* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 799aa347abb25ab304b4c162b6fef7af0daaee4e
@ 2025-03-31 15:26 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-03-31 15:26 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 799aa347abb25ab304b4c162b6fef7af0daaee4e (commit)
via 52c0e4819d07fc46339f9ea0b2fd66a74b69cfef (commit)
via 1c1ff05cdc37fe9ccabda9413c270935c3a45478 (commit)
via 8fa1831bff7e1d76eb83b145976211aa703062e1 (commit)
via e26b7aaa37c91fde4d7bc0fe338118bc93348dd3 (commit)
via 4bbb98385f80537c50dd66d69afef97732149926 (commit)
via 0ffe4b075e8dc5f12aaa60235b771a2f0e2a0453 (commit)
via 2e052e656a542d4784fba8ef4c035ebb56690a0f (commit)
via fe75b1511278dead34aef04fcb051b5bcc7f1817 (commit)
via 4109b42e34cd85a5ae7b9a0d2cf3db0000e04068 (commit)
via e725c6691d8d2ca8470afcc1379e0794d43c6b6e (commit)
via 57cab5e367a89f1ddb4ba4b04f0f2094bf328335 (commit)
via e8988295f2c9d2fc01a151296b1d5132a452a544 (commit)
via a5bea20c6a11c881294db4149c1a853781df20e5 (commit)
via ee5bd0ef6fc6ba437430cd0e025ce8aa4fb2591c (commit)
via e8100bfb1dc9bf8c58d2e6d770cdd60e6e0d8b9b (commit)
via 9a84686cd29d213361db02d11e6ca8555aa787f1 (commit)
via 89628cc97418d1e78475640385f80ee9bbaa2eef (commit)
via af709863fbb597ee9c91d57cb6935db3ac70c4c5 (commit)
via d32897e39727502a0957d5cc7b0dd88445f9a9a5 (commit)
via ee688ea061b242eb9eaf61d7c406fda5a957addc (commit)
via b3cb61cac304abaefcf3bbf0ba0a2e8baf39ace0 (commit)
via 1a69d7f81a5096b754f6acab189a436416aa517d (commit)
from cfad72e8f13d471f88f76dd74e8c6938c0546601 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 799aa347abb25ab304b4c162b6fef7af0daaee4e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Mar 31 15:23:32 2025 +0000
core194: Ship changed firewall rules and aliases.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 52c0e4819d07fc46339f9ea0b2fd66a74b69cfef
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Mar 31 17:16:24 2025 +0200
aliases.cgi: Reload firewall after updating aliases
This is requried to update any REDNAT rules.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1c1ff05cdc37fe9ccabda9413c270935c3a45478
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Mar 31 16:35:26 2025 +0200
firewall: Explicitely don't NAT any aliases
It seems that there is a problem with local connections that have
preselected an outgoing interface. That will work just fine, but
ultimately the packet will be NATed back to the primary RED IP address.
To prevent this, we are adding some extra rules that skip the MASQUERADE
target.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8fa1831bff7e1d76eb83b145976211aa703062e1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Mar 31 16:31:43 2025 +0200
firewall: Collect all networks that should not be NATed in an array
No functional changes.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e26b7aaa37c91fde4d7bc0fe338118bc93348dd3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Mar 31 15:22:14 2025 +0000
core194: Ship libxml2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4bbb98385f80537c50dd66d69afef97732149926
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:45:09 2025 +0200
tshark: Ship due to libxml sobump
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0ffe4b075e8dc5f12aaa60235b771a2f0e2a0453
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:45:08 2025 +0200
rng-tools: Ship due to libxml sobump
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 2e052e656a542d4784fba8ef4c035ebb56690a0f
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:45:07 2025 +0200
nfs: Ship due to libxml sobump
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit fe75b1511278dead34aef04fcb051b5bcc7f1817
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:45:06 2025 +0200
libvirt: Ship due to libxml sobump
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4109b42e34cd85a5ae7b9a0d2cf3db0000e04068
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:45:05 2025 +0200
clamav: Ship due to libxml sobump
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e725c6691d8d2ca8470afcc1379e0794d43c6b6e
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:45:04 2025 +0200
core194: Ship rrdtool
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 57cab5e367a89f1ddb4ba4b04f0f2094bf328335
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:45:03 2025 +0200
core194: Ship libxslt
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e8988295f2c9d2fc01a151296b1d5132a452a544
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:45:02 2025 +0200
core194: Ship collectd
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a5bea20c6a11c881294db4149c1a853781df20e5
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:45:01 2025 +0200
core194: Ship apache2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ee5bd0ef6fc6ba437430cd0e025ce8aa4fb2591c
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:45:00 2025 +0200
libxml2: Update to version 2.14.0
- Update from version 2.13.5 to 2.14.0
- Update of rootfile
- sobump so ran find-dependencies. apache2, clamav, collectd, libvirt, libxslt, nfs,
rng-tools, rrdtool and tshark are all linked against the lib bump. So additional
patches are in this set to bump the PAK_VER and ship the addons and to ship the
linkied core packages. Hope it is done correctly. Let me know if not.
- 2 CVE fixes added into version 2.13.6
- Changelog
2.14.0
Major changes
The HTML tokenizer now conforms fully to HTML5. Several non-standard
syntax warnings were removed. Note that HTML5 tree construction isn't
implemented yet.
Binary compatibility is restricted to versions 2.14 or newer. On ELF
systems, the soname was bumped from libxml2.so.2 to libxml2.so.16.
The serialization API will now take user-provided or default encodings
into account when serializing attribute values, matching the
serialization of text and avoiding unnecessary escaping.
The XML parser won't try to merge consecutive CDATA sections as before
to align with web standards. Each CDATA section will create exactly one
node or SAX callback.
Support for RELAX NG can now be disabled with a new configuration
option independently of XML Schemas support. It is still enabled by
default.
The "legacy" configuration option won't enable support for HTTP and
LZMA anymore. These features will be removed in the next release.
Parts of the xmllint executable were refactored, allowing the
combination of more options. OOM errors should be reported reliably now.
Several improvements were made to the build systems. Meson is fully
supported now.
Parts of the buffering code were reworked and simplified.
Overflow checks before reallocations were hardenend.
Some unprefixed symbols were renamed to avoid namespace pollution.
New features
Input callbacks can now be set on a parser context and an improved API
to create parser input is available. The following new functions,
taking a parser input object, were added:
- xmlCtxtParseDocument
- xmlCtxtParseContent as replacement for xmlParseBalancedChunkMemory
and xmlParseInNodeContext
- xmlCtxtParseDtd
The xmlSave API now has additional options to replace global settings.
Parser options XML_PARSE_UNZIP, XML_PARSE_NO_SYS_CATALOG and
XML_PARSE_CATALOG_PI were added.
An API function to install a custom character encoding converter is
now available. This makes it possible to use ICU for encoding conversion
even if libxml2 was compiled without ICU support, see example/icu.c.
Deprecations
Access to many public struct members is now deprecated. Several accessor
functions were added to use instead.
More internal functions were deprecated.
Removals
Metadata about the HTML4 content model was removed from the htmlElemDesc
struct and related functions were deprecated.
The FTP module and related functions were removed.
Support for the range and point extensions of the xpointer() scheme
was removed. The rest of the XPointer implementation isn't affected.
The xpointer() scheme now behaves like the xpath1() scheme.
Several legacy symbols and the functions in xmlunicode.h were removed.
ELF version information was removed.
The shell was moved from libxml2 to xmllint. Several related functions
are no longer available.
The libxml.m4 file containing autoconf macros was removed.
The --with-tree configuration option was removed.
The hack to detect single-threaded programs under glibc was removed.
Planned removals
Support for HTTP and LZMA compression is planned to be removed in the
2.15 release.
The following features are considered for removal:
- Modules API (xmlmodule.h)
- Schematron support
- Support for zlib compressed file I/O
- Legacy Windows build system in win32
RELAX NG support is still in a bad state and a long-term removal
candidate.
2.13.7
Regressions
- tree: Fix xmlTextMerge with NULL args
- io: Fix `compressed` flag for uncompressed stdin
- parser: Fix parsing of DTD content
2.13.6
Security
- [CVE-2025-24928] Fix stack-buffer-overflow in xmlSnprintfElements
- [CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd
- pattern: Fix compilation of explicit child axis
Regressions
- xmllint: Support compressed input from stdin
- uri: Fix handling of Windows drive letters
- reader: Fix return value of xmlTextReaderReadString again
- SAX2: Fix xmlSAX2ResolveEntity if systemId is NULL
Portability
- dict: Handle ENOSYS from getentropy gracefully
- Fix compilation with uclibc (Dario Binacchi)
- python: Declare init func with PyMODINIT_FUNC
- tests: Fix sanitizer version check on old Apple clang
- cmake: Work around broken sys/random.h in old macOS SDKs
Build
- autotools: Set AC_CONFIG_AUX_DIR
- cmake: Always build Python module as shared library
- cmake: add missing `Bcrypt` link on Windows (Saleem Abdulrasool)
- cmake: Fix compatibility in package version file
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e8100bfb1dc9bf8c58d2e6d770cdd60e6e0d8b9b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Mar 31 15:21:09 2025 +0000
core194: Ship procps
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9a84686cd29d213361db02d11e6ca8555aa787f1
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:18:23 2025 +0200
core194: Ship coreutils
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 89628cc97418d1e78475640385f80ee9bbaa2eef
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:18:22 2025 +0200
procps: Update to version 4.0.5
- Update from version 4.0.4 to 4.0.5
- Update of rootfile
- sobump so ran find-dependencies. usr/bin/uptime from coreutils is linked to the procps
libs. So a separate patch created to ship coreutils. I hope I have done it correctly
- Changelog
4.0.5
* library
increment current, revision and age to 0: 1:0:0
internal: days/users when value is 0 issue #303
internal: dont print 60s but increment minute issue #302
internal: stat api fixed remaining cpu distortions issue #321
internal: only count user sessions
internal: Recover from meminfo seek using LXC Debian #1072831
internal: stat api no longer counts guest tics twice issue #339
external: zswap & zswapped added to meminfo api
external: schedule class added to pids api
external: disk sleep added to pids api, sleep revised issue #265
external: docker containers added to pids api
external: procps_users new exported function
external: procps_uptime_snprint uses given upseconds
external: procps_container_uptime
external: meminfo api adds SecPageTables, Unaccepted
external: pids api now provides open file descriptors
external: 'info' parm removed from all 'VAL' macros issue #332
external: Add procps_sigmask_names
external: Add procps_capability_names
external: Add PIDS_CAP__PRM Permitted Capabilities
* build-sys: Added --disable-pidwait and fixed logic issue #352
* kill: Correctly parse negative pids issue #354
* pgrep: select process by environment variable issue #167
* pgrep: Rework pidfile reading to include stdin issue #318
* pmap: Don't escape correct UTF-8 characters
* ps: Add environ field
* ps: Add htprv and htshr fields for HugeTables
* ps: restore lost tasks for options --sort with -H issue #304
* ps: add 'docker' containers field, similar to 'lxc'
* ps: Restore AIX free-format issue #323
* ps: can display open file descriptors for each task
* ps: Fix signames scanning issue #341
* ps: Add -o pcap,pcaps to show permitted capabilities
* ps: Zombies show <defunct> in the commandname issue #355
* ps: Use quick mode if possible merge #239
* slabtop: Add --human option for slab size
* snice: Minor fix for help screen Debian #1086441
* sysctl: Add glob excludes merge #206
* sysctl: --all skips stat_refresh Debian #978688
* top: added a 'CLS' scheduling class field, like ps
* top: exploit library addition of 'disk sleep' issue #265
* top: add 'docker' containers field, similar to 'lxc'
* top: provides additional control over colors
* top: can display open file descriptors for each task
* top: corrected cpu % for hosts with qemu processes issue #339
* top: remains functional if /proc mounted subset=pid
* top: can display a task's permitted capabilities (^A)
* uptime: Add container uptime option issue #300
* vmstat: Add page allocation to --stats
* vmstat.8: si/so are changed by --unit Debian #1061944
* w: Don't segfault with -s option issue #301
* w: Cache pids list issue #305
* w: Add container uptime option
* w.1: Note utmp is for non-systemd Debian #1080333
* watch: use clock_gettime issue #295
* watch.1: --chgexit only works for visible changes Debian #729569
* hugetop: a new utility to show huge page information merge #214
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit af709863fbb597ee9c91d57cb6935db3ac70c4c5
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Mar 31 15:20:20 2025 +0000
core194: Ship xz
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit d32897e39727502a0957d5cc7b0dd88445f9a9a5
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:15:55 2025 +0200
xz: Update to version 5.8.0
- Update from version 5.6.3 to 5.8.0
- branch 5.8 is the new stable branch. Branch 5.6 from now on will only get critical
fixes, there will be no new releases on that old branch.
- Update of rootfile
- Changlog
5.8.0
This bumps the minor version of liblzma because new features were
added. The API and ABI are still backward compatible with liblzma
5.6.x, 5.4.x, 5.2.x, and 5.0.x.
* liblzma on 32/64-bit x86: When possible, use SSE2 intrinsics
instead of memcpy() in the LZMA/LZMA2 decoder. In typical cases,
this may reduce decompression time by 0-5 %. However, when built
against musl libc, over 15 % time reduction was observed with
highly compressed files.
* CMake: Make the feature test macros match the Autotools-based
build on NetBSD, Darwin, and mingw-w64.
* Update the Croatian, Italian, Portuguese, and Romanian
translations.
* Update the German, Italian, Korean, Romanian, Serbian, and
Ukrainian man page translations.
Summary of changes in the 5.7.x development releases:
* Mark the following LZMA Utils script aliases as deprecated:
lzcmp, lzdiff, lzless, lzmore, lzgrep, lzegrep, and lzfgrep.
* liblzma:
- Improve LZMA/LZMA2 encoder speed on 64-bit PowerPC (both
endiannesses) and those 64-bit RISC-V processors that
support fast unaligned access.
- Add low-level APIs for RISC-V, ARM64, and x86 BCJ filters
to lzma/bcj.h. These are primarily for erofs-utils.
- x86/x86-64/E2K CLMUL CRC code was rewritten.
- Use the CRC32 instructions on LoongArch.
* xz:
- Synchronize the output file and its directory using fsync()
before deleting the input file. No syncing is done when xz
isn't going to delete the input file.
- Add --no-sync to disable the sync-before-delete behavior.
- Make --single-stream imply --keep.
* xz, xzdec, lzmainfo: When printing messages, replace
non-printable characters with question marks.
* xz and xzdec on Linux: Support Landlock ABI versions 5 and 6.
* CMake: Revise the configuration variables and some of their
options, and document them in the file INSTALL. CMake support
is no longer experimental. (It was already not experimental
when building for native Windows.)
* Add build-aux/license-check.sh.
5.6.4
* liblzma: Fix LZMA/LZMA2 encoder on big endian ARM64.
* xz:
- Fix --filters= and --filters1= ... --filters9= options
parsing. They require an argument, thus "xz --filters lzma2"
should work in addition to "xz --filters=lzma2".
- On the man page, note in the --compress and --decompress
options that the default behavior is to delete the input
file unless writing to standard output. It was already
documented in the DESCRIPTION section but new users in
a hurry might miss it.
* Windows (native builds, not Cygwin): Fix regressions introduced
in XZ Utils 5.6.3 which caused non-ASCII characters to display
incorrectly. Only builds with translation support were affected
(--enable-nls or ENABLE_NLS=ON). The following changes affect
builds that have translations enabled:
- Require UCRT because MSVCRT doesn't support UTF-8
locales and thus translations won't be readable on
Windows 10 version 1903 and later. (MSVCRT builds
are still possible with --disable-nls or ENABLE_NLS=OFF.)
- Require gettext-runtime >= 0.23.1 because older versions
don't autodetect the use of the UTF-8 code page. This
resulted in garbled non-ASCII characters even with UCRT.
- Partially fix alignment issues in xz --verbose --list
with translated messages. Chinese (simplified),
Chinese (traditional), and Korean column headings
are misaligned still because Windows and MinGW-w64
don't provide wcwidth() and XZ Utils doesn't include
a replacement function either.
* CMake: Explicitly disable unity builds. This prevents build
failures when another project uses XZ Utils via CMake's
FetchContent module, and that project enables unity builds.
* Update Chinese (traditional) and Serbian translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ee688ea061b242eb9eaf61d7c406fda5a957addc
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:15:53 2025 +0200
harfbuzz: Update to version 11.0.0
- Update from version 10.4.0 to 11.0.0
- Update of rootfile
- Changelog
11.0.0
- There are three new font-functions implementations (integrations) in this
release:
* `hb-coretext` has gained one, calling into the CoreText library,
* `hb-directwrite` has gained one, calling into the DirectWrite library.
* `hb-fontations` has gained one, calling into the Skrifa Rust library.
All three are mostly useful for performance and correctness testing, but some
clients might find them useful.
An API is added to use them from a single API by providing a backend name
string:
* `hb_font_set_funcs_using()`
- Several new APIs are added, to load a font-face using different
"face-loaders", and a single entry point to them all using a loader name
string:
* `hb_ft_face_create_from_file_or_fail()` and
`hb_ft_face_create_from_blob_or_fail()`
* `hb_coretext_face_create_from_file_or_fail()` and
`hb_coretext_face_create_from_blob_or_fail()`
* `hb_directwrite_face_create_from_file_or_fail()` and
`hb_directwrite_face_create_from_blob_or_fail()`
* `hb_face_create_from_file_or_fail_using()`
- All drawing and painting operations using the default, `hb-ot` functions have
become memory allocation-free.
- Several performance optimizations have been implemented.
- Application of the `trak` table during shaping has been improved.
- The `directwrite` shaper now supports font variations, and correctly applies
user features.
- The `hb-directwrite` API and shaper has graduated from experimental.
- Various bug fixes and other improvements.
- New API:
+hb_malloc
+hb_calloc
+hb_realloc
+hb_free
+hb_face_list_loaders
+hb_face_create_or_fail_using
+hb_face_create_from_file_or_fail_using
+hb_font_list_funcs
+hb_font_set_funcs_using
+hb_coretext_face_create_from_blob_or_fail
+hb_directwrite_face_create_from_file_or_fail
+hb_directwrite_face_create_from_blob_or_fail
+hb_directwrite_font_create
+hb_directwrite_font_get_dw_font_face
+hb_directwrite_font_set_funcs
+hb_fontations_font_set_funcs
+hb_ft_face_create_from_blob_or_fail
+hb_paint_push_font_transform
+hb_paint_push_inverse_font_transform
+HB_BUFFER_CLUSTER_LEVEL_GRAPHEMES
+HB_BUFFER_CLUSTER_LEVEL_IS_MONOTONE
+HB_BUFFER_CLUSTER_LEVEL_IS_GRAPHEMES
+HB_BUFFER_CLUSTER_LEVEL_IS_CHARACTERS
- Deprecated API:
+hb_directwrite_font_get_dw_font
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b3cb61cac304abaefcf3bbf0ba0a2e8baf39ace0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Mar 31 15:18:58 2025 +0000
core194: Ship iproute2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1a69d7f81a5096b754f6acab189a436416aa517d
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Mar 31 15:15:54 2025 +0200
iproute2: Update to version 6.14.0
- Update from version 6.11.0 to 6.14.0
- Update of rootfile
- Changelog is not available. Details of changes have to be found by reviewing the git
log file - https://web.git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/harfbuzz | 8 ++--
config/rootfiles/common/iproute2 | 2 +-
config/rootfiles/common/libxml2 | 5 +-
config/rootfiles/common/procps | 6 ++-
config/rootfiles/common/xz | 54 +++++++++++++++++++++-
.../{oldcore/114 => core/194}/filelists/apache2 | 0
.../{oldcore/125 => core/194}/filelists/collectd | 0
.../{oldcore/103 => core/194}/filelists/coreutils | 0
config/rootfiles/core/194/filelists/files | 3 ++
.../{oldcore/106 => core/194}/filelists/iproute2 | 0
.../{oldcore/101 => core/194}/filelists/libxml2 | 0
.../{oldcore/157 => core/194}/filelists/libxslt | 0
.../{oldcore/103 => core/194}/filelists/procps | 0
.../{oldcore/111 => core/194}/filelists/rrdtool | 0
.../{oldcore/100 => core/194}/filelists/xz | 0
html/cgi-bin/aliases.cgi | 3 ++
lfs/clamav | 2 +-
lfs/harfbuzz | 4 +-
lfs/iproute2 | 6 +--
lfs/libvirt | 2 +-
lfs/libxml2 | 6 +--
lfs/nfs | 2 +-
lfs/procps | 8 ++--
lfs/rng-tools | 4 +-
lfs/tshark | 2 +-
lfs/xz | 6 +--
src/initscripts/system/firewall | 15 ++++--
src/initscripts/system/functions | 15 ++++++
28 files changed, 116 insertions(+), 37 deletions(-)
copy config/rootfiles/{oldcore/114 => core/194}/filelists/apache2 (100%)
copy config/rootfiles/{oldcore/125 => core/194}/filelists/collectd (100%)
copy config/rootfiles/{oldcore/103 => core/194}/filelists/coreutils (100%)
copy config/rootfiles/{oldcore/106 => core/194}/filelists/iproute2 (100%)
copy config/rootfiles/{oldcore/101 => core/194}/filelists/libxml2 (100%)
copy config/rootfiles/{oldcore/157 => core/194}/filelists/libxslt (100%)
copy config/rootfiles/{oldcore/103 => core/194}/filelists/procps (100%)
copy config/rootfiles/{oldcore/111 => core/194}/filelists/rrdtool (100%)
copy config/rootfiles/{oldcore/100 => core/194}/filelists/xz (100%)
Difference in files:
diff --git a/config/rootfiles/common/harfbuzz b/config/rootfiles/common/harfbuzz
index e10840df60..20faa05257 100644
--- a/config/rootfiles/common/harfbuzz
+++ b/config/rootfiles/common/harfbuzz
@@ -47,16 +47,16 @@
#usr/lib/cmake/harfbuzz/harfbuzz-config.cmake
#usr/lib/libharfbuzz-cairo.so
usr/lib/libharfbuzz-cairo.so.0
-usr/lib/libharfbuzz-cairo.so.0.61040.0
+usr/lib/libharfbuzz-cairo.so.0.61100.0
#usr/lib/libharfbuzz-gobject.so
usr/lib/libharfbuzz-gobject.so.0
-usr/lib/libharfbuzz-gobject.so.0.61040.0
+usr/lib/libharfbuzz-gobject.so.0.61100.0
#usr/lib/libharfbuzz-subset.so
usr/lib/libharfbuzz-subset.so.0
-usr/lib/libharfbuzz-subset.so.0.61040.0
+usr/lib/libharfbuzz-subset.so.0.61100.0
#usr/lib/libharfbuzz.so
usr/lib/libharfbuzz.so.0
-usr/lib/libharfbuzz.so.0.61040.0
+usr/lib/libharfbuzz.so.0.61100.0
#usr/lib/pkgconfig/harfbuzz-cairo.pc
#usr/lib/pkgconfig/harfbuzz-gobject.pc
#usr/lib/pkgconfig/harfbuzz-subset.pc
diff --git a/config/rootfiles/common/iproute2 b/config/rootfiles/common/iproute2
index da7134d2dc..6c4dac6e08 100644
--- a/config/rootfiles/common/iproute2
+++ b/config/rootfiles/common/iproute2
@@ -95,6 +95,7 @@ usr/share/bash-completion/completions/tc
#usr/share/man/man8/nstat.8
#usr/share/man/man8/rdma-dev.8
#usr/share/man/man8/rdma-link.8
+#usr/share/man/man8/rdma-monitor.8
#usr/share/man/man8/rdma-resource.8
#usr/share/man/man8/rdma-statistic.8
#usr/share/man/man8/rdma-system.8
@@ -171,4 +172,3 @@ usr/share/bash-completion/completions/tc
#usr/share/man/man8/vdpa-dev.8
#usr/share/man/man8/vdpa-mgmtdev.8
#usr/share/man/man8/vdpa.8
-#var/lib/arpd
diff --git a/config/rootfiles/common/libxml2 b/config/rootfiles/common/libxml2
index 7fa2881991..589b5b7523 100644
--- a/config/rootfiles/common/libxml2
+++ b/config/rootfiles/common/libxml2
@@ -53,10 +53,9 @@
#usr/lib/cmake/libxml2/libxml2-config.cmake
#usr/lib/libxml2.la
#usr/lib/libxml2.so
-usr/lib/libxml2.so.2
-usr/lib/libxml2.so.2.13.5
+usr/lib/libxml2.so.16
+usr/lib/libxml2.so.16.0.0
#usr/lib/pkgconfig/libxml-2.0.pc
-#usr/share/aclocal/libxml.m4
#usr/share/doc/libxml2
#usr/share/doc/libxml2/xmlcatalog.html
#usr/share/doc/libxml2/xmllint.html
diff --git a/config/rootfiles/common/procps b/config/rootfiles/common/procps
index 08431a6119..9b57be43fb 100644
--- a/config/rootfiles/common/procps
+++ b/config/rootfiles/common/procps
@@ -2,12 +2,13 @@ bin/kill
bin/ps
#lib/libproc2.la
#lib/libproc2.so
-lib/libproc2.so.0
-lib/libproc2.so.0.0.2
+lib/libproc2.so.1
+lib/libproc2.so.1.0.0
#lib/pkgconfig
#lib/pkgconfig/libproc2.pc
sbin/sysctl
usr/bin/free
+usr/bin/hugetop
usr/bin/pgrep
usr/bin/pidof
usr/bin/pidwait
@@ -46,6 +47,7 @@ usr/bin/watch
#usr/share/locale/vi/LC_MESSAGES/procps-ng.mo
#usr/share/locale/zh_CN/LC_MESSAGES/procps-ng.mo
#usr/share/man/man1/free.1
+#usr/share/man/man1/hugetop.1
#usr/share/man/man1/kill.1
#usr/share/man/man1/pgrep.1
#usr/share/man/man1/pidof.1
diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz
index cd64e2c319..3873744c8b 100644
--- a/config/rootfiles/common/xz
+++ b/config/rootfiles/common/xz
@@ -41,7 +41,7 @@ usr/bin/xzmore
#usr/lib/liblzma.la
#usr/lib/liblzma.so
usr/lib/liblzma.so.5
-usr/lib/liblzma.so.5.6.3
+usr/lib/liblzma.so.5.8.0
#usr/lib/pkgconfig/liblzma.pc
#usr/share/doc/xz
#usr/share/doc/xz/AUTHORS
@@ -74,7 +74,9 @@ usr/lib/liblzma.so.5.6.3
#usr/share/locale/hr/LC_MESSAGES/xz.mo
#usr/share/locale/hu/LC_MESSAGES/xz.mo
#usr/share/locale/it/LC_MESSAGES/xz.mo
+#usr/share/locale/ka/LC_MESSAGES/xz.mo
#usr/share/locale/ko/LC_MESSAGES/xz.mo
+#usr/share/locale/nl/LC_MESSAGES/xz.mo
#usr/share/locale/pl/LC_MESSAGES/xz.mo
#usr/share/locale/pt/LC_MESSAGES/xz.mo
#usr/share/locale/pt_BR/LC_MESSAGES/xz.mo
@@ -124,6 +126,31 @@ usr/lib/liblzma.so.5.6.3
#usr/share/man/fr/man1/xzcat.1
#usr/share/man/fr/man1/xzdec.1
#usr/share/man/fr/man1/xzless.1
+#usr/share/man/it
+#usr/share/man/it/man1
+#usr/share/man/it/man1/lzcat.1
+#usr/share/man/it/man1/lzcmp.1
+#usr/share/man/it/man1/lzdiff.1
+#usr/share/man/it/man1/lzegrep.1
+#usr/share/man/it/man1/lzfgrep.1
+#usr/share/man/it/man1/lzgrep.1
+#usr/share/man/it/man1/lzless.1
+#usr/share/man/it/man1/lzma.1
+#usr/share/man/it/man1/lzmadec.1
+#usr/share/man/it/man1/lzmainfo.1
+#usr/share/man/it/man1/lzmore.1
+#usr/share/man/it/man1/unlzma.1
+#usr/share/man/it/man1/unxz.1
+#usr/share/man/it/man1/xz.1
+#usr/share/man/it/man1/xzcat.1
+#usr/share/man/it/man1/xzcmp.1
+#usr/share/man/it/man1/xzdec.1
+#usr/share/man/it/man1/xzdiff.1
+#usr/share/man/it/man1/xzegrep.1
+#usr/share/man/it/man1/xzfgrep.1
+#usr/share/man/it/man1/xzgrep.1
+#usr/share/man/it/man1/xzless.1
+#usr/share/man/it/man1/xzmore.1
#usr/share/man/ko
#usr/share/man/ko/man1
#usr/share/man/ko/man1/lzcat.1
@@ -210,6 +237,31 @@ usr/lib/liblzma.so.5.6.3
#usr/share/man/ro/man1/xzgrep.1
#usr/share/man/ro/man1/xzless.1
#usr/share/man/ro/man1/xzmore.1
+#usr/share/man/sr
+#usr/share/man/sr/man1
+#usr/share/man/sr/man1/lzcat.1
+#usr/share/man/sr/man1/lzcmp.1
+#usr/share/man/sr/man1/lzdiff.1
+#usr/share/man/sr/man1/lzegrep.1
+#usr/share/man/sr/man1/lzfgrep.1
+#usr/share/man/sr/man1/lzgrep.1
+#usr/share/man/sr/man1/lzless.1
+#usr/share/man/sr/man1/lzma.1
+#usr/share/man/sr/man1/lzmadec.1
+#usr/share/man/sr/man1/lzmainfo.1
+#usr/share/man/sr/man1/lzmore.1
+#usr/share/man/sr/man1/unlzma.1
+#usr/share/man/sr/man1/unxz.1
+#usr/share/man/sr/man1/xz.1
+#usr/share/man/sr/man1/xzcat.1
+#usr/share/man/sr/man1/xzcmp.1
+#usr/share/man/sr/man1/xzdec.1
+#usr/share/man/sr/man1/xzdiff.1
+#usr/share/man/sr/man1/xzegrep.1
+#usr/share/man/sr/man1/xzfgrep.1
+#usr/share/man/sr/man1/xzgrep.1
+#usr/share/man/sr/man1/xzless.1
+#usr/share/man/sr/man1/xzmore.1
#usr/share/man/uk
#usr/share/man/uk/man1
#usr/share/man/uk/man1/lzcat.1
diff --git a/config/rootfiles/core/194/filelists/apache2 b/config/rootfiles/core/194/filelists/apache2
new file mode 120000
index 0000000000..eef95efa72
--- /dev/null
+++ b/config/rootfiles/core/194/filelists/apache2
@@ -0,0 +1 @@
+../../../common/apache2
\ No newline at end of file
diff --git a/config/rootfiles/core/194/filelists/collectd b/config/rootfiles/core/194/filelists/collectd
new file mode 120000
index 0000000000..871b32f14b
--- /dev/null
+++ b/config/rootfiles/core/194/filelists/collectd
@@ -0,0 +1 @@
+../../../common/collectd
\ No newline at end of file
diff --git a/config/rootfiles/core/194/filelists/coreutils b/config/rootfiles/core/194/filelists/coreutils
new file mode 120000
index 0000000000..7351ed2cf5
--- /dev/null
+++ b/config/rootfiles/core/194/filelists/coreutils
@@ -0,0 +1 @@
+../../../common/coreutils
\ No newline at end of file
diff --git a/config/rootfiles/core/194/filelists/files b/config/rootfiles/core/194/filelists/files
index 93b48a87c0..e615ef92e0 100644
--- a/config/rootfiles/core/194/filelists/files
+++ b/config/rootfiles/core/194/filelists/files
@@ -1 +1,4 @@
+etc/rc.d/init.d/firewall
+etc/rc.d/init.d/functions
+srv/web/ipfire/cgi-bin/aliases.cgi
srv/web/ipfire/cgi-bin/pakfire.cgi
diff --git a/config/rootfiles/core/194/filelists/iproute2 b/config/rootfiles/core/194/filelists/iproute2
new file mode 120000
index 0000000000..05f0f71fb5
--- /dev/null
+++ b/config/rootfiles/core/194/filelists/iproute2
@@ -0,0 +1 @@
+../../../common/iproute2
\ No newline at end of file
diff --git a/config/rootfiles/core/194/filelists/libxml2 b/config/rootfiles/core/194/filelists/libxml2
new file mode 120000
index 0000000000..242e69fa35
--- /dev/null
+++ b/config/rootfiles/core/194/filelists/libxml2
@@ -0,0 +1 @@
+../../../common/libxml2
\ No newline at end of file
diff --git a/config/rootfiles/core/194/filelists/libxslt b/config/rootfiles/core/194/filelists/libxslt
new file mode 120000
index 0000000000..bf9d76609b
--- /dev/null
+++ b/config/rootfiles/core/194/filelists/libxslt
@@ -0,0 +1 @@
+../../../common/libxslt
\ No newline at end of file
diff --git a/config/rootfiles/core/194/filelists/procps b/config/rootfiles/core/194/filelists/procps
new file mode 120000
index 0000000000..e17e8ed704
--- /dev/null
+++ b/config/rootfiles/core/194/filelists/procps
@@ -0,0 +1 @@
+../../../common/procps
\ No newline at end of file
diff --git a/config/rootfiles/core/194/filelists/rrdtool b/config/rootfiles/core/194/filelists/rrdtool
new file mode 120000
index 0000000000..7a82e414b6
--- /dev/null
+++ b/config/rootfiles/core/194/filelists/rrdtool
@@ -0,0 +1 @@
+../../../common/rrdtool
\ No newline at end of file
diff --git a/config/rootfiles/core/194/filelists/xz b/config/rootfiles/core/194/filelists/xz
new file mode 120000
index 0000000000..734e926c7e
--- /dev/null
+++ b/config/rootfiles/core/194/filelists/xz
@@ -0,0 +1 @@
+../../../common/xz
\ No newline at end of file
diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi
index def03ff9b2..aa1ea4cb61 100644
--- a/html/cgi-bin/aliases.cgi
+++ b/html/cgi-bin/aliases.cgi
@@ -615,6 +615,9 @@ sub SortDataFile
sub BuildConfiguration {
# Restart service associated with this
&General::system('/usr/local/bin/setaliases');
+
+ # Reload the firewall for REDNAT rules
+ &General::firewall_reload();
}
#
diff --git a/lfs/clamav b/lfs/clamav
index ba87dac3a0..e6bb323551 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
-PAK_VER = 75
+PAK_VER = 76
DEPS =
diff --git a/lfs/harfbuzz b/lfs/harfbuzz
index 6388b9d3c0..be8fe3d25e 100644
--- a/lfs/harfbuzz
+++ b/lfs/harfbuzz
@@ -24,7 +24,7 @@
include Config
-VER = 10.4.0
+VER = 11.0.0
THISAPP = harfbuzz-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 21a2ed81ead5f06658c6153ad756631aacf5522bf58cdc5a54585cc03b0562c634ecabcd686fa76d2dda3497eb1a7d9e10c771e29da62c5946438d9ed8c46075
+$(DL_FILE)_BLAKE2 = 0775321ea24a257d6609f59e9f0fa7129416575938ff11e16f9df2a33bd9391e0dc20bf4be75131f1b8e15961dc04e3fef1d6ff88de71c556a9aab7889f0a185
install : $(TARGET)
diff --git a/lfs/iproute2 b/lfs/iproute2
index 0ba0f38359..6dd3d4c3b8 100644
--- a/lfs/iproute2
+++ b/lfs/iproute2
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 6.11.0
+VER = 6.14.0
# https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/
THISAPP = iproute2-$(VER)
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1a360d7cb9a70f5cde184abe934f2d08e9c0d2196c4ec10015636af3984abe2738d9dd8d6c7a69569fc7449e9933829f4eccd593ab8c041ce7b6385adaed63cc
+$(DL_FILE)_BLAKE2 = 18bd180c608b657694f4713bf915d45006c97a7206a3260ac52149d4c976422e1949ada425d4989c5a7e327e3d8eb45ea990de25f3645bb1308ac2531bf834d2
install : $(TARGET)
diff --git a/lfs/libvirt b/lfs/libvirt
index df8d2b224e..1bd9844be8 100644
--- a/lfs/libvirt
+++ b/lfs/libvirt
@@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = x86_64 aarch64
PROG = libvirt
-PAK_VER = 38
+PAK_VER = 39
DEPS = ebtables libpciaccess ovmf qemu
diff --git a/lfs/libxml2 b/lfs/libxml2
index 5ecea8db75..c1014f56fd 100644
--- a/lfs/libxml2
+++ b/lfs/libxml2
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.13.5
+VER = 2.14.0
THISAPP = libxml2-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 46c280630638e2c8009c593bbbcf90ccbfffe9ddcc99987c4d91c2223043759f2b4d6511b31b2357c5250ac3b40d96ef05c17b4d2adc61972665f8a0d899dfe8
+$(DL_FILE)_BLAKE2 = 4e210661b10b846cf80c2ba393209fd2bde1e7f8e4a024eff2e6a90369969e7a7696e2cb77197fe63f63fae959bcaed052d5c5107603f0c64a16d6ceeab6b43c
install : $(TARGET)
diff --git a/lfs/nfs b/lfs/nfs
index a815865143..645aca3025 100644
--- a/lfs/nfs
+++ b/lfs/nfs
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nfs
-PAK_VER = 25
+PAK_VER = 26
DEPS = rpcbind
diff --git a/lfs/procps b/lfs/procps
index cc2d7fbcee..2f9f2ceab5 100644
--- a/lfs/procps
+++ b/lfs/procps
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,9 +24,9 @@
include Config
-VER = v4.0.4
+VER = 4.0.5
-THISAPP = procps-$(VER)
+THISAPP = procps-v$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 0ce3c6291e17ae6dcfb15a144689b9be481d3d9728372822a8f2119446ad844100f98e15e559266c2472aa128e381d1cf495348f5adb90ac393f4de4b7185a5b
+$(DL_FILE)_BLAKE2 = d028db29afba60b2678f8b790493a9425e3149b3699e463d2b789f7831d6942d59fcecfa18559477b304ad73112d2ea6279d40064b7b9a5ce3d2dcc6347ea421
install : $(TARGET)
diff --git a/lfs/rng-tools b/lfs/rng-tools
index 3b9d3c9f3e..42c4cf6a28 100644
--- a/lfs/rng-tools
+++ b/lfs/rng-tools
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = rng-tools
-PAK_VER = 5
+PAK_VER = 6
DEPS =
diff --git a/lfs/tshark b/lfs/tshark
index b47e12d998..2ae6ddf21b 100644
--- a/lfs/tshark
+++ b/lfs/tshark
@@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tshark
DEPS = c-ares
-PAK_VER = 23
+PAK_VER = 24
SERVICES =
diff --git a/lfs/xz b/lfs/xz
index aa04a8d3a5..511848c1d6 100644
--- a/lfs/xz
+++ b/lfs/xz
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 5.6.3
+VER = 5.8.0
THISAPP = xz-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 7c75a334abdec370d03bea1d07f9211069633e2851e304f189b6b316d9c8363350849404cff318310c3d4a6d2ec6439e64e074f40d7ad5f02ff101757de27f99
+$(DL_FILE)_BLAKE2 = 5087c88884a857b96bc5658548fc9b07ab2f14fe9eabfaeaa19e21810e7588c97621db08353632bd56e66ae2085ec5adc421c4d6849525b630d56dadd65c9f81
install : $(TARGET)
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 139d94aa0c..6befa9fc39 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -481,22 +481,27 @@ iptables_red_up() {
iptables -t nat -A REDNAT -i "${GREEN_DEV}" -o "${IFACE}" -j RETURN
fi
- local NO_MASQ_NETWORKS
+ local NO_MASQ_NETWORKS=()
if [ "${MASQUERADE_GREEN}" = "off" ]; then
- NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${GREEN_NETADDRESS}/${GREEN_NETMASK}"
+ NO_MASQ_NETWORKS+=( "${GREEN_NETADDRESS}/${GREEN_NETMASK}" )
fi
if [ "${MASQUERADE_BLUE}" = "off" ]; then
- NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${BLUE_NETADDRESS}/${BLUE_NETMASK}"
+ NO_MASQ_NETWORKS+=( "${BLUE_NETADDRESS}/${BLUE_NETMASK}" )
fi
if [ "${MASQUERADE_ORANGE}" = "off" ]; then
- NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${ORANGE_NETADDRESS}/${ORANGE_NETMASK}"
+ NO_MASQ_NETWORKS+=( "${ORANGE_NETADDRESS}/${ORANGE_NETMASK}" )
fi
+ local alias
+ for alias in $(get_aliases); do
+ NO_MASQ_NETWORKS+=( "${alias}" )
+ done
+
local network
- for network in ${NO_MASQ_NETWORKS}; do
+ for network in ${NO_MASQ_NETWORKS[@]}; do
iptables -t nat -A REDNAT -s "${network}" -o "${IFACE}" -j RETURN
done
diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions
index e486cc085f..94c9236d3f 100644
--- a/src/initscripts/system/functions
+++ b/src/initscripts/system/functions
@@ -935,3 +935,18 @@ readhash() {
printf -v "${array}[${key}]" "%s" "${val}"
done < "${file}"
}
+
+# Returns all enabled aliases
+get_aliases() {
+ local address
+ local enabled
+ local rest
+
+ local IFS=,
+
+ while read -r address enabled rest; do
+ if [ "${enabled}" = "on" ]; then
+ echo "${address}"
+ fi
+ done < /var/ipfire/ethernet/aliases
+}
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-03-31 15:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-31 15:26 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 799aa347abb25ab304b4c162b6fef7af0daaee4e Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox