# Cleanup the mail spool directory
%weekly * * /usr/sbin/dma-cleanup-spool
+
+# Update DNS trust anchor
+%daily,random * * @runas(nobody) /usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
users:x:100:
snort:x:101:
logwatch:x:102:
-dnsmasq:x:103:
cron:x:104:
syslogd:x:105:
klogd:x:106:
postfix:x:100:100::/var/spool/postfix:/bin/false
snort:x:101:101:ftp:/var/log/snort:/bin/false
logwatch:x:102:102::/var/log/logwatch:/bin/false
-dnsmasq:x:103:103::/:/bin/false
cron:x:104:104::/:/bin/false
syslogd:x:105:105:/var/empty:/bin/false
klogd:x:106:106:/var/empty:/bin/false
etc/rc.d/init.d/dhcp
etc/rc.d/init.d/dhcrelay
#etc/rc.d/init.d/dnsdist
-etc/rc.d/init.d/dnsmasq
etc/rc.d/init.d/fcron
#etc/rc.d/init.d/fetchmail
etc/rc.d/init.d/fireinfo
etc/rc.d/init.d/networking/orange
etc/rc.d/init.d/networking/red
#etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-RS-dnsmasq
+etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
etc/rc.d/init.d/networking/red.down/10-ipsec
etc/rc.d/init.d/networking/red.down/10-miniupnpd
etc/rc.d/init.d/networking/red.down/10-ovpn
etc/rc.d/init.d/networking/red.down/20-firewall
#etc/rc.d/init.d/networking/red.up
etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
-etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
+etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
#etc/rc.d/init.d/transmission
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
+etc/rc.d/init.d/unbound
etc/rc.d/init.d/upnpd
#etc/rc.d/init.d/vdr
#etc/rc.d/init.d/vdradmin
etc/rc.d/rc0.d/K51vnstat
etc/rc.d/rc0.d/K78snort
etc/rc.d/rc0.d/K79leds
+etc/rc.d/rc6.d/K79unbound
etc/rc.d/rc0.d/K80network
etc/rc.d/rc0.d/K82wlanclient
#etc/rc.d/rc0.d/K84bluetooth
etc/rc.d/rc3.d/S19smartenabler
etc/rc.d/rc3.d/S19wlanclient
etc/rc.d/rc3.d/S20network
+etc/rc.d/rc3.d/S21unbound
etc/rc.d/rc3.d/S21leds
etc/rc.d/rc3.d/S24cyrus-sasl
etc/rc.d/rc3.d/S25random
etc/rc.d/rc6.d/K51vnstat
etc/rc.d/rc6.d/K78snort
etc/rc.d/rc6.d/K79leds
+etc/rc.d/rc6.d/K79unbound
etc/rc.d/rc6.d/K80network
etc/rc.d/rc6.d/K82wlanclient
#etc/rc.d/rc6.d/K84bluetooth
+++ /dev/null
-usr/sbin/dnsmasq
-#usr/share/man/man8/dnsmasq.8
#usr/share/info/gnupg1.info
#usr/share/man/man1/gpg-zip.1
#usr/share/man/man1/gpg.1
-#usr/share/man/man1/gpg.ru.1
#usr/share/man/man1/gpgv.1
-#usr/share/man/man7/gnupg.7
etc/rc.d/init.d/dhcp
etc/rc.d/init.d/dhcrelay
#etc/rc.d/init.d/dnsdist
-etc/rc.d/init.d/dnsmasq
etc/rc.d/init.d/fcron
#etc/rc.d/init.d/fetchmail
etc/rc.d/init.d/fireinfo
etc/rc.d/init.d/networking/orange
etc/rc.d/init.d/networking/red
#etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-RS-dnsmasq
+etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
etc/rc.d/init.d/networking/red.down/10-ipsec
etc/rc.d/init.d/networking/red.down/10-miniupnpd
etc/rc.d/init.d/networking/red.down/10-ovpn
etc/rc.d/init.d/networking/red.down/20-firewall
#etc/rc.d/init.d/networking/red.up
etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
-etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
+etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
#etc/rc.d/init.d/transmission
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
+etc/rc.d/init.d/unbound
etc/rc.d/init.d/upnpd
#etc/rc.d/init.d/vdr
#etc/rc.d/init.d/vdradmin
+#etc/rc.d/init.d/virtlogd
etc/rc.d/init.d/vnstat
#etc/rc.d/init.d/vsftpd
etc/rc.d/init.d/waitdrives
etc/rc.d/rc0.d/K51vnstat
etc/rc.d/rc0.d/K78snort
etc/rc.d/rc0.d/K79leds
+etc/rc.d/rc6.d/K79unbound
etc/rc.d/rc0.d/K80network
etc/rc.d/rc0.d/K82wlanclient
#etc/rc.d/rc0.d/K84bluetooth
etc/rc.d/rc3.d/S19smartenabler
etc/rc.d/rc3.d/S19wlanclient
etc/rc.d/rc3.d/S20network
+etc/rc.d/rc3.d/S21unbound
etc/rc.d/rc3.d/S21leds
etc/rc.d/rc3.d/S24cyrus-sasl
etc/rc.d/rc3.d/S25random
etc/rc.d/rc6.d/K51vnstat
etc/rc.d/rc6.d/K78snort
etc/rc.d/rc6.d/K79leds
+etc/rc.d/rc6.d/K79unbound
etc/rc.d/rc6.d/K80network
etc/rc.d/rc6.d/K82wlanclient
#etc/rc.d/rc6.d/K84bluetooth
#usr/lib/libgcrypt.la
#usr/lib/libgcrypt.so
usr/lib/libgcrypt.so.20
-usr/lib/libgcrypt.so.20.0.4
+usr/lib/libgcrypt.so.20.1.3
#usr/share/aclocal/libgcrypt.m4
#usr/share/info/gcrypt.info
#usr/share/man/man1/hmac256.1
#usr/lib/libgpg-error.la
#usr/lib/libgpg-error.so
usr/lib/libgpg-error.so.0
-usr/lib/libgpg-error.so.0.16.0
+usr/lib/libgpg-error.so.0.19.1
#usr/share/aclocal/gpg-error.m4
#usr/share/common-lisp
#usr/share/common-lisp/source
usr/local/bin/collectdctrl
usr/local/bin/ddnsctrl
usr/local/bin/dhcpctrl
-usr/local/bin/dnsmasqctrl
usr/local/bin/extrahdctrl
usr/local/bin/fireinfoctrl
usr/local/bin/getconntracktable
usr/local/bin/syslogdctrl
usr/local/bin/timectrl
#usr/local/bin/torctrl
+usr/local/bin/unboundctrl
usr/local/bin/updxlratorctrl
usr/local/bin/upnpctrl
usr/local/bin/urlfilterctrl
--- /dev/null
+#usr/lib/python2.7/site-packages/daemon
+usr/lib/python2.7/site-packages/daemon/__init__.py
+usr/lib/python2.7/site-packages/daemon/__init__.pyc
+usr/lib/python2.7/site-packages/daemon/_metadata.py
+usr/lib/python2.7/site-packages/daemon/_metadata.pyc
+usr/lib/python2.7/site-packages/daemon/daemon.py
+usr/lib/python2.7/site-packages/daemon/daemon.pyc
+usr/lib/python2.7/site-packages/daemon/pidfile.py
+usr/lib/python2.7/site-packages/daemon/pidfile.pyc
+usr/lib/python2.7/site-packages/daemon/runner.py
+usr/lib/python2.7/site-packages/daemon/runner.pyc
+#usr/lib/python2.7/site-packages/python_daemon-2.1.1-py2.7.egg-info
+#usr/lib/python2.7/site-packages/python_daemon-2.1.1-py2.7.egg-info/PKG-INFO
+#usr/lib/python2.7/site-packages/python_daemon-2.1.1-py2.7.egg-info/SOURCES.txt
+#usr/lib/python2.7/site-packages/python_daemon-2.1.1-py2.7.egg-info/dependency_links.txt
+#usr/lib/python2.7/site-packages/python_daemon-2.1.1-py2.7.egg-info/not-zip-safe
+#usr/lib/python2.7/site-packages/python_daemon-2.1.1-py2.7.egg-info/requires.txt
+#usr/lib/python2.7/site-packages/python_daemon-2.1.1-py2.7.egg-info/top_level.txt
+#usr/lib/python2.7/site-packages/python_daemon-2.1.1-py2.7.egg-info/version_info.json
--- /dev/null
+#usr/bin/rst2html.py
+#usr/bin/rst2latex.py
+#usr/bin/rst2man.py
+#usr/bin/rst2odt.py
+#usr/bin/rst2odt_prepstyles.py
+#usr/bin/rst2pseudoxml.py
+#usr/bin/rst2s5.py
+#usr/bin/rst2xetex.py
+#usr/bin/rst2xml.py
+#usr/bin/rstpep2html.py
+#usr/lib/python2.7/site-packages/docutils
+#usr/lib/python2.7/site-packages/docutils-0.12-py2.7.egg-info
+#usr/lib/python2.7/site-packages/docutils/__init__.py
+#usr/lib/python2.7/site-packages/docutils/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/_compat.py
+#usr/lib/python2.7/site-packages/docutils/_compat.pyc
+#usr/lib/python2.7/site-packages/docutils/core.py
+#usr/lib/python2.7/site-packages/docutils/core.pyc
+#usr/lib/python2.7/site-packages/docutils/examples.py
+#usr/lib/python2.7/site-packages/docutils/examples.pyc
+#usr/lib/python2.7/site-packages/docutils/frontend.py
+#usr/lib/python2.7/site-packages/docutils/frontend.pyc
+#usr/lib/python2.7/site-packages/docutils/io.py
+#usr/lib/python2.7/site-packages/docutils/io.pyc
+#usr/lib/python2.7/site-packages/docutils/languages
+#usr/lib/python2.7/site-packages/docutils/languages/__init__.py
+#usr/lib/python2.7/site-packages/docutils/languages/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/af.py
+#usr/lib/python2.7/site-packages/docutils/languages/af.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/ca.py
+#usr/lib/python2.7/site-packages/docutils/languages/ca.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/cs.py
+#usr/lib/python2.7/site-packages/docutils/languages/cs.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/da.py
+#usr/lib/python2.7/site-packages/docutils/languages/da.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/de.py
+#usr/lib/python2.7/site-packages/docutils/languages/de.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/en.py
+#usr/lib/python2.7/site-packages/docutils/languages/en.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/eo.py
+#usr/lib/python2.7/site-packages/docutils/languages/eo.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/es.py
+#usr/lib/python2.7/site-packages/docutils/languages/es.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/fi.py
+#usr/lib/python2.7/site-packages/docutils/languages/fi.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/fr.py
+#usr/lib/python2.7/site-packages/docutils/languages/fr.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/gl.py
+#usr/lib/python2.7/site-packages/docutils/languages/gl.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/he.py
+#usr/lib/python2.7/site-packages/docutils/languages/he.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/it.py
+#usr/lib/python2.7/site-packages/docutils/languages/it.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/ja.py
+#usr/lib/python2.7/site-packages/docutils/languages/ja.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/lt.py
+#usr/lib/python2.7/site-packages/docutils/languages/lt.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/nl.py
+#usr/lib/python2.7/site-packages/docutils/languages/nl.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/pl.py
+#usr/lib/python2.7/site-packages/docutils/languages/pl.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/pt_br.py
+#usr/lib/python2.7/site-packages/docutils/languages/pt_br.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/ru.py
+#usr/lib/python2.7/site-packages/docutils/languages/ru.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/sk.py
+#usr/lib/python2.7/site-packages/docutils/languages/sk.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/sv.py
+#usr/lib/python2.7/site-packages/docutils/languages/sv.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/zh_cn.py
+#usr/lib/python2.7/site-packages/docutils/languages/zh_cn.pyc
+#usr/lib/python2.7/site-packages/docutils/languages/zh_tw.py
+#usr/lib/python2.7/site-packages/docutils/languages/zh_tw.pyc
+#usr/lib/python2.7/site-packages/docutils/nodes.py
+#usr/lib/python2.7/site-packages/docutils/nodes.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers
+#usr/lib/python2.7/site-packages/docutils/parsers/__init__.py
+#usr/lib/python2.7/site-packages/docutils/parsers/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/null.py
+#usr/lib/python2.7/site-packages/docutils/parsers/null.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/__init__.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/__init__.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/admonitions.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/admonitions.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/body.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/body.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/html.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/html.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/images.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/images.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/misc.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/misc.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/parts.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/parts.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/references.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/references.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/tables.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/directives/tables.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/README.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isoamsa.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isoamsb.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isoamsc.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isoamsn.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isoamso.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isoamsr.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isobox.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isocyr1.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isocyr2.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isodia.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isogrk1.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isogrk2.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isogrk3.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isogrk4-wide.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isogrk4.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isolat1.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isolat2.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isomfrk-wide.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isomfrk.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isomopf-wide.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isomopf.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isomscr-wide.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isomscr.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isonum.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isopub.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/isotech.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/mmlalias.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/mmlextra-wide.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/mmlextra.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/s5defs.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/xhtml1-lat1.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/xhtml1-special.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/include/xhtml1-symbol.txt
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/__init__.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/af.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/af.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/ca.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/ca.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/cs.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/cs.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/da.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/da.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/de.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/de.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/en.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/en.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/eo.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/eo.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/es.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/es.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/fi.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/fi.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/fr.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/fr.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/gl.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/gl.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/he.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/he.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/it.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/it.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/ja.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/ja.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/lt.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/lt.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/nl.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/nl.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/pl.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/pl.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/pt_br.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/pt_br.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/ru.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/ru.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/sk.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/sk.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/sv.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/sv.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/zh_cn.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/zh_cn.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/zh_tw.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/languages/zh_tw.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/roles.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/roles.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/states.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/states.pyc
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/tableparser.py
+#usr/lib/python2.7/site-packages/docutils/parsers/rst/tableparser.pyc
+#usr/lib/python2.7/site-packages/docutils/readers
+#usr/lib/python2.7/site-packages/docutils/readers/__init__.py
+#usr/lib/python2.7/site-packages/docutils/readers/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/readers/doctree.py
+#usr/lib/python2.7/site-packages/docutils/readers/doctree.pyc
+#usr/lib/python2.7/site-packages/docutils/readers/pep.py
+#usr/lib/python2.7/site-packages/docutils/readers/pep.pyc
+#usr/lib/python2.7/site-packages/docutils/readers/standalone.py
+#usr/lib/python2.7/site-packages/docutils/readers/standalone.pyc
+#usr/lib/python2.7/site-packages/docutils/statemachine.py
+#usr/lib/python2.7/site-packages/docutils/statemachine.pyc
+#usr/lib/python2.7/site-packages/docutils/transforms
+#usr/lib/python2.7/site-packages/docutils/transforms/__init__.py
+#usr/lib/python2.7/site-packages/docutils/transforms/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/transforms/components.py
+#usr/lib/python2.7/site-packages/docutils/transforms/components.pyc
+#usr/lib/python2.7/site-packages/docutils/transforms/frontmatter.py
+#usr/lib/python2.7/site-packages/docutils/transforms/frontmatter.pyc
+#usr/lib/python2.7/site-packages/docutils/transforms/misc.py
+#usr/lib/python2.7/site-packages/docutils/transforms/misc.pyc
+#usr/lib/python2.7/site-packages/docutils/transforms/parts.py
+#usr/lib/python2.7/site-packages/docutils/transforms/parts.pyc
+#usr/lib/python2.7/site-packages/docutils/transforms/peps.py
+#usr/lib/python2.7/site-packages/docutils/transforms/peps.pyc
+#usr/lib/python2.7/site-packages/docutils/transforms/references.py
+#usr/lib/python2.7/site-packages/docutils/transforms/references.pyc
+#usr/lib/python2.7/site-packages/docutils/transforms/universal.py
+#usr/lib/python2.7/site-packages/docutils/transforms/universal.pyc
+#usr/lib/python2.7/site-packages/docutils/transforms/writer_aux.py
+#usr/lib/python2.7/site-packages/docutils/transforms/writer_aux.pyc
+#usr/lib/python2.7/site-packages/docutils/utils
+#usr/lib/python2.7/site-packages/docutils/utils/__init__.py
+#usr/lib/python2.7/site-packages/docutils/utils/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/code_analyzer.py
+#usr/lib/python2.7/site-packages/docutils/utils/code_analyzer.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/error_reporting.py
+#usr/lib/python2.7/site-packages/docutils/utils/error_reporting.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/math
+#usr/lib/python2.7/site-packages/docutils/utils/math/__init__.py
+#usr/lib/python2.7/site-packages/docutils/utils/math/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/math/latex2mathml.py
+#usr/lib/python2.7/site-packages/docutils/utils/math/latex2mathml.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/math/math2html.py
+#usr/lib/python2.7/site-packages/docutils/utils/math/math2html.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/math/tex2unichar.py
+#usr/lib/python2.7/site-packages/docutils/utils/math/tex2unichar.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/math/unichar2tex.py
+#usr/lib/python2.7/site-packages/docutils/utils/math/unichar2tex.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/punctuation_chars.py
+#usr/lib/python2.7/site-packages/docutils/utils/punctuation_chars.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/roman.py
+#usr/lib/python2.7/site-packages/docutils/utils/roman.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/smartquotes.py
+#usr/lib/python2.7/site-packages/docutils/utils/smartquotes.pyc
+#usr/lib/python2.7/site-packages/docutils/utils/urischemes.py
+#usr/lib/python2.7/site-packages/docutils/utils/urischemes.pyc
+#usr/lib/python2.7/site-packages/docutils/writers
+#usr/lib/python2.7/site-packages/docutils/writers/__init__.py
+#usr/lib/python2.7/site-packages/docutils/writers/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/docutils_xml.py
+#usr/lib/python2.7/site-packages/docutils/writers/docutils_xml.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/html4css1
+#usr/lib/python2.7/site-packages/docutils/writers/html4css1/__init__.py
+#usr/lib/python2.7/site-packages/docutils/writers/html4css1/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/html4css1/html4css1.css
+#usr/lib/python2.7/site-packages/docutils/writers/html4css1/math.css
+#usr/lib/python2.7/site-packages/docutils/writers/html4css1/template.txt
+#usr/lib/python2.7/site-packages/docutils/writers/latex2e
+#usr/lib/python2.7/site-packages/docutils/writers/latex2e/__init__.py
+#usr/lib/python2.7/site-packages/docutils/writers/latex2e/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/latex2e/default.tex
+#usr/lib/python2.7/site-packages/docutils/writers/latex2e/titlepage.tex
+#usr/lib/python2.7/site-packages/docutils/writers/latex2e/xelatex.tex
+#usr/lib/python2.7/site-packages/docutils/writers/manpage.py
+#usr/lib/python2.7/site-packages/docutils/writers/manpage.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/null.py
+#usr/lib/python2.7/site-packages/docutils/writers/null.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/odf_odt
+#usr/lib/python2.7/site-packages/docutils/writers/odf_odt/__init__.py
+#usr/lib/python2.7/site-packages/docutils/writers/odf_odt/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/odf_odt/pygmentsformatter.py
+#usr/lib/python2.7/site-packages/docutils/writers/odf_odt/pygmentsformatter.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/odf_odt/styles.odt
+#usr/lib/python2.7/site-packages/docutils/writers/pep_html
+#usr/lib/python2.7/site-packages/docutils/writers/pep_html/__init__.py
+#usr/lib/python2.7/site-packages/docutils/writers/pep_html/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/pep_html/pep.css
+#usr/lib/python2.7/site-packages/docutils/writers/pep_html/template.txt
+#usr/lib/python2.7/site-packages/docutils/writers/pseudoxml.py
+#usr/lib/python2.7/site-packages/docutils/writers/pseudoxml.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/__init__.py
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/__init__.pyc
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/README.txt
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/big-black
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/big-black/__base__
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/big-black/framing.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/big-black/pretty.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/big-white
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/big-white/framing.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/big-white/pretty.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default/blank.gif
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default/framing.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default/iepngfix.htc
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default/opera.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default/outline.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default/pretty.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default/print.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default/s5-core.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default/slides.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/default/slides.js
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/medium-black
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/medium-black/__base__
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/medium-black/pretty.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/medium-white
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/medium-white/framing.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/medium-white/pretty.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/small-black
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/small-black/__base__
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/small-black/pretty.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/small-white
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/small-white/framing.css
+#usr/lib/python2.7/site-packages/docutils/writers/s5_html/themes/small-white/pretty.css
+#usr/lib/python2.7/site-packages/docutils/writers/xetex
+#usr/lib/python2.7/site-packages/docutils/writers/xetex/__init__.py
+#usr/lib/python2.7/site-packages/docutils/writers/xetex/__init__.pyc
--- /dev/null
+#usr/lib/python2.7/site-packages/inotify
+#usr/lib/python2.7/site-packages/inotify-0.2.7-py2.7.egg-info
+#usr/lib/python2.7/site-packages/inotify-0.2.7-py2.7.egg-info/PKG-INFO
+#usr/lib/python2.7/site-packages/inotify-0.2.7-py2.7.egg-info/SOURCES.txt
+#usr/lib/python2.7/site-packages/inotify-0.2.7-py2.7.egg-info/dependency_links.txt
+#usr/lib/python2.7/site-packages/inotify-0.2.7-py2.7.egg-info/not-zip-safe
+#usr/lib/python2.7/site-packages/inotify-0.2.7-py2.7.egg-info/top_level.txt
+usr/lib/python2.7/site-packages/inotify/__init__.py
+usr/lib/python2.7/site-packages/inotify/__init__.pyc
+usr/lib/python2.7/site-packages/inotify/adapters.py
+usr/lib/python2.7/site-packages/inotify/adapters.pyc
+usr/lib/python2.7/site-packages/inotify/calls.py
+usr/lib/python2.7/site-packages/inotify/calls.pyc
+usr/lib/python2.7/site-packages/inotify/constants.py
+usr/lib/python2.7/site-packages/inotify/constants.pyc
+usr/lib/python2.7/site-packages/inotify/library.py
+usr/lib/python2.7/site-packages/inotify/library.pyc
+#usr/lib/python2.7/site-packages/inotify/resources
+#usr/lib/python2.7/site-packages/inotify/resources/README.rst
+#usr/lib/python2.7/site-packages/inotify/resources/requirements.txt
--- /dev/null
+etc/rc.d/init.d/unbound
+#etc/unbound
+etc/unbound/dhcp-leases.conf
+etc/unbound/forward.conf
+etc/unbound/icannbundle.pem
+etc/unbound/local.d
+etc/unbound/root.hints
+etc/unbound/unbound.conf
+#usr/include/unbound.h
+#usr/lib/libunbound.la
+#usr/lib/libunbound.so
+usr/lib/libunbound.so.2
+usr/lib/libunbound.so.2.4.1
+usr/sbin/unbound
+usr/sbin/unbound-anchor
+usr/sbin/unbound-checkconf
+usr/sbin/unbound-control
+usr/sbin/unbound-control-setup
+usr/sbin/unbound-dhcp-leases-bridge
+usr/sbin/unbound-host
+#usr/share/man/man1/unbound-host.1
+#usr/share/man/man3/libunbound.3
+#usr/share/man/man3/ub_cancel.3
+#usr/share/man/man3/ub_ctx.3
+#usr/share/man/man3/ub_ctx_add_ta.3
+#usr/share/man/man3/ub_ctx_add_ta_file.3
+#usr/share/man/man3/ub_ctx_async.3
+#usr/share/man/man3/ub_ctx_config.3
+#usr/share/man/man3/ub_ctx_create.3
+#usr/share/man/man3/ub_ctx_data_add.3
+#usr/share/man/man3/ub_ctx_data_remove.3
+#usr/share/man/man3/ub_ctx_debuglevel.3
+#usr/share/man/man3/ub_ctx_debugout.3
+#usr/share/man/man3/ub_ctx_delete.3
+#usr/share/man/man3/ub_ctx_get_option.3
+#usr/share/man/man3/ub_ctx_hosts.3
+#usr/share/man/man3/ub_ctx_print_local_zones.3
+#usr/share/man/man3/ub_ctx_resolvconf.3
+#usr/share/man/man3/ub_ctx_set_fwd.3
+#usr/share/man/man3/ub_ctx_set_option.3
+#usr/share/man/man3/ub_ctx_trustedkeys.3
+#usr/share/man/man3/ub_ctx_zone_add.3
+#usr/share/man/man3/ub_ctx_zone_remove.3
+#usr/share/man/man3/ub_fd.3
+#usr/share/man/man3/ub_poll.3
+#usr/share/man/man3/ub_process.3
+#usr/share/man/man3/ub_resolve.3
+#usr/share/man/man3/ub_resolve_async.3
+#usr/share/man/man3/ub_resolve_free.3
+#usr/share/man/man3/ub_result.3
+#usr/share/man/man3/ub_strerror.3
+#usr/share/man/man3/ub_wait.3
+#usr/share/man/man5/unbound.conf.5
+#usr/share/man/man8/unbound-anchor.8
+#usr/share/man/man8/unbound-checkconf.8
+#usr/share/man/man8/unbound-control-setup.8
+#usr/share/man/man8/unbound-control.8
+#usr/share/man/man8/unbound.8
+var/lib/unbound
+var/lib/unbound/root.key
etc/rc.d/init.d/dhcp
etc/rc.d/init.d/dhcrelay
#etc/rc.d/init.d/dnsdist
-etc/rc.d/init.d/dnsmasq
etc/rc.d/init.d/fcron
#etc/rc.d/init.d/fetchmail
etc/rc.d/init.d/fireinfo
etc/rc.d/init.d/networking/orange
etc/rc.d/init.d/networking/red
#etc/rc.d/init.d/networking/red.down
-etc/rc.d/init.d/networking/red.down/05-RS-dnsmasq
+etc/rc.d/init.d/networking/red.down/05-update-dns-forwarders
etc/rc.d/init.d/networking/red.down/10-ipsec
etc/rc.d/init.d/networking/red.down/10-miniupnpd
etc/rc.d/init.d/networking/red.down/10-ovpn
etc/rc.d/init.d/networking/red.down/20-firewall
#etc/rc.d/init.d/networking/red.up
etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
-etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
+etc/rc.d/init.d/networking/red.up/05-update-dns-forwarders
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
#etc/rc.d/init.d/transmission
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
+etc/rc.d/init.d/unbound
etc/rc.d/init.d/upnpd
#etc/rc.d/init.d/vdr
#etc/rc.d/init.d/vdradmin
+#etc/rc.d/init.d/virtlogd
etc/rc.d/init.d/vnstat
#etc/rc.d/init.d/vsftpd
etc/rc.d/init.d/waitdrives
etc/rc.d/rc0.d/K51vnstat
etc/rc.d/rc0.d/K78snort
etc/rc.d/rc0.d/K79leds
+etc/rc.d/rc6.d/K79unbound
etc/rc.d/rc0.d/K80network
etc/rc.d/rc0.d/K82wlanclient
#etc/rc.d/rc0.d/K84bluetooth
etc/rc.d/rc3.d/S19smartenabler
etc/rc.d/rc3.d/S19wlanclient
etc/rc.d/rc3.d/S20network
+etc/rc.d/rc3.d/S21unbound
etc/rc.d/rc3.d/S21leds
etc/rc.d/rc3.d/S24cyrus-sasl
etc/rc.d/rc3.d/S25random
etc/rc.d/rc6.d/K51vnstat
etc/rc.d/rc6.d/K78snort
etc/rc.d/rc6.d/K79leds
+etc/rc.d/rc6.d/K79unbound
etc/rc.d/rc6.d/K80network
etc/rc.d/rc6.d/K82wlanclient
#etc/rc.d/rc6.d/K84bluetooth
#usr/lib/libassuan.la
usr/lib/libassuan.so
usr/lib/libassuan.so.0
-usr/lib/libassuan.so.0.5.0
+usr/lib/libassuan.so.0.7.3
#usr/share/aclocal/libassuan.m4
#usr/share/info/assuan.info
#etc/libvirt
+etc/libvirt/libvirt-admin.conf
etc/libvirt/libvirt.conf
etc/libvirt/libvirtd.conf
#etc/libvirt/nwfilter
#etc/libvirt/nwfilter/qemu-announce-self.xml
etc/libvirt/qemu-lockd.conf
etc/libvirt/qemu.conf
+etc/libvirt/virt-login-shell.conf
etc/libvirt/virtlockd.conf
+etc/libvirt/virtlogd.conf
etc/logrotate.d/libvirtd
etc/logrotate.d/libvirtd.libxl
#etc/logrotate.d/libvirtd.lxc
#etc/logrotate.d/libvirtd.uml
etc/rc.d/init.d/libvirt-guests
etc/rc.d/init.d/libvirtd
+etc/rc.d/init.d/virtlogd
usr/bin/virsh
+usr/bin/virt-admin
usr/bin/virt-host-validate
+usr/bin/virt-login-shell
usr/bin/virt-pki-validate
usr/bin/virt-xml-validate
#usr/include/libvirt
+#usr/include/libvirt/libvirt-admin.h
+#usr/include/libvirt/libvirt-common.h
#usr/include/libvirt/libvirt-domain-snapshot.h
#usr/include/libvirt/libvirt-domain.h
#usr/include/libvirt/libvirt-event.h
#usr/include/libvirt/libvirt-stream.h
#usr/include/libvirt/libvirt.h
#usr/include/libvirt/virterror.h
+#usr/lib/libnss_libvirt.la
+usr/lib/libnss_libvirt.so.2
#usr/lib/libvirt
#usr/lib/libvirt-admin.la
#usr/lib/libvirt-admin.so
usr/lib/libvirt-admin.so.0
-usr/lib/libvirt-admin.so.0.1002.18
+usr/lib/libvirt-admin.so.0.2001.0
#usr/lib/libvirt-lxc.la
#usr/lib/libvirt-lxc.so
usr/lib/libvirt-lxc.so.0
-usr/lib/libvirt-lxc.so.0.1002.18
+usr/lib/libvirt-lxc.so.0.2001.0
#usr/lib/libvirt-qemu.la
#usr/lib/libvirt-qemu.so
usr/lib/libvirt-qemu.so.0
-usr/lib/libvirt-qemu.so.0.1002.18
+usr/lib/libvirt-qemu.so.0.2001.0
#usr/lib/libvirt.la
#usr/lib/libvirt.so
usr/lib/libvirt.so.0
-usr/lib/libvirt.so.0.1002.18
+usr/lib/libvirt.so.0.2001.0
#usr/lib/libvirt/connection-driver
#usr/lib/libvirt/connection-driver/libvirt_driver_interface.la
usr/lib/libvirt/connection-driver/libvirt_driver_interface.so
#usr/lib/libvirt/lock-driver
#usr/lib/libvirt/lock-driver/lockd.la
usr/lib/libvirt/lock-driver/lockd.so
+#usr/lib/pkgconfig/libvirt-admin.pc
#usr/lib/pkgconfig/libvirt-lxc.pc
#usr/lib/pkgconfig/libvirt-qemu.pc
#usr/lib/pkgconfig/libvirt.pc
usr/libexec/libvirt_iohelper
usr/sbin/libvirtd
usr/sbin/virtlockd
+usr/sbin/virtlogd
#usr/share/augeas
#usr/share/augeas/lenses
#usr/share/augeas/lenses/libvirt_lockd.aug
#usr/share/augeas/lenses/tests/test_libvirtd.aug
#usr/share/augeas/lenses/tests/test_libvirtd_qemu.aug
#usr/share/augeas/lenses/tests/test_virtlockd.aug
+#usr/share/augeas/lenses/tests/test_virtlogd.aug
#usr/share/augeas/lenses/virtlockd.aug
-#usr/share/doc/libvirt-1.2.18.3
-#usr/share/doc/libvirt-1.2.18.3/html
-#usr/share/doc/libvirt-1.2.18.3/html/32favicon.png
-#usr/share/doc/libvirt-1.2.18.3/html/404.html
-#usr/share/doc/libvirt-1.2.18.3/html/acl.html
-#usr/share/doc/libvirt-1.2.18.3/html/aclpolkit.html
-#usr/share/doc/libvirt-1.2.18.3/html/api.html
-#usr/share/doc/libvirt-1.2.18.3/html/api_extension.html
-#usr/share/doc/libvirt-1.2.18.3/html/apps.html
-#usr/share/doc/libvirt-1.2.18.3/html/archdomain.html
-#usr/share/doc/libvirt-1.2.18.3/html/architecture.gif
-#usr/share/doc/libvirt-1.2.18.3/html/architecture.html
-#usr/share/doc/libvirt-1.2.18.3/html/archnetwork.html
-#usr/share/doc/libvirt-1.2.18.3/html/archnode.html
-#usr/share/doc/libvirt-1.2.18.3/html/archstorage.html
-#usr/share/doc/libvirt-1.2.18.3/html/auditlog.html
-#usr/share/doc/libvirt-1.2.18.3/html/auth.html
-#usr/share/doc/libvirt-1.2.18.3/html/bindings.html
-#usr/share/doc/libvirt-1.2.18.3/html/bugs.html
-#usr/share/doc/libvirt-1.2.18.3/html/cgroups.html
-#usr/share/doc/libvirt-1.2.18.3/html/compiling.html
-#usr/share/doc/libvirt-1.2.18.3/html/contact.html
-#usr/share/doc/libvirt-1.2.18.3/html/csharp.html
-#usr/share/doc/libvirt-1.2.18.3/html/deployment.html
-#usr/share/doc/libvirt-1.2.18.3/html/devguide.html
-#usr/share/doc/libvirt-1.2.18.3/html/docs.html
-#usr/share/doc/libvirt-1.2.18.3/html/downloads.html
-#usr/share/doc/libvirt-1.2.18.3/html/drivers.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvbhyve.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvesx.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvhyperv.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvlxc.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvopenvz.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvparallels.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvphyp.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvqemu.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvremote.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvtest.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvuml.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvvbox.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvvmware.html
-#usr/share/doc/libvirt-1.2.18.3/html/drvxen.html
-#usr/share/doc/libvirt-1.2.18.3/html/errors.html
-#usr/share/doc/libvirt-1.2.18.3/html/et.png
-#usr/share/doc/libvirt-1.2.18.3/html/firewall.html
-#usr/share/doc/libvirt-1.2.18.3/html/footer_corner.png
-#usr/share/doc/libvirt-1.2.18.3/html/footer_pattern.png
-#usr/share/doc/libvirt-1.2.18.3/html/format.html
-#usr/share/doc/libvirt-1.2.18.3/html/formatcaps.html
-#usr/share/doc/libvirt-1.2.18.3/html/formatdomain.html
-#usr/share/doc/libvirt-1.2.18.3/html/formatdomaincaps.html
-#usr/share/doc/libvirt-1.2.18.3/html/formatnetwork.html
-#usr/share/doc/libvirt-1.2.18.3/html/formatnode.html
-#usr/share/doc/libvirt-1.2.18.3/html/formatnwfilter.html
-#usr/share/doc/libvirt-1.2.18.3/html/formatsecret.html
-#usr/share/doc/libvirt-1.2.18.3/html/formatsnapshot.html
-#usr/share/doc/libvirt-1.2.18.3/html/formatstorage.html
-#usr/share/doc/libvirt-1.2.18.3/html/formatstorageencryption.html
-#usr/share/doc/libvirt-1.2.18.3/html/generic.css
-#usr/share/doc/libvirt-1.2.18.3/html/goals.html
-#usr/share/doc/libvirt-1.2.18.3/html/governance.html
-#usr/share/doc/libvirt-1.2.18.3/html/hacking.html
-#usr/share/doc/libvirt-1.2.18.3/html/hooks.html
-#usr/share/doc/libvirt-1.2.18.3/html/html
-#usr/share/doc/libvirt-1.2.18.3/html/html/home.png
-#usr/share/doc/libvirt-1.2.18.3/html/html/index.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/left.png
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-domain-snapshot.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-domain.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-event.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-host.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-interface.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-network.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-nodedev.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-nwfilter.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-secret.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-storage.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-libvirt-stream.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/libvirt-virterror.html
-#usr/share/doc/libvirt-1.2.18.3/html/html/right.png
-#usr/share/doc/libvirt-1.2.18.3/html/html/up.png
-#usr/share/doc/libvirt-1.2.18.3/html/hvsupport.html
-#usr/share/doc/libvirt-1.2.18.3/html/index.html
-#usr/share/doc/libvirt-1.2.18.3/html/internals
-#usr/share/doc/libvirt-1.2.18.3/html/internals.html
-#usr/share/doc/libvirt-1.2.18.3/html/internals/command.html
-#usr/share/doc/libvirt-1.2.18.3/html/internals/locking.html
-#usr/share/doc/libvirt-1.2.18.3/html/internals/oomtesting.html
-#usr/share/doc/libvirt-1.2.18.3/html/internals/rpc.html
-#usr/share/doc/libvirt-1.2.18.3/html/intro.html
-#usr/share/doc/libvirt-1.2.18.3/html/java.html
-#usr/share/doc/libvirt-1.2.18.3/html/libvirt-daemon-arch.png
-#usr/share/doc/libvirt-1.2.18.3/html/libvirt-driver-arch.png
-#usr/share/doc/libvirt-1.2.18.3/html/libvirt-header-bg.png
-#usr/share/doc/libvirt-1.2.18.3/html/libvirt-header-logo.png
-#usr/share/doc/libvirt-1.2.18.3/html/libvirt-net-logical.png
-#usr/share/doc/libvirt-1.2.18.3/html/libvirt-net-physical.png
-#usr/share/doc/libvirt-1.2.18.3/html/libvirt-object-model.png
-#usr/share/doc/libvirt-1.2.18.3/html/libvirt.css
-#usr/share/doc/libvirt-1.2.18.3/html/libvirtLogo.png
-#usr/share/doc/libvirt-1.2.18.3/html/locking-lockd.html
-#usr/share/doc/libvirt-1.2.18.3/html/locking-sanlock.html
-#usr/share/doc/libvirt-1.2.18.3/html/locking.html
-#usr/share/doc/libvirt-1.2.18.3/html/logging.html
-#usr/share/doc/libvirt-1.2.18.3/html/madeWith.png
-#usr/share/doc/libvirt-1.2.18.3/html/main.css
-#usr/share/doc/libvirt-1.2.18.3/html/migration-managed-direct.png
-#usr/share/doc/libvirt-1.2.18.3/html/migration-managed-p2p.png
-#usr/share/doc/libvirt-1.2.18.3/html/migration-native.png
-#usr/share/doc/libvirt-1.2.18.3/html/migration-tunnel.png
-#usr/share/doc/libvirt-1.2.18.3/html/migration-unmanaged-direct.png
-#usr/share/doc/libvirt-1.2.18.3/html/migration.html
-#usr/share/doc/libvirt-1.2.18.3/html/news.html
-#usr/share/doc/libvirt-1.2.18.3/html/node.gif
-#usr/share/doc/libvirt-1.2.18.3/html/pending.html
-#usr/share/doc/libvirt-1.2.18.3/html/php.html
-#usr/share/doc/libvirt-1.2.18.3/html/python.html
-#usr/share/doc/libvirt-1.2.18.3/html/relatedlinks.html
-#usr/share/doc/libvirt-1.2.18.3/html/remote.html
-#usr/share/doc/libvirt-1.2.18.3/html/secureusage.html
-#usr/share/doc/libvirt-1.2.18.3/html/securityprocess.html
-#usr/share/doc/libvirt-1.2.18.3/html/sitemap.html
-#usr/share/doc/libvirt-1.2.18.3/html/storage.html
-#usr/share/doc/libvirt-1.2.18.3/html/testapi.html
-#usr/share/doc/libvirt-1.2.18.3/html/testsuites.html
-#usr/share/doc/libvirt-1.2.18.3/html/testtck.html
-#usr/share/doc/libvirt-1.2.18.3/html/todo.html
-#usr/share/doc/libvirt-1.2.18.3/html/uri.html
-#usr/share/doc/libvirt-1.2.18.3/html/virshcmdref.html
-#usr/share/doc/libvirt-1.2.18.3/html/windows.html
+#usr/share/augeas/lenses/virtlogd.aug
+#usr/share/doc/libvirt-2.1.0
+#usr/share/doc/libvirt-2.1.0/html
+#usr/share/doc/libvirt-2.1.0/html/32favicon.png
+#usr/share/doc/libvirt-2.1.0/html/404.html
+#usr/share/doc/libvirt-2.1.0/html/acl.html
+#usr/share/doc/libvirt-2.1.0/html/aclpolkit.html
+#usr/share/doc/libvirt-2.1.0/html/api.html
+#usr/share/doc/libvirt-2.1.0/html/api_extension.html
+#usr/share/doc/libvirt-2.1.0/html/apps.html
+#usr/share/doc/libvirt-2.1.0/html/archdomain.html
+#usr/share/doc/libvirt-2.1.0/html/architecture.gif
+#usr/share/doc/libvirt-2.1.0/html/architecture.html
+#usr/share/doc/libvirt-2.1.0/html/archnetwork.html
+#usr/share/doc/libvirt-2.1.0/html/archnode.html
+#usr/share/doc/libvirt-2.1.0/html/archstorage.html
+#usr/share/doc/libvirt-2.1.0/html/auditlog.html
+#usr/share/doc/libvirt-2.1.0/html/auth.html
+#usr/share/doc/libvirt-2.1.0/html/bindings.html
+#usr/share/doc/libvirt-2.1.0/html/bugs.html
+#usr/share/doc/libvirt-2.1.0/html/cgroups.html
+#usr/share/doc/libvirt-2.1.0/html/compiling.html
+#usr/share/doc/libvirt-2.1.0/html/contact.html
+#usr/share/doc/libvirt-2.1.0/html/csharp.html
+#usr/share/doc/libvirt-2.1.0/html/deployment.html
+#usr/share/doc/libvirt-2.1.0/html/devguide.html
+#usr/share/doc/libvirt-2.1.0/html/docs.html
+#usr/share/doc/libvirt-2.1.0/html/downloads.html
+#usr/share/doc/libvirt-2.1.0/html/drivers.html
+#usr/share/doc/libvirt-2.1.0/html/drvbhyve.html
+#usr/share/doc/libvirt-2.1.0/html/drvesx.html
+#usr/share/doc/libvirt-2.1.0/html/drvhyperv.html
+#usr/share/doc/libvirt-2.1.0/html/drvlxc.html
+#usr/share/doc/libvirt-2.1.0/html/drvopenvz.html
+#usr/share/doc/libvirt-2.1.0/html/drvphyp.html
+#usr/share/doc/libvirt-2.1.0/html/drvqemu.html
+#usr/share/doc/libvirt-2.1.0/html/drvremote.html
+#usr/share/doc/libvirt-2.1.0/html/drvtest.html
+#usr/share/doc/libvirt-2.1.0/html/drvuml.html
+#usr/share/doc/libvirt-2.1.0/html/drvvbox.html
+#usr/share/doc/libvirt-2.1.0/html/drvvirtuozzo.html
+#usr/share/doc/libvirt-2.1.0/html/drvvmware.html
+#usr/share/doc/libvirt-2.1.0/html/drvxen.html
+#usr/share/doc/libvirt-2.1.0/html/errors.html
+#usr/share/doc/libvirt-2.1.0/html/firewall.html
+#usr/share/doc/libvirt-2.1.0/html/format.html
+#usr/share/doc/libvirt-2.1.0/html/formatcaps.html
+#usr/share/doc/libvirt-2.1.0/html/formatdomain.html
+#usr/share/doc/libvirt-2.1.0/html/formatdomaincaps.html
+#usr/share/doc/libvirt-2.1.0/html/formatnetwork.html
+#usr/share/doc/libvirt-2.1.0/html/formatnode.html
+#usr/share/doc/libvirt-2.1.0/html/formatnwfilter.html
+#usr/share/doc/libvirt-2.1.0/html/formatsecret.html
+#usr/share/doc/libvirt-2.1.0/html/formatsnapshot.html
+#usr/share/doc/libvirt-2.1.0/html/formatstorage.html
+#usr/share/doc/libvirt-2.1.0/html/formatstorageencryption.html
+#usr/share/doc/libvirt-2.1.0/html/generic.css
+#usr/share/doc/libvirt-2.1.0/html/goals.html
+#usr/share/doc/libvirt-2.1.0/html/governance.html
+#usr/share/doc/libvirt-2.1.0/html/hacking.html
+#usr/share/doc/libvirt-2.1.0/html/hooks.html
+#usr/share/doc/libvirt-2.1.0/html/html
+#usr/share/doc/libvirt-2.1.0/html/html/home.png
+#usr/share/doc/libvirt-2.1.0/html/html/index.html
+#usr/share/doc/libvirt-2.1.0/html/html/left.png
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-common.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-domain-snapshot.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-domain.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-event.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-host.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-interface.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-network.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-nodedev.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-nwfilter.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-secret.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-storage.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-libvirt-stream.html
+#usr/share/doc/libvirt-2.1.0/html/html/libvirt-virterror.html
+#usr/share/doc/libvirt-2.1.0/html/html/right.png
+#usr/share/doc/libvirt-2.1.0/html/html/up.png
+#usr/share/doc/libvirt-2.1.0/html/hvsupport.html
+#usr/share/doc/libvirt-2.1.0/html/index.html
+#usr/share/doc/libvirt-2.1.0/html/internals
+#usr/share/doc/libvirt-2.1.0/html/internals.html
+#usr/share/doc/libvirt-2.1.0/html/internals/command.html
+#usr/share/doc/libvirt-2.1.0/html/internals/eventloop.html
+#usr/share/doc/libvirt-2.1.0/html/internals/locking.html
+#usr/share/doc/libvirt-2.1.0/html/internals/oomtesting.html
+#usr/share/doc/libvirt-2.1.0/html/internals/rpc.html
+#usr/share/doc/libvirt-2.1.0/html/intro.html
+#usr/share/doc/libvirt-2.1.0/html/java.html
+#usr/share/doc/libvirt-2.1.0/html/libvirt-daemon-arch.png
+#usr/share/doc/libvirt-2.1.0/html/libvirt-driver-arch.png
+#usr/share/doc/libvirt-2.1.0/html/libvirt-header-bg.png
+#usr/share/doc/libvirt-2.1.0/html/libvirt-header-logo.png
+#usr/share/doc/libvirt-2.1.0/html/libvirt-net-logical.png
+#usr/share/doc/libvirt-2.1.0/html/libvirt-net-physical.png
+#usr/share/doc/libvirt-2.1.0/html/libvirt-object-model.png
+#usr/share/doc/libvirt-2.1.0/html/libvirt.css
+#usr/share/doc/libvirt-2.1.0/html/libvirtLogo.png
+#usr/share/doc/libvirt-2.1.0/html/locking-lockd.html
+#usr/share/doc/libvirt-2.1.0/html/locking-sanlock.html
+#usr/share/doc/libvirt-2.1.0/html/locking.html
+#usr/share/doc/libvirt-2.1.0/html/logging.html
+#usr/share/doc/libvirt-2.1.0/html/madeWith.png
+#usr/share/doc/libvirt-2.1.0/html/main.css
+#usr/share/doc/libvirt-2.1.0/html/migration-managed-direct.png
+#usr/share/doc/libvirt-2.1.0/html/migration-managed-p2p.png
+#usr/share/doc/libvirt-2.1.0/html/migration-native.png
+#usr/share/doc/libvirt-2.1.0/html/migration-tunnel.png
+#usr/share/doc/libvirt-2.1.0/html/migration-unmanaged-direct.png
+#usr/share/doc/libvirt-2.1.0/html/migration.html
+#usr/share/doc/libvirt-2.1.0/html/news-2005.html
+#usr/share/doc/libvirt-2.1.0/html/news-2006.html
+#usr/share/doc/libvirt-2.1.0/html/news-2007.html
+#usr/share/doc/libvirt-2.1.0/html/news-2008.html
+#usr/share/doc/libvirt-2.1.0/html/news-2009.html
+#usr/share/doc/libvirt-2.1.0/html/news-2010.html
+#usr/share/doc/libvirt-2.1.0/html/news-2011.html
+#usr/share/doc/libvirt-2.1.0/html/news-2012.html
+#usr/share/doc/libvirt-2.1.0/html/news-2013.html
+#usr/share/doc/libvirt-2.1.0/html/news-2014.html
+#usr/share/doc/libvirt-2.1.0/html/news-2015.html
+#usr/share/doc/libvirt-2.1.0/html/news.html
+#usr/share/doc/libvirt-2.1.0/html/node.gif
+#usr/share/doc/libvirt-2.1.0/html/nss.html
+#usr/share/doc/libvirt-2.1.0/html/pending.html
+#usr/share/doc/libvirt-2.1.0/html/php.html
+#usr/share/doc/libvirt-2.1.0/html/python.html
+#usr/share/doc/libvirt-2.1.0/html/relatedlinks.html
+#usr/share/doc/libvirt-2.1.0/html/remote.html
+#usr/share/doc/libvirt-2.1.0/html/secureusage.html
+#usr/share/doc/libvirt-2.1.0/html/securityprocess.html
+#usr/share/doc/libvirt-2.1.0/html/sitemap.html
+#usr/share/doc/libvirt-2.1.0/html/storage.html
+#usr/share/doc/libvirt-2.1.0/html/testapi.html
+#usr/share/doc/libvirt-2.1.0/html/testsuites.html
+#usr/share/doc/libvirt-2.1.0/html/testtck.html
+#usr/share/doc/libvirt-2.1.0/html/todo.html
+#usr/share/doc/libvirt-2.1.0/html/uri.html
+#usr/share/doc/libvirt-2.1.0/html/virshcmdref.html
+#usr/share/doc/libvirt-2.1.0/html/windows.html
#usr/share/gtk-doc/html/libvirt
#usr/share/gtk-doc/html/libvirt/general.html
#usr/share/gtk-doc/html/libvirt/home.png
#usr/share/gtk-doc/html/libvirt/up.png
#usr/share/libvirt
#usr/share/libvirt/api
+usr/share/libvirt/api/libvirt-admin-api.xml
usr/share/libvirt/api/libvirt-api.xml
usr/share/libvirt/api/libvirt-lxc-api.xml
usr/share/libvirt/api/libvirt-qemu-api.xml
usr/share/libvirt/schemas/storagepool.rng
usr/share/libvirt/schemas/storagevol.rng
#usr/share/man/man1/virsh.1
+#usr/share/man/man1/virt-admin.1
#usr/share/man/man1/virt-host-validate.1
+#usr/share/man/man1/virt-login-shell.1
#usr/share/man/man1/virt-pki-validate.1
#usr/share/man/man1/virt-xml-validate.1
#usr/share/man/man8/libvirtd.8
#usr/share/man/man8/virtlockd.8
+#usr/share/man/man8/virtlogd.8
#var/cache/libvirt
#var/cache/libvirt/qemu
+var/ipfire/backup/addons/includes/libvirt
#var/lib/libvirt
#var/lib/libvirt/boot
#var/lib/libvirt/filesystems
#var/log/libvirt/lxc
#var/log/libvirt/qemu
#var/log/libvirt/uml
-etc/rc.d/init.d/libvirt-guests
-etc/rc.d/init.d/libvirtd
-var/ipfire/backup/addons/includes/libvirt
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
+ Validity
+ Not Before: Dec 23 04:19:12 2009 GMT
+ Not After : Dec 18 04:19:12 2029 GMT
+ Subject: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:a0:db:70:b8:4f:34:da:9c:d4:d0:7e:bb:ea:15:
+ bc:e9:c9:11:2a:1f:61:2f:6a:b9:bd:3f:3d:76:a0:
+ 9a:0a:f7:ee:93:6e:6e:55:53:84:8c:f2:2c:f1:82:
+ 27:c8:0f:9a:cf:52:1b:54:da:28:d2:2c:30:8e:dd:
+ fb:92:20:33:2d:d6:c8:f1:0e:10:21:88:71:fa:84:
+ 22:4b:5d:47:56:16:7c:9b:9f:5d:c3:11:79:9c:14:
+ e2:ff:c0:74:ac:dd:39:d7:e0:38:d8:b0:73:aa:fb:
+ d1:db:84:af:52:22:a8:f6:d5:9b:94:f4:e6:5d:5e:
+ e8:3f:87:90:0b:c7:1a:77:f5:2e:d3:8f:1a:ce:02:
+ 1d:07:69:21:47:32:da:46:ae:00:4c:b6:a5:a2:9c:
+ 39:c1:c0:4a:f6:d3:1c:ae:d3:6d:bb:c7:18:f0:7e:
+ ed:f6:80:ce:d0:01:2e:89:de:12:ba:ee:11:cb:a6:
+ 7a:d7:0d:7c:f3:08:8d:72:9d:bf:55:75:13:70:bb:
+ 31:22:4a:cb:e8:c0:aa:a4:09:aa:36:68:40:60:74:
+ 9d:e7:19:81:43:22:52:fe:c9:2b:52:0f:41:13:36:
+ 09:72:65:95:cc:89:ae:6f:56:17:16:34:73:52:a3:
+ 04:ed:bd:88:82:8a:eb:d7:dc:82:52:9c:06:e1:52:
+ 85:41
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
+ Signature Algorithm: sha256WithRSAEncryption
+ 0f:f1:e9:82:a2:0a:87:9f:2d:94:60:5a:b2:c0:4b:a1:2f:2b:
+ 3b:47:d5:0a:99:86:38:b2:ec:c6:3b:89:e4:6e:07:cf:14:c7:
+ c7:e8:cf:99:8f:aa:30:c3:19:70:b9:e6:6d:d6:3f:c8:68:26:
+ b2:a0:a5:37:42:ca:d8:62:80:d1:a2:5a:48:2e:1f:85:3f:0c:
+ 7b:c2:c7:94:11:5f:19:2a:95:ac:a0:3a:03:d8:91:5b:2e:0d:
+ 9c:7c:1f:2e:fc:e9:44:e1:16:26:73:1c:45:4a:65:c1:83:4c:
+ 90:f3:f2:28:42:df:db:c4:e7:04:12:18:62:43:5e:bc:1f:6c:
+ 84:e6:bc:49:32:df:61:d7:99:ee:e4:90:52:7b:0a:c2:91:8a:
+ 98:62:66:b1:c8:e0:b7:5a:b5:46:7c:76:71:54:8e:cc:a4:81:
+ 5c:19:db:d2:6f:66:b5:bb:2b:ae:6b:c9:74:04:a8:24:de:e8:
+ c5:d3:fc:2c:1c:d7:8f:db:6a:8d:c9:53:be:5d:50:73:ac:cf:
+ 1f:93:c0:52:50:5b:a2:4f:fe:ad:65:36:17:46:d1:2d:e5:a2:
+ 90:66:05:db:29:4e:5d:50:5d:e3:4f:da:a0:8f:f0:6b:e4:16:
+ 70:dd:7f:f3:77:7d:b9:4e:f9:ec:c3:33:02:d7:e9:63:2f:31:
+ e7:40:61:a4
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
+TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
+BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX
+DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB
+MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb
+cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S
+G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg
+ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2
+paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7
+MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29
+iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
+Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3
+DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH
+6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD
+2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h
+15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF
+0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg
+j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
+ Validity
+ Not Before: Dec 23 04:45:04 2009 GMT
+ Not After : Dec 22 04:45:04 2014 GMT
+ Subject: O=ICANN, CN=ICANN DNSSEC CA/emailAddress=dnssec@icann.org
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c0:bf:e2:b4:ee:12:46:36:3b:7c:d2:46:21:64:
+ 5a:93:e1:e3:02:10:25:bb:a5:30:70:19:89:98:7e:
+ 9e:db:8e:0f:ac:c8:48:66:0e:1a:f8:81:e5:2d:3c:
+ 7b:39:39:76:28:8f:ee:0a:a7:dd:64:e9:5f:87:25:
+ b1:64:e5:59:03:fc:bc:29:3b:63:37:c8:d7:46:9a:
+ b6:ce:87:55:cd:cf:e2:ab:e9:c7:8a:53:2e:25:87:
+ b0:98:d6:20:a3:a8:ec:87:b0:39:a3:c4:c5:75:59:
+ 3c:fb:91:03:fa:ee:7f:e9:2b:b6:70:88:69:2c:e6:
+ f1:4f:fc:d0:47:b4:e9:a0:2c:fa:0c:c3:84:eb:be:
+ 73:5a:bc:16:ed:d0:83:02:2d:eb:6a:21:02:51:70:
+ 29:1e:4f:c9:69:03:9f:91:32:5c:2c:1a:9f:5e:45:
+ 48:2a:50:ee:72:14:ec:17:29:fc:20:95:7d:22:6a:
+ c6:6f:83:a2:58:8e:b1:64:c8:73:23:54:6c:69:1d:
+ 66:1f:df:f8:4f:24:a1:a8:ae:00:7f:e9:89:41:a6:
+ e3:88:1d:3a:e1:b3:3a:ef:29:45:32:9b:94:2e:b7:
+ 6c:1e:fe:31:40:13:e1:bd:52:67:d0:d8:c3:3e:03:
+ 84:48:72:9d:bd:8a:48:a0:f2:72:35:b6:03:4b:c6:
+ e9:05
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
+ X509v3 Authority Key Identifier:
+ keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
+
+ X509v3 Subject Key Identifier:
+ 8F:B2:42:69:C3:9D:E4:3C:FA:13:B9:FF:F2:C0:A4:EF:D8:0F:E8:22
+ Signature Algorithm: sha256WithRSAEncryption
+ 4a:78:a2:47:7e:3f:2e:4d:78:68:ab:06:5c:ff:da:01:04:45:
+ 92:20:20:88:f3:dc:4e:70:01:9b:cb:f3:13:61:34:04:09:15:
+ d0:be:99:1c:be:fc:97:e9:2d:73:e1:b3:2b:a6:b9:3a:41:33:
+ f3:83:3d:64:1b:64:95:bf:ae:cd:20:df:18:e0:62:8d:fa:9c:
+ f7:d8:a9:3c:25:2b:8e:cf:10:e5:29:b9:af:1a:7f:62:64:75:
+ e7:c6:fd:9b:6d:71:c0:a9:b3:0f:9a:b7:7a:fe:53:04:18:cd:
+ 04:06:d9:bf:01:0e:cc:04:84:84:51:a3:e9:06:2a:a3:25:73:
+ 4e:8d:62:19:13:25:5b:de:0b:dc:d0:69:01:ca:41:0a:96:13:
+ cf:6a:11:fe:2b:9a:3f:fd:56:3d:73:3d:58:49:c2:71:83:20:
+ 23:6d:46:99:6e:37:91:9f:76:2a:9c:b0:69:3f:64:9f:05:bb:
+ 38:c8:1e:ca:d8:6c:fd:56:3e:a6:85:a2:53:80:c6:42:b6:79:
+ c6:43:0b:e0:6c:ea:9f:cf:b0:2a:2c:01:50:c3:d8:0f:a0:7e:
+ a1:73:a8:5c:84:27:5b:c9:4b:5a:13:e9:69:25:1c:59:11:d2:
+ 01:dc:da:e7:c8:44:34:a2:e4:99:25:b4:c3:23:b5:f8:2d:48:
+ e5:8d:06:73
+-----BEGIN CERTIFICATE-----
+MIIDhjCCAm6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
+TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
+BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0NDUwNFoX
+DTE0MTIyMjA0NDUwNFowSzEOMAwGA1UEChMFSUNBTk4xGDAWBgNVBAMTD0lDQU5O
+IEROU1NFQyBDQTEfMB0GCSqGSIb3DQEJARMQZG5zc2VjQGljYW5uLm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMC/4rTuEkY2O3zSRiFkWpPh4wIQ
+JbulMHAZiZh+ntuOD6zISGYOGviB5S08ezk5diiP7gqn3WTpX4clsWTlWQP8vCk7
+YzfI10aats6HVc3P4qvpx4pTLiWHsJjWIKOo7IewOaPExXVZPPuRA/ruf+krtnCI
+aSzm8U/80Ee06aAs+gzDhOu+c1q8Fu3QgwIt62ohAlFwKR5PyWkDn5EyXCwan15F
+SCpQ7nIU7Bcp/CCVfSJqxm+DoliOsWTIcyNUbGkdZh/f+E8koaiuAH/piUGm44gd
+OuGzOu8pRTKblC63bB7+MUAT4b1SZ9DYwz4DhEhynb2KSKDycjW2A0vG6QUCAwEA
+AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAf4wHwYDVR0jBBgw
+FoAUulLpSYMkhlIvx5nN/I1raQhNwFAwHQYDVR0OBBYEFI+yQmnDneQ8+hO5//LA
+pO/YD+giMA0GCSqGSIb3DQEBCwUAA4IBAQBKeKJHfj8uTXhoqwZc/9oBBEWSICCI
+89xOcAGby/MTYTQECRXQvpkcvvyX6S1z4bMrprk6QTPzgz1kG2SVv67NIN8Y4GKN
++pz32Kk8JSuOzxDlKbmvGn9iZHXnxv2bbXHAqbMPmrd6/lMEGM0EBtm/AQ7MBISE
+UaPpBiqjJXNOjWIZEyVb3gvc0GkBykEKlhPPahH+K5o//VY9cz1YScJxgyAjbUaZ
+bjeRn3YqnLBpP2SfBbs4yB7K2Gz9Vj6mhaJTgMZCtnnGQwvgbOqfz7AqLAFQw9gP
+oH6hc6hchCdbyUtaE+lpJRxZEdIB3NrnyEQ0ouSZJbTDI7X4LUjljQZz
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 6 (0x6)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
+ Validity
+ Not Before: Dec 23 05:21:16 2009 GMT
+ Not After : Dec 22 05:21:16 2014 GMT
+ Subject: O=ICANN, CN=ICANN EMAIL CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:d2:19:1e:22:69:33:f6:a4:d2:76:c5:80:11:75:
+ 8e:d0:e8:6f:bf:89:f8:2a:6a:da:8a:85:28:40:ba:
+ c5:23:5f:47:ed:72:e2:8e:d3:5c:c8:8a:3a:99:a9:
+ 57:2c:0a:2b:22:f3:54:7b:8b:f7:8c:21:a2:50:01:
+ 4f:8b:af:34:df:72:fc:78:31:d0:1d:eb:bc:9b:e6:
+ fa:c1:84:d0:05:07:8a:74:53:a5:60:9e:eb:75:9e:
+ a8:5d:32:c8:02:32:e4:bf:cb:97:9b:7a:fa:2c:f6:
+ 6a:1d:b8:57:ad:e3:03:22:93:d0:f4:4f:a8:b8:01:
+ db:82:33:98:b6:87:ed:3d:67:40:00:27:2e:d5:95:
+ d2:ad:36:46:14:c6:17:79:65:7f:65:f3:88:80:65:
+ 7c:22:67:08:23:3c:cf:a5:10:38:72:30:97:92:6f:
+ 20:4a:ba:24:4c:4a:c8:4a:a5:dc:2a:44:a1:29:78:
+ b4:9f:fe:84:ff:27:5b:3a:72:ea:31:c1:ad:06:22:
+ d6:44:a0:4a:57:32:9c:f2:46:47:d0:89:6e:20:23:
+ 2c:ea:b0:83:7e:c1:f3:ea:da:dd:e3:63:59:97:21:
+ fa:1b:11:39:27:cf:82:8b:56:15:d4:36:92:0c:a5:
+ 7e:80:e0:18:c9:50:08:42:0a:df:97:3c:9c:b8:0a:
+ 4d:b1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
+ X509v3 Authority Key Identifier:
+ keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
+
+ X509v3 Subject Key Identifier:
+ 7B:3F:BA:CE:A1:B3:A6:13:2E:5A:82:84:D4:D2:EA:A5:24:F1:CD:B4
+ Signature Algorithm: sha256WithRSAEncryption
+ 50:07:a5:61:39:e4:3b:e3:bc:1c:b4:a7:b2:ab:a1:fb:47:bf:
+ b4:1c:32:ac:3c:46:b0:02:26:2f:16:3e:89:70:e2:87:e9:76:
+ 99:61:0b:91:c5:48:7a:e5:aa:24:0b:39:e0:4f:26:03:d4:5b:
+ 01:8a:4d:b6:98:cc:16:fa:e2:12:4a:88:b9:53:bb:50:2d:c7:
+ 37:b8:a3:82:2d:52:05:3e:46:a7:db:97:82:73:8d:7d:ed:dd:
+ 9e:37:73:68:6b:90:cd:62:d8:77:ff:32:53:bb:d3:a1:b9:cb:
+ 7d:32:29:70:fb:2e:90:4b:27:12:6d:99:a5:e6:d4:ef:13:32:
+ c1:2f:b5:ae:6e:11:0e:50:56:a4:56:5b:76:b0:c0:99:2e:5a:
+ 94:17:ee:2b:c1:b6:9c:8b:68:ac:55:95:31:8c:66:2b:35:43:
+ a5:13:04:1b:50:44:1c:55:7f:4c:d0:1a:50:80:53:45:a8:e3:
+ d3:a8:74:ad:7d:6a:d6:e9:9a:d3:25:7d:83:e2:57:64:1a:94:
+ 7e:bc:cb:ef:79:b5:54:6a:f1:b0:c3:81:26:90:e5:40:87:ed:
+ 75:7d:83:63:5b:ab:45:c0:34:04:27:e8:d8:12:26:7c:5e:c0:
+ 48:b6:33:7d:4b:db:23:8a:f7:13:24:bc:be:7b:74:cb:c4:ed:
+ ed:42:eb:2f
+-----BEGIN CERTIFICATE-----
+MIIDZDCCAkygAwIBAgIBBjANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
+TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
+BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA1MjExNloX
+DTE0MTIyMjA1MjExNlowKTEOMAwGA1UEChMFSUNBTk4xFzAVBgNVBAMTDklDQU5O
+IEVNQUlMIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hkeImkz
+9qTSdsWAEXWO0Ohvv4n4KmraioUoQLrFI19H7XLijtNcyIo6malXLAorIvNUe4v3
+jCGiUAFPi68033L8eDHQHeu8m+b6wYTQBQeKdFOlYJ7rdZ6oXTLIAjLkv8uXm3r6
+LPZqHbhXreMDIpPQ9E+ouAHbgjOYtoftPWdAACcu1ZXSrTZGFMYXeWV/ZfOIgGV8
+ImcIIzzPpRA4cjCXkm8gSrokTErISqXcKkShKXi0n/6E/ydbOnLqMcGtBiLWRKBK
+VzKc8kZH0IluICMs6rCDfsHz6trd42NZlyH6GxE5J8+Ci1YV1DaSDKV+gOAYyVAI
+QgrflzycuApNsQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIB/jAfBgNVHSMEGDAWgBS6UulJgySGUi/Hmc38jWtpCE3AUDAdBgNVHQ4EFgQU
+ez+6zqGzphMuWoKE1NLqpSTxzbQwDQYJKoZIhvcNAQELBQADggEBAFAHpWE55Dvj
+vBy0p7KroftHv7QcMqw8RrACJi8WPolw4ofpdplhC5HFSHrlqiQLOeBPJgPUWwGK
+TbaYzBb64hJKiLlTu1Atxze4o4ItUgU+Rqfbl4JzjX3t3Z43c2hrkM1i2Hf/MlO7
+06G5y30yKXD7LpBLJxJtmaXm1O8TMsEvta5uEQ5QVqRWW3awwJkuWpQX7ivBtpyL
+aKxVlTGMZis1Q6UTBBtQRBxVf0zQGlCAU0Wo49OodK19atbpmtMlfYPiV2QalH68
+y+95tVRq8bDDgSaQ5UCH7XV9g2Nbq0XANAQn6NgSJnxewEi2M31L2yOK9xMkvL57
+dMvE7e1C6y8=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
+ Validity
+ Not Before: Dec 23 05:07:29 2009 GMT
+ Not After : Dec 22 05:07:29 2014 GMT
+ Subject: O=ICANN, CN=ICANN SSL CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:dd:c6:ab:bf:7c:66:9d:b3:2b:96:00:14:c7:60:
+ 7a:8d:62:5b:26:4b:30:d7:b3:4c:82:69:c6:4d:4d:
+ 73:f3:d4:91:21:5d:ab:35:f0:c8:04:0e:f4:a3:35:
+ e2:e1:18:a9:98:12:03:58:f8:9f:eb:77:54:5b:89:
+ 81:26:c9:aa:c2:f4:c9:0c:82:57:2a:5e:05:e9:61:
+ 17:cc:19:18:71:eb:35:83:c1:86:9d:ec:f1:6b:ca:
+ dd:a1:96:0b:95:d4:e1:0f:9e:24:6f:dc:3c:d0:28:
+ 9e:f2:53:47:2b:a1:ad:32:03:c8:3f:0d:80:80:7d:
+ f0:02:d2:6e:5a:2c:44:21:9b:09:50:15:3f:a1:3d:
+ d3:c9:c8:24:e7:ea:4e:92:2f:94:90:2e:de:e7:68:
+ f6:c6:b3:90:1f:bc:c9:7b:a2:65:d7:11:e9:8b:f0:
+ 3a:5a:b7:17:07:df:69:e3:6e:b9:54:6a:8e:3a:aa:
+ 94:7f:2c:0a:a1:ad:ba:b7:d9:60:62:27:a7:71:40:
+ 3b:8e:b0:84:7b:b8:c8:67:ef:66:ba:3d:ac:c3:85:
+ e5:86:bb:a7:9c:fd:b6:e1:c0:10:53:3d:d4:7e:1b:
+ 09:e6:9f:22:5c:a7:27:09:7e:27:12:33:fa:df:9b:
+ 20:2f:14:f7:17:c0:e4:1e:07:91:1f:f9:9a:cd:a8:
+ e2:c5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
+ X509v3 Authority Key Identifier:
+ keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
+
+ X509v3 Subject Key Identifier:
+ 6E:77:A8:40:10:4A:D8:9C:0C:F2:B7:5A:3A:A5:2F:79:4A:61:14:D8
+ Signature Algorithm: sha256WithRSAEncryption
+ 18:42:62:df:aa:8e:44:e6:87:10:4d:d9:a6:b2:c3:97:37:43:
+ 2e:ce:f3:e0:3c:c2:2f:e1:78:60:41:a9:2b:5d:f4:24:f5:f6:
+ 57:a2:08:ec:9c:89:e5:54:50:a8:30:c6:20:e5:8a:c7:8b:bd:
+ fd:98:b6:0c:7d:1a:1f:01:a1:4a:4e:ec:0d:2a:aa:9f:fd:a9:
+ 20:0d:b3:5c:0f:36:c0:2c:2b:c6:75:22:29:66:a3:34:bd:93:
+ 3d:f6:28:da:90:d5:7e:91:df:d3:06:f6:69:8b:80:9b:a5:34:
+ af:6a:02:5b:e4:52:7d:56:4d:99:6e:fe:e9:d0:36:99:58:d9:
+ af:cd:79:9b:e5:d2:4c:35:90:d3:e0:68:b2:88:2b:18:39:2e:
+ bc:0b:d9:82:84:7f:24:12:92:d2:b9:13:4f:64:bc:46:e1:5c:
+ 6a:ed:f7:b0:d4:66:27:25:21:86:b4:3a:5e:19:a3:c7:8b:4b:
+ 93:b9:2e:37:e2:6d:8b:46:ee:68:39:21:75:e8:fe:2a:a7:85:
+ fd:68:26:96:bd:dd:f9:f1:fe:99:5f:b4:a4:97:1b:50:18:fa:
+ 21:90:54:0c:8b:30:28:94:70:19:34:9e:5c:e1:e5:48:93:af:
+ aa:a3:b4:95:b2:f5:4c:97:50:44:58:97:e1:ff:e7:b2:10:dd:
+ 2c:fe:c0:ed
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
+TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
+BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA1MDcyOVoX
+DTE0MTIyMjA1MDcyOVowJzEOMAwGA1UEChMFSUNBTk4xFTATBgNVBAMTDElDQU5O
+IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3Gq798Zp2z
+K5YAFMdgeo1iWyZLMNezTIJpxk1Nc/PUkSFdqzXwyAQO9KM14uEYqZgSA1j4n+t3
+VFuJgSbJqsL0yQyCVypeBelhF8wZGHHrNYPBhp3s8WvK3aGWC5XU4Q+eJG/cPNAo
+nvJTRyuhrTIDyD8NgIB98ALSblosRCGbCVAVP6E908nIJOfqTpIvlJAu3udo9saz
+kB+8yXuiZdcR6YvwOlq3FwffaeNuuVRqjjqqlH8sCqGturfZYGInp3FAO46whHu4
+yGfvZro9rMOF5Ya7p5z9tuHAEFM91H4bCeafIlynJwl+JxIz+t+bIC8U9xfA5B4H
+kR/5ms2o4sUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+Af4wHwYDVR0jBBgwFoAUulLpSYMkhlIvx5nN/I1raQhNwFAwHQYDVR0OBBYEFG53
+qEAQSticDPK3WjqlL3lKYRTYMA0GCSqGSIb3DQEBCwUAA4IBAQAYQmLfqo5E5ocQ
+TdmmssOXN0MuzvPgPMIv4XhgQakrXfQk9fZXogjsnInlVFCoMMYg5YrHi739mLYM
+fRofAaFKTuwNKqqf/akgDbNcDzbALCvGdSIpZqM0vZM99ijakNV+kd/TBvZpi4Cb
+pTSvagJb5FJ9Vk2Zbv7p0DaZWNmvzXmb5dJMNZDT4GiyiCsYOS68C9mChH8kEpLS
+uRNPZLxG4Vxq7few1GYnJSGGtDpeGaPHi0uTuS434m2LRu5oOSF16P4qp4X9aCaW
+vd358f6ZX7SklxtQGPohkFQMizAolHAZNJ5c4eVIk6+qo7SVsvVMl1BEWJfh/+ey
+EN0s/sDt
+-----END CERTIFICATE-----
--- /dev/null
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: March 23, 2016
+; related version of root zone: 2016032301
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
+; End of file
--- /dev/null
+. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b}
--- /dev/null
+#!/usr/bin/python
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2016 Michael Tremer #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+import argparse
+import datetime
+import daemon
+import logging
+import logging.handlers
+import re
+import signal
+import subprocess
+
+import inotify.adapters
+
+LOCAL_TTL = 60
+
+def setup_logging(loglevel=logging.INFO):
+ log = logging.getLogger("dhcp")
+ log.setLevel(loglevel)
+
+ handler = logging.handlers.SysLogHandler(address="/dev/log", facility="daemon")
+ handler.setLevel(loglevel)
+
+ formatter = logging.Formatter("%(name)s[%(process)d]: %(message)s")
+ handler.setFormatter(formatter)
+
+ log.addHandler(handler)
+
+ return log
+
+log = logging.getLogger("dhcp")
+
+class UnboundDHCPLeasesBridge(object):
+ def __init__(self, dhcp_leases_file, unbound_leases_file):
+ self.leases_file = dhcp_leases_file
+
+ self.unbound = UnboundConfigWriter(unbound_leases_file)
+ self.running = False
+
+ def run(self):
+ log.info("Unbound DHCP Leases Bridge started on %s" % self.leases_file)
+ self.running = True
+
+ # Initially read leases file
+ self.update_dhcp_leases()
+
+ i = inotify.adapters.Inotify([self.leases_file])
+
+ for event in i.event_gen():
+ # End if we are requested to terminate
+ if not self.running:
+ break
+
+ if event is None:
+ continue
+
+ header, type_names, watch_path, filename = event
+
+ # Update leases after leases file has been modified
+ if "IN_MODIFY" in type_names:
+ self.update_dhcp_leases()
+
+ log.info("Unbound DHCP Leases Bridge terminated")
+
+ def update_dhcp_leases(self):
+ log.info("Reading DHCP leases from %s" % self.leases_file)
+
+ leases = DHCPLeases(self.leases_file)
+ self.unbound.update_dhcp_leases(leases)
+
+ def terminate(self):
+ self.running = False
+
+
+class DHCPLeases(object):
+ regex_leaseblock = re.compile(r"lease (?P<ipaddr>\d+\.\d+\.\d+\.\d+) {(?P<config>[\s\S]+?)\n}")
+
+ def __init__(self, path):
+ self.path = path
+
+ self._leases = self._parse()
+
+ def __iter__(self):
+ return iter(self._leases)
+
+ def _parse(self):
+ leases = []
+
+ with open(self.path) as f:
+ # Read entire leases file
+ data = f.read()
+
+ for match in self.regex_leaseblock.finditer(data):
+ block = match.groupdict()
+
+ ipaddr = block.get("ipaddr")
+ config = block.get("config")
+
+ properties = self._parse_block(config)
+
+ # Skip any abandoned leases
+ if not "hardware" in properties:
+ continue
+
+ lease = Lease(ipaddr, properties)
+
+ # Check if a lease for this Ethernet address already
+ # exists in the list of known leases. If so replace
+ # if with the most recent lease
+ for i, l in enumerate(leases):
+ if l.hwaddr == lease.hwaddr:
+ leases[i] = max(lease, l)
+ break
+
+ else:
+ leases.append(lease)
+
+ return leases
+
+ def _parse_block(self, block):
+ properties = {}
+
+ for line in block.splitlines():
+ if not line:
+ continue
+
+ # Remove trailing ; from line
+ if line.endswith(";"):
+ line = line[:-1]
+
+ # Invalid line if it doesn't end with ;
+ else:
+ continue
+
+ # Remove any leading whitespace
+ line = line.lstrip()
+
+ # We skip all options and sets
+ if line.startswith("option") or line.startswith("set"):
+ continue
+
+ # Split by first space
+ key, val = line.split(" ", 1)
+ properties[key] = val
+
+ return properties
+
+
+class Lease(object):
+ def __init__(self, ipaddr, properties):
+ self.ipaddr = ipaddr
+ self._properties = properties
+
+ def __repr__(self):
+ return "<%s %s for %s (%s)>" % (self.__class__.__name__,
+ self.ipaddr, self.hwaddr, self.hostname)
+
+ def __eq__(self, other):
+ return self.ipaddr == other.ipaddr and self.hwaddr == other.hwaddr
+
+ def __gt__(self, other):
+ if not self.ipaddr == other.ipaddr:
+ return
+
+ if not self.hwaddr == other.hwaddr:
+ return
+
+ return self.time_starts > other.time_starts
+
+ @property
+ def binding_state(self):
+ state = self._properties.get("binding")
+
+ if state:
+ state = state.split(" ", 1)
+ return state[1]
+
+ @property
+ def active(self):
+ return self.binding_state == "active"
+
+ @property
+ def hwaddr(self):
+ hardware = self._properties.get("hardware")
+
+ if not hardware:
+ return
+
+ ethernet, address = hardware.split(" ", 1)
+
+ return address
+
+ @property
+ def hostname(self):
+ hostname = self._properties.get("client-hostname")
+
+ # Remove any ""
+ if hostname:
+ hostname = hostname.replace("\"", "")
+
+ return hostname
+
+ @property
+ def domain(self):
+ return "local" # XXX
+
+ @property
+ def fqdn(self):
+ return "%s.%s" % (self.hostname, self.domain)
+
+ @staticmethod
+ def _parse_time(s):
+ return datetime.datetime.strptime(s, "%w %Y/%m/%d %H:%M:%S")
+
+ @property
+ def time_starts(self):
+ starts = self._properties.get("starts")
+
+ if starts:
+ return self._parse_time(starts)
+
+ @property
+ def time_ends(self):
+ ends = self._properties.get("ends")
+
+ if not ends or ends == "never":
+ return
+
+ return self._parse_time(ends)
+
+ @property
+ def expired(self):
+ if not self.time_ends:
+ return self.time_starts > datetime.datetime.utcnow()
+
+ return self.time_starts > datetime.datetime.utcnow() > self.time_ends
+
+ @property
+ def rrset(self):
+ return [
+ # Forward record
+ (self.fqdn, LOCAL_TTL, "IN A", self.ipaddr),
+
+ # Reverse record
+ (self.ipaddr, LOCAL_TTL, "IN PTR", self.fqdn),
+ ]
+
+
+class UnboundConfigWriter(object):
+ def __init__(self, path):
+ self.path = path
+
+ self._cached_leases = []
+
+ def update_dhcp_leases(self, leases):
+ # Strip all non-active or expired leases
+ leases = [l for l in leases if l.active and not l.expired]
+
+ # Find any leases that have expired or do not exist any more
+ removed_leases = [l for l in self._cached_leases if l.expired or l not in leases]
+
+ # Find any leases that have been added
+ new_leases = [l for l in leases if l not in self._cached_leases]
+
+ # End here if nothing has changed
+ if not new_leases and not removed_leases:
+ return
+
+ self._cached_leases = leases
+
+ # Write out all leases
+ self.write_dhcp_leases(leases)
+
+ # Update unbound about changes
+ for l in removed_leases:
+ self._control("local_data_remove", l.fqdn)
+
+ for l in new_leases:
+ for rr in l.rrset:
+ self._control("local_data", *rr)
+
+
+ def write_dhcp_leases(self, leases):
+ with open(self.path, "w") as f:
+ for l in leases:
+ for rr in l.rrset:
+ f.write("local-data: \"%s\"\n" % " ".join(rr))
+
+ def _control(self, *args):
+ command = ["unbound-control", "-q"]
+ command.extend(args)
+
+ try:
+ subprocess.check_call(command)
+
+ # Log any errors
+ except subprocess.CalledProcessError as e:
+ log.critical("Could not run %s, error code: %s: %s" % (
+ " ".join(command), e.returncode, e.output))
+
+
+if __name__ == "__main__":
+ parser = argparse.ArgumentParser(description="Bridge for DHCP Leases and Unbound DNS")
+
+ # Daemon Stuff
+ parser.add_argument("--daemon", "-d", action="store_true",
+ help="Launch as daemon in background")
+ parser.add_argument("--verbose", "-v", action="count", help="Be more verbose")
+
+ # Paths
+ parser.add_argument("--dhcp-leases", default="/var/state/dhcp/dhcpd.leases",
+ metavar="PATH", help="Path to the DHCPd leases file")
+ parser.add_argument("--unbound-leases", default="/etc/unbound/dhcp-leases.conf",
+ metavar="PATH", help="Path to the unbound configuration file")
+
+ # Parse command line arguments
+ args = parser.parse_args()
+
+ # Setup logging
+ if args.verbose == 1:
+ loglevel = logging.INFO
+ elif args.verbose >= 2:
+ loglevel = logging.DEBUG
+ else:
+ loglevel = logging.WARN
+
+ setup_logging(loglevel)
+
+ bridge = UnboundDHCPLeasesBridge(args.dhcp_leases, args.unbound_leases)
+
+ ctx = daemon.DaemonContext(detach_process=args.daemon)
+ ctx.signal_map = {
+ signal.SIGHUP : bridge.update_dhcp_leases,
+ signal.SIGTERM : bridge.terminate,
+ }
+
+ with ctx:
+ bridge.run()
--- /dev/null
+#
+# Unbound configuration file for IPFire
+#
+# The full documentation is available at:
+# https://www.unbound.net/documentation/unbound.conf.html
+#
+
+server:
+ # Common Server Options
+ chroot: ""
+ directory: "/etc/unbound"
+ username: "nobody"
+ port: 53
+ do-ip4: yes
+ do-ip6: no
+ do-udp: yes
+ do-tcp: yes
+ so-reuseport: yes
+ do-not-query-localhost: yes
+
+ # System Tuning
+ include: "/etc/unbound/tuning.conf"
+
+ # Logging Options
+ verbosity: 1
+ use-syslog: yes
+ log-time-ascii: yes
+ log-queries: no
+
+ # Unbound Statistics
+ statistics-interval: 0
+ statistics-cumulative: yes
+ extended-statistics: yes
+
+ # Prefetching
+ prefetch: yes
+ prefetch-key: yes
+
+ # Randomise any cached responses
+ rrset-roundrobin: yes
+
+ # Privacy Options
+ hide-identity: yes
+ hide-version: yes
+ qname-minimisation: yes
+ minimal-responses: yes
+
+ # DNSSEC
+ auto-trust-anchor-file: "/var/lib/unbound/root.key"
+ val-permissive-mode: no
+ val-clean-additional: yes
+ val-log-level: 1
+
+ # Hardening Options
+ harden-glue: yes
+ harden-short-bufsize: no
+ harden-large-queries: yes
+ harden-dnssec-stripped: yes
+ harden-below-nxdomain: yes
+ harden-referral-path: yes
+ harden-algo-downgrade: no
+ use-caps-for-id: no
+
+ # Deny access from everywhere
+ access-control: 0.0.0.0/0 refuse
+
+ # Listen on localhost
+ interface: 127.0.0.1
+ access-control: 127.0.0.0/8 allow
+
+ # Bootstrap root servers
+ root-hints: "/etc/unbound/root.hints"
+
+ # IPFire interface configuration
+ include: "/etc/unbound/interfaces.conf"
+ interface-automatic: no
+
+ # Include DHCP leases
+ include: "/etc/unbound/dhcp-leases.conf"
+
+ # Include any forward zones
+ include: "/etc/unbound/forward.conf"
+
+remote-control:
+ control-enable: yes
+ control-use-cert: yes
+ control-interface: 127.0.0.1
+ server-key-file: "/etc/unbound/unbound_server.key"
+ server-cert-file: "/etc/unbound/unbound_server.pem"
+ control-key-file: "/etc/unbound/unbound_control.key"
+ control-cert-file: "/etc/unbound/unbound_control.pem"
+
+# Import any local configurations
+include: "/etc/unbound/local.d/*.conf"
$cgiparams{'ID'} = $cgiparams{'EDITING'};
}
}
- # Restart dnsmasq.
- system('/usr/local/bin/dnsmasqctrl restart >/dev/null');
+ # Restart unbound
+ system('/usr/local/bin/unboundctrl restart >/dev/null');
}
###
unless ($cgiparams{'ID'} eq $id) { print FILE "$line"; }
}
close(FILE);
- # Restart dnsmasq.
- system('/usr/local/bin/dnsmasqctrl restart >/dev/null');
+ # Restart unbound.
+ system('/usr/local/bin/unboundctrl restart >/dev/null');
}
###
}
}
close(FILE);
- # Restart dnsmasq.
- system('/usr/local/bin/dnsmasqctrl restart >/dev/null');
+ # Restart unbound.
+ system('/usr/local/bin/unboundctrl restart >/dev/null');
}
###
#
sub BuildConfiguration {
system '/usr/local/bin/rebuildhosts';
+ system '/usr/local/bin/unboundctrl restart &>/dev/null';
}
'ipfire' => '(ipfire: )',
'red' => '(red:|pppd\[.*\]: |chat\[.*\]|pppoe\[.*\]|pptp\[.*\]|pppoa\[.*\]|pppoa3\[.*\]|pppoeci\[.*\]|ipppd|ipppd\[.*\]|kernel: ippp\d|kernel: isdn.*|ibod\[.*\]|dhcpcd\[.*\]|modem_run\[.*\])',
'ddns' => '(ddns\[\d+\]:)',
- 'dns' => '(dnsmasq\[.*\]: )',
+ 'dns' => '(dnsmasq\[.*\]: |unbound\[.*\]: )',
'dma' => '(dma\[.*\]: )',
'dhcp' => '(dhcpd: )',
'clamav' => '(clamd\[.*\]: |freshclam\[.*\]: )',
if ($pppsettings{'USERNAME'} eq '') {
$errormessage = $Lang::tr{'username not set'};
goto ERROR; }
- if ($pppsettings{'PASSWORD'} eq '') {
- $errormessage = $Lang::tr{'password not set'};
- goto ERROR; }
- }
+ }
if ($pppsettings{'TIMEOUT'} eq '') {
$errormessage = $Lang::tr{'idle timeout not set'};
<tr>
<td width='25%'>$Lang::tr{'username'} <img src='/blob.gif' alt='*' /></td>
<td width='25%'><input type='text' name='USERNAME' value='$pppsettings{'USERNAME'}' /></td>
- <td width='25%'>$Lang::tr{'password'} <img src='/blob.gif' alt='*' /></td>
+ <td width='25%'>$Lang::tr{'password'} </td>
<td width='25%'><input type='password' name='PASSWORD' value='$pppsettings{'PASSWORD'}' /></td>
</tr>
<tr>
$Lang::tr{'dhcp server'} => 'dhcpd',
$Lang::tr{'web server'} => 'httpd',
$Lang::tr{'cron server'} => 'fcron',
- $Lang::tr{'dns proxy server'} => 'dnsmasq',
+ $Lang::tr{'dns proxy server'} => 'unbound',
$Lang::tr{'logging server'} => 'syslogd',
$Lang::tr{'kernel logging server'} => 'klogd',
$Lang::tr{'ntp server'} => 'ntpd',
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2014 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.4.18
+VER = 1.4.21
THISAPP = gnupg-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 54db1be9588b11afbbdd8b82d4ea883a
+$(DL_FILE)_MD5 = 9bdeabf3c0f87ff21cb3f9216efdd01d
install : $(TARGET)
ln -sf ../init.d/network /etc/rc.d/rc0.d/K80network
ln -sf ../init.d/network /etc/rc.d/rc3.d/S20network
ln -sf ../init.d/network /etc/rc.d/rc6.d/K80network
+ ln -sf ../init.d/unbound /etc/rc.d/rc0.d/K79unbound
+ ln -sf ../init.d/unbound /etc/rc.d/rc3.d/S21unbound
+ ln -sf ../init.d/unbound /etc/rc.d/rc6.d/K79unbound
ln -sf ../init.d/random /etc/rc.d/rc0.d/K45random
ln -sf ../init.d/random /etc/rc.d/rc3.d/S25random
ln -sf ../init.d/random /etc/rc.d/rc6.d/K45random
ln -sf ../init.d/wlanclient /etc/rc.d/rc3.d/S19wlanclient
ln -sf ../init.d/wlanclient /etc/rc.d/rc6.d/K82wlanclient
- ln -sf ../../dnsmasq /etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
ln -sf ../../../../../usr/local/bin/snortctrl \
/etc/rc.d/init.d/networking/red.up/23-RS-snort
ln -sf ../../../../../usr/local/bin/qosctrl \
/etc/rc.d/init.d/networking/red.up/24-RS-qos
ln -sf ../../squid /etc/rc.d/init.d/networking/red.up/27-RS-squid
- ln -sf ../../dnsmasq /etc/rc.d/init.d/networking/red.down/05-RS-dnsmasq
for i in green blue orange; do \
ln -sf any /etc/rc.d/init.d/networking/$$i; \
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.2.0
+VER = 2.4.3
THISAPP = libassuan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libassuan
-PAK_VER = 3
+PAK_VER = 4
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a104faed3e97b9c302c5d67cc22b1d60
+$(DL_FILE)_MD5 = 8e01a7c72d3e5d154481230668e6eb5a
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.6.4
+VER = 1.7.3
THISAPP = libgcrypt-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4c13c5fa43147866f993d73ee62af176
+$(DL_FILE)_MD5 = c869e542cc13a1c28d8055487bf7f5c4
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.20
+VER = 1.24
THISAPP = libgpg-error-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9997d9203b672402a04760176811589d
+$(DL_FILE)_MD5 = feb42198c0aaf3b28eabe8f41a34b983
install : $(TARGET)
include Config
-VER = 1.2.18.3
+VER = 2.1.0
THISAPP = libvirt-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = i586 x86_64
PROG = libvirt
-PAK_VER = 9
+PAK_VER = 11
DEPS = "libpciaccess libyajl ncat qemu"
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = bcb0738ff66972ddb25cfe0d086c5c37
+$(DL_FILE)_MD5 = fd1c054a8b59235e877efb728de79386
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0002-Change-options-in-libvirtd.conf-for-IPFire.patch
cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc \
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
install -v -m 754 $(DIR_SRC)/src/initscripts/init.d/libvirtd /etc/rc.d/init.d/libvirtd
+ install -v -m 754 $(DIR_SRC)/src/initscripts/init.d/virtlogd /etc/rc.d/init.d/virtlogd
mv /usr/libexec/libvirt-guests.sh /etc/rc.d/init.d/libvirt-guests
# Backup
install -v -m 644 $(DIR_SRC)/config/backup/includes/libvirt /var/ipfire/backup/addons/includes/libvirt
include Config
-VER = 2.6.1
+VER = 2.6.3
THISAPP = nano-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nano
-PAK_VER = 10
+PAK_VER = 11
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5154704d2f3461140e6798470e03b711
+$(DL_FILE)_MD5 = 1213c7f17916e65afefc95054c1f90f9
install : $(TARGET)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2011 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 2.1.1
+
+THISAPP = python-daemon-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 72e2acf2c3d69c7fa75a6625d06adfd0
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python setup.py install --root=/
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2011 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.12
+
+THISAPP = docutils-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 4622263b62c5c771c03502afa3157768
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python setup.py install --root=/
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2011 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.2.7
+
+THISAPP = inotify-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = ced4c0469f9fd64170d9d907e4aec208
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && python setup.py install --root=/
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
include Config
-VER = 6.3
+VER = 6.5
THISAPP = smartmontools-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2ea0c62206e110192a97b59291b17f54
+$(DL_FILE)_MD5 = 093aeec3f8f39fa9a37593c4012d3156
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/smartmontools-5.39-exit_segfault.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/smartmontools-6.5-exit_segfault.patch
cd $(DIR_APP) && autoreconf
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make BUILD_INFO='"($(NAME) $(VERSION))"' $(MAKETUNING)
include Config
-VER = 3.5.19
+VER = 3.5.21
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a1d990284c429a63ee85d80ee5b3b8b9
+$(DL_FILE)_MD5 = e6745a6e4ac0b48b7283861f64a40ae5
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14051.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14052.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14053.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14054.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14055.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14056.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.17-fix-max-file-descriptors.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.21-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2016 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.76
+VER = 1.5.9
-THISAPP = dnsmasq-$(VER)
-DL_FILE = $(THISAPP).tar.xz
+THISAPP = unbound-$(VER)
+DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-# We cannot use INOTIFY because our ISC reader code does not support that
-COPTS = -DHAVE_ISC_READER -DNO_INOTIFY
-
###############################################################################
# Top-level Rules
###############################################################################
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 00f5ee66b4e4b7f14538bf62ae3c9461
+$(DL_FILE)_MD5 = 0cefa62c1690b4db18583db84bff00e3
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/001-Calculate_length_of_TFTP_error_reply_correctly.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/002-Zero_newly_malloc_ed_memory.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/003-Check_return_of_expand_always.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/005-Manpage_typo.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
-
- cd $(DIR_APP) && sed -i src/config.h \
- -e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
- -e 's|/\* #define HAVE_DNSSEC \*/|#define HAVE_DNSSEC|g' \
- -e 's|#define HAVE_DHCP|//#define HAVE_DHCP|g' \
- -e 's|#define HAVE_DHCP6|//#define HAVE_DHCP6|g' \
- -e 's|#define HAVE_TFTP|//#define HAVE_TFTP|g'
-
- cd $(DIR_APP) && make CFLAGS="$(CFLAGS)" COPTS="$(COPTS)" \
- PREFIX=/usr all install
+ cd $(DIR_APP) && \
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --with-pidfile=/var/run/unbound.pid \
+ --with-rootkey-file=/var/lib/unbound/root.key \
+ --disable-static \
+ --with-libevent
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+
+ # Install configuration
+ install -v -m 644 $(DIR_SRC)/config/unbound/unbound.conf \
+ /etc/unbound/unbound.conf
+ touch /etc/unbound/{dhcp-leases,forward}.conf
+ -mkdir -pv /etc/unbound/local.d
+
+ # Install root hints
+ install -v -m 644 $(DIR_SRC)/config/unbound/root.hints \
+ /etc/unbound/root.hints
+
+ # Install DHCP leases bridge
+ install -v -m 755 $(DIR_SRC)/config/unbound/unbound-dhcp-leases-bridge \
+ /usr/sbin/unbound-dhcp-leases-bridge
+
+ # Install key
+ -mkdir -pv /var/lib/unbound
+ install -v -m 644 $(DIR_SRC)/config/unbound/root.key \
+ /var/lib/unbound/root.key
+ chown -Rv nobody.nobody /var/lib/unbound
+
+ # Ship ICANN's certificates to validate DNS trust anchors
+ install -v -m 644 $(DIR_SRC)/config/unbound/icannbundle.pem \
+ /etc/unbound/icannbundle.pem
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
ipfiremake beep
ipfiremake dvdrtools
ipfiremake nettle
- ipfiremake dnsmasq
+ ipfiremake libevent
+ ipfiremake libevent2
+ ipfiremake unbound
ipfiremake dosfstools
ipfiremake reiserfsprogs
ipfiremake xfsprogs
ipfiremake python-mechanize
ipfiremake python-feedparser
ipfiremake python-rssdler
+ ipfiremake python-inotify
+ ipfiremake python-docutils
+ ipfiremake python-daemon
ipfiremake glib
ipfiremake GeoIP
ipfiremake fwhits
ipfiremake gnump3d
ipfiremake rsync
ipfiremake tcpwrapper
- ipfiremake libevent
- ipfiremake libevent2
ipfiremake libtirpc
ipfiremake rpcbind
ipfiremake nfs
. /etc/sysconfig/rc
. $rc_functions
+
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
function flush_chains() {
iptables -F DHCPGREENINPUT
boot_mesg "Starting DHCP Server..."
loadproc /usr/sbin/dhcpd -q ${devices}
+ # Start Unbound DHCP Lease Bridge unless RFC2136 is used
+ if [ "${DNS_UPDATE_ENABLED}" != on ]; then
+ boot_mesg "Starting Unbound DHCP Leases Bridge..."
+ loadproc /usr/sbin/unbound-dhcp-leases-bridge -d
+ fi
+
(sleep 5 && chmod 644 /var/run/dhcpd.pid) & # Fix because silly dhcpd creates its pid with mode 640
;;
echo_ok;
exit 0
fi
+
+ boot_mesg "Stopping Unbound DHCP Leases Bridge..."
+ killproc /usr/sbin/unbound-dhcp-leases-bridge
;;
reload)
status)
statusproc /usr/sbin/dhcpd
+ statusproc /usr/sbin/unbound-dhcp-leases-bridge
;;
*)
+++ /dev/null
-#!/bin/sh
-########################################################################
-# Begin $rc_base/init.d/dnsmasq
-#
-# Description : dnsmasq init script
-#
-# Authors : Michael Tremer - mitch@ipfire.org
-#
-# Version : 01.00
-#
-# Notes :
-#
-########################################################################
-
-. /etc/sysconfig/rc
-. ${rc_functions}
-
-CACHE_SIZE=2500
-ENABLE_DNSSEC=1
-SHOW_SRV=1
-TRUST_ANCHOR=".,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
-TIMESTAMP_FILE="/var/ipfire/dns/dnssec-timestamp"
-
-# Pull custom configuration file
-if [ -e "/etc/sysconfig/dnsmasq" ]; then
- . /etc/sysconfig/dnsmasq
-fi
-
-function dnssec_args() {
- local cmdline="--dnssec --dnssec-timestamp ${TIMESTAMP_FILE}"
-
- if [ -n "${TRUST_ANCHOR}" ]; then
- cmdline="${cmdline} --trust-anchor=${TRUST_ANCHOR}"
- fi
-
- echo "${cmdline}"
-}
-
-function dns_forward_args() {
- local file="${1}"
-
- # Do nothing if file is empty.
- [ -s "${file}" ] || return
-
- local cmdline
-
- local enabled zone server remark
- while IFS="," read -r enabled zone server remark; do
- # Line must be enabled.
- [ "${enabled}" = "on" ] || continue
-
- cmdline="${cmdline} --server=/${zone}/${server}"
- done < ${file}
-
- echo "${cmdline}"
-}
-
-function dns_leases_args() {
- eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
-
- # If the DHCP server is enabled and DNS Update (RFC2136) is
- # enabled, too, we won't overlay the internal domain with
- # the dynamic/static leases.
-
- if ([ "${ENABLE_GREEN}" = "on" ] || [ "${ENABLE_BLUE}" = "on" ]) \
- && [ "${DNS_UPDATE_ENABLED}" = "on" ]; then
- return
- fi
-
- echo "-l /var/state/dhcp/dhcpd.leases"
-}
-
-case "${1}" in
- start)
- # kill already running copy of dnsmasq...
- killproc /usr/sbin/dnsmasq 2>&1 > /dev/null
-
- boot_mesg "Starting Domain Name Service Proxy..."
-
- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
- ARGS="$CUSTOM_ARGS"
- [ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="$ARGS -s $DOMAIN_NAME_GREEN"
-
- # DHCP configuration
- ARGS="${ARGS} $(dns_leases_args)"
-
- echo > /var/ipfire/red/resolv.conf # Clear it
- if [ -e "/var/ipfire/red/dns1" ]; then
- DNS1=$(cat /var/ipfire/red/dns1 2>/dev/null)
- if [ ! -z ${DNS1} ]; then
- echo "nameserver ${DNS1}" >> /var/ipfire/red/resolv.conf
- fi
- fi
- if [ -e "/var/ipfire/red/dns2" ]; then
- DNS2=$(cat /var/ipfire/red/dns2 2>/dev/null)
- if [ ! -z ${DNS2} ]; then
- echo "nameserver ${DNS2}" >> /var/ipfire/red/resolv.conf
- fi
- fi
- [ -e "/var/ipfire/red/active" ] && ARGS="$ARGS -r /var/ipfire/red/resolv.conf"
-
- ARGS="$ARGS --domain=`cat /var/ipfire/main/settings |grep DOMAIN |cut -d = -f 2`"
-
- # Add custom forward dns zones.
- ARGS="${ARGS} $(dns_forward_args /var/ipfire/dnsforward/config)"
-
- # Enabled DNSSEC validation
- if [ "${ENABLE_DNSSEC}" -eq 1 ]; then
- ARGS="${ARGS} $(dnssec_args)"
- fi
-
- if [ -n "${CACHE_SIZE}" ]; then
- ARGS="${ARGS} --cache-size=${CACHE_SIZE}"
- fi
-
- loadproc /usr/sbin/dnsmasq ${ARGS}
-
- if [ "${SHOW_SRV}" -eq 1 ] && [ "${DNS1}" != "" -o "${DNS2}" != "" ]; then
- boot_mesg "Using DNS server(s): ${DNS1} ${DNS2}"
- boot_mesg_flush
- fi
- ;;
-
- stop)
- boot_mesg "Stopping Domain Name Service Proxy..."
- killproc /usr/sbin/dnsmasq
- ;;
-
- restart)
- ${0} stop
- sleep 1
- ${0} start
- ;;
-
- status)
- statusproc /usr/sbin/dnsmasq
- ;;
-
- *)
- echo "Usage: ${0} {start|stop|restart|status}"
- exit 1
- ;;
-esac
-
-# End $rc_base/init.d/dnsmasq
. ${rc_functions}
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
-init_networking() {
- /etc/rc.d/init.d/dnsmasq start
-}
-
DO="${1}"
shift
case "${DO}" in
start)
- [ "${ALL}" == "1" ] && init_networking
-
# Starting interfaces...
# GREEN
[ "$green" == "1" ] && /etc/rc.d/init.d/networking/green start
fi
fi
- # Stopping dnsmasq if network all networks shutdown
- [ "${ALL}" == "1" ] && /etc/rc.d/init.d/dnsmasq stop
-
exit 0
;;
--- /dev/null
+#!/bin/bash
+
+# Update DNS forwarders for unbound
+exec /etc/init.d/unbound update-forwarders
--- /dev/null
+#!/bin/bash
+
+# Update DNS forwarders for unbound
+exec /etc/init.d/unbound update-forwarders
--- /dev/null
+#!/bin/sh
+# Begin $rc_base/init.d/unbound
+
+# Description : Unbound DNS resolver boot script for IPfire
+# Author : Marcel Lorenz <marcel.lorenz@ipfire.org>
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+USE_FORWARDERS=1
+
+# Cache any local zones for 60 seconds
+LOCAL_TTL=60
+
+# Load optional configuration
+[ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
+
+function cidr() {
+ local cidr nbits IFS;
+ IFS=. read -r i1 i2 i3 i4 <<< ${1}
+ IFS=. read -r m1 m2 m3 m4 <<< ${2}
+ cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
+ nbits=0
+ IFS=.
+ for dec in $2 ; do
+ case $dec in
+ 255) let nbits+=8;;
+ 254) let nbits+=7;;
+ 252) let nbits+=6;;
+ 248) let nbits+=5;;
+ 240) let nbits+=4;;
+ 224) let nbits+=3;;
+ 192) let nbits+=2;;
+ 128) let nbits+=1;;
+ 0);;
+ *) echo "Error: $dec is not recognised"; exit 1
+ esac
+ done
+ echo "${cidr}/${nbits}"
+}
+
+read_name_servers() {
+ local i
+ for i in 1 2; do
+ echo "$(</var/ipfire/red/dns${i})"
+ done | xargs echo
+}
+
+config_header() {
+ echo "# This file is automatically generated and any changes"
+ echo "# will be overwritten. DO NOT EDIT!"
+ echo
+}
+
+update_forwarders() {
+ local forwarders="$(read_name_servers)"
+
+ if [ "${USE_FORWARDERS}" = "1" ] && [ -n "${forwarders}" ]; then
+ boot_mesg "Using Name Server(s): ${forwarders}"
+ boot_mesg_flush
+
+ unbound-control -q forward ${forwarders}
+
+ # If forwarders cannot be used we run in recursor mode
+ else
+ unbound-control -q forward off
+ fi
+}
+
+update_hosts() {
+ local enabled address hostname domainname
+
+ while IFS="," read -r enabled address hostname domainname; do
+ [ "${enabled}" = "on" ] || continue
+
+ # Build FQDN
+ local fqdn="${hostname}.${domainname}"
+
+ unbound-control -q local_data "${fqdn} ${LOCAL_TTL} IN A ${address}"
+ done < /var/ipfire/main/hosts
+}
+
+write_interfaces_conf() {
+ (
+ config_header
+
+ if [ -n "${GREEN_ADDRESS}" ]; then
+ echo "# GREEN"
+ echo "interface: ${GREEN_ADDRESS}"
+ echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow"
+ fi
+
+ if [ -n "${BLUE_ADDRESS}" ]; then
+ echo "# BLUE"
+ echo "interface: ${BLUE_ADDRESS}"
+ echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow"
+ fi
+ ) > /etc/unbound/interfaces.conf
+}
+
+write_forward_conf() {
+ (
+ config_header
+
+ local enabled zone server remark
+ while IFS="," read -r enabled zone server remark; do
+ # Line must be enabled.
+ [ "${enabled}" = "on" ] || continue
+
+ echo "forward-zone:"
+ echo " name: ${zone}"
+ echo " forward-addr: ${server}"
+ echo
+ done < /var/ipfire/dnsforward/config
+ ) > /etc/unbound/forward.conf
+}
+
+write_tuning_conf() {
+ # https://www.unbound.net/documentation/howto_optimise.html
+
+ # Determine number of online processors
+ local processors=$(getconf _NPROCESSORS_ONLN)
+
+ # Determine number of slabs
+ local slabs=1
+ while [ ${slabs} -lt ${processors} ]; do
+ slabs=$(( ${slabs} * 2 ))
+ done
+
+ # Determine amount of system memory
+ local mem=$(get_memory_amount)
+
+ # In the worst case scenario, unbound can use double the
+ # amount of memory allocated to a cache due to malloc overhead
+
+ # Large systems with more than 2GB of RAM
+ if [ ${mem} -ge 2048 ]; then
+ mem=128
+
+ # Small systems with less than 256MB of RAM
+ elif [ ${mem} -le 256 ]; then
+ mem=8
+
+ # Everything else
+ else
+ mem=32
+ fi
+
+ (
+ config_header
+
+ # We run one thread per processor
+ echo "num-threads: ${processors}"
+
+ # Adjust number of slabs
+ echo "infra-cache-slabs: ${slabs}"
+ echo "key-cache-slabs: ${slabs}"
+ echo "msg-cache-slabs: ${slabs}"
+ echo "rrset-cache-slabs: ${slabs}"
+
+ # Slice up the cache
+ echo "rrset-cache-size: $(( ${mem} / 2 ))m"
+ echo "msg-cache-size: $(( ${mem} / 4 ))m"
+ echo "key-cache-size: $(( ${mem} / 4 ))m"
+ ) > /etc/unbound/tuning.conf
+}
+
+get_memory_amount() {
+ local key val unit
+
+ while read -r key val unit; do
+ case "${key}" in
+ MemTotal:*)
+ # Convert to MB
+ echo "$(( ${val} / 1024 ))"
+ break
+ ;;
+ esac
+ done < /proc/meminfo
+}
+
+case "$1" in
+ start)
+ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+
+ # Create control keys at first run
+ if [ ! -r "/etc/unbound/unbound_control.key" ]; then
+ unbound-control-setup -d /etc/unbound &>/dev/null
+ fi
+
+ # Update configuration files
+ write_tuning_conf
+ write_interfaces_conf
+ write_forward_conf
+
+ boot_mesg "Starting Unbound DNS Proxy..."
+ loadproc /usr/sbin/unbound || exit $?
+
+ # Update any known forwarding name servers
+ update_forwarders
+
+ # Update hosts
+ update_hosts
+ ;;
+
+ stop)
+ boot_mesg "Stopping Unbound DNS Proxy..."
+ killproc /usr/sbin/unbound
+ ;;
+
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+
+ status)
+ statusproc /usr/sbin/unbound
+ ;;
+
+ update-forwarders)
+ update_forwarders
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|restart|status|update-forwarders}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/unbound
--- /dev/null
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/virtlogd
+#
+# Description : virtlogd init script
+#
+# Authors : Jonatan Schlag - jonatan.schlag@ipfire.org
+#
+# Version : 01.00
+#
+# Notes :
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. $rc_functions
+
+case $1 in
+ start)
+ boot_mesg "Starting virtlogd Daemon..."
+ loadproc /usr/sbin/virtlogd -d -p /var/run/virtlogd.pid
+
+ ;;
+
+ stop)
+ boot_mesg "Stopping virtlogd Daemon..."
+ killproc /usr/sbin/virtlogd
+ ;;
+
+ restart)
+ boot_mesg "Restart virtlogd Daemon..."
+ kill -10 $(cat /var/run/virtlogd.pid)
+ evaluate_retval
+ ;;
+
+ status)
+ statusproc /usr/sbin/virtlogd
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/virtlogd
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
- getconntracktable wirelessclient dnsmasqctrl torctrl ddnsctrl
+ getconntracktable wirelessclient torctrl ddnsctrl unboundctrl
SUID_UPDX = updxsetperms
OBJS = $(patsubst %,%.o,$(PROGS) $(SUID_PROGS))
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
-#include <fcntl.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <signal.h>
#include "setuid.h"
#include "netutil.h"
-FILE *fd = NULL;
FILE *hosts = NULL;
FILE *gw = NULL;
struct keyvalue *kv = NULL;
{
if (kv)
freekeyvalues(kv);
- if (fd)
- fclose(fd);
if (hosts)
fclose(hosts);
if (gw)
int main(int argc, char *argv[])
{
- int fdpid;
char hostname[STRING_SIZE] = "";
char domainname[STRING_SIZE] = "";
char gateway[STRING_SIZE] = "";
- char buffer[STRING_SIZE];
char address[STRING_SIZE] = "";
- char *active, *ip, *host, *domain;
- int pid;
if (!(initsetuid()))
exit(1);
atexit(exithandler);
- memset(buffer, 0, STRING_SIZE);
-
kv = initkeyvalues();
if (!(readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")))
{
fprintf(stderr, "Couldn't open remote-ipaddress file\n");
}
- if (!(fd = fopen(CONFIG_ROOT "/main/hosts", "r")))
- {
- fprintf(stderr, "Couldn't open main hosts file\n");
- exit(1);
- }
-
if (!(hosts = fopen("/etc/hosts", "w")))
{
fprintf(stderr, "Couldn't open /etc/hosts file\n");
- fclose(fd);
- fd = NULL;
exit(1);
}
fprintf(hosts, "127.0.0.1\tlocalhost\n");
if (strlen(gateway) > 0)
fprintf(hosts, "%s\tgateway\n", gateway);
- while (fgets(buffer, STRING_SIZE, fd))
- {
- buffer[strlen(buffer) - 1] = 0;
- if (buffer[0]==',') continue; /* disabled if empty field */
- active = strtok(buffer, ",");
- if (strcmp(active, "off")==0) continue; /* or 'off' */
-
- ip = strtok(NULL, ",");
- host = strtok(NULL, ",");
- domain = strtok(NULL, ",");
-
- if (!(ip && host))
- continue; // bad line ? skip
-
- if (!VALID_IP(ip))
- {
- fprintf(stderr, "Bad IP: %s\n", ip);
- continue; /* bad ip, skip */
- }
-
- if (strspn(host, LETTERS_NUMBERS "-") != strlen(host))
- {
- fprintf(stderr, "Bad Host: %s\n", host);
- continue; /* bad name, skip */
- }
-
- if (domain)
- fprintf(hosts, "%s\t%s.%s\t%s\n",ip,host,domain,host);
- else
- fprintf(hosts, "%s\t%s\n",ip,host);
- }
- fclose(fd);
- fd = NULL;
- fclose(hosts);
- hosts = NULL;
-
- if ((fdpid = open("/var/run/dnsmasq.pid", O_RDONLY)) == -1)
- {
- fprintf(stderr, "Couldn't open pid file\n");
- exit(1);
- }
- if (read(fdpid, buffer, STRING_SIZE - 1) == -1)
- {
- fprintf(stderr, "Couldn't read from pid file\n");
- close(fdpid);
- exit(1);
- }
- close(fdpid);
- pid = atoi(buffer);
- if (pid <= 1)
- {
- fprintf(stderr, "Bad pid value\n");
- exit(1);
- }
- if (kill(pid, SIGHUP) == -1)
- {
- fprintf(stderr, "Unable to send SIGHUP\n");
- exit(1);
- }
-
return 0;
}
exit(1);
if (argc < 2) {
- fprintf(stderr, "\nNo argument given.\n\ndnsmasqctrl (restart)\n\n");
+ fprintf(stderr, "\nNo argument given.\n\nunboundctrl (restart)\n\n");
exit(1);
}
if (strcmp(argv[1], "restart") == 0) {
- safe_system("/etc/rc.d/init.d/dnsmasq restart");
+ safe_system("/etc/rc.d/init.d/unbound restart");
} else {
- fprintf(stderr, "\nBad argument given.\n\ndnsmasqctrl (restart)\n\n");
+ fprintf(stderr, "\nBad argument given.\n\nunboundctrl (restart)\n\n");
exit(1);
}
# restore the backup
restore_backup ${NAME}
+start_service virtlogd
start_service --background libvirtd
+
+ln -svf /etc/init.d/virtlogd /etc/rc.d/rc0.d/K21virtlogd
+ln -svf /etc/init.d/virtlogd /etc/rc.d/rc3.d/S69virtlogd
+ln -svf /etc/init.d/virtlogd /etc/rc.d/rc6.d/K21virtlogd
+
ln -svf /etc/init.d/libvirtd /etc/rc.d/rc0.d/K20libvirtd
ln -svf /etc/init.d/libvirtd /etc/rc.d/rc3.d/S70libvirtd
ln -svf /etc/init.d/libvirtd /etc/rc.d/rc6.d/K20libvirtd
#
. /opt/pakfire/lib/functions.sh
stop_service libvirtd
-
+stop_service virtlogd
extract_backup_includes
make_backup ${NAME}
rm -f /etc/rc.d/rc*.d/*libvirt-guests
rm -f /etc/rc.d/rc*.d/*libvirtd
+rm -f /etc/rc.d/rc*.d/*virtlogd
############################################################################
#
. /opt/pakfire/lib/functions.sh
-./uninstall.sh
-./install.sh
+
+#
+#uninstall
+#
+stop_service libvirtd
+extract_backup_includes
+make_backup ${NAME}
+
+remove_files
+
+rm -f /etc/rc.d/rc*.d/*libvirt-guests
+rm -f /etc/rc.d/rc*.d/*libvirtd
+rm -f /etc/rc.d/rc*.d/*virtlogd
+
+#
+#install
+#
+
+# creates a new user and group called libvirt-remote if they not exist
+getent group libvirt-remote >/dev/null || groupadd libvirt-remote
+getent passwd libvirt-remote >/dev/null || \
+useradd -m -g libvirt-remote -s /bin/bash "libvirt-remote"
+
+extract_files
+
+# create diretorys in var
+mkdir -p /var/cache/libvirt/qemu \
+/var/lib/libvirt/boot \
+/var/lib/libvirt/filesystems \
+/var/lib/libvirt/images \
+/var/lib/libvirt/lockd/files \
+/var/lib/libvirt/qemu \
+/var/log/libvirt/qemu
+# set the permissions
+chown -R nobody:kvm /var/cache/libvirt/qemu
+chown -R nobody:kvm /var/lib/libvirt/qemu
+chown -R nobody:kvm /var/lib/libvirt/images
+# restore the backup
+restore_backup ${NAME}
+
+#restart virtlogd to use the new version
+if [ -f "/var/run/virtlogd.pid" ]; then
+# the daemon runs restart him
+/etc/init.d/virtlogd restart
+else
+# the daemon runs not start him
+/etc/init.d/virtlogd start
+fi
+
+start_service --background libvirtd
+
+ln -svf /etc/init.d/virtlogd /etc/rc.d/rc0.d/K21virtlogd
+ln -svf /etc/init.d/virtlogd /etc/rc.d/rc3.d/S69virtlogd
+ln -svf /etc/init.d/virtlogd /etc/rc.d/rc6.d/K21virtlogd
+
+ln -svf /etc/init.d/libvirtd /etc/rc.d/rc0.d/K20libvirtd
+ln -svf /etc/init.d/libvirtd /etc/rc.d/rc3.d/S70libvirtd
+ln -svf /etc/init.d/libvirtd /etc/rc.d/rc6.d/K20libvirtd
+
+ln -svf /etc/init.d/libvirt-guests /etc/rc.d/rc0.d/K19libvirt-guests
+ln -svf /etc/init.d/libvirt-guests /etc/rc.d/rc3.d/S71libvirt-guests
+ln -svf /etc/init.d/libvirt-guests /etc/rc.d/rc6.d/K19libvirt-guests
+++ /dev/null
---- a/src/cache.c Wed Dec 16 19:24:12 2015
-+++ b/src/cache.c Wed Dec 16 19:37:37 2015
-@@ -17,7 +17,7 @@
- #include "dnsmasq.h"
-
- static struct crec *cache_head = NULL, *cache_tail = NULL, **hash_table = NULL;
--#ifdef HAVE_DHCP
-+#if (defined HAVE_DHCP) || (defined HAVE_ISC_READER)
- static struct crec *dhcp_spare = NULL;
- #endif
- static struct crec *new_chain = NULL;
-@@ -217,6 +217,9 @@
- crecp->flags &= ~F_BIGNAME;
- }
-
-+ if (crecp->flags & F_DHCP)
-+ free(crecp->name.namep);
-+
- #ifdef HAVE_DNSSEC
- cache_blockdata_free(crecp);
- #endif
-@@ -1138,7 +1141,7 @@
-
- }
-
--#ifdef HAVE_DHCP
-+#if (defined HAVE_DHCP) || (defined HAVE_ISC_READER)
- struct in_addr a_record_from_hosts(char *name, time_t now)
- {
- struct crec *crecp = NULL;
-@@ -1281,7 +1284,11 @@
- else
- crec->ttd = ttd;
- crec->addr.addr = *host_address;
-+#ifdef HAVE_ISC_READER
-+ crec->name.namep = strdup(host_name);
-+#else
- crec->name.namep = host_name;
-+#endif
- crec->uid = next_uid();
- cache_hash(crec);
-
---- a/src/dnsmasq.c Thu Jul 30 20:59:06 2015
-+++ b/src/dnsmasq.c Wed Dec 16 19:38:32 2015
-@@ -1017,6 +1017,11 @@
-
- poll_resolv(0, daemon->last_resolv != 0, now);
- daemon->last_resolv = now;
-+
-+#ifdef HAVE_ISC_READER
-+ if (daemon->lease_file && !daemon->dhcp)
-+ load_dhcp(now);
-+#endif
- }
- #endif
-
---- a/src/dnsmasq.h Wed Dec 16 19:24:12 2015
-+++ b/src/dnsmasq.h Wed Dec 16 19:40:11 2015
-@@ -1516,6 +1516,11 @@
- void poll_listen(int fd, short event);
- int do_poll(int timeout);
-
-+/* isc.c */
-+#ifdef HAVE_ISC_READER
-+void load_dhcp(time_t now);
-+#endif
-+
- /* rrfilter.c */
- size_t rrfilter(struct dns_header *header, size_t plen, int mode);
- u16 *rrfilter_desc(int type);
- int expand_workspace(unsigned char ***wkspc, int *szp, int new);
--
---- /dev/null Wed Dec 16 19:48:08 2015
-+++ b/src/isc.c Wed Dec 16 19:41:35 2015
-@@ -0,0 +1,266 @@
-+/* dnsmasq is Copyright (c) 2014 John Volpe, Simon Kelley and
-+ Michael Tremer
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; version 2 dated June, 1991, or
-+ (at your option) version 3 dated 29 June, 2007.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+
-+ Code in this file is based on contributions by John Volpe and
-+ Simon Kelley. Updated for recent versions of dnsmasq by
-+ Michael Tremer.
-+*/
-+
-+
-+#define _GNU_SOURCE
-+
-+#include <assert.h>
-+#include <stdio.h>
-+
-+#include "dnsmasq.h"
-+
-+#ifdef HAVE_ISC_READER
-+#define MAXTOK 50
-+
-+struct isc_dhcp_lease {
-+ char* name;
-+ char* fqdn;
-+ time_t expires;
-+ struct in_addr addr;
-+ struct isc_dhcp_lease* next;
-+};
-+
-+static struct isc_dhcp_lease* dhcp_lease_new(const char* hostname) {
-+ struct isc_dhcp_lease* lease = whine_malloc(sizeof(*lease));
-+ if (!lease)
-+ return NULL;
-+
-+ lease->name = strdup(hostname);
-+ if (daemon->domain_suffix) {
-+ int r = asprintf(&lease->fqdn, "%s.%s", hostname, daemon->domain_suffix);
-+
-+ // Handle OOM
-+ if (r < 0) {
-+ free(lease);
-+ return NULL;
-+ }
-+ }
-+ lease->expires = 0;
-+ lease->next = NULL;
-+
-+ return lease;
-+}
-+
-+static void dhcp_lease_free(struct isc_dhcp_lease* lease) {
-+ if (!lease)
-+ return;
-+
-+ if (lease->name)
-+ free(lease->name);
-+ if (lease->fqdn)
-+ free(lease->fqdn);
-+ free(lease);
-+}
-+
-+static int next_token(char* token, int buffsize, FILE* fp) {
-+ int c, count = 0;
-+ char* cp = token;
-+
-+ while ((c = getc(fp)) != EOF) {
-+ if (c == '#') {
-+ do {
-+ c = getc(fp);
-+ } while (c != '\n' && c != EOF);
-+ }
-+
-+ if (c == ' ' || c == '\t' || c == '\n' || c == ';') {
-+ if (count)
-+ break;
-+ } else if ((c != '"') && (count < buffsize - 1)) {
-+ *cp++ = c;
-+ count++;
-+ }
-+ }
-+
-+ *cp = 0;
-+ return count ? 1 : 0;
-+}
-+
-+static long get_utc_offset() {
-+ time_t t = time(NULL);
-+ struct tm* time_struct = localtime(&t);
-+
-+ return time_struct->tm_gmtoff;
-+}
-+
-+static time_t parse_lease_time(const char* token_date, const char* token_time) {
-+ time_t time = (time_t)(-1);
-+ struct tm lease_time;
-+
-+ if (sscanf(token_date, "%d/%d/%d", &lease_time.tm_year, &lease_time.tm_mon, &lease_time.tm_mday) == 3) {
-+ lease_time.tm_year -= 1900;
-+ lease_time.tm_mon -= 1;
-+
-+ if (sscanf(token_time, "%d:%d:%d", &lease_time.tm_hour, &lease_time.tm_min, &lease_time.tm_sec) == 3) {
-+ time = mktime(&lease_time) + get_utc_offset();
-+ }
-+ }
-+
-+ return time;
-+}
-+
-+static struct isc_dhcp_lease* find_lease(const char* hostname, struct isc_dhcp_lease* leases) {
-+ struct isc_dhcp_lease* lease = leases;
-+
-+ while (lease) {
-+ if (strcmp(hostname, lease->name) == 0) {
-+ return lease;
-+ }
-+ lease = lease->next;
-+ }
-+
-+ return NULL;
-+}
-+
-+static off_t lease_file_size = (off_t)0;
-+static ino_t lease_file_inode = (ino_t)0;
-+
-+void load_dhcp(time_t now) {
-+ struct isc_dhcp_lease* leases = NULL;
-+
-+ struct stat statbuf;
-+ if (stat(daemon->lease_file, &statbuf) == -1) {
-+ return;
-+ }
-+
-+ /* Do nothing if the lease file has not changed. */
-+ if ((statbuf.st_size <= lease_file_size) && (statbuf.st_ino == lease_file_inode))
-+ return;
-+
-+ lease_file_size = statbuf.st_size;
-+ lease_file_inode = statbuf.st_ino;
-+
-+ FILE* fp = fopen(daemon->lease_file, "r");
-+ if (!fp) {
-+ my_syslog(LOG_ERR, _("failed to load %s:%s"), daemon->lease_file, strerror(errno));
-+ return;
-+ }
-+
-+ my_syslog(LOG_INFO, _("reading %s"), daemon->lease_file);
-+
-+ char* hostname = daemon->namebuff;
-+ struct in_addr host_address;
-+ time_t time_starts = -1;
-+ time_t time_ends = -1;
-+ int nomem;
-+
-+ char token[MAXTOK];
-+ while ((next_token(token, MAXTOK, fp))) {
-+ if (strcmp(token, "lease") == 0) {
-+ hostname[0] = '\0';
-+
-+ if (next_token(token, MAXTOK, fp) && ((host_address.s_addr = inet_addr(token)) != (in_addr_t)-1)) {
-+ if (next_token(token, MAXTOK, fp) && *token == '{') {
-+ while (next_token(token, MAXTOK, fp) && *token != '}') {
-+ if ((strcmp(token, "client-hostname") == 0) || (strcmp(token, "hostname") == 0)) {
-+ if (next_token(hostname, MAXDNAME, fp)) {
-+ if (!canonicalise(hostname, &nomem)) {
-+ *hostname = 0;
-+ my_syslog(LOG_ERR, _("bad name in %s"), daemon->lease_file);
-+ }
-+ }
-+ } else if ((strcmp(token, "starts") == 0) || (strcmp(token, "ends") == 0)) {
-+ char token_date[MAXTOK];
-+ char token_time[MAXTOK];
-+
-+ int is_starts = strcmp(token, "starts") == 0;
-+
-+ // Throw away the weekday and parse the date.
-+ if (next_token(token, MAXTOK, fp) && next_token(token_date, MAXTOK, fp) && next_token(token_time, MAXTOK, fp)) {
-+ time_t time = parse_lease_time(token_date, token_time);
-+
-+ if (is_starts)
-+ time_starts = time;
-+ else
-+ time_ends = time;
-+ }
-+ }
-+ }
-+
-+ if (!*hostname)
-+ continue;
-+
-+ if ((time_starts == -1) || (time_ends == -1))
-+ continue;
-+
-+ if (difftime(now, time_ends) > 0)
-+ continue;
-+
-+ char* dot = strchr(hostname, '.');
-+ if (dot) {
-+ if (!daemon->domain_suffix || hostname_isequal(dot + 1, daemon->domain_suffix)) {
-+ my_syslog(LOG_WARNING,
-+ _("Ignoring DHCP lease for %s because it has an illegal domain part"),
-+ hostname);
-+ continue;
-+ }
-+ *dot = 0;
-+ }
-+
-+ // Search for an existing lease in the list
-+ // with the given host name and update the data
-+ // if needed.
-+ struct isc_dhcp_lease* lease = find_lease(hostname, leases);
-+
-+ // If no lease already exists, we create a new one
-+ // and append it to the list.
-+ if (!lease) {
-+ lease = dhcp_lease_new(hostname);
-+ assert(lease);
-+
-+ lease->next = leases;
-+ leases = lease;
-+ }
-+
-+ // Only update more recent leases.
-+ if (lease->expires > time_ends)
-+ continue;
-+
-+ lease->addr = host_address;
-+ lease->expires = time_ends;
-+ }
-+ }
-+ }
-+ }
-+
-+ fclose(fp);
-+
-+ // Drop all entries.
-+ cache_unhash_dhcp();
-+
-+ while (leases) {
-+ struct isc_dhcp_lease *lease = leases;
-+ leases = lease->next;
-+
-+ if (lease->fqdn) {
-+ cache_add_dhcp_entry(lease->fqdn, AF_INET, (struct all_addr*)&lease->addr.s_addr, lease->expires);
-+ }
-+
-+ if (lease->name) {
-+ cache_add_dhcp_entry(lease->name, AF_INET, (struct all_addr*)&lease->addr.s_addr, lease->expires);
-+ }
-+
-+ // Cleanup
-+ dhcp_lease_free(lease);
-+ }
-+}
-+
-+#endif
---- a/src/option.c Wed Dec 16 19:24:12 2015
-+++ b/src/option.c Wed Dec 16 19:42:48 2015
-@@ -1771,7 +1771,7 @@
- ret_err(_("bad MX target"));
- break;
-
--#ifdef HAVE_DHCP
-+#if (defined HAVE_DHCP) || (defined HAVE_ISC_READER)
- case 'l': /* --dhcp-leasefile */
- daemon->lease_file = opt_string_alloc(arg);
- break;
---- a/Makefile Wed Dec 16 19:24:12 2015
-+++ b/Makefile Wed Dec 16 19:28:45 2015
-@@ -74,7 +74,7 @@
- helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
- dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \
- domain.o dnssec.o blockdata.o tables.o loop.o inotify.o \
-- poll.o rrfilter.o edns0.o arp.o
-+ poll.o rrfilter.o edns0.o arp.o isc.o
-
- hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
- dns-protocol.h radv-protocol.h ip6addr.h
+++ /dev/null
-From 294d36df4749e01199ab220d44c170e7db2b0c05 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Wed, 6 Jul 2016 21:30:25 +0100
-Subject: [PATCH] Calculate length of TFTP error reply correctly.
-
----
- CHANGELOG | 14 ++++++++++++++
- src/tftp.c | 7 +++++--
- 2 files changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/CHANGELOG b/CHANGELOG
-index 04ff3f0..0559a6f 100644
---- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -1,3 +1,17 @@
-+version 2.77
-+ Calculate the length of TFTP error reply packet
-+ correctly. This fixes a problem when the error
-+ message in a TFTP packet exceeds the arbitrary
-+ limit of 500 characters. The message was correctly
-+ truncated, but not the packet length, so
-+ extra data was appended. This is a possible
-+ security risk, since the extra data comes from
-+ a buffer which is also used for DNS, so that
-+ previous DNS queries or replies may be leaked.
-+ Thanks to Mozilla for funding the security audit
-+ which spotted this bug.
-+
-+
- version 2.76
- Include 0.0.0.0/8 in DNS rebind checks. This range
- translates to hosts on the local network, or, at
-diff --git a/src/tftp.c b/src/tftp.c
-index 5e4a32a..3e1b5c5 100644
---- a/src/tftp.c
-+++ b/src/tftp.c
-@@ -652,20 +652,23 @@ static void sanitise(char *buf)
-
- }
-
-+#define MAXMESSAGE 500 /* limit to make packet < 512 bytes and definitely smaller than buffer */
- static ssize_t tftp_err(int err, char *packet, char *message, char *file)
- {
- struct errmess {
- unsigned short op, err;
- char message[];
- } *mess = (struct errmess *)packet;
-- ssize_t ret = 4;
-+ ssize_t len, ret = 4;
- char *errstr = strerror(errno);
-
- sanitise(file);
-
- mess->op = htons(OP_ERR);
- mess->err = htons(err);
-- ret += (snprintf(mess->message, 500, message, file, errstr) + 1);
-+ len = snprintf(mess->message, MAXMESSAGE, message, file, errstr);
-+ ret += (len < MAXMESSAGE) ? len + 1 : MAXMESSAGE; /* include terminating zero */
-+
- my_syslog(MS_TFTP | LOG_ERR, "%s", mess->message);
-
- return ret;
---
-1.7.10.4
-
+++ /dev/null
-From d55f81f5fd53b1dfc2c4b3249b542f2d9679e236 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Wed, 6 Jul 2016 21:33:56 +0100
-Subject: [PATCH] Zero newly malloc'ed memory.
-
----
- src/util.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/util.c b/src/util.c
-index 93b24f5..82443c9 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -248,6 +248,8 @@ void *safe_malloc(size_t size)
-
- if (!ret)
- die(_("could not get memory"), NULL, EC_NOMEM);
-+ else
-+ memset(ret, 0, size);
-
- return ret;
- }
-@@ -266,7 +268,9 @@ void *whine_malloc(size_t size)
-
- if (!ret)
- my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size);
--
-+ else
-+ memset(ret, 0, size);
-+
- return ret;
- }
-
---
-1.7.10.4
-
+++ /dev/null
-From ce7845bf5429bd2962c9b2e7d75e2659f3b5c1a8 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Wed, 6 Jul 2016 21:42:27 +0100
-Subject: [PATCH] Check return of expand() always.
-
----
- src/radv.c | 4 +++-
- src/slaac.c | 5 ++++-
- 2 files changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/src/radv.c b/src/radv.c
-index 749b666..faa0f6d 100644
---- a/src/radv.c
-+++ b/src/radv.c
-@@ -262,7 +262,9 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad
- parm.prio = calc_prio(ra_param);
-
- save_counter(0);
-- ra = expand(sizeof(struct ra_packet));
-+
-+ if (!(ra = expand(sizeof(struct ra_packet))))
-+ return;
-
- ra->type = ND_ROUTER_ADVERT;
- ra->code = 0;
-diff --git a/src/slaac.c b/src/slaac.c
-index 8034805..07b8ba4 100644
---- a/src/slaac.c
-+++ b/src/slaac.c
-@@ -147,7 +147,10 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases)
- struct sockaddr_in6 addr;
-
- save_counter(0);
-- ping = expand(sizeof(struct ping_packet));
-+
-+ if (!(ping = expand(sizeof(struct ping_packet))))
-+ continue;
-+
- ping->type = ICMP6_ECHO_REQUEST;
- ping->code = 0;
- ping->identifier = ping_id;
---
-1.7.10.4
-
+++ /dev/null
-From 5874f3e9222397d82aabd9884d9bf5ce7e4109b0 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Sun, 10 Jul 2016 22:12:08 +0100
-Subject: [PATCH] Fix editing error on man page.
-
-Thanks to Eric Westbrook for spotting this.
----
- man/dnsmasq.8 | 9 ++++-----
- 1 file changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
-index 0521534..bd8c0b3 100644
---- a/man/dnsmasq.8
-+++ b/man/dnsmasq.8
-@@ -1037,6 +1037,10 @@ is given, then read all the files contained in that directory. The advantage of
- using this option is the same as for --dhcp-hostsfile: the
- dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. Note that
- it is possible to encode the information in a
-+.B --dhcp-boot
-+flag as DHCP options, using the options names bootfile-name,
-+server-ip-address and tftp-server. This allows these to be included
-+in a dhcp-optsfile.
- .TP
- .B --dhcp-hostsdir=<path>
- This is equivalent to dhcp-hostsfile, except for the following. The path MUST be a
-@@ -1048,11 +1052,6 @@ is restarted; ie host records are only added dynamically.
- .TP
- .B --dhcp-optsdir=<path>
- This is equivalent to dhcp-optsfile, with the differences noted for --dhcp-hostsdir.
--.TP
--.B --dhcp-boot
--flag as DHCP options, using the options names bootfile-name,
--server-ip-address and tftp-server. This allows these to be included
--in a dhcp-optsfile.
- .TP
- .B \-Z, --read-ethers
- Read /etc/ethers for information about hosts for the DHCP server. The
---
-1.7.10.4
-
+++ /dev/null
-From 907efeb2dc712603271093bce8a93c7c3e6fe64d Mon Sep 17 00:00:00 2001
-From: Kristjan Onu <jeixav@gmail.com>
-Date: Sun, 10 Jul 2016 22:37:57 +0100
-Subject: [PATCH] Manpage typo.
-
----
- man/dnsmasq.8 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
-index bd8c0b3..ac8d921 100644
---- a/man/dnsmasq.8
-+++ b/man/dnsmasq.8
-@@ -242,7 +242,7 @@ addresses associated with the interface.
- .B --local-service
- Accept DNS queries only from hosts whose address is on a local subnet,
- ie a subnet for which an interface exists on the server. This option
--only has effect is there are no --interface --except-interface,
-+only has effect if there are no --interface --except-interface,
- --listen-address or --auth-server options. It is intended to be set as
- a default on installation, to allow unconfigured installations to be
- useful but also safe from being used for DNS amplification attacks.
---
-1.7.10.4
-
+++ /dev/null
-From 591ed1e90503817938ccf5f127e677a8dd48b6d8 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Mon, 11 Jul 2016 18:18:42 +0100
-Subject: [PATCH] Fix bad behaviour with some DHCP option arrangements.
-
-The check that there's enough space to store the DHCP agent-id
-at the end of the packet could succeed when it should fail
-if the END option is in either of the oprion-overload areas.
-That could overwrite legit options in the request and cause
-bad behaviour. It's highly unlikely that any sane DHCP client
-would trigger this bug, and it's never been seen, but this
-fixes the problem.
-
-Also fix off-by-one in bounds checking of option processing.
-Worst case scenario on that is a read one byte beyond the
-end off a buffer with a crafted packet, and maybe therefore
-a SIGV crash if the memory after the buffer is not mapped.
-
-Thanks to Timothy Becker for spotting these.
----
- src/rfc2131.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/rfc2131.c b/src/rfc2131.c
-index b7c167e..8b99d4b 100644
---- a/src/rfc2131.c
-+++ b/src/rfc2131.c
-@@ -186,7 +186,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
- be enough free space at the end of the packet to copy the option. */
- unsigned char *sopt;
- unsigned int total = option_len(opt) + 2;
-- unsigned char *last_opt = option_find(mess, sz, OPTION_END, 0);
-+ unsigned char *last_opt = option_find1(&mess->options[0] + sizeof(u32), ((unsigned char *)mess) + sz,
-+ OPTION_END, 0);
- if (last_opt && last_opt < end - total)
- {
- end -= total;
-@@ -1606,7 +1607,7 @@ static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt
- {
- while (1)
- {
-- if (p > end)
-+ if (p >= end)
- return NULL;
- else if (*p == OPTION_END)
- return opt == OPTION_END ? p : NULL;
---
-1.7.10.4
-
+++ /dev/null
-From 1d07667ac77c55b9de56b1b2c385167e0e0ec27a Mon Sep 17 00:00:00 2001
-From: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
-Date: Mon, 11 Jul 2016 18:36:05 +0100
-Subject: [PATCH] Fix logic error in Linux netlink code.
-
-This could cause dnsmasq to enter a tight loop on systems
-with a very large number of network interfaces.
----
- CHANGELOG | 6 ++++++
- src/netlink.c | 8 +++++++-
- 2 files changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/CHANGELOG b/CHANGELOG
-index 0559a6f..59c9c49 100644
---- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -11,6 +11,12 @@ version 2.77
- Thanks to Mozilla for funding the security audit
- which spotted this bug.
-
-+ Fix logic error in Linux netlink code. This could
-+ cause dnsmasq to enter a tight loop on systems
-+ with a very large number of network interfaces.
-+ Thanks to Ivan Kokshaysky for the diagnosis and
-+ patch.
-+
-
- version 2.76
- Include 0.0.0.0/8 in DNS rebind checks. This range
-diff --git a/src/netlink.c b/src/netlink.c
-index 049247b..8cd51af 100644
---- a/src/netlink.c
-+++ b/src/netlink.c
-@@ -188,11 +188,17 @@ int iface_enumerate(int family, void *parm, int (*callback)())
- }
-
- for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
-- if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
-+ if (h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
- {
- /* May be multicast arriving async */
- nl_async(h);
- }
-+ else if (h->nlmsg_seq != seq)
-+ {
-+ /* May be part of incomplete response to previous request after
-+ ENOBUFS. Drop it. */
-+ continue;
-+ }
- else if (h->nlmsg_type == NLMSG_DONE)
- return callback_ok;
- else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
---
-1.7.10.4
-
+++ /dev/null
-From 06093a9a845bb597005d892d5d1bc7859933ada4 Mon Sep 17 00:00:00 2001
-From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
-Date: Mon, 11 Jul 2016 21:03:27 +0100
-Subject: [PATCH] Fix problem with --dnssec-timestamp whereby receipt of
- SIGHUP would erroneously engage timestamp checking.
-
----
- CHANGELOG | 4 ++++
- src/dnsmasq.c | 7 ++++---
- src/dnsmasq.h | 1 +
- src/dnssec.c | 5 +++--
- 4 files changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/CHANGELOG b/CHANGELOG
-index 59c9c49..9f1e404 100644
---- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -17,6 +17,10 @@ version 2.77
- Thanks to Ivan Kokshaysky for the diagnosis and
- patch.
-
-+ Fix problem with --dnssec-timestamp whereby receipt
-+ of SIGHUP would erroneously engage timestamp checking.
-+ Thanks to Kevin Darbyshire-Bryant for this work.
-+
-
- version 2.76
- Include 0.0.0.0/8 in DNS rebind checks. This range
-diff --git a/src/dnsmasq.c b/src/dnsmasq.c
-index 045ec53..a47273f 100644
---- a/src/dnsmasq.c
-+++ b/src/dnsmasq.c
-@@ -750,7 +750,8 @@ int main (int argc, char **argv)
-
- my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
-
-- if (option_bool(OPT_DNSSEC_TIME))
-+ daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
-+ if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
- my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
-
- if (rc == 1)
-@@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now)
- {
- case EVENT_RELOAD:
- #ifdef HAVE_DNSSEC
-- if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
-+ if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
- {
- my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
-- reset_option_bool(OPT_DNSSEC_TIME);
-+ daemon->dnssec_no_time_check = 0;
- }
- #endif
- /* fall through */
-diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index 1896a64..be27ae0 100644
---- a/src/dnsmasq.h
-+++ b/src/dnsmasq.h
-@@ -992,6 +992,7 @@ extern struct daemon {
- #endif
- #ifdef HAVE_DNSSEC
- struct ds_config *ds;
-+ int dnssec_no_time_check;
- int back_to_the_future;
- char *timestamp_file;
- #endif
-diff --git a/src/dnssec.c b/src/dnssec.c
-index 3c77c7d..64358fa 100644
---- a/src/dnssec.c
-+++ b/src/dnssec.c
-@@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end)
- if (utime(daemon->timestamp_file, NULL) != 0)
- my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
-
-+ my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
- daemon->back_to_the_future = 1;
-- set_option_bool(OPT_DNSSEC_TIME);
-+ daemon->dnssec_no_time_check = 0;
- queue_event(EVENT_RELOAD); /* purge cache */
- }
-
- if (daemon->back_to_the_future == 0)
- return 1;
- }
-- else if (option_bool(OPT_DNSSEC_TIME))
-+ else if (daemon->dnssec_no_time_check)
- return 1;
-
- /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
---
-1.7.10.4
-
+++ /dev/null
-From d6dce53e08b3a06be16d43e1bf566c6c1988e4a9 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Mon, 11 Jul 2016 21:34:31 +0100
-Subject: [PATCH] malloc(); memset() -> calloc() for efficiency.
-
----
- src/util.c | 10 +++-------
- 1 file changed, 3 insertions(+), 7 deletions(-)
-
-diff --git a/src/util.c b/src/util.c
-index 82443c9..211690e 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -244,13 +244,11 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval)
- /* for use during startup */
- void *safe_malloc(size_t size)
- {
-- void *ret = malloc(size);
-+ void *ret = calloc(1, size);
-
- if (!ret)
- die(_("could not get memory"), NULL, EC_NOMEM);
-- else
-- memset(ret, 0, size);
--
-+
- return ret;
- }
-
-@@ -264,12 +262,10 @@ void safe_pipe(int *fd, int read_noblock)
-
- void *whine_malloc(size_t size)
- {
-- void *ret = malloc(size);
-+ void *ret = calloc(1, size);
-
- if (!ret)
- my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size);
-- else
-- memset(ret, 0, size);
-
- return ret;
- }
---
-1.7.10.4
-
+++ /dev/null
-From fa78573778cb23337f67f5d0c9de723169919047 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 22 Jul 2016 20:56:01 +0100
-Subject: [PATCH] Zero packet buffers before building output, to reduce risk
- of information leakage.
-
----
- src/auth.c | 5 +++++
- src/dnsmasq.h | 1 +
- src/outpacket.c | 10 ++++++++++
- src/radv.c | 2 +-
- src/rfc1035.c | 5 +++++
- src/rfc3315.c | 6 +++---
- src/slaac.c | 2 +-
- src/tftp.c | 5 ++++-
- 8 files changed, 30 insertions(+), 6 deletions(-)
-
-diff --git a/src/auth.c b/src/auth.c
-index 198572d..3c5c37f 100644
---- a/src/auth.c
-+++ b/src/auth.c
-@@ -101,6 +101,11 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
- struct all_addr addr;
- struct cname *a;
-
-+ /* Clear buffer beyond request to avoid risk of
-+ information disclosure. */
-+ memset(((char *)header) + qlen, 0,
-+ (limit - ((char *)header)) - qlen);
-+
- if (ntohs(header->qdcount) == 0 || OPCODE(header) != QUERY )
- return 0;
-
-diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index be27ae0..2bda5d0 100644
---- a/src/dnsmasq.h
-+++ b/src/dnsmasq.h
-@@ -1471,6 +1471,7 @@ void log_relay(int family, struct dhcp_relay *relay);
- /* outpacket.c */
- #ifdef HAVE_DHCP6
- void end_opt6(int container);
-+void reset_counter(void);
- int save_counter(int newval);
- void *expand(size_t headroom);
- int new_opt6(int opt);
-diff --git a/src/outpacket.c b/src/outpacket.c
-index a414efa..2caacd9 100644
---- a/src/outpacket.c
-+++ b/src/outpacket.c
-@@ -29,9 +29,19 @@ void end_opt6(int container)
- PUTSHORT(len, p);
- }
-
-+void reset_counter(void)
-+{
-+ /* Clear out buffer when starting from begining */
-+ if (daemon->outpacket.iov_base)
-+ memset(daemon->outpacket.iov_base, 0, daemon->outpacket.iov_len);
-+
-+ save_counter(0);
-+}
-+
- int save_counter(int newval)
- {
- int ret = outpacket_counter;
-+
- if (newval != -1)
- outpacket_counter = newval;
-
-diff --git a/src/radv.c b/src/radv.c
-index faa0f6d..39c9217 100644
---- a/src/radv.c
-+++ b/src/radv.c
-@@ -261,7 +261,7 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad
- parm.adv_interval = calc_interval(ra_param);
- parm.prio = calc_prio(ra_param);
-
-- save_counter(0);
-+ reset_counter();
-
- if (!(ra = expand(sizeof(struct ra_packet))))
- return;
-diff --git a/src/rfc1035.c b/src/rfc1035.c
-index 24d08c1..9e730a9 100644
---- a/src/rfc1035.c
-+++ b/src/rfc1035.c
-@@ -1209,6 +1209,11 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
- int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
- struct mx_srv_record *rec;
- size_t len;
-+
-+ /* Clear buffer beyond request to avoid risk of
-+ information disclosure. */
-+ memset(((char *)header) + qlen, 0,
-+ (limit - ((char *)header)) - qlen);
-
- if (ntohs(header->ancount) != 0 ||
- ntohs(header->nscount) != 0 ||
-diff --git a/src/rfc3315.c b/src/rfc3315.c
-index 3f4d69c..e1271a1 100644
---- a/src/rfc3315.c
-+++ b/src/rfc3315.c
-@@ -89,7 +89,7 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if
- for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)
- vendor->netid.next = &vendor->netid;
-
-- save_counter(0);
-+ reset_counter();
- state.context = context;
- state.interface = interface;
- state.iface_name = iface_name;
-@@ -2084,7 +2084,7 @@ void relay_upstream6(struct dhcp_relay *relay, ssize_t sz,
- if (hopcount > 32)
- return;
-
-- save_counter(0);
-+ reset_counter();
-
- if ((header = put_opt6(NULL, 34)))
- {
-@@ -2161,7 +2161,7 @@ unsigned short relay_reply6(struct sockaddr_in6 *peer, ssize_t sz, char *arrival
- (!relay->interface || wildcard_match(relay->interface, arrival_interface)))
- break;
-
-- save_counter(0);
-+ reset_counter();
-
- if (relay)
- {
-diff --git a/src/slaac.c b/src/slaac.c
-index 07b8ba4..bd6c9b4 100644
---- a/src/slaac.c
-+++ b/src/slaac.c
-@@ -146,7 +146,7 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases)
- struct ping_packet *ping;
- struct sockaddr_in6 addr;
-
-- save_counter(0);
-+ reset_counter();
-
- if (!(ping = expand(sizeof(struct ping_packet))))
- continue;
-diff --git a/src/tftp.c b/src/tftp.c
-index 3e1b5c5..618c406 100644
---- a/src/tftp.c
-+++ b/src/tftp.c
-@@ -662,8 +662,9 @@ static ssize_t tftp_err(int err, char *packet, char *message, char *file)
- ssize_t len, ret = 4;
- char *errstr = strerror(errno);
-
-+ memset(packet, 0, daemon->packet_buff_sz);
- sanitise(file);
--
-+
- mess->op = htons(OP_ERR);
- mess->err = htons(err);
- len = snprintf(mess->message, MAXMESSAGE, message, file, errstr);
-@@ -684,6 +685,8 @@ static ssize_t tftp_err_oops(char *packet, char *file)
- /* return -1 for error, zero for done. */
- static ssize_t get_block(char *packet, struct tftp_transfer *transfer)
- {
-+ memset(packet, 0, daemon->packet_buff_sz);
-+
- if (transfer->block == 0)
- {
- /* send OACK */
---
-1.7.10.4
-
+++ /dev/null
-From 6b1c464d6de3d7d2afc9b53afe78cda6d6e3316f Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 22 Jul 2016 20:59:16 +0100
-Subject: [PATCH] Don't reset packet length on transmission, in case of
- retransmission.
-
----
- src/radv.c | 2 +-
- src/rfc3315.c | 2 +-
- src/slaac.c | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/radv.c b/src/radv.c
-index 39c9217..ffc37f2 100644
---- a/src/radv.c
-+++ b/src/radv.c
-@@ -528,7 +528,7 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad
- }
-
- while (retry_send(sendto(daemon->icmp6fd, daemon->outpacket.iov_base,
-- save_counter(0), 0, (struct sockaddr *)&addr,
-+ save_counter(-1), 0, (struct sockaddr *)&addr,
- sizeof(addr))));
-
- }
-diff --git a/src/rfc3315.c b/src/rfc3315.c
-index e1271a1..c7bf46f 100644
---- a/src/rfc3315.c
-+++ b/src/rfc3315.c
-@@ -2127,7 +2127,7 @@ void relay_upstream6(struct dhcp_relay *relay, ssize_t sz,
- my_syslog(MS_DHCP | LOG_ERR, _("Cannot multicast to DHCPv6 server without correct interface"));
- }
-
-- send_from(daemon->dhcp6fd, 0, daemon->outpacket.iov_base, save_counter(0), &to, &from, 0);
-+ send_from(daemon->dhcp6fd, 0, daemon->outpacket.iov_base, save_counter(-1), &to, &from, 0);
-
- if (option_bool(OPT_LOG_OPTS))
- {
-diff --git a/src/slaac.c b/src/slaac.c
-index bd6c9b4..7ecf127 100644
---- a/src/slaac.c
-+++ b/src/slaac.c
-@@ -164,7 +164,7 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases)
- addr.sin6_port = htons(IPPROTO_ICMPV6);
- addr.sin6_addr = slaac->addr;
-
-- if (sendto(daemon->icmp6fd, daemon->outpacket.iov_base, save_counter(0), 0,
-+ if (sendto(daemon->icmp6fd, daemon->outpacket.iov_base, save_counter(-1), 0,
- (struct sockaddr *)&addr, sizeof(addr)) == -1 &&
- errno == EHOSTUNREACH)
- slaac->ping_time = 0; /* Give up */
---
-1.7.10.4
-
+++ /dev/null
-From bf4e62c19e619f7edf8d03d58d33a5752f190bfd Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 22 Jul 2016 21:37:59 +0100
-Subject: [PATCH] Compile-time check on buffer sizes for leasefile parsing
- code.
-
----
- src/dhcp-common.c | 16 ++++++++--------
- src/dhcp-protocol.h | 4 ++++
- src/lease.c | 9 ++++++++-
- src/rfc3315.c | 2 +-
- 4 files changed, 21 insertions(+), 10 deletions(-)
-
-diff --git a/src/dhcp-common.c b/src/dhcp-common.c
-index 08528e8..ecc752b 100644
---- a/src/dhcp-common.c
-+++ b/src/dhcp-common.c
-@@ -20,11 +20,11 @@
-
- void dhcp_common_init(void)
- {
-- /* These each hold a DHCP option max size 255
-- and get a terminating zero added */
-- daemon->dhcp_buff = safe_malloc(256);
-- daemon->dhcp_buff2 = safe_malloc(256);
-- daemon->dhcp_buff3 = safe_malloc(256);
-+ /* These each hold a DHCP option max size 255
-+ and get a terminating zero added */
-+ daemon->dhcp_buff = safe_malloc(DHCP_BUFF_SZ);
-+ daemon->dhcp_buff2 = safe_malloc(DHCP_BUFF_SZ);
-+ daemon->dhcp_buff3 = safe_malloc(DHCP_BUFF_SZ);
-
- /* dhcp_packet is used by v4 and v6, outpacket only by v6
- sizeof(struct dhcp_packet) is as good an initial size as any,
-@@ -855,14 +855,14 @@ void log_context(int family, struct dhcp_context *context)
- if (context->flags & CONTEXT_RA_STATELESS)
- {
- if (context->flags & CONTEXT_TEMPLATE)
-- strncpy(daemon->dhcp_buff, context->template_interface, 256);
-+ strncpy(daemon->dhcp_buff, context->template_interface, DHCP_BUFF_SZ);
- else
- strcpy(daemon->dhcp_buff, daemon->addrbuff);
- }
- else
- #endif
-- inet_ntop(family, start, daemon->dhcp_buff, 256);
-- inet_ntop(family, end, daemon->dhcp_buff3, 256);
-+ inet_ntop(family, start, daemon->dhcp_buff, DHCP_BUFF_SZ);
-+ inet_ntop(family, end, daemon->dhcp_buff3, DHCP_BUFF_SZ);
- my_syslog(MS_DHCP | LOG_INFO,
- (context->flags & CONTEXT_RA_STATELESS) ?
- _("%s stateless on %s%.0s%.0s%s") :
-diff --git a/src/dhcp-protocol.h b/src/dhcp-protocol.h
-index a31d829..0ea449b 100644
---- a/src/dhcp-protocol.h
-+++ b/src/dhcp-protocol.h
-@@ -19,6 +19,10 @@
- #define DHCP_CLIENT_ALTPORT 1068
- #define PXE_PORT 4011
-
-+/* These each hold a DHCP option max size 255
-+ and get a terminating zero added */
-+#define DHCP_BUFF_SZ 256
-+
- #define BOOTREQUEST 1
- #define BOOTREPLY 2
- #define DHCP_COOKIE 0x63825363
-diff --git a/src/lease.c b/src/lease.c
-index 20cac90..ca62cc5 100644
---- a/src/lease.c
-+++ b/src/lease.c
-@@ -65,7 +65,14 @@ void lease_init(time_t now)
- }
-
- /* client-id max length is 255 which is 255*2 digits + 254 colons
-- borrow DNS packet buffer which is always larger than 1000 bytes */
-+ borrow DNS packet buffer which is always larger than 1000 bytes
-+
-+ Check various buffers are big enough for the code below */
-+
-+#if (DHCP_BUFF_SZ < 255) || (MAXDNAME < 64) || (PACKETSZ+MAXDNAME+RRFIXEDSZ < 764)
-+# error Buffer size breakage in leasfile parsing.
-+#endif
-+
- if (leasestream)
- while (fscanf(leasestream, "%255s %255s", daemon->dhcp_buff3, daemon->dhcp_buff2) == 2)
- {
-diff --git a/src/rfc3315.c b/src/rfc3315.c
-index c7bf46f..568b0c8 100644
---- a/src/rfc3315.c
-+++ b/src/rfc3315.c
-@@ -1975,7 +1975,7 @@ static void log6_packet(struct state *state, char *type, struct in6_addr *addr,
-
- if (addr)
- {
-- inet_ntop(AF_INET6, addr, daemon->dhcp_buff2, 255);
-+ inet_ntop(AF_INET6, addr, daemon->dhcp_buff2, DHCP_BUFF_SZ - 1);
- strcat(daemon->dhcp_buff2, " ");
- }
- else
---
-1.7.10.4
-
+++ /dev/null
-From 094bfaeb4ff69cae99387bc2ea07ff57632c89f5 Mon Sep 17 00:00:00 2001
-From: Mathias Kresin <dev@kresin.me>
-Date: Sun, 24 Jul 2016 14:15:22 +0100
-Subject: [PATCH] auth-zone: allow to exclude ip addresses from answer.
-
----
- man/dnsmasq.8 | 6 +++++-
- src/auth.c | 61 ++++++++++++++++++++++++++++++++++++---------------------
- src/dnsmasq.h | 1 +
- src/option.c | 21 ++++++++++++++++++--
- 4 files changed, 64 insertions(+), 25 deletions(-)
-
-diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
-index ac8d921..8910947 100644
---- a/man/dnsmasq.8
-+++ b/man/dnsmasq.8
-@@ -739,7 +739,7 @@ a return code of SERVFAIL. Note that
- setting this may affect DNS behaviour in bad ways, it is not an
- extra-logging flag and should not be set in production.
- .TP
--.B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....]]
-+.B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....][,exclude:<subnet>[/<prefix length>]].....]
- Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain
- will be served. If subnet(s) are given, A and AAAA records must be in one of the
- specified subnets.
-@@ -756,6 +756,10 @@ appear in the zone, but RFC1918 IPv4 addresses which should not.
- Interface-name and address-literal subnet specifications may be used
- freely in the same --auth-zone declaration.
-
-+It's possible to exclude certain IP addresses from responses. It can be
-+used, to make sure that answers contain only global routeable IP
-+addresses (by excluding loopback, RFC1918 and ULA addresses).
-+
- The subnet(s) are also used to define in-addr.arpa and
- ip6.arpa domains which are served for reverse-DNS queries. If not
- specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6.
-diff --git a/src/auth.c b/src/auth.c
-index 3c5c37f..f1ca2f5 100644
---- a/src/auth.c
-+++ b/src/auth.c
-@@ -18,36 +18,53 @@
-
- #ifdef HAVE_AUTH
-
--static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u)
-+static struct addrlist *find_addrlist(struct addrlist *list, int flag, struct all_addr *addr_u)
- {
-- struct addrlist *subnet;
--
-- for (subnet = zone->subnet; subnet; subnet = subnet->next)
-- {
-- if (!(subnet->flags & ADDRLIST_IPV6))
-- {
-- struct in_addr netmask, addr = addr_u->addr.addr4;
--
-- if (!(flag & F_IPV4))
-- continue;
--
-- netmask.s_addr = htonl(~(in_addr_t)0 << (32 - subnet->prefixlen));
--
-- if (is_same_net(addr, subnet->addr.addr.addr4, netmask))
-- return subnet;
-- }
-+ do {
-+ if (!(list->flags & ADDRLIST_IPV6))
-+ {
-+ struct in_addr netmask, addr = addr_u->addr.addr4;
-+
-+ if (!(flag & F_IPV4))
-+ continue;
-+
-+ netmask.s_addr = htonl(~(in_addr_t)0 << (32 - list->prefixlen));
-+
-+ if (is_same_net(addr, list->addr.addr.addr4, netmask))
-+ return list;
-+ }
- #ifdef HAVE_IPV6
-- else if (is_same_net6(&(addr_u->addr.addr6), &subnet->addr.addr.addr6, subnet->prefixlen))
-- return subnet;
-+ else if (is_same_net6(&(addr_u->addr.addr6), &list->addr.addr.addr6, list->prefixlen))
-+ return list;
- #endif
--
-- }
-+
-+ } while ((list = list->next));
-+
- return NULL;
- }
-
-+static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u)
-+{
-+ if (!zone->subnet)
-+ return NULL;
-+
-+ return find_addrlist(zone->subnet, flag, addr_u);
-+}
-+
-+static struct addrlist *find_exclude(struct auth_zone *zone, int flag, struct all_addr *addr_u)
-+{
-+ if (!zone->exclude)
-+ return NULL;
-+
-+ return find_addrlist(zone->exclude, flag, addr_u);
-+}
-+
- static int filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u)
- {
-- /* No zones specified, no filter */
-+ if (find_exclude(zone, flag, addr_u))
-+ return 0;
-+
-+ /* No subnets specified, no filter */
- if (!zone->subnet)
- return 1;
-
-diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index 2bda5d0..27385a9 100644
---- a/src/dnsmasq.h
-+++ b/src/dnsmasq.h
-@@ -340,6 +340,7 @@ struct auth_zone {
- struct auth_name_list *next;
- } *interface_names;
- struct addrlist *subnet;
-+ struct addrlist *exclude;
- struct auth_zone *next;
- };
-
-diff --git a/src/option.c b/src/option.c
-index d8c57d6..6cedef3 100644
---- a/src/option.c
-+++ b/src/option.c
-@@ -1906,6 +1906,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
- new = opt_malloc(sizeof(struct auth_zone));
- new->domain = opt_string_alloc(arg);
- new->subnet = NULL;
-+ new->exclude = NULL;
- new->interface_names = NULL;
- new->next = daemon->auth_zones;
- daemon->auth_zones = new;
-@@ -1913,6 +1914,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
- while ((arg = comma))
- {
- int prefixlen = 0;
-+ int is_exclude = 0;
- char *prefix;
- struct addrlist *subnet = NULL;
- struct all_addr addr;
-@@ -1923,6 +1925,12 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
- if (prefix && !atoi_check(prefix, &prefixlen))
- ret_err(gen_err);
-
-+ if (strstr(arg, "exclude:") == arg)
-+ {
-+ is_exclude = 1;
-+ arg = arg+8;
-+ }
-+
- if (inet_pton(AF_INET, arg, &addr.addr.addr4))
- {
- subnet = opt_malloc(sizeof(struct addrlist));
-@@ -1960,8 +1968,17 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
- if (subnet)
- {
- subnet->addr = addr;
-- subnet->next = new->subnet;
-- new->subnet = subnet;
-+
-+ if (is_exclude)
-+ {
-+ subnet->next = new->exclude;
-+ new->exclude = subnet;
-+ }
-+ else
-+ {
-+ subnet->next = new->subnet;
-+ new->subnet = subnet;
-+ }
- }
- }
- break;
---
-1.7.10.4
-
+++ /dev/null
-From c8328ecde896575b3cb81cf537747df531f90771 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 5 Aug 2016 16:54:58 +0100
-Subject: [PATCH] Bump auth zone serial when reloading /etc/hosts and friends.
-
----
- CHANGELOG | 4 ++++
- src/dnsmasq.c | 2 ++
- 2 files changed, 6 insertions(+)
-
-diff --git a/CHANGELOG b/CHANGELOG
-index 9f1e404..4f89799 100644
---- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -20,6 +20,10 @@ version 2.77
- Fix problem with --dnssec-timestamp whereby receipt
- of SIGHUP would erroneously engage timestamp checking.
- Thanks to Kevin Darbyshire-Bryant for this work.
-+
-+ Bump zone serial on reloading /etc/hosts and friends
-+ when providing authoritative DNS. Thanks to Harrald
-+ Dunkel for spotting this.
-
-
- version 2.76
-diff --git a/src/dnsmasq.c b/src/dnsmasq.c
-index a47273f..3580bea 100644
---- a/src/dnsmasq.c
-+++ b/src/dnsmasq.c
-@@ -1226,6 +1226,8 @@ static void async_event(int pipe, time_t now)
- switch (ev.event)
- {
- case EVENT_RELOAD:
-+ daemon->soa_sn++; /* Bump zone serial, as it may have changed. */
-+
- #ifdef HAVE_DNSSEC
- if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
- {
---
-1.7.10.4
-
-diff -Naur smartmontools-5.39-svn_r2877/utility.h smartmontools-5.39-svn_r2877.new/utility.h
---- smartmontools-5.39-svn_r2877/utility.h 2009-08-24 12:48:50.000000000 +0200
-+++ smartmontools-5.39-svn_r2877.new/utility.h 2009-08-29 09:11:07.000000000 +0200
-@@ -102,7 +102,11 @@
+--- a/utility.h Sun Apr 24 16:59:15 2016
++++ b/utility.h Sat Aug 20 22:40:33 2016
+@@ -97,7 +97,11 @@
// Replacement for exit(status)
// (exit is not compatible with C++ destructors)
+//tried to use exit and found no problems yet
+#define EXIT(status) { exit ((int)(status)); }
-
- #ifdef OLD_INTERFACE
+ // Compile time check of byte ordering
+ // (inline const function allows compiler to remove dead code)
+
--- configure.ac.~ Wed Apr 20 14:26:07 2016
+++ configure.ac Fri Apr 22 17:20:46 2016
-@@ -3131,6 +3131,9 @@
+@@ -3135,6 +3135,9 @@
;;
esac
dnl --with-maxfd present for compatibility with Squid-2.
dnl undocumented in ./configure --help to encourage using the Squid-3 directive
AC_ARG_WITH(maxfd,,
-@@ -3161,8 +3164,6 @@
+@@ -3165,8 +3168,6 @@
esac
])
+++ /dev/null
-------------------------------------------------------------
-revno: 14051
-revision-id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
-parent: squid3@treenet.co.nz-20160508124125-fytgvn68zppfr8ix
-author: Steve Hill <steve@opendium.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Wed 2016-05-18 02:58:50 +1200
-message:
- Support unified EUI format code in external_acl_type
-
- Squid supports %>eui as a logformat specifier, which produces an EUI-48
- for IPv4 clients and an EUI-64 for IPv6 clients. However, This is not
- allowed as a format specifier for the external ACLs, and you have to use
- %SRCEUI48 and %SRCEUI64 instead. %SRCEUI48 is only useful for IPv4
- clients and %SRCEUI64 is only useful for IPv6 clients, so supporting
- both v4 and v6 is a bit messy.
-
- Adds the %>eui specifier for external ACLs and behaves in the same way
- as the logformat specifier.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: ad0743717948a65cfd4f306acc2bbaa9343e9a76
-# timestamp: 2016-05-17 15:50:54 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20160508124125-\
-# fytgvn68zppfr8ix
-#
-# Begin patch
-=== modified file 'src/external_acl.cc'
---- src/external_acl.cc 2016-01-01 00:14:27 +0000
-+++ src/external_acl.cc 2016-05-17 14:58:50 +0000
-@@ -356,6 +356,8 @@
- else if (strcmp(token, "%SRCPORT") == 0 || strcmp(token, "%>p") == 0)
- format->type = Format::LFT_CLIENT_PORT;
- #if USE_SQUID_EUI
-+ else if (strcmp(token, "%>eui") == 0)
-+ format->type = Format::LFT_CLIENT_EUI;
- else if (strcmp(token, "%SRCEUI48") == 0)
- format->type = Format::LFT_EXT_ACL_CLIENT_EUI48;
- else if (strcmp(token, "%SRCEUI64") == 0)
-@@ -944,6 +946,18 @@
- break;
-
- #if USE_SQUID_EUI
-+ case Format::LFT_CLIENT_EUI:
-+ // TODO make the ACL checklist have a direct link to any TCP details.
-+ if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL)
-+ {
-+ if (request->clientConnectionManager->clientConnection->remote.isIPv4())
-+ request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf));
-+ else
-+ request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf));
-+ str = buf;
-+ }
-+ break;
-+
- case Format::LFT_EXT_ACL_CLIENT_EUI48:
- if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL &&
- request->clientConnectionManager->clientConnection->remoteEui48.encode(buf, sizeof(buf)))
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14052
-revision-id: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o
-parent: squid3@treenet.co.nz-20160517145850-uos9z00nrt7xd9ik
-committer: Source Maintenance <squidadm@squid-cache.org>
-branch nick: 3.5
-timestamp: Tue 2016-05-17 18:14:16 +0000
-message:
- SourceFormat Enforcement
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squidadm@squid-cache.org-20160517181416-\
-# sfrjdosd9dhx7u8o
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: e30c12805cacdb559925da08cc6a25fe4a39c19b
-# timestamp: 2016-05-17 18:51:06 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20160517145850-\
-# uos9z00nrt7xd9ik
-#
-# Begin patch
-=== modified file 'src/external_acl.cc'
---- src/external_acl.cc 2016-05-17 14:58:50 +0000
-+++ src/external_acl.cc 2016-05-17 18:14:16 +0000
-@@ -956,7 +956,7 @@
- request->clientConnectionManager->clientConnection->remoteEui64.encode(buf, sizeof(buf));
- str = buf;
- }
-- break;
-+ break;
-
- case Format::LFT_EXT_ACL_CLIENT_EUI48:
- if (request->clientConnectionManager.valid() && request->clientConnectionManager->clientConnection != NULL &&
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14053
-revision-id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
-parent: squidadm@squid-cache.org-20160517181416-sfrjdosd9dhx7u8o
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-05-22 01:00:58 +1200
-message:
- Do not override user defined -std option
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: a75245a622ccfa385ef5e4722f9a9fb438a16135
-# timestamp: 2016-05-21 13:08:06 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squidadm@squid-cache.org-20160517181416-\
-# sfrjdosd9dhx7u8o
-#
-# Begin patch
-=== modified file 'configure.ac'
---- configure.ac 2016-05-08 12:41:25 +0000
-+++ configure.ac 2016-05-21 13:00:58 +0000
-@@ -95,6 +95,9 @@
- # Guess the compiler type (sets squid_cv_compiler)
- SQUID_CC_GUESS_VARIANT
-
-+# If the user did not specify a C++ version.
-+user_cxx=`echo "$PRESET_CXXFLAGS" | grep -o -E "\-std="`
-+if test "x$user_cxx" = "x"; then
- # Check for C++11 compiler support
- #
- # BUG 3613: when clang -std=c++0x is used, it activates a "strict mode"
-@@ -103,8 +106,9 @@
- #
- # Similar POSIX issues on MinGW 32-bit and Cygwin
- #
--if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then
-- AX_CXX_COMPILE_STDCXX_11([noext],[optional])
-+ if ! test "x$squid_host_os" = "xmingw" -o "x$squid_host_os" = "xcygwin" -o "x$squid_cv_compiler" = "xclang"; then
-+ AX_CXX_COMPILE_STDCXX_11([noext],[optional])
-+ fi
- fi
-
- # test for programs
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14054
-revision-id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
-parent: squid3@treenet.co.nz-20160521130058-zq8zugw0fohwfu3z
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-05-22 01:01:44 +1200
-message:
- Fix OpenSSL detection on FreeBSD
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 3d8c0d7a9f1886523ac55d79e4d3e8f0340e2ec9
-# timestamp: 2016-05-21 13:08:08 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20160521130058-\
-# zq8zugw0fohwfu3z
-#
-# Begin patch
-=== modified file 'configure.ac'
---- configure.ac 2016-05-21 13:00:58 +0000
-+++ configure.ac 2016-05-21 13:01:44 +0000
-@@ -1348,10 +1348,10 @@
-
- AC_CHECK_LIB(crypto,[CRYPTO_new_ex_data],[LIBOPENSSL_LIBS="-lcrypto $LIBOPENSSL_LIBS"],[
- AC_MSG_ERROR([library 'crypto' is required for OpenSSL])
-- ])
-+ ],$LIBOPENSSL_LIBS)
- AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"],[
- AC_MSG_ERROR([library 'ssl' is required for OpenSSL])
-- ])
-+ ],$LIBOPENSSL_LIBS)
- ])
-
- # This is a workaround for RedHat 9 brain damage..
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14055
-revision-id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
-parent: squid3@treenet.co.nz-20160521130144-6xtcayieij00fm5v
-author: Alex Rousskov <rousskov@measurement-factory.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-05-22 03:52:02 +1200
-message:
- Fix icons loading speed.
-
- Since trunk r14100 (Bug 3875: bad mimeLoadIconFile error handling), each
- icon was read from disk and written to Store one character at a time. I
- did not measure startup delays in production, but in debugging runs,
- fixing this bug sped up icons loading from 1 minute to 4 seconds.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 79b78480d81666c15406d23837608ba9a578da4b
-# timestamp: 2016-05-21 16:51:00 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20160521130144-\
-# 6xtcayieij00fm5v
-#
-# Begin patch
-=== modified file 'src/mime.cc'
---- src/mime.cc 2016-01-01 00:14:27 +0000
-+++ src/mime.cc 2016-05-21 15:52:02 +0000
-@@ -430,7 +430,7 @@
- /* read the file into the buffer and append it to store */
- int n;
- char *buf = (char *)memAllocate(MEM_4K_BUF);
-- while ((n = FD_READ_METHOD(fd, buf, sizeof(*buf))) > 0)
-+ while ((n = FD_READ_METHOD(fd, buf, 4096)) > 0)
- e->append(buf, n);
-
- file_close(fd);
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14056
-revision-id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr
-parent: squid3@treenet.co.nz-20160521155202-pp53utwamdhkugvg
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2016-05-22 05:29:19 +1200
-message:
- Increase debug level in a peek-and-splice related debug message
-
- It may produced one debugging line for each SSL transaction in some cases
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20160521172919-du6cbdirqcxdjbtr
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 76c2e864289dabb1065c470c954f9fc5ec4c7b4f
-# timestamp: 2016-05-21 17:50:54 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20160521155202-\
-# pp53utwamdhkugvg
-#
-# Begin patch
-=== modified file 'src/ssl/PeerConnector.cc'
---- src/ssl/PeerConnector.cc 2016-02-15 11:29:50 +0000
-+++ src/ssl/PeerConnector.cc 2016-05-21 17:29:19 +0000
-@@ -598,7 +598,7 @@
-
- case SSL_ERROR_WANT_WRITE:
- if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
-- debugs(81, DBG_IMPORTANT, "hold write on SSL connection on FD " << fd);
-+ debugs(81, 3, "hold write on SSL connection on FD " << fd);
- checkForPeekAndSplice();
- return;
- }
-
projects / ipfire-2.x.git / commitdiff
