return 1
fi
return 0
}
-function install() {
- echo "Install databases..."
-
- # Check if our destination exist.
- if [ ! -e "$DEST_PATH" ]; then
- mkdir -p $DEST_PATH &>/dev/null
- fi
+function build() {
+ echo "Convert database..."
- # Install databases.
- if ! cp -af $TMP_PATH/$ARCH $DEST_PATH &>/dev/null; then
- echo "Could not copy files. Aborting." >&2
+ # Run script to convert the CSV file into several xtables
+ # compatible binary files.
+ if ! $SCRIPT_PATH/xt_geoip_build -S $DB_PATH -D $DEST_PATH; then
+ echo "Could not convert ruleset. Aborting." >&2
return 1
fi
@@ -113,23 +109,18 @@ function main() {
# Download ruleset.
download || exit $?
- # Convert the ruleset.
- if ! build; then
- # Do cleanup.
- cleanup || exit $?
- exit 1
- fi
-
- # Install the converted ruleset.
if ! install; then
# Do cleanup.
cleanup || exit $?
exit 1
fi
- # Finaly remove temporary files.
+ # Remove temporary files.
cleanup || exit $?
+ # Convert the ruleset.
+ build || exit $?
+
return 0
}
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2019-01-10 14:46 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190110144644.2B2AC84FDD4@people01.i.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox