--- /dev/null
+#usr/include/usbredirfilter.h
+#usr/include/usbredirhost.h
+#usr/include/usbredirparser.h
+#usr/include/usbredirproto.h
+#usr/lib/libusbredirhost.a
+#usr/lib/libusbredirhost.la
+usr/lib/libusbredirhost.so
+usr/lib/libusbredirhost.so.1
+usr/lib/libusbredirhost.so.1.0.0
+#usr/lib/libusbredirparser.a
+#usr/lib/libusbredirparser.la
+usr/lib/libusbredirparser.so
+usr/lib/libusbredirparser.so.1
+usr/lib/libusbredirparser.so.1.0.0
+#usr/lib/pkgconfig/libusbredirhost.pc
+#usr/lib/pkgconfig/libusbredirparser-0.5.pc
+#usr/sbin/usbredirserver
+#usr/share/man/man1/usbredirserver.1
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2016 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.7.1
+
+THISAPP = usbredir-$(VER)
+DL_FILE = $(THISAPP).tar.bz2
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = libusbredir
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 35cfb1720967727dea523b943cc4126b
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = i586 x86_64
PROG = libvirt
-PAK_VER = 6
+PAK_VER = 9
DEPS = "libpciaccess libyajl ncat qemu"
cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc \
--with-openssl --without-sasl \
--without-uml --without-vbox --without-lxc --without-esx --without-vmware --without-openvz \
- --without-firewalld --without-network -with-interface --with-virtualport --with-macvtap \
- --disable-nls --without-avahi --without-test-suite -without-dbus \
+ --without-firewalld --without-network --with-interface --with-virtualport --with-macvtap \
+ --disable-nls --without-avahi --without-test-suite --without-dbus \
--with-qemu-user=nobody --with-qemu-group=kvm \
- --with-storage-dir --without-storage-fs --without-storage-lvm --without-storage-iscsi \
+ --with-storage-dir --with-storage-fs --without-storage-lvm --without-storage-iscsi \
--without-storage-scsi --without-storage-mpath --without-storage-disk --without-storage-rbd --without-storage-sheepdog --without-storage-gluster --without-storage-zfs
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = i586 x86_64
PROG = qemu
-PAK_VER = 20
+PAK_VER = 21
-DEPS = "sdl spice"
+DEPS = "libusbredir sdl spice"
###############################################################################
# Top-level Rules
cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \
--enable-kvm --disable-bluez --disable-attr \
--target-list="i386-linux-user x86_64-linux-user arm-linux-user i386-softmmu x86_64-softmmu arm-softmmu" \
- --extra-cflags="$(CFLAGS)" --enable-spice
+ --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
ipfiremake spice-protocol
ipfiremake spice
ipfiremake sdl
+ ipfiremake libusbredir
ipfiremake qemu
ipfiremake sane
ipfiremake netpbm
case $1 in
start)
boot_mesg "Load required kernel modules for Libvirt"
- modprobe tun
+ modprobe tun vhost_net
evaluate_retval
boot_mesg "Starting Libvirt Daemon..."
loadproc /usr/sbin/libvirtd -d
--- /dev/null
+From 094bfaeb4ff69cae99387bc2ea07ff57632c89f5 Mon Sep 17 00:00:00 2001
+From: Mathias Kresin <dev@kresin.me>
+Date: Sun, 24 Jul 2016 14:15:22 +0100
+Subject: [PATCH] auth-zone: allow to exclude ip addresses from answer.
+
+---
+ man/dnsmasq.8 | 6 +++++-
+ src/auth.c | 61 ++++++++++++++++++++++++++++++++++++---------------------
+ src/dnsmasq.h | 1 +
+ src/option.c | 21 ++++++++++++++++++--
+ 4 files changed, 64 insertions(+), 25 deletions(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index ac8d921..8910947 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -739,7 +739,7 @@ a return code of SERVFAIL. Note that
+ setting this may affect DNS behaviour in bad ways, it is not an
+ extra-logging flag and should not be set in production.
+ .TP
+-.B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....]]
++.B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....][,exclude:<subnet>[/<prefix length>]].....]
+ Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain
+ will be served. If subnet(s) are given, A and AAAA records must be in one of the
+ specified subnets.
+@@ -756,6 +756,10 @@ appear in the zone, but RFC1918 IPv4 addresses which should not.
+ Interface-name and address-literal subnet specifications may be used
+ freely in the same --auth-zone declaration.
+
++It's possible to exclude certain IP addresses from responses. It can be
++used, to make sure that answers contain only global routeable IP
++addresses (by excluding loopback, RFC1918 and ULA addresses).
++
+ The subnet(s) are also used to define in-addr.arpa and
+ ip6.arpa domains which are served for reverse-DNS queries. If not
+ specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6.
+diff --git a/src/auth.c b/src/auth.c
+index 3c5c37f..f1ca2f5 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -18,36 +18,53 @@
+
+ #ifdef HAVE_AUTH
+
+-static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u)
++static struct addrlist *find_addrlist(struct addrlist *list, int flag, struct all_addr *addr_u)
+ {
+- struct addrlist *subnet;
+-
+- for (subnet = zone->subnet; subnet; subnet = subnet->next)
+- {
+- if (!(subnet->flags & ADDRLIST_IPV6))
+- {
+- struct in_addr netmask, addr = addr_u->addr.addr4;
+-
+- if (!(flag & F_IPV4))
+- continue;
+-
+- netmask.s_addr = htonl(~(in_addr_t)0 << (32 - subnet->prefixlen));
+-
+- if (is_same_net(addr, subnet->addr.addr.addr4, netmask))
+- return subnet;
+- }
++ do {
++ if (!(list->flags & ADDRLIST_IPV6))
++ {
++ struct in_addr netmask, addr = addr_u->addr.addr4;
++
++ if (!(flag & F_IPV4))
++ continue;
++
++ netmask.s_addr = htonl(~(in_addr_t)0 << (32 - list->prefixlen));
++
++ if (is_same_net(addr, list->addr.addr.addr4, netmask))
++ return list;
++ }
+ #ifdef HAVE_IPV6
+- else if (is_same_net6(&(addr_u->addr.addr6), &subnet->addr.addr.addr6, subnet->prefixlen))
+- return subnet;
++ else if (is_same_net6(&(addr_u->addr.addr6), &list->addr.addr.addr6, list->prefixlen))
++ return list;
+ #endif
+-
+- }
++
++ } while ((list = list->next));
++
+ return NULL;
+ }
+
++static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u)
++{
++ if (!zone->subnet)
++ return NULL;
++
++ return find_addrlist(zone->subnet, flag, addr_u);
++}
++
++static struct addrlist *find_exclude(struct auth_zone *zone, int flag, struct all_addr *addr_u)
++{
++ if (!zone->exclude)
++ return NULL;
++
++ return find_addrlist(zone->exclude, flag, addr_u);
++}
++
+ static int filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u)
+ {
+- /* No zones specified, no filter */
++ if (find_exclude(zone, flag, addr_u))
++ return 0;
++
++ /* No subnets specified, no filter */
+ if (!zone->subnet)
+ return 1;
+
+diff --git a/src/dnsmasq.h b/src/dnsmasq.h
+index 2bda5d0..27385a9 100644
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -340,6 +340,7 @@ struct auth_zone {
+ struct auth_name_list *next;
+ } *interface_names;
+ struct addrlist *subnet;
++ struct addrlist *exclude;
+ struct auth_zone *next;
+ };
+
+diff --git a/src/option.c b/src/option.c
+index d8c57d6..6cedef3 100644
+--- a/src/option.c
++++ b/src/option.c
+@@ -1906,6 +1906,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ new = opt_malloc(sizeof(struct auth_zone));
+ new->domain = opt_string_alloc(arg);
+ new->subnet = NULL;
++ new->exclude = NULL;
+ new->interface_names = NULL;
+ new->next = daemon->auth_zones;
+ daemon->auth_zones = new;
+@@ -1913,6 +1914,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ while ((arg = comma))
+ {
+ int prefixlen = 0;
++ int is_exclude = 0;
+ char *prefix;
+ struct addrlist *subnet = NULL;
+ struct all_addr addr;
+@@ -1923,6 +1925,12 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ if (prefix && !atoi_check(prefix, &prefixlen))
+ ret_err(gen_err);
+
++ if (strstr(arg, "exclude:") == arg)
++ {
++ is_exclude = 1;
++ arg = arg+8;
++ }
++
+ if (inet_pton(AF_INET, arg, &addr.addr.addr4))
+ {
+ subnet = opt_malloc(sizeof(struct addrlist));
+@@ -1960,8 +1968,17 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
+ if (subnet)
+ {
+ subnet->addr = addr;
+- subnet->next = new->subnet;
+- new->subnet = subnet;
++
++ if (is_exclude)
++ {
++ subnet->next = new->exclude;
++ new->exclude = subnet;
++ }
++ else
++ {
++ subnet->next = new->subnet;
++ new->subnet = subnet;
++ }
+ }
+ }
+ break;
+--
+1.7.10.4
+
--- /dev/null
+From c8328ecde896575b3cb81cf537747df531f90771 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Fri, 5 Aug 2016 16:54:58 +0100
+Subject: [PATCH] Bump auth zone serial when reloading /etc/hosts and friends.
+
+---
+ CHANGELOG | 4 ++++
+ src/dnsmasq.c | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 9f1e404..4f89799 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -20,6 +20,10 @@ version 2.77
+ Fix problem with --dnssec-timestamp whereby receipt
+ of SIGHUP would erroneously engage timestamp checking.
+ Thanks to Kevin Darbyshire-Bryant for this work.
++
++ Bump zone serial on reloading /etc/hosts and friends
++ when providing authoritative DNS. Thanks to Harrald
++ Dunkel for spotting this.
+
+
+ version 2.76
+diff --git a/src/dnsmasq.c b/src/dnsmasq.c
+index a47273f..3580bea 100644
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -1226,6 +1226,8 @@ static void async_event(int pipe, time_t now)
+ switch (ev.event)
+ {
+ case EVENT_RELOAD:
++ daemon->soa_sn++; /* Bump zone serial, as it may have changed. */
++
+ #ifdef HAVE_DNSSEC
+ if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
+ {
+--
+1.7.10.4
+
projects / ipfire-2.x.git / commitdiff
