* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 2e63b7128e519657d445b0cbfc473725fc13a3a4
@ 2023-07-13 14:38 Peter Müller
0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2023-07-13 14:38 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 23574 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 2e63b7128e519657d445b0cbfc473725fc13a3a4 (commit)
via a1836ab1206151d0a714c273d384a5b9ec65f569 (commit)
via 16c82f31aa944b248dedb51469e385052f9ea161 (commit)
via f20ca78eff6e8baeb86361f55adf52819d1bae1f (commit)
via 1b6b4118b2234efa9b28553bc8f9b2c6b74bb5fb (commit)
via 607d3a26d8635e6d5ceb4bdcd57198ab23174bbc (commit)
via 525e575e0463d9275904ec1273b650859e5358c3 (commit)
via cc78ea658d06f1866fb235c14535bd52bb4a479b (commit)
via e08399ddd31d6885559afff2970e0c65dd5fbcc2 (commit)
via c084d8f970b428ef043aab0263c0f2a8c2f814f5 (commit)
via f7447b1b8e37a8ac6663e49ce50f4e1fa49538d4 (commit)
from 46c8316642fe90df99de1c0b735f7f4ed9a44464 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2e63b7128e519657d445b0cbfc473725fc13a3a4
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jul 10 17:30:15 2023 +0000
dehydrated: Keep going if re-issuing one certificate fails
This change will make sure that dehydrated will continue if (re-)issuing
one or more certificate fails.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a1836ab1206151d0a714c273d384a5b9ec65f569
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 11 09:37:26 2023 +0000
core177: Do not ship location database extracted in ipset format
Since the update is not built on the day when people install it, we will
ship an outdated database. For updates, where the firewall is being
reloaded or rebooted, we will have an old database in place until the
next database update job runs.
Secondly, the data is 33 MiB in size, which is useless data shipped as
every system will already have a database that is very likely to be more
recent.
In this update, we are not shipping the location database again, but I
wanted to add this change so it does not get lost next time.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 16c82f31aa944b248dedb51469e385052f9ea161
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Jul 13 14:28:44 2023 +0000
Core Update 177: Ship unbound-dhcp-leases-bridge
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f20ca78eff6e8baeb86361f55adf52819d1bae1f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 11 13:29:32 2023 +0000
unbound-dhcp-leases-bridge: Reload unbound to import leases
This changes the old "diff" algorithm that we needed to have before
Unbound was able to reload its own configuration.
Now, it can do this even without dropping the cache. This should
hopefully perform much better and be more reliable than the old way.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 1b6b4118b2234efa9b28553bc8f9b2c6b74bb5fb
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Jul 13 14:26:34 2023 +0000
Core Update 177: Ship fireinfo
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 607d3a26d8635e6d5ceb4bdcd57198ab23174bbc
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jul 13 14:05:38 2023 +0000
fireinfo: Fix SEGV in detect_hypervisor()
Fixes: #13155 - _fireinfo.detect_hypervisor() rises Segmentation fault
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 525e575e0463d9275904ec1273b650859e5358c3
Author: Jon Murphy <jon.murphy(a)ipfire.org>
Date: Thu Jul 6 16:05:06 2023 -0500
pmacct: fix bug 13159
- changes `interface` to `pcap_interface` in pmacct.conf file.
- thank you to @iptom for finding and reporting the issue and
to many others for pitching in and helping debug!
Signed-off-by: Jon Murphy <jon.murphy(a)ipfire.org>
commit cc78ea658d06f1866fb235c14535bd52bb4a479b
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Jul 9 15:15:00 2023 +0000
Core Update 177: Delete OpenSSL 1.1.1 files
Originally announced for Core Update 176, this step was postponed until
Core Update 177 due to my fault of having shipped all necessary
dependencies for OpenSSL 3.x in Core Update 175 properly.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e08399ddd31d6885559afff2970e0c65dd5fbcc2
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Jul 9 14:56:00 2023 +0000
linux: Trigger a BUG() when corruption of kernel data structures is detected
Given that this will merely log such an incident, this can be safely
enabled.
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c084d8f970b428ef043aab0263c0f2a8c2f814f5
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Jul 9 14:55:00 2023 +0000
linux: Enable Indirect Branch Tracking by default
This became upstream default (see
https://www.phoronix.com/news/Linux-IBT-By-Default-Tip for IT news media
coverage), and given its security-relevance, we should adopt this
setting as well.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f7447b1b8e37a8ac6663e49ce50f4e1fa49538d4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Jul 10 13:50:42 2023 +0200
kernel: update to 6.1.38
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/dehydrated/cron.sh | 2 +-
config/kernel/kernel.config.aarch64-ipfire | 6 +--
config/kernel/kernel.config.riscv64-ipfire | 4 +-
config/kernel/kernel.config.x86_64-ipfire | 8 ++--
config/pmacct/pmacct.conf | 25 ++++++++---
config/rootfiles/common/x86_64/linux | 1 +
config/rootfiles/core/177/exclude | 1 +
config/rootfiles/core/177/filelists/files | 1 +
.../{oldcore/127 => core/177}/filelists/fireinfo | 0
config/rootfiles/core/177/update.sh | 6 ++-
config/unbound/unbound-dhcp-leases-bridge | 52 ++++------------------
lfs/dehydrated | 2 +-
lfs/fireinfo | 1 +
lfs/linux | 4 +-
lfs/pmacct | 4 +-
src/paks/pmacct/install.sh | 12 ++++-
...ff-by-one-error-when-detecting-hypervisor.patch | 38 ++++++++++++++++
17 files changed, 100 insertions(+), 67 deletions(-)
copy config/rootfiles/{oldcore/127 => core/177}/filelists/fireinfo (100%)
create mode 100644 src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch
Difference in files:
diff --git a/config/dehydrated/cron.sh b/config/dehydrated/cron.sh
index 0aa778a38..f2f842527 100644
--- a/config/dehydrated/cron.sh
+++ b/config/dehydrated/cron.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-exec /usr/bin/dehydrated --cron
+exec /usr/bin/dehydrated --cron --keep-going
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index a2c852654..bc07256b6 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm64 6.1.37-ipfire Kernel Configuration
+# Linux/arm64 6.1.38-ipfire Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.0"
CONFIG_CC_IS_GCC=y
@@ -8586,11 +8586,11 @@ CONFIG_STACKTRACE=y
#
# Debug kernel data structures
#
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
# CONFIG_DEBUG_PLIST is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+CONFIG_BUG_ON_DATA_CORRUPTION=y
# CONFIG_DEBUG_MAPLE_TREE is not set
# end of Debug kernel data structures
diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire
index 8197244c1..7b129a349 100644
--- a/config/kernel/kernel.config.riscv64-ipfire
+++ b/config/kernel/kernel.config.riscv64-ipfire
@@ -7073,11 +7073,11 @@ CONFIG_STACKTRACE=y
#
# Debug kernel data structures
#
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
# CONFIG_DEBUG_PLIST is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+CONFIG_BUG_ON_DATA_CORRUPTION=y
# CONFIG_DEBUG_MAPLE_TREE is not set
# end of Debug kernel data structures
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index 0017a6f54..eeda765dd 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 6.1.37-ipfire Kernel Configuration
+# Linux/x86 6.1.38-ipfire Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.0"
CONFIG_CC_IS_GCC=y
@@ -431,7 +431,7 @@ CONFIG_X86_PAT=y
CONFIG_ARCH_USES_PG_UNCACHED=y
CONFIG_X86_UMIP=y
CONFIG_CC_HAS_IBT=y
-# CONFIG_X86_KERNEL_IBT is not set
+CONFIG_X86_KERNEL_IBT=y
CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
CONFIG_X86_INTEL_TSX_MODE_OFF=y
# CONFIG_X86_INTEL_TSX_MODE_ON is not set
@@ -7761,11 +7761,11 @@ CONFIG_STACKTRACE=y
#
# Debug kernel data structures
#
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
# CONFIG_DEBUG_PLIST is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+CONFIG_BUG_ON_DATA_CORRUPTION=y
# CONFIG_DEBUG_MAPLE_TREE is not set
# end of Debug kernel data structures
diff --git a/config/pmacct/pmacct.conf b/config/pmacct/pmacct.conf
index 3c1d47efa..79e3fd6a7 100644
--- a/config/pmacct/pmacct.conf
+++ b/config/pmacct/pmacct.conf
@@ -2,23 +2,38 @@
! Pmacctd configuration file for IPFire environment
!
+!----------------------------------- global -----------------------------------
+
syslog: daemon
daemonize: true
debug: false
promisc: true
-interface: green0
+pcap_interface: green0
+
+imt_mem_pools_number: 256
+plugins: memory[plugin1] # , sqlite3[plugin2]
+
+
+!----------------------------------- memory -----------------------------------
!
! "plugin1" plugin configuration
!
-plugins: memory[plugin1]
plugin_buffer_size[plugin1]: 102400
-plugin_pipe_size[plugin1]: 10240000
+plugin_pipe_size[plugin1]: 10240000
-imt_mem_pools_number: 256
imt_path[plugin1]: /var/spool/pmacct/plugin1.pipe
aggregate[plugin1]: src_host, src_port, src_mac, dst_host, dst_port, dst_mac, proto
-aggregate_filter[plugin1]: ip
\ No newline at end of file
+aggregate_filter[plugin1]: ip
+
+
+!----------------------------------- sqlite3 ----------------------------------
+
+!
+! "plugin2" plugin configuration
+!
+
+! add your sqlite3 plugin2 here...
diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux
index 2da7da282..512246b73 100644
--- a/config/rootfiles/common/x86_64/linux
+++ b/config/rootfiles/common/x86_64/linux
@@ -11324,6 +11324,7 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/config/X86_INTERNODE_CACHE_SHIFT
#lib/modules/KVER-ipfire/build/include/config/X86_IOPL_IOPERM
#lib/modules/KVER-ipfire/build/include/config/X86_IO_APIC
+#lib/modules/KVER-ipfire/build/include/config/X86_KERNEL_IBT
#lib/modules/KVER-ipfire/build/include/config/X86_L1_CACHE_SHIFT
#lib/modules/KVER-ipfire/build/include/config/X86_LOCAL_APIC
#lib/modules/KVER-ipfire/build/include/config/X86_MCE
diff --git a/config/rootfiles/core/177/exclude b/config/rootfiles/core/177/exclude
index 378c2d563..8ee1c3c2f 100644
--- a/config/rootfiles/core/177/exclude
+++ b/config/rootfiles/core/177/exclude
@@ -27,6 +27,7 @@ var/ipfire/urlfilter/blacklist
var/ipfire/urlfilter/settings
var/lib/alternatives
var/lib/location/database.db
+var/lib/location/ipset
var/log/cache
var/log/dhcpcd.log
var/log/messages
diff --git a/config/rootfiles/core/177/filelists/files b/config/rootfiles/core/177/filelists/files
index 2b03325d3..1e50572e7 100644
--- a/config/rootfiles/core/177/filelists/files
+++ b/config/rootfiles/core/177/filelists/files
@@ -233,3 +233,4 @@ lib/firmware/rtlwifi/rtl8192fufw.bin
lib/firmware/rtw89/rtw8851b_fw.bin
lib/firmware/rtw89/rtw8852b_fw-1.bin
lib/firmware/rtw89/rtw8852c_fw.bin
+usr/sbin/unbound-dhcp-leases-bridge
diff --git a/config/rootfiles/core/177/filelists/fireinfo b/config/rootfiles/core/177/filelists/fireinfo
new file mode 120000
index 000000000..c46115521
--- /dev/null
+++ b/config/rootfiles/core/177/filelists/fireinfo
@@ -0,0 +1 @@
+../../../common/fireinfo
\ No newline at end of file
diff --git a/config/rootfiles/core/177/update.sh b/config/rootfiles/core/177/update.sh
index ebe2b4fe5..a98d39f2d 100644
--- a/config/rootfiles/core/177/update.sh
+++ b/config/rootfiles/core/177/update.sh
@@ -106,7 +106,10 @@ rm -rvf \
/lib/firmware/cxgb4/t5fw-1.27.1* \
/lib/firmware/cxgb4/t6fw-1.27.1* \
/lib/firmware/intel/ice/ddp-comms/ice_comms-1.3.3* \
- /lib/firmware/intel/ice/ddp-wireless_edge/ice_wireless_edge-1.3.7*
+ /lib/firmware/intel/ice/ddp-wireless_edge/ice_wireless_edge-1.3.7* \
+ /usr/lib/engines-1* \
+ /usr/lib/libcrypto.so.1* \
+ /usr/lib/libssl.so.1*
# update linker config
ldconfig
@@ -118,6 +121,7 @@ ldconfig
/usr/local/bin/filesystem-cleanup
# Start services
+/etc/init.d/unbound reload
/etc/init.d/ntp restart
if [ -f /var/ipfire/proxy/enable ]; then
/etc/init.d/squid start
diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbound-dhcp-leases-bridge
index e89e0446b..e9f022aff 100644
--- a/config/unbound/unbound-dhcp-leases-bridge
+++ b/config/unbound/unbound-dhcp-leases-bridge
@@ -514,56 +514,19 @@ class UnboundConfigWriter(object):
def __init__(self, path):
self.path = path
- self._cached_leases = []
-
def update_dhcp_leases(self, leases):
- # Find any leases that have expired or do not exist any more
- # but are still in the unbound local data
- removed_leases = [l for l in self._cached_leases if not l in leases]
-
- # Find any leases that have been added
- new_leases = [l for l in leases if l not in self._cached_leases]
-
- # End here if nothing has changed
- if not new_leases and not removed_leases:
- return
-
# Write out all leases
self.write_dhcp_leases(leases)
- # Update unbound about changes
- for l in removed_leases:
- try:
- for name, ttl, type, content in l.rrset:
- log.debug("Removing records for %s" % name)
- self._control("local_data_remove", name)
-
- # If the lease cannot be removed we will try the next one
- except:
- continue
-
- # If the removal was successful, we will remove it from the cache
- else:
- self._cached_leases.remove(l)
-
- for l in new_leases:
- try:
- for rr in l.rrset:
- log.debug("Adding new record %s" % " ".join(rr))
- self._control("local_data", *rr)
-
- # If the lease cannot be added we will try the next one
- except:
- continue
+ log.debug("Reloading Unbound...")
- # Add lease to cache when successfully added
- else:
- self._cached_leases.append(l)
+ # Reload the configuration without dropping the cache
+ self._control("reload_keep_cache")
def write_dhcp_leases(self, leases):
- with tempfile.NamedTemporaryFile(mode="w", delete=False) as f:
- filename = f.name
+ log.debug("Writing DHCP leases...")
+ with tempfile.NamedTemporaryFile(mode="w", delete=False) as f:
for l in leases:
for rr in l.rrset:
f.write("local-data: \"%s\"\n" % " ".join(rr))
@@ -571,7 +534,8 @@ class UnboundConfigWriter(object):
# Make file readable for everyone
os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)
- os.rename(filename, self.path)
+ # Move the file to its destination
+ os.rename(f.name, self.path)
def _control(self, *args):
command = ["unbound-control"]
@@ -585,7 +549,7 @@ class UnboundConfigWriter(object):
log.critical("Could not run %s, error code: %s: %s" % (
" ".join(command), e.returncode, e.output))
- raise
+ raise e
if __name__ == "__main__":
diff --git a/lfs/dehydrated b/lfs/dehydrated
index 7cd92076b..821c1433b 100644
--- a/lfs/dehydrated
+++ b/lfs/dehydrated
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = dehydrated
-PAK_VER = 5
+PAK_VER = 6
DEPS =
diff --git a/lfs/fireinfo b/lfs/fireinfo
index 8b38885d6..629626d1e 100644
--- a/lfs/fireinfo
+++ b/lfs/fireinfo
@@ -75,6 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/fireinfo-2.2.0-python-3.8.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/fireinfo-system-blacklist-jetways-product-uuid.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo/fireinfo-system-ignore-when-the-serial-number-is-ssn.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch
cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh
cd $(DIR_APP) && ./configure --prefix=/usr
diff --git a/lfs/linux b/lfs/linux
index 87442185a..e9a50fba5 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -24,7 +24,7 @@
include Config
-VER = 6.1.37
+VER = 6.1.38
ARM_PATCHES = 6.1.y-ipfire2
@@ -76,7 +76,7 @@ objects = \
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_BLAKE2 = 9ea4b47123c21b658923f46d3f7d6b911f49e8616f038feefef860b3bb8756b2cbd0b097640b18333d79951b99c37dc32c1a4357263ff69641580c4d3ab4bc56
+$(DL_FILE)_BLAKE2 = 43f0fe3f8aeb03e5a2bf46b358b8dc4515765b70f56fb136847c78a80889bc2e163768d941500c285f40f705634b5fd3d6e0d81c10521fc351596c95db62490e
arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 = 7afc460562fb24bcd75784fc79de768f9b60780aedd88d1a847927169e31920bbb475b1ac1466c4a224a7876d16bd8d465b96202de12b74f6e2ccbfcec731ad3
install : $(TARGET)
diff --git a/lfs/pmacct b/lfs/pmacct
index 7c8b32772..4be1be156 100644
--- a/lfs/pmacct
+++ b/lfs/pmacct
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2019-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2019-2023 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = pmacct
-PAK_VER = 5
+PAK_VER = 6
DEPS = libcdada
diff --git a/src/paks/pmacct/install.sh b/src/paks/pmacct/install.sh
index 11b16f6c1..abf8ce37e 100755
--- a/src/paks/pmacct/install.sh
+++ b/src/paks/pmacct/install.sh
@@ -17,7 +17,7 @@
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
-# Copyright (C) 2007 IPFire-Team <info(a)ipfire.org>. #
+# Copyright (C) 2007-2023 IPFire-Team <info(a)ipfire.org>. #
# #
############################################################################
#
@@ -26,11 +26,19 @@
extract_files
restore_backup ${NAME}
+# update needed for a change in config file
+# temporary update added for CU 177
+CONFIG="/etc/pmacct/pmacct.conf"
+if grep -q "^interface" "${CONFIG}" ; then
+ if sed -i.bak 's|^interface|pcap_interface|g' "${CONFIG}" ; then
+ logger -t pmacct "updated ${CONFIG} and changed \"interface\" to \"pcap_interface\""
+ fi
+fi
+
# Add symlinks for runlevels
ln -s ../init.d/${NAME} /etc/rc.d/rc0.d/K85${NAME}
ln -s ../init.d/${NAME} /etc/rc.d/rc3.d/S50${NAME}
ln -s ../init.d/${NAME} /etc/rc.d/rc6.d/K85${NAME}
start_service ${NAME}
-
# EOF
diff --git a/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch b/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch
new file mode 100644
index 000000000..0799ecce5
--- /dev/null
+++ b/src/patches/fireinfo-virt-fix-off-by-one-error-when-detecting-hypervisor.patch
@@ -0,0 +1,38 @@
+From e3e68b9baa9723916b1999394432e9ad260cfaa2 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer(a)ipfire.org>
+Date: Sat, 1 Jul 2023 09:08:48 +0000
+Subject: [PATCH] virt: Fix off-by-one error when detecting hypervisor
+
+Reported-by: Mauro Condarelli <mc5686(a)mclink.it>
+Fixes: #13155 - _fireinfo.detect_hypervisor() rises Segmentation fault
+Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
+---
+ src/_fireinfo/fireinfo.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/_fireinfo/fireinfo.c b/src/_fireinfo/fireinfo.c
+index 1d3f424..18edf34 100644
+--- a/src/_fireinfo/fireinfo.c
++++ b/src/_fireinfo/fireinfo.c
+@@ -32,8 +32,8 @@ enum hypervisors {
+ HYPER_KVM,
+ HYPER_MSHV,
+ HYPER_VMWARE,
++ // Must always be last
+ HYPER_OTHER,
+- HYPER_LAST /* for loop - must be last*/
+ };
+
+ const char *hypervisor_ids[] = {
+@@ -157,7 +157,7 @@ int detect_hypervisor(int *hypervisor) {
+ *hypervisor = HYPER_OTHER;
+
+ if (*sig.text) {
+- for (int id = HYPER_NONE + 1; id < HYPER_LAST; id++) {
++ for (int id = HYPER_NONE + 1; id < HYPER_OTHER; id++) {
+ if (strcmp(hypervisor_ids[id], sig.text) == 0) {
+ *hypervisor = id;
+ break;
+--
+2.39.2
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-07-13 14:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-13 14:38 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 2e63b7128e519657d445b0cbfc473725fc13a3a4 Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox