From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZRFMg5nwcz333w for ; Mon, 31 Mar 2025 15:26:07 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZRFMg5fC2z2xS5 for ; Mon, 31 Mar 2025 15:26:07 +0000 (UTC) Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "people01.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZRFMg3MRMzjj for ; Mon, 31 Mar 2025 15:26:07 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1743434767; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=//X0JvZxldMsCn11k4s2Oz4m4dl9FymUAJ7Mt7WqjhQ=; b=0seXdaovFtFgCi9fR6P3NI0sWQvzAH5TBB/62zQ5ByKU7yfkFEXgab3F56aExnftIbCZQh f0/vUeLm5TgOSpAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1743434767; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=//X0JvZxldMsCn11k4s2Oz4m4dl9FymUAJ7Mt7WqjhQ=; b=LzzcTeh46psiV5+bNIiMhuJx2LH3eNsnuwcJMAZ6jnJ4Ou7gbq+ezzZ21EHUKQjujrS29Y 6kOH0FPGv/sPTluYDAxig7V8P5eoE/byvNSw2uVaM1s3Pp+b6jJAGbuT3Ce/tzwCANCjL0 VhQ5XyqsduDj+cv4GCrvyrkqRrwe5YqyjNqWfV0SErPE/s+9AawMX34QxLI3HCMj5d1hKZ PfBJQ4GEbRFrKu5rUUqi4PaLuh25eQOWjSLpXOOnlboB2pJFi3OzcCYZ29vBJaRwh67drO oIya1EDZDEKxsLlOWfs02Oe2A7v+1ntk+1paoAoMiJXuUtKFJ3K4wuUzcVCZAw== Received: by people01.haj.ipfire.org (Postfix, from userid 1000) id 4ZRFMg2Jy4z2xSL; Mon, 31 Mar 2025 15:26:07 +0000 (UTC) To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 799aa347abb25ab304b4c162b6fef7af0daaee4e X-Git-Refname: refs/heads/next X-Git-Reftype: branch X-Git-Oldrev: cfad72e8f13d471f88f76dd74e8c6938c0546601 X-Git-Newrev: 799aa347abb25ab304b4c162b6fef7af0daaee4e Message-Id: <4ZRFMg2Jy4z2xSL@people01.haj.ipfire.org> Date: Mon, 31 Mar 2025 15:26:07 +0000 (UTC) From: Michael Tremer Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 799aa347abb25ab304b4c162b6fef7af0daaee4e (commit) via 52c0e4819d07fc46339f9ea0b2fd66a74b69cfef (commit) via 1c1ff05cdc37fe9ccabda9413c270935c3a45478 (commit) via 8fa1831bff7e1d76eb83b145976211aa703062e1 (commit) via e26b7aaa37c91fde4d7bc0fe338118bc93348dd3 (commit) via 4bbb98385f80537c50dd66d69afef97732149926 (commit) via 0ffe4b075e8dc5f12aaa60235b771a2f0e2a0453 (commit) via 2e052e656a542d4784fba8ef4c035ebb56690a0f (commit) via fe75b1511278dead34aef04fcb051b5bcc7f1817 (commit) via 4109b42e34cd85a5ae7b9a0d2cf3db0000e04068 (commit) via e725c6691d8d2ca8470afcc1379e0794d43c6b6e (commit) via 57cab5e367a89f1ddb4ba4b04f0f2094bf328335 (commit) via e8988295f2c9d2fc01a151296b1d5132a452a544 (commit) via a5bea20c6a11c881294db4149c1a853781df20e5 (commit) via ee5bd0ef6fc6ba437430cd0e025ce8aa4fb2591c (commit) via e8100bfb1dc9bf8c58d2e6d770cdd60e6e0d8b9b (commit) via 9a84686cd29d213361db02d11e6ca8555aa787f1 (commit) via 89628cc97418d1e78475640385f80ee9bbaa2eef (commit) via af709863fbb597ee9c91d57cb6935db3ac70c4c5 (commit) via d32897e39727502a0957d5cc7b0dd88445f9a9a5 (commit) via ee688ea061b242eb9eaf61d7c406fda5a957addc (commit) via b3cb61cac304abaefcf3bbf0ba0a2e8baf39ace0 (commit) via 1a69d7f81a5096b754f6acab189a436416aa517d (commit) from cfad72e8f13d471f88f76dd74e8c6938c0546601 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 799aa347abb25ab304b4c162b6fef7af0daaee4e Author: Michael Tremer Date: Mon Mar 31 15:23:32 2025 +0000 core194: Ship changed firewall rules and aliases.cgi Signed-off-by: Michael Tremer commit 52c0e4819d07fc46339f9ea0b2fd66a74b69cfef Author: Michael Tremer Date: Mon Mar 31 17:16:24 2025 +0200 aliases.cgi: Reload firewall after updating aliases This is requried to update any REDNAT rules. Signed-off-by: Michael Tremer commit 1c1ff05cdc37fe9ccabda9413c270935c3a45478 Author: Michael Tremer Date: Mon Mar 31 16:35:26 2025 +0200 firewall: Explicitely don't NAT any aliases It seems that there is a problem with local connections that have preselected an outgoing interface. That will work just fine, but ultimately the packet will be NATed back to the primary RED IP address. To prevent this, we are adding some extra rules that skip the MASQUERADE target. Signed-off-by: Michael Tremer commit 8fa1831bff7e1d76eb83b145976211aa703062e1 Author: Michael Tremer Date: Mon Mar 31 16:31:43 2025 +0200 firewall: Collect all networks that should not be NATed in an array No functional changes. Signed-off-by: Michael Tremer commit e26b7aaa37c91fde4d7bc0fe338118bc93348dd3 Author: Michael Tremer Date: Mon Mar 31 15:22:14 2025 +0000 core194: Ship libxml2 Signed-off-by: Michael Tremer commit 4bbb98385f80537c50dd66d69afef97732149926 Author: Adolf Belka Date: Mon Mar 31 15:45:09 2025 +0200 tshark: Ship due to libxml sobump Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 0ffe4b075e8dc5f12aaa60235b771a2f0e2a0453 Author: Adolf Belka Date: Mon Mar 31 15:45:08 2025 +0200 rng-tools: Ship due to libxml sobump Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 2e052e656a542d4784fba8ef4c035ebb56690a0f Author: Adolf Belka Date: Mon Mar 31 15:45:07 2025 +0200 nfs: Ship due to libxml sobump Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit fe75b1511278dead34aef04fcb051b5bcc7f1817 Author: Adolf Belka Date: Mon Mar 31 15:45:06 2025 +0200 libvirt: Ship due to libxml sobump Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 4109b42e34cd85a5ae7b9a0d2cf3db0000e04068 Author: Adolf Belka Date: Mon Mar 31 15:45:05 2025 +0200 clamav: Ship due to libxml sobump Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e725c6691d8d2ca8470afcc1379e0794d43c6b6e Author: Adolf Belka Date: Mon Mar 31 15:45:04 2025 +0200 core194: Ship rrdtool Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 57cab5e367a89f1ddb4ba4b04f0f2094bf328335 Author: Adolf Belka Date: Mon Mar 31 15:45:03 2025 +0200 core194: Ship libxslt Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e8988295f2c9d2fc01a151296b1d5132a452a544 Author: Adolf Belka Date: Mon Mar 31 15:45:02 2025 +0200 core194: Ship collectd Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit a5bea20c6a11c881294db4149c1a853781df20e5 Author: Adolf Belka Date: Mon Mar 31 15:45:01 2025 +0200 core194: Ship apache2 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ee5bd0ef6fc6ba437430cd0e025ce8aa4fb2591c Author: Adolf Belka Date: Mon Mar 31 15:45:00 2025 +0200 libxml2: Update to version 2.14.0 - Update from version 2.13.5 to 2.14.0 - Update of rootfile - sobump so ran find-dependencies. apache2, clamav, collectd, libvirt, libxslt, nfs, rng-tools, rrdtool and tshark are all linked against the lib bump. So additional patches are in this set to bump the PAK_VER and ship the addons and to ship the linkied core packages. Hope it is done correctly. Let me know if not. - 2 CVE fixes added into version 2.13.6 - Changelog 2.14.0 Major changes The HTML tokenizer now conforms fully to HTML5. Several non-standard syntax warnings were removed. Note that HTML5 tree construction isn't implemented yet. Binary compatibility is restricted to versions 2.14 or newer. On ELF systems, the soname was bumped from libxml2.so.2 to libxml2.so.16. The serialization API will now take user-provided or default encodings into account when serializing attribute values, matching the serialization of text and avoiding unnecessary escaping. The XML parser won't try to merge consecutive CDATA sections as before to align with web standards. Each CDATA section will create exactly one node or SAX callback. Support for RELAX NG can now be disabled with a new configuration option independently of XML Schemas support. It is still enabled by default. The "legacy" configuration option won't enable support for HTTP and LZMA anymore. These features will be removed in the next release. Parts of the xmllint executable were refactored, allowing the combination of more options. OOM errors should be reported reliably now. Several improvements were made to the build systems. Meson is fully supported now. Parts of the buffering code were reworked and simplified. Overflow checks before reallocations were hardenend. Some unprefixed symbols were renamed to avoid namespace pollution. New features Input callbacks can now be set on a parser context and an improved API to create parser input is available. The following new functions, taking a parser input object, were added: - xmlCtxtParseDocument - xmlCtxtParseContent as replacement for xmlParseBalancedChunkMemory and xmlParseInNodeContext - xmlCtxtParseDtd The xmlSave API now has additional options to replace global settings. Parser options XML_PARSE_UNZIP, XML_PARSE_NO_SYS_CATALOG and XML_PARSE_CATALOG_PI were added. An API function to install a custom character encoding converter is now available. This makes it possible to use ICU for encoding conversion even if libxml2 was compiled without ICU support, see example/icu.c. Deprecations Access to many public struct members is now deprecated. Several accessor functions were added to use instead. More internal functions were deprecated. Removals Metadata about the HTML4 content model was removed from the htmlElemDesc struct and related functions were deprecated. The FTP module and related functions were removed. Support for the range and point extensions of the xpointer() scheme was removed. The rest of the XPointer implementation isn't affected. The xpointer() scheme now behaves like the xpath1() scheme. Several legacy symbols and the functions in xmlunicode.h were removed. ELF version information was removed. The shell was moved from libxml2 to xmllint. Several related functions are no longer available. The libxml.m4 file containing autoconf macros was removed. The --with-tree configuration option was removed. The hack to detect single-threaded programs under glibc was removed. Planned removals Support for HTTP and LZMA compression is planned to be removed in the 2.15 release. The following features are considered for removal: - Modules API (xmlmodule.h) - Schematron support - Support for zlib compressed file I/O - Legacy Windows build system in win32 RELAX NG support is still in a bad state and a long-term removal candidate. 2.13.7 Regressions - tree: Fix xmlTextMerge with NULL args - io: Fix `compressed` flag for uncompressed stdin - parser: Fix parsing of DTD content 2.13.6 Security - [CVE-2025-24928] Fix stack-buffer-overflow in xmlSnprintfElements - [CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd - pattern: Fix compilation of explicit child axis Regressions - xmllint: Support compressed input from stdin - uri: Fix handling of Windows drive letters - reader: Fix return value of xmlTextReaderReadString again - SAX2: Fix xmlSAX2ResolveEntity if systemId is NULL Portability - dict: Handle ENOSYS from getentropy gracefully - Fix compilation with uclibc (Dario Binacchi) - python: Declare init func with PyMODINIT_FUNC - tests: Fix sanitizer version check on old Apple clang - cmake: Work around broken sys/random.h in old macOS SDKs Build - autotools: Set AC_CONFIG_AUX_DIR - cmake: Always build Python module as shared library - cmake: add missing `Bcrypt` link on Windows (Saleem Abdulrasool) - cmake: Fix compatibility in package version file Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit e8100bfb1dc9bf8c58d2e6d770cdd60e6e0d8b9b Author: Michael Tremer Date: Mon Mar 31 15:21:09 2025 +0000 core194: Ship procps Signed-off-by: Michael Tremer commit 9a84686cd29d213361db02d11e6ca8555aa787f1 Author: Adolf Belka Date: Mon Mar 31 15:18:23 2025 +0200 core194: Ship coreutils Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 89628cc97418d1e78475640385f80ee9bbaa2eef Author: Adolf Belka Date: Mon Mar 31 15:18:22 2025 +0200 procps: Update to version 4.0.5 - Update from version 4.0.4 to 4.0.5 - Update of rootfile - sobump so ran find-dependencies. usr/bin/uptime from coreutils is linked to the procps libs. So a separate patch created to ship coreutils. I hope I have done it correctly - Changelog 4.0.5 * library increment current, revision and age to 0: 1:0:0 internal: days/users when value is 0 issue #303 internal: dont print 60s but increment minute issue #302 internal: stat api fixed remaining cpu distortions issue #321 internal: only count user sessions internal: Recover from meminfo seek using LXC Debian #1072831 internal: stat api no longer counts guest tics twice issue #339 external: zswap & zswapped added to meminfo api external: schedule class added to pids api external: disk sleep added to pids api, sleep revised issue #265 external: docker containers added to pids api external: procps_users new exported function external: procps_uptime_snprint uses given upseconds external: procps_container_uptime external: meminfo api adds SecPageTables, Unaccepted external: pids api now provides open file descriptors external: 'info' parm removed from all 'VAL' macros issue #332 external: Add procps_sigmask_names external: Add procps_capability_names external: Add PIDS_CAP__PRM Permitted Capabilities * build-sys: Added --disable-pidwait and fixed logic issue #352 * kill: Correctly parse negative pids issue #354 * pgrep: select process by environment variable issue #167 * pgrep: Rework pidfile reading to include stdin issue #318 * pmap: Don't escape correct UTF-8 characters * ps: Add environ field * ps: Add htprv and htshr fields for HugeTables * ps: restore lost tasks for options --sort with -H issue #304 * ps: add 'docker' containers field, similar to 'lxc' * ps: Restore AIX free-format issue #323 * ps: can display open file descriptors for each task * ps: Fix signames scanning issue #341 * ps: Add -o pcap,pcaps to show permitted capabilities * ps: Zombies show in the commandname issue #355 * ps: Use quick mode if possible merge #239 * slabtop: Add --human option for slab size * snice: Minor fix for help screen Debian #1086441 * sysctl: Add glob excludes merge #206 * sysctl: --all skips stat_refresh Debian #978688 * top: added a 'CLS' scheduling class field, like ps * top: exploit library addition of 'disk sleep' issue #265 * top: add 'docker' containers field, similar to 'lxc' * top: provides additional control over colors * top: can display open file descriptors for each task * top: corrected cpu % for hosts with qemu processes issue #339 * top: remains functional if /proc mounted subset=pid * top: can display a task's permitted capabilities (^A) * uptime: Add container uptime option issue #300 * vmstat: Add page allocation to --stats * vmstat.8: si/so are changed by --unit Debian #1061944 * w: Don't segfault with -s option issue #301 * w: Cache pids list issue #305 * w: Add container uptime option * w.1: Note utmp is for non-systemd Debian #1080333 * watch: use clock_gettime issue #295 * watch.1: --chgexit only works for visible changes Debian #729569 * hugetop: a new utility to show huge page information merge #214 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit af709863fbb597ee9c91d57cb6935db3ac70c4c5 Author: Michael Tremer Date: Mon Mar 31 15:20:20 2025 +0000 core194: Ship xz Signed-off-by: Michael Tremer commit d32897e39727502a0957d5cc7b0dd88445f9a9a5 Author: Adolf Belka Date: Mon Mar 31 15:15:55 2025 +0200 xz: Update to version 5.8.0 - Update from version 5.6.3 to 5.8.0 - branch 5.8 is the new stable branch. Branch 5.6 from now on will only get critical fixes, there will be no new releases on that old branch. - Update of rootfile - Changlog 5.8.0 This bumps the minor version of liblzma because new features were added. The API and ABI are still backward compatible with liblzma 5.6.x, 5.4.x, 5.2.x, and 5.0.x. * liblzma on 32/64-bit x86: When possible, use SSE2 intrinsics instead of memcpy() in the LZMA/LZMA2 decoder. In typical cases, this may reduce decompression time by 0-5 %. However, when built against musl libc, over 15 % time reduction was observed with highly compressed files. * CMake: Make the feature test macros match the Autotools-based build on NetBSD, Darwin, and mingw-w64. * Update the Croatian, Italian, Portuguese, and Romanian translations. * Update the German, Italian, Korean, Romanian, Serbian, and Ukrainian man page translations. Summary of changes in the 5.7.x development releases: * Mark the following LZMA Utils script aliases as deprecated: lzcmp, lzdiff, lzless, lzmore, lzgrep, lzegrep, and lzfgrep. * liblzma: - Improve LZMA/LZMA2 encoder speed on 64-bit PowerPC (both endiannesses) and those 64-bit RISC-V processors that support fast unaligned access. - Add low-level APIs for RISC-V, ARM64, and x86 BCJ filters to lzma/bcj.h. These are primarily for erofs-utils. - x86/x86-64/E2K CLMUL CRC code was rewritten. - Use the CRC32 instructions on LoongArch. * xz: - Synchronize the output file and its directory using fsync() before deleting the input file. No syncing is done when xz isn't going to delete the input file. - Add --no-sync to disable the sync-before-delete behavior. - Make --single-stream imply --keep. * xz, xzdec, lzmainfo: When printing messages, replace non-printable characters with question marks. * xz and xzdec on Linux: Support Landlock ABI versions 5 and 6. * CMake: Revise the configuration variables and some of their options, and document them in the file INSTALL. CMake support is no longer experimental. (It was already not experimental when building for native Windows.) * Add build-aux/license-check.sh. 5.6.4 * liblzma: Fix LZMA/LZMA2 encoder on big endian ARM64. * xz: - Fix --filters= and --filters1= ... --filters9= options parsing. They require an argument, thus "xz --filters lzma2" should work in addition to "xz --filters=lzma2". - On the man page, note in the --compress and --decompress options that the default behavior is to delete the input file unless writing to standard output. It was already documented in the DESCRIPTION section but new users in a hurry might miss it. * Windows (native builds, not Cygwin): Fix regressions introduced in XZ Utils 5.6.3 which caused non-ASCII characters to display incorrectly. Only builds with translation support were affected (--enable-nls or ENABLE_NLS=ON). The following changes affect builds that have translations enabled: - Require UCRT because MSVCRT doesn't support UTF-8 locales and thus translations won't be readable on Windows 10 version 1903 and later. (MSVCRT builds are still possible with --disable-nls or ENABLE_NLS=OFF.) - Require gettext-runtime >= 0.23.1 because older versions don't autodetect the use of the UTF-8 code page. This resulted in garbled non-ASCII characters even with UCRT. - Partially fix alignment issues in xz --verbose --list with translated messages. Chinese (simplified), Chinese (traditional), and Korean column headings are misaligned still because Windows and MinGW-w64 don't provide wcwidth() and XZ Utils doesn't include a replacement function either. * CMake: Explicitly disable unity builds. This prevents build failures when another project uses XZ Utils via CMake's FetchContent module, and that project enables unity builds. * Update Chinese (traditional) and Serbian translations. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit ee688ea061b242eb9eaf61d7c406fda5a957addc Author: Adolf Belka Date: Mon Mar 31 15:15:53 2025 +0200 harfbuzz: Update to version 11.0.0 - Update from version 10.4.0 to 11.0.0 - Update of rootfile - Changelog 11.0.0 - There are three new font-functions implementations (integrations) in this release: * `hb-coretext` has gained one, calling into the CoreText library, * `hb-directwrite` has gained one, calling into the DirectWrite library. * `hb-fontations` has gained one, calling into the Skrifa Rust library. All three are mostly useful for performance and correctness testing, but some clients might find them useful. An API is added to use them from a single API by providing a backend name string: * `hb_font_set_funcs_using()` - Several new APIs are added, to load a font-face using different "face-loaders", and a single entry point to them all using a loader name string: * `hb_ft_face_create_from_file_or_fail()` and `hb_ft_face_create_from_blob_or_fail()` * `hb_coretext_face_create_from_file_or_fail()` and `hb_coretext_face_create_from_blob_or_fail()` * `hb_directwrite_face_create_from_file_or_fail()` and `hb_directwrite_face_create_from_blob_or_fail()` * `hb_face_create_from_file_or_fail_using()` - All drawing and painting operations using the default, `hb-ot` functions have become memory allocation-free. - Several performance optimizations have been implemented. - Application of the `trak` table during shaping has been improved. - The `directwrite` shaper now supports font variations, and correctly applies user features. - The `hb-directwrite` API and shaper has graduated from experimental. - Various bug fixes and other improvements. - New API: +hb_malloc +hb_calloc +hb_realloc +hb_free +hb_face_list_loaders +hb_face_create_or_fail_using +hb_face_create_from_file_or_fail_using +hb_font_list_funcs +hb_font_set_funcs_using +hb_coretext_face_create_from_blob_or_fail +hb_directwrite_face_create_from_file_or_fail +hb_directwrite_face_create_from_blob_or_fail +hb_directwrite_font_create +hb_directwrite_font_get_dw_font_face +hb_directwrite_font_set_funcs +hb_fontations_font_set_funcs +hb_ft_face_create_from_blob_or_fail +hb_paint_push_font_transform +hb_paint_push_inverse_font_transform +HB_BUFFER_CLUSTER_LEVEL_GRAPHEMES +HB_BUFFER_CLUSTER_LEVEL_IS_MONOTONE +HB_BUFFER_CLUSTER_LEVEL_IS_GRAPHEMES +HB_BUFFER_CLUSTER_LEVEL_IS_CHARACTERS - Deprecated API: +hb_directwrite_font_get_dw_font Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit b3cb61cac304abaefcf3bbf0ba0a2e8baf39ace0 Author: Michael Tremer Date: Mon Mar 31 15:18:58 2025 +0000 core194: Ship iproute2 Signed-off-by: Michael Tremer commit 1a69d7f81a5096b754f6acab189a436416aa517d Author: Adolf Belka Date: Mon Mar 31 15:15:54 2025 +0200 iproute2: Update to version 6.14.0 - Update from version 6.11.0 to 6.14.0 - Update of rootfile - Changelog is not available. Details of changes have to be found by reviewing the git log file - https://web.git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/ Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/rootfiles/common/harfbuzz | 8 ++-- config/rootfiles/common/iproute2 | 2 +- config/rootfiles/common/libxml2 | 5 +- config/rootfiles/common/procps | 6 ++- config/rootfiles/common/xz | 54 +++++++++++++++++++++- .../{oldcore/114 => core/194}/filelists/apache2 | 0 .../{oldcore/125 => core/194}/filelists/collectd | 0 .../{oldcore/103 => core/194}/filelists/coreutils | 0 config/rootfiles/core/194/filelists/files | 3 ++ .../{oldcore/106 => core/194}/filelists/iproute2 | 0 .../{oldcore/101 => core/194}/filelists/libxml2 | 0 .../{oldcore/157 => core/194}/filelists/libxslt | 0 .../{oldcore/103 => core/194}/filelists/procps | 0 .../{oldcore/111 => core/194}/filelists/rrdtool | 0 .../{oldcore/100 => core/194}/filelists/xz | 0 html/cgi-bin/aliases.cgi | 3 ++ lfs/clamav | 2 +- lfs/harfbuzz | 4 +- lfs/iproute2 | 6 +-- lfs/libvirt | 2 +- lfs/libxml2 | 6 +-- lfs/nfs | 2 +- lfs/procps | 8 ++-- lfs/rng-tools | 4 +- lfs/tshark | 2 +- lfs/xz | 6 +-- src/initscripts/system/firewall | 15 ++++-- src/initscripts/system/functions | 15 ++++++ 28 files changed, 116 insertions(+), 37 deletions(-) copy config/rootfiles/{oldcore/114 => core/194}/filelists/apache2 (100%) copy config/rootfiles/{oldcore/125 => core/194}/filelists/collectd (100%) copy config/rootfiles/{oldcore/103 => core/194}/filelists/coreutils (100%) copy config/rootfiles/{oldcore/106 => core/194}/filelists/iproute2 (100%) copy config/rootfiles/{oldcore/101 => core/194}/filelists/libxml2 (100%) copy config/rootfiles/{oldcore/157 => core/194}/filelists/libxslt (100%) copy config/rootfiles/{oldcore/103 => core/194}/filelists/procps (100%) copy config/rootfiles/{oldcore/111 => core/194}/filelists/rrdtool (100%) copy config/rootfiles/{oldcore/100 => core/194}/filelists/xz (100%) Difference in files: diff --git a/config/rootfiles/common/harfbuzz b/config/rootfiles/common/harfbuzz index e10840df60..20faa05257 100644 --- a/config/rootfiles/common/harfbuzz +++ b/config/rootfiles/common/harfbuzz @@ -47,16 +47,16 @@ #usr/lib/cmake/harfbuzz/harfbuzz-config.cmake #usr/lib/libharfbuzz-cairo.so usr/lib/libharfbuzz-cairo.so.0 -usr/lib/libharfbuzz-cairo.so.0.61040.0 +usr/lib/libharfbuzz-cairo.so.0.61100.0 #usr/lib/libharfbuzz-gobject.so usr/lib/libharfbuzz-gobject.so.0 -usr/lib/libharfbuzz-gobject.so.0.61040.0 +usr/lib/libharfbuzz-gobject.so.0.61100.0 #usr/lib/libharfbuzz-subset.so usr/lib/libharfbuzz-subset.so.0 -usr/lib/libharfbuzz-subset.so.0.61040.0 +usr/lib/libharfbuzz-subset.so.0.61100.0 #usr/lib/libharfbuzz.so usr/lib/libharfbuzz.so.0 -usr/lib/libharfbuzz.so.0.61040.0 +usr/lib/libharfbuzz.so.0.61100.0 #usr/lib/pkgconfig/harfbuzz-cairo.pc #usr/lib/pkgconfig/harfbuzz-gobject.pc #usr/lib/pkgconfig/harfbuzz-subset.pc diff --git a/config/rootfiles/common/iproute2 b/config/rootfiles/common/iproute2 index da7134d2dc..6c4dac6e08 100644 --- a/config/rootfiles/common/iproute2 +++ b/config/rootfiles/common/iproute2 @@ -95,6 +95,7 @@ usr/share/bash-completion/completions/tc #usr/share/man/man8/nstat.8 #usr/share/man/man8/rdma-dev.8 #usr/share/man/man8/rdma-link.8 +#usr/share/man/man8/rdma-monitor.8 #usr/share/man/man8/rdma-resource.8 #usr/share/man/man8/rdma-statistic.8 #usr/share/man/man8/rdma-system.8 @@ -171,4 +172,3 @@ usr/share/bash-completion/completions/tc #usr/share/man/man8/vdpa-dev.8 #usr/share/man/man8/vdpa-mgmtdev.8 #usr/share/man/man8/vdpa.8 -#var/lib/arpd diff --git a/config/rootfiles/common/libxml2 b/config/rootfiles/common/libxml2 index 7fa2881991..589b5b7523 100644 --- a/config/rootfiles/common/libxml2 +++ b/config/rootfiles/common/libxml2 @@ -53,10 +53,9 @@ #usr/lib/cmake/libxml2/libxml2-config.cmake #usr/lib/libxml2.la #usr/lib/libxml2.so -usr/lib/libxml2.so.2 -usr/lib/libxml2.so.2.13.5 +usr/lib/libxml2.so.16 +usr/lib/libxml2.so.16.0.0 #usr/lib/pkgconfig/libxml-2.0.pc -#usr/share/aclocal/libxml.m4 #usr/share/doc/libxml2 #usr/share/doc/libxml2/xmlcatalog.html #usr/share/doc/libxml2/xmllint.html diff --git a/config/rootfiles/common/procps b/config/rootfiles/common/procps index 08431a6119..9b57be43fb 100644 --- a/config/rootfiles/common/procps +++ b/config/rootfiles/common/procps @@ -2,12 +2,13 @@ bin/kill bin/ps #lib/libproc2.la #lib/libproc2.so -lib/libproc2.so.0 -lib/libproc2.so.0.0.2 +lib/libproc2.so.1 +lib/libproc2.so.1.0.0 #lib/pkgconfig #lib/pkgconfig/libproc2.pc sbin/sysctl usr/bin/free +usr/bin/hugetop usr/bin/pgrep usr/bin/pidof usr/bin/pidwait @@ -46,6 +47,7 @@ usr/bin/watch #usr/share/locale/vi/LC_MESSAGES/procps-ng.mo #usr/share/locale/zh_CN/LC_MESSAGES/procps-ng.mo #usr/share/man/man1/free.1 +#usr/share/man/man1/hugetop.1 #usr/share/man/man1/kill.1 #usr/share/man/man1/pgrep.1 #usr/share/man/man1/pidof.1 diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index cd64e2c319..3873744c8b 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,7 +41,7 @@ usr/bin/xzmore #usr/lib/liblzma.la #usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.6.3 +usr/lib/liblzma.so.5.8.0 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS @@ -74,7 +74,9 @@ usr/lib/liblzma.so.5.6.3 #usr/share/locale/hr/LC_MESSAGES/xz.mo #usr/share/locale/hu/LC_MESSAGES/xz.mo #usr/share/locale/it/LC_MESSAGES/xz.mo +#usr/share/locale/ka/LC_MESSAGES/xz.mo #usr/share/locale/ko/LC_MESSAGES/xz.mo +#usr/share/locale/nl/LC_MESSAGES/xz.mo #usr/share/locale/pl/LC_MESSAGES/xz.mo #usr/share/locale/pt/LC_MESSAGES/xz.mo #usr/share/locale/pt_BR/LC_MESSAGES/xz.mo @@ -124,6 +126,31 @@ usr/lib/liblzma.so.5.6.3 #usr/share/man/fr/man1/xzcat.1 #usr/share/man/fr/man1/xzdec.1 #usr/share/man/fr/man1/xzless.1 +#usr/share/man/it +#usr/share/man/it/man1 +#usr/share/man/it/man1/lzcat.1 +#usr/share/man/it/man1/lzcmp.1 +#usr/share/man/it/man1/lzdiff.1 +#usr/share/man/it/man1/lzegrep.1 +#usr/share/man/it/man1/lzfgrep.1 +#usr/share/man/it/man1/lzgrep.1 +#usr/share/man/it/man1/lzless.1 +#usr/share/man/it/man1/lzma.1 +#usr/share/man/it/man1/lzmadec.1 +#usr/share/man/it/man1/lzmainfo.1 +#usr/share/man/it/man1/lzmore.1 +#usr/share/man/it/man1/unlzma.1 +#usr/share/man/it/man1/unxz.1 +#usr/share/man/it/man1/xz.1 +#usr/share/man/it/man1/xzcat.1 +#usr/share/man/it/man1/xzcmp.1 +#usr/share/man/it/man1/xzdec.1 +#usr/share/man/it/man1/xzdiff.1 +#usr/share/man/it/man1/xzegrep.1 +#usr/share/man/it/man1/xzfgrep.1 +#usr/share/man/it/man1/xzgrep.1 +#usr/share/man/it/man1/xzless.1 +#usr/share/man/it/man1/xzmore.1 #usr/share/man/ko #usr/share/man/ko/man1 #usr/share/man/ko/man1/lzcat.1 @@ -210,6 +237,31 @@ usr/lib/liblzma.so.5.6.3 #usr/share/man/ro/man1/xzgrep.1 #usr/share/man/ro/man1/xzless.1 #usr/share/man/ro/man1/xzmore.1 +#usr/share/man/sr +#usr/share/man/sr/man1 +#usr/share/man/sr/man1/lzcat.1 +#usr/share/man/sr/man1/lzcmp.1 +#usr/share/man/sr/man1/lzdiff.1 +#usr/share/man/sr/man1/lzegrep.1 +#usr/share/man/sr/man1/lzfgrep.1 +#usr/share/man/sr/man1/lzgrep.1 +#usr/share/man/sr/man1/lzless.1 +#usr/share/man/sr/man1/lzma.1 +#usr/share/man/sr/man1/lzmadec.1 +#usr/share/man/sr/man1/lzmainfo.1 +#usr/share/man/sr/man1/lzmore.1 +#usr/share/man/sr/man1/unlzma.1 +#usr/share/man/sr/man1/unxz.1 +#usr/share/man/sr/man1/xz.1 +#usr/share/man/sr/man1/xzcat.1 +#usr/share/man/sr/man1/xzcmp.1 +#usr/share/man/sr/man1/xzdec.1 +#usr/share/man/sr/man1/xzdiff.1 +#usr/share/man/sr/man1/xzegrep.1 +#usr/share/man/sr/man1/xzfgrep.1 +#usr/share/man/sr/man1/xzgrep.1 +#usr/share/man/sr/man1/xzless.1 +#usr/share/man/sr/man1/xzmore.1 #usr/share/man/uk #usr/share/man/uk/man1 #usr/share/man/uk/man1/lzcat.1 diff --git a/config/rootfiles/core/194/filelists/apache2 b/config/rootfiles/core/194/filelists/apache2 new file mode 120000 index 0000000000..eef95efa72 --- /dev/null +++ b/config/rootfiles/core/194/filelists/apache2 @@ -0,0 +1 @@ +../../../common/apache2 \ No newline at end of file diff --git a/config/rootfiles/core/194/filelists/collectd b/config/rootfiles/core/194/filelists/collectd new file mode 120000 index 0000000000..871b32f14b --- /dev/null +++ b/config/rootfiles/core/194/filelists/collectd @@ -0,0 +1 @@ +../../../common/collectd \ No newline at end of file diff --git a/config/rootfiles/core/194/filelists/coreutils b/config/rootfiles/core/194/filelists/coreutils new file mode 120000 index 0000000000..7351ed2cf5 --- /dev/null +++ b/config/rootfiles/core/194/filelists/coreutils @@ -0,0 +1 @@ +../../../common/coreutils \ No newline at end of file diff --git a/config/rootfiles/core/194/filelists/files b/config/rootfiles/core/194/filelists/files index 93b48a87c0..e615ef92e0 100644 --- a/config/rootfiles/core/194/filelists/files +++ b/config/rootfiles/core/194/filelists/files @@ -1 +1,4 @@ +etc/rc.d/init.d/firewall +etc/rc.d/init.d/functions +srv/web/ipfire/cgi-bin/aliases.cgi srv/web/ipfire/cgi-bin/pakfire.cgi diff --git a/config/rootfiles/core/194/filelists/iproute2 b/config/rootfiles/core/194/filelists/iproute2 new file mode 120000 index 0000000000..05f0f71fb5 --- /dev/null +++ b/config/rootfiles/core/194/filelists/iproute2 @@ -0,0 +1 @@ +../../../common/iproute2 \ No newline at end of file diff --git a/config/rootfiles/core/194/filelists/libxml2 b/config/rootfiles/core/194/filelists/libxml2 new file mode 120000 index 0000000000..242e69fa35 --- /dev/null +++ b/config/rootfiles/core/194/filelists/libxml2 @@ -0,0 +1 @@ +../../../common/libxml2 \ No newline at end of file diff --git a/config/rootfiles/core/194/filelists/libxslt b/config/rootfiles/core/194/filelists/libxslt new file mode 120000 index 0000000000..bf9d76609b --- /dev/null +++ b/config/rootfiles/core/194/filelists/libxslt @@ -0,0 +1 @@ +../../../common/libxslt \ No newline at end of file diff --git a/config/rootfiles/core/194/filelists/procps b/config/rootfiles/core/194/filelists/procps new file mode 120000 index 0000000000..e17e8ed704 --- /dev/null +++ b/config/rootfiles/core/194/filelists/procps @@ -0,0 +1 @@ +../../../common/procps \ No newline at end of file diff --git a/config/rootfiles/core/194/filelists/rrdtool b/config/rootfiles/core/194/filelists/rrdtool new file mode 120000 index 0000000000..7a82e414b6 --- /dev/null +++ b/config/rootfiles/core/194/filelists/rrdtool @@ -0,0 +1 @@ +../../../common/rrdtool \ No newline at end of file diff --git a/config/rootfiles/core/194/filelists/xz b/config/rootfiles/core/194/filelists/xz new file mode 120000 index 0000000000..734e926c7e --- /dev/null +++ b/config/rootfiles/core/194/filelists/xz @@ -0,0 +1 @@ +../../../common/xz \ No newline at end of file diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi index def03ff9b2..aa1ea4cb61 100644 --- a/html/cgi-bin/aliases.cgi +++ b/html/cgi-bin/aliases.cgi @@ -615,6 +615,9 @@ sub SortDataFile sub BuildConfiguration { # Restart service associated with this &General::system('/usr/local/bin/setaliases'); + + # Reload the firewall for REDNAT rules + &General::firewall_reload(); } # diff --git a/lfs/clamav b/lfs/clamav index ba87dac3a0..e6bb323551 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 75 +PAK_VER = 76 DEPS = diff --git a/lfs/harfbuzz b/lfs/harfbuzz index 6388b9d3c0..be8fe3d25e 100644 --- a/lfs/harfbuzz +++ b/lfs/harfbuzz @@ -24,7 +24,7 @@ include Config -VER = 10.4.0 +VER = 11.0.0 THISAPP = harfbuzz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 21a2ed81ead5f06658c6153ad756631aacf5522bf58cdc5a54585cc03b0562c634ecabcd686fa76d2dda3497eb1a7d9e10c771e29da62c5946438d9ed8c46075 +$(DL_FILE)_BLAKE2 = 0775321ea24a257d6609f59e9f0fa7129416575938ff11e16f9df2a33bd9391e0dc20bf4be75131f1b8e15961dc04e3fef1d6ff88de71c556a9aab7889f0a185 install : $(TARGET) diff --git a/lfs/iproute2 b/lfs/iproute2 index 0ba0f38359..6dd3d4c3b8 100644 --- a/lfs/iproute2 +++ b/lfs/iproute2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 6.11.0 +VER = 6.14.0 # https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/ THISAPP = iproute2-$(VER) @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 1a360d7cb9a70f5cde184abe934f2d08e9c0d2196c4ec10015636af3984abe2738d9dd8d6c7a69569fc7449e9933829f4eccd593ab8c041ce7b6385adaed63cc +$(DL_FILE)_BLAKE2 = 18bd180c608b657694f4713bf915d45006c97a7206a3260ac52149d4c976422e1949ada425d4989c5a7e327e3d8eb45ea990de25f3645bb1308ac2531bf834d2 install : $(TARGET) diff --git a/lfs/libvirt b/lfs/libvirt index df8d2b224e..1bd9844be8 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = x86_64 aarch64 PROG = libvirt -PAK_VER = 38 +PAK_VER = 39 DEPS = ebtables libpciaccess ovmf qemu diff --git a/lfs/libxml2 b/lfs/libxml2 index 5ecea8db75..c1014f56fd 100644 --- a/lfs/libxml2 +++ b/lfs/libxml2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.13.5 +VER = 2.14.0 THISAPP = libxml2-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 46c280630638e2c8009c593bbbcf90ccbfffe9ddcc99987c4d91c2223043759f2b4d6511b31b2357c5250ac3b40d96ef05c17b4d2adc61972665f8a0d899dfe8 +$(DL_FILE)_BLAKE2 = 4e210661b10b846cf80c2ba393209fd2bde1e7f8e4a024eff2e6a90369969e7a7696e2cb77197fe63f63fae959bcaed052d5c5107603f0c64a16d6ceeab6b43c install : $(TARGET) diff --git a/lfs/nfs b/lfs/nfs index a815865143..645aca3025 100644 --- a/lfs/nfs +++ b/lfs/nfs @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nfs -PAK_VER = 25 +PAK_VER = 26 DEPS = rpcbind diff --git a/lfs/procps b/lfs/procps index cc2d7fbcee..2f9f2ceab5 100644 --- a/lfs/procps +++ b/lfs/procps @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,9 +24,9 @@ include Config -VER = v4.0.4 +VER = 4.0.5 -THISAPP = procps-$(VER) +THISAPP = procps-v$(VER) DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 0ce3c6291e17ae6dcfb15a144689b9be481d3d9728372822a8f2119446ad844100f98e15e559266c2472aa128e381d1cf495348f5adb90ac393f4de4b7185a5b +$(DL_FILE)_BLAKE2 = d028db29afba60b2678f8b790493a9425e3149b3699e463d2b789f7831d6942d59fcecfa18559477b304ad73112d2ea6279d40064b7b9a5ce3d2dcc6347ea421 install : $(TARGET) diff --git a/lfs/rng-tools b/lfs/rng-tools index 3b9d3c9f3e..42c4cf6a28 100644 --- a/lfs/rng-tools +++ b/lfs/rng-tools @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rng-tools -PAK_VER = 5 +PAK_VER = 6 DEPS = diff --git a/lfs/tshark b/lfs/tshark index b47e12d998..2ae6ddf21b 100644 --- a/lfs/tshark +++ b/lfs/tshark @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tshark DEPS = c-ares -PAK_VER = 23 +PAK_VER = 24 SERVICES = diff --git a/lfs/xz b/lfs/xz index aa04a8d3a5..511848c1d6 100644 --- a/lfs/xz +++ b/lfs/xz @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 5.6.3 +VER = 5.8.0 THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 7c75a334abdec370d03bea1d07f9211069633e2851e304f189b6b316d9c8363350849404cff318310c3d4a6d2ec6439e64e074f40d7ad5f02ff101757de27f99 +$(DL_FILE)_BLAKE2 = 5087c88884a857b96bc5658548fc9b07ab2f14fe9eabfaeaa19e21810e7588c97621db08353632bd56e66ae2085ec5adc421c4d6849525b630d56dadd65c9f81 install : $(TARGET) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 139d94aa0c..6befa9fc39 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -481,22 +481,27 @@ iptables_red_up() { iptables -t nat -A REDNAT -i "${GREEN_DEV}" -o "${IFACE}" -j RETURN fi - local NO_MASQ_NETWORKS + local NO_MASQ_NETWORKS=() if [ "${MASQUERADE_GREEN}" = "off" ]; then - NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${GREEN_NETADDRESS}/${GREEN_NETMASK}" + NO_MASQ_NETWORKS+=( "${GREEN_NETADDRESS}/${GREEN_NETMASK}" ) fi if [ "${MASQUERADE_BLUE}" = "off" ]; then - NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${BLUE_NETADDRESS}/${BLUE_NETMASK}" + NO_MASQ_NETWORKS+=( "${BLUE_NETADDRESS}/${BLUE_NETMASK}" ) fi if [ "${MASQUERADE_ORANGE}" = "off" ]; then - NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${ORANGE_NETADDRESS}/${ORANGE_NETMASK}" + NO_MASQ_NETWORKS+=( "${ORANGE_NETADDRESS}/${ORANGE_NETMASK}" ) fi + local alias + for alias in $(get_aliases); do + NO_MASQ_NETWORKS+=( "${alias}" ) + done + local network - for network in ${NO_MASQ_NETWORKS}; do + for network in ${NO_MASQ_NETWORKS[@]}; do iptables -t nat -A REDNAT -s "${network}" -o "${IFACE}" -j RETURN done diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions index e486cc085f..94c9236d3f 100644 --- a/src/initscripts/system/functions +++ b/src/initscripts/system/functions @@ -935,3 +935,18 @@ readhash() { printf -v "${array}[${key}]" "%s" "${val}" done < "${file}" } + +# Returns all enabled aliases +get_aliases() { + local address + local enabled + local rest + + local IFS=, + + while read -r address enabled rest; do + if [ "${enabled}" = "on" ]; then + echo "${address}" + fi + done < /var/ipfire/ethernet/aliases +} hooks/post-receive -- IPFire 2.x development tree