Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata

diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index 7ddfab332eb388259e8b3116e99188b54af5f9d9..bbe0e074186886366d3baf5325ab79ab3b3e2cb7 100644 (file)
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -270,7 +270,7 @@ usr/lib/libbind9.so.161.0.0
 #usr/lib/libdns.la
 #usr/lib/libdns.so
 usr/lib/libdns.so.1104
-usr/lib/libdns.so.1104.0.0
+usr/lib/libdns.so.1104.0.1
 #usr/lib/libisc.la
 #usr/lib/libisc.so
 usr/lib/libisc.so.1100

diff --git a/config/rootfiles/common/squid b/config/rootfiles/common/squid
index 4e8259a6df2452564c7a88d1d9060940fec57be8..6c8998f932e824122e7e99a11a1c4ab3480fff2f 100644 (file)
--- a/config/rootfiles/common/squid
+++ b/config/rootfiles/common/squid
@@ -20,7 +20,6 @@ usr/lib/squid/basic_db_auth
 usr/lib/squid/basic_fake_auth
 usr/lib/squid/basic_getpwnam_auth
 usr/lib/squid/basic_ldap_auth
-usr/lib/squid/basic_msnt_multi_domain_auth
 usr/lib/squid/basic_ncsa_auth
 usr/lib/squid/basic_nis_auth
 usr/lib/squid/basic_pam_auth
@@ -29,7 +28,6 @@ usr/lib/squid/basic_radius_auth
 usr/lib/squid/basic_sasl_auth
 usr/lib/squid/basic_smb_auth
 usr/lib/squid/basic_smb_auth.sh
-usr/lib/squid/basic_smb_lm_auth
 #usr/lib/squid/cachemgr.cgi
 usr/lib/squid/digest_edirectory_auth
 usr/lib/squid/digest_file_auth
@@ -69,6 +67,7 @@ usr/lib/squid/diskd
 #usr/lib/squid/errors/af/ERR_NO_RELAY
 #usr/lib/squid/errors/af/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/af/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/af/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/af/ERR_READ_ERROR
 #usr/lib/squid/errors/af/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/af/ERR_SECURE_CONNECT_FAIL
@@ -128,6 +127,7 @@ usr/lib/squid/diskd
 #usr/lib/squid/errors/ar/ERR_NO_RELAY
 #usr/lib/squid/errors/ar/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/ar/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/ar/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/ar/ERR_READ_ERROR
 #usr/lib/squid/errors/ar/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/ar/ERR_SECURE_CONNECT_FAIL
@@ -172,6 +172,7 @@ usr/lib/squid/diskd
 #usr/lib/squid/errors/az/ERR_NO_RELAY
 #usr/lib/squid/errors/az/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/az/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/az/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/az/ERR_READ_ERROR
 #usr/lib/squid/errors/az/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/az/ERR_SECURE_CONNECT_FAIL
@@ -216,6 +217,7 @@ usr/lib/squid/diskd
 #usr/lib/squid/errors/bg/ERR_NO_RELAY
 #usr/lib/squid/errors/bg/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/bg/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/bg/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/bg/ERR_READ_ERROR
 #usr/lib/squid/errors/bg/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/bg/ERR_SECURE_CONNECT_FAIL
@@ -229,6 +231,7 @@ usr/lib/squid/diskd
 #usr/lib/squid/errors/bg/ERR_ZERO_SIZE_OBJECT
 #usr/lib/squid/errors/bg/error-details.txt
 #usr/lib/squid/errors/ca
+#usr/lib/squid/errors/ca-es
 #usr/lib/squid/errors/ca/ERR_ACCESS_DENIED
 #usr/lib/squid/errors/ca/ERR_ACL_TIME_QUOTA_EXCEEDED
 #usr/lib/squid/errors/ca/ERR_AGENT_CONFIGURE
@@ -259,6 +262,7 @@ usr/lib/squid/diskd
 #usr/lib/squid/errors/ca/ERR_NO_RELAY
 #usr/lib/squid/errors/ca/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/ca/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/ca/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/ca/ERR_READ_ERROR
 #usr/lib/squid/errors/ca/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/ca/ERR_SECURE_CONNECT_FAIL
@@ -303,6 +307,7 @@ usr/lib/squid/diskd
 #usr/lib/squid/errors/cs/ERR_NO_RELAY
 #usr/lib/squid/errors/cs/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/cs/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/cs/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/cs/ERR_READ_ERROR
 #usr/lib/squid/errors/cs/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/cs/ERR_SECURE_CONNECT_FAIL
@@ -347,6 +352,7 @@ usr/lib/squid/diskd
 #usr/lib/squid/errors/da/ERR_NO_RELAY
 #usr/lib/squid/errors/da/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/da/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/da/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/da/ERR_READ_ERROR
 #usr/lib/squid/errors/da/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/da/ERR_SECURE_CONNECT_FAIL
@@ -395,6 +401,7 @@ usr/lib/squid/errors/de/ERR_LIFETIME_EXP
 usr/lib/squid/errors/de/ERR_NO_RELAY
 usr/lib/squid/errors/de/ERR_ONLY_IF_CACHED_MISS
 usr/lib/squid/errors/de/ERR_PRECONDITION_FAILED
+usr/lib/squid/errors/de/ERR_PROTOCOL_UNKNOWN
 usr/lib/squid/errors/de/ERR_READ_ERROR
 usr/lib/squid/errors/de/ERR_READ_TIMEOUT
 usr/lib/squid/errors/de/ERR_SECURE_CONNECT_FAIL
@@ -439,6 +446,7 @@ usr/lib/squid/errors/de/error-details.txt
 #usr/lib/squid/errors/el/ERR_NO_RELAY
 #usr/lib/squid/errors/el/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/el/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/el/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/el/ERR_READ_ERROR
 #usr/lib/squid/errors/el/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/el/ERR_SECURE_CONNECT_FAIL
@@ -455,6 +463,7 @@ usr/lib/squid/errors/de/error-details.txt
 #usr/lib/squid/errors/en-au
 #usr/lib/squid/errors/en-bz
 #usr/lib/squid/errors/en-ca
+#usr/lib/squid/errors/en-cn
 #usr/lib/squid/errors/en-gb
 #usr/lib/squid/errors/en-ie
 #usr/lib/squid/errors/en-in
@@ -497,6 +506,7 @@ usr/lib/squid/errors/en/ERR_LIFETIME_EXP
 usr/lib/squid/errors/en/ERR_NO_RELAY
 usr/lib/squid/errors/en/ERR_ONLY_IF_CACHED_MISS
 usr/lib/squid/errors/en/ERR_PRECONDITION_FAILED
+usr/lib/squid/errors/en/ERR_PROTOCOL_UNKNOWN
 usr/lib/squid/errors/en/ERR_READ_ERROR
 usr/lib/squid/errors/en/ERR_READ_TIMEOUT
 usr/lib/squid/errors/en/ERR_SECURE_CONNECT_FAIL
@@ -530,6 +540,7 @@ usr/lib/squid/errors/en/error-details.txt
 #usr/lib/squid/errors/es-us
 #usr/lib/squid/errors/es-uy
 #usr/lib/squid/errors/es-ve
+#usr/lib/squid/errors/es-xl
 usr/lib/squid/errors/es/ERR_ACCESS_DENIED
 usr/lib/squid/errors/es/ERR_ACL_TIME_QUOTA_EXCEEDED
 usr/lib/squid/errors/es/ERR_AGENT_CONFIGURE
@@ -560,6 +571,7 @@ usr/lib/squid/errors/es/ERR_LIFETIME_EXP
 usr/lib/squid/errors/es/ERR_NO_RELAY
 usr/lib/squid/errors/es/ERR_ONLY_IF_CACHED_MISS
 usr/lib/squid/errors/es/ERR_PRECONDITION_FAILED
+usr/lib/squid/errors/es/ERR_PROTOCOL_UNKNOWN
 usr/lib/squid/errors/es/ERR_READ_ERROR
 usr/lib/squid/errors/es/ERR_READ_TIMEOUT
 usr/lib/squid/errors/es/ERR_SECURE_CONNECT_FAIL
@@ -604,6 +616,7 @@ usr/lib/squid/errors/es/error-details.txt
 #usr/lib/squid/errors/et/ERR_NO_RELAY
 #usr/lib/squid/errors/et/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/et/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/et/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/et/ERR_READ_ERROR
 #usr/lib/squid/errors/et/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/et/ERR_SECURE_CONNECT_FAIL
@@ -649,6 +662,7 @@ usr/lib/squid/errors/es/error-details.txt
 #usr/lib/squid/errors/fa/ERR_NO_RELAY
 #usr/lib/squid/errors/fa/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/fa/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/fa/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/fa/ERR_READ_ERROR
 #usr/lib/squid/errors/fa/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/fa/ERR_SECURE_CONNECT_FAIL
@@ -693,6 +707,7 @@ usr/lib/squid/errors/es/error-details.txt
 #usr/lib/squid/errors/fi/ERR_NO_RELAY
 #usr/lib/squid/errors/fi/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/fi/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/fi/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/fi/ERR_READ_ERROR
 #usr/lib/squid/errors/fi/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/fi/ERR_SECURE_CONNECT_FAIL
@@ -742,6 +757,7 @@ usr/lib/squid/errors/fr/ERR_LIFETIME_EXP
 usr/lib/squid/errors/fr/ERR_NO_RELAY
 usr/lib/squid/errors/fr/ERR_ONLY_IF_CACHED_MISS
 usr/lib/squid/errors/fr/ERR_PRECONDITION_FAILED
+usr/lib/squid/errors/fr/ERR_PROTOCOL_UNKNOWN
 usr/lib/squid/errors/fr/ERR_READ_ERROR
 usr/lib/squid/errors/fr/ERR_READ_TIMEOUT
 usr/lib/squid/errors/fr/ERR_SECURE_CONNECT_FAIL
@@ -786,6 +802,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/he/ERR_NO_RELAY
 #usr/lib/squid/errors/he/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/he/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/he/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/he/ERR_READ_ERROR
 #usr/lib/squid/errors/he/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/he/ERR_SECURE_CONNECT_FAIL
@@ -830,6 +847,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/hu/ERR_NO_RELAY
 #usr/lib/squid/errors/hu/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/hu/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/hu/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/hu/ERR_READ_ERROR
 #usr/lib/squid/errors/hu/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/hu/ERR_SECURE_CONNECT_FAIL
@@ -875,6 +893,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/hy/ERR_NO_RELAY
 #usr/lib/squid/errors/hy/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/hy/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/hy/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/hy/ERR_READ_ERROR
 #usr/lib/squid/errors/hy/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/hy/ERR_SECURE_CONNECT_FAIL
@@ -919,6 +938,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/id/ERR_NO_RELAY
 #usr/lib/squid/errors/id/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/id/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/id/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/id/ERR_READ_ERROR
 #usr/lib/squid/errors/id/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/id/ERR_SECURE_CONNECT_FAIL
@@ -964,6 +984,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/it/ERR_NO_RELAY
 #usr/lib/squid/errors/it/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/it/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/it/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/it/ERR_READ_ERROR
 #usr/lib/squid/errors/it/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/it/ERR_SECURE_CONNECT_FAIL
@@ -1008,6 +1029,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/ja/ERR_NO_RELAY
 #usr/lib/squid/errors/ja/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/ja/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/ja/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/ja/ERR_READ_ERROR
 #usr/lib/squid/errors/ja/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/ja/ERR_SECURE_CONNECT_FAIL
@@ -1021,6 +1043,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/ja/ERR_ZERO_SIZE_OBJECT
 #usr/lib/squid/errors/ja/error-details.txt
 #usr/lib/squid/errors/ka
+#usr/lib/squid/errors/ka-ge
 #usr/lib/squid/errors/ka/ERR_ACCESS_DENIED
 #usr/lib/squid/errors/ka/ERR_ACL_TIME_QUOTA_EXCEEDED
 #usr/lib/squid/errors/ka/ERR_AGENT_CONFIGURE
@@ -1051,6 +1074,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/ka/ERR_NO_RELAY
 #usr/lib/squid/errors/ka/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/ka/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/ka/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/ka/ERR_READ_ERROR
 #usr/lib/squid/errors/ka/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/ka/ERR_SECURE_CONNECT_FAIL
@@ -1063,7 +1087,6 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/ka/ERR_WRITE_ERROR
 #usr/lib/squid/errors/ka/ERR_ZERO_SIZE_OBJECT
 #usr/lib/squid/errors/ka/error-details.txt
-#usr/lib/squid/errors/ka-ge
 #usr/lib/squid/errors/ko
 #usr/lib/squid/errors/ko-kp
 #usr/lib/squid/errors/ko-kr
@@ -1097,6 +1120,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/ko/ERR_NO_RELAY
 #usr/lib/squid/errors/ko/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/ko/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/ko/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/ko/ERR_READ_ERROR
 #usr/lib/squid/errors/ko/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/ko/ERR_SECURE_CONNECT_FAIL
@@ -1141,6 +1165,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/lt/ERR_NO_RELAY
 #usr/lib/squid/errors/lt/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/lt/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/lt/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/lt/ERR_READ_ERROR
 #usr/lib/squid/errors/lt/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/lt/ERR_SECURE_CONNECT_FAIL
@@ -1185,6 +1210,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/lv/ERR_NO_RELAY
 #usr/lib/squid/errors/lv/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/lv/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/lv/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/lv/ERR_READ_ERROR
 #usr/lib/squid/errors/lv/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/lv/ERR_SECURE_CONNECT_FAIL
@@ -1229,6 +1255,7 @@ usr/lib/squid/errors/fr/error-details.txt
 #usr/lib/squid/errors/ms/ERR_NO_RELAY
 #usr/lib/squid/errors/ms/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/ms/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/ms/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/ms/ERR_READ_ERROR
 #usr/lib/squid/errors/ms/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/ms/ERR_SECURE_CONNECT_FAIL
@@ -1273,6 +1300,7 @@ usr/lib/squid/errors/nl/ERR_LIFETIME_EXP
 usr/lib/squid/errors/nl/ERR_NO_RELAY
 usr/lib/squid/errors/nl/ERR_ONLY_IF_CACHED_MISS
 usr/lib/squid/errors/nl/ERR_PRECONDITION_FAILED
+usr/lib/squid/errors/nl/ERR_PROTOCOL_UNKNOWN
 usr/lib/squid/errors/nl/ERR_READ_ERROR
 usr/lib/squid/errors/nl/ERR_READ_TIMEOUT
 usr/lib/squid/errors/nl/ERR_SECURE_CONNECT_FAIL
@@ -1316,6 +1344,7 @@ usr/lib/squid/errors/nl/error-details.txt
 #usr/lib/squid/errors/oc/ERR_NO_RELAY
 #usr/lib/squid/errors/oc/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/oc/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/oc/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/oc/ERR_READ_ERROR
 #usr/lib/squid/errors/oc/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/oc/ERR_SECURE_CONNECT_FAIL
@@ -1360,6 +1389,7 @@ usr/lib/squid/errors/pl/ERR_LIFETIME_EXP
 usr/lib/squid/errors/pl/ERR_NO_RELAY
 usr/lib/squid/errors/pl/ERR_ONLY_IF_CACHED_MISS
 usr/lib/squid/errors/pl/ERR_PRECONDITION_FAILED
+usr/lib/squid/errors/pl/ERR_PROTOCOL_UNKNOWN
 usr/lib/squid/errors/pl/ERR_READ_ERROR
 usr/lib/squid/errors/pl/ERR_READ_TIMEOUT
 usr/lib/squid/errors/pl/ERR_SECURE_CONNECT_FAIL
@@ -1404,6 +1434,7 @@ usr/lib/squid/errors/pl/error-details.txt
 #usr/lib/squid/errors/pt-br/ERR_NO_RELAY
 #usr/lib/squid/errors/pt-br/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/pt-br/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/pt-br/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/pt-br/ERR_READ_ERROR
 #usr/lib/squid/errors/pt-br/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/pt-br/ERR_SECURE_CONNECT_FAIL
@@ -1418,6 +1449,7 @@ usr/lib/squid/errors/pl/error-details.txt
 #usr/lib/squid/errors/pt-br/error-details.txt
 #usr/lib/squid/errors/pt-bz
 #usr/lib/squid/errors/pt-pt
+#usr/lib/squid/errors/pt-xl
 #usr/lib/squid/errors/pt/ERR_ACCESS_DENIED
 #usr/lib/squid/errors/pt/ERR_ACL_TIME_QUOTA_EXCEEDED
 #usr/lib/squid/errors/pt/ERR_AGENT_CONFIGURE
@@ -1448,6 +1480,7 @@ usr/lib/squid/errors/pl/error-details.txt
 #usr/lib/squid/errors/pt/ERR_NO_RELAY
 #usr/lib/squid/errors/pt/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/pt/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/pt/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/pt/ERR_READ_ERROR
 #usr/lib/squid/errors/pt/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/pt/ERR_SECURE_CONNECT_FAIL
@@ -1493,6 +1526,7 @@ usr/lib/squid/errors/pl/error-details.txt
 #usr/lib/squid/errors/ro/ERR_NO_RELAY
 #usr/lib/squid/errors/ro/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/ro/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/ro/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/ro/ERR_READ_ERROR
 #usr/lib/squid/errors/ro/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/ro/ERR_SECURE_CONNECT_FAIL
@@ -1537,6 +1571,7 @@ usr/lib/squid/errors/ru/ERR_LIFETIME_EXP
 usr/lib/squid/errors/ru/ERR_NO_RELAY
 usr/lib/squid/errors/ru/ERR_ONLY_IF_CACHED_MISS
 usr/lib/squid/errors/ru/ERR_PRECONDITION_FAILED
+usr/lib/squid/errors/ru/ERR_PROTOCOL_UNKNOWN
 usr/lib/squid/errors/ru/ERR_READ_ERROR
 usr/lib/squid/errors/ru/ERR_READ_TIMEOUT
 usr/lib/squid/errors/ru/ERR_SECURE_CONNECT_FAIL
@@ -1581,6 +1616,7 @@ usr/lib/squid/errors/ru/error-details.txt
 #usr/lib/squid/errors/sk/ERR_NO_RELAY
 #usr/lib/squid/errors/sk/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/sk/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/sk/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/sk/ERR_READ_ERROR
 #usr/lib/squid/errors/sk/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/sk/ERR_SECURE_CONNECT_FAIL
@@ -1625,6 +1661,7 @@ usr/lib/squid/errors/ru/error-details.txt
 #usr/lib/squid/errors/sl/ERR_NO_RELAY
 #usr/lib/squid/errors/sl/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/sl/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/sl/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/sl/ERR_READ_ERROR
 #usr/lib/squid/errors/sl/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/sl/ERR_SECURE_CONNECT_FAIL
@@ -1672,6 +1709,7 @@ usr/lib/squid/errors/ru/error-details.txt
 #usr/lib/squid/errors/sr-cyrl/ERR_NO_RELAY
 #usr/lib/squid/errors/sr-cyrl/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/sr-cyrl/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/sr-cyrl/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/sr-cyrl/ERR_READ_ERROR
 #usr/lib/squid/errors/sr-cyrl/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/sr-cyrl/ERR_SECURE_CONNECT_FAIL
@@ -1718,6 +1756,7 @@ usr/lib/squid/errors/ru/error-details.txt
 #usr/lib/squid/errors/sr-latn/ERR_NO_RELAY
 #usr/lib/squid/errors/sr-latn/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/sr-latn/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/sr-latn/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/sr-latn/ERR_READ_ERROR
 #usr/lib/squid/errors/sr-latn/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/sr-latn/ERR_SECURE_CONNECT_FAIL
@@ -1765,6 +1804,7 @@ usr/lib/squid/errors/ru/error-details.txt
 #usr/lib/squid/errors/sv/ERR_NO_RELAY
 #usr/lib/squid/errors/sv/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/sv/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/sv/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/sv/ERR_READ_ERROR
 #usr/lib/squid/errors/sv/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/sv/ERR_SECURE_CONNECT_FAIL
@@ -1808,6 +1848,7 @@ usr/lib/squid/errors/ru/error-details.txt
 #usr/lib/squid/errors/templates/ERR_NO_RELAY
 #usr/lib/squid/errors/templates/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/templates/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/templates/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/templates/ERR_READ_ERROR
 #usr/lib/squid/errors/templates/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/templates/ERR_SECURE_CONNECT_FAIL
@@ -1852,6 +1893,7 @@ usr/lib/squid/errors/ru/error-details.txt
 #usr/lib/squid/errors/th/ERR_NO_RELAY
 #usr/lib/squid/errors/th/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/th/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/th/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/th/ERR_READ_ERROR
 #usr/lib/squid/errors/th/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/th/ERR_SECURE_CONNECT_FAIL
@@ -1896,6 +1938,7 @@ usr/lib/squid/errors/tr/ERR_LIFETIME_EXP
 usr/lib/squid/errors/tr/ERR_NO_RELAY
 usr/lib/squid/errors/tr/ERR_ONLY_IF_CACHED_MISS
 usr/lib/squid/errors/tr/ERR_PRECONDITION_FAILED
+usr/lib/squid/errors/tr/ERR_PROTOCOL_UNKNOWN
 usr/lib/squid/errors/tr/ERR_READ_ERROR
 usr/lib/squid/errors/tr/ERR_READ_TIMEOUT
 usr/lib/squid/errors/tr/ERR_SECURE_CONNECT_FAIL
@@ -1940,6 +1983,7 @@ usr/lib/squid/errors/tr/error-details.txt
 #usr/lib/squid/errors/uk/ERR_NO_RELAY
 #usr/lib/squid/errors/uk/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/uk/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/uk/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/uk/ERR_READ_ERROR
 #usr/lib/squid/errors/uk/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/uk/ERR_SECURE_CONNECT_FAIL
@@ -1983,6 +2027,7 @@ usr/lib/squid/errors/tr/error-details.txt
 #usr/lib/squid/errors/uz/ERR_NO_RELAY
 #usr/lib/squid/errors/uz/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/uz/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/uz/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/uz/ERR_READ_ERROR
 #usr/lib/squid/errors/uz/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/uz/ERR_SECURE_CONNECT_FAIL
@@ -2027,6 +2072,7 @@ usr/lib/squid/errors/tr/error-details.txt
 #usr/lib/squid/errors/vi/ERR_NO_RELAY
 #usr/lib/squid/errors/vi/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/vi/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/vi/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/vi/ERR_READ_ERROR
 #usr/lib/squid/errors/vi/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/vi/ERR_SECURE_CONNECT_FAIL
@@ -2073,6 +2119,7 @@ usr/lib/squid/errors/tr/error-details.txt
 #usr/lib/squid/errors/zh-hans/ERR_NO_RELAY
 #usr/lib/squid/errors/zh-hans/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/zh-hans/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/zh-hans/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/zh-hans/ERR_READ_ERROR
 #usr/lib/squid/errors/zh-hans/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/zh-hans/ERR_SECURE_CONNECT_FAIL
@@ -2119,6 +2166,7 @@ usr/lib/squid/errors/tr/error-details.txt
 #usr/lib/squid/errors/zh-hant/ERR_NO_RELAY
 #usr/lib/squid/errors/zh-hant/ERR_ONLY_IF_CACHED_MISS
 #usr/lib/squid/errors/zh-hant/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/zh-hant/ERR_PROTOCOL_UNKNOWN
 #usr/lib/squid/errors/zh-hant/ERR_READ_ERROR
 #usr/lib/squid/errors/zh-hant/ERR_READ_TIMEOUT
 #usr/lib/squid/errors/zh-hant/ERR_SECURE_CONNECT_FAIL
@@ -2144,7 +2192,7 @@ usr/lib/squid/ext_sql_session_acl
 usr/lib/squid/ext_time_quota_acl
 usr/lib/squid/ext_unix_group_acl
 usr/lib/squid/ext_wbinfo_group_acl
-usr/lib/squid/helper-mux.pl
+usr/lib/squid/helper-mux
 usr/lib/squid/icons
 usr/lib/squid/icons/SN.png
 usr/lib/squid/icons/silk
@@ -2203,18 +2251,19 @@ usr/lib/squid/log_file_daemon
 usr/lib/squid/mib.txt
 usr/lib/squid/negotiate_wrapper_auth
 usr/lib/squid/ntlm_fake_auth
-usr/lib/squid/ntlm_smb_lm_auth
+usr/lib/squid/security_fake_certverify
 usr/lib/squid/storeid_file_rewrite
 usr/lib/squid/unlinkd
 usr/lib/squid/url_fake_rewrite
 usr/lib/squid/url_fake_rewrite.sh
+usr/lib/squid/url_lfs_rewrite
 usr/sbin/squid
 usr/sbin/updxlrator
+#usr/share/man/man1/purge.1
 #usr/share/man/man1/squidclient.1
 #usr/share/man/man8/basic_db_auth.8
 #usr/share/man/man8/basic_getpwnam_auth.8
 #usr/share/man/man8/basic_ldap_auth.8
-#usr/share/man/man8/basic_msnt_multi_domain_auth.8
 #usr/share/man/man8/basic_ncsa_auth.8
 #usr/share/man/man8/basic_pam_auth.8
 #usr/share/man/man8/basic_pop3_auth.8
@@ -2231,9 +2280,12 @@ usr/sbin/updxlrator
 #usr/share/man/man8/ext_time_quota_acl.8
 #usr/share/man/man8/ext_unix_group_acl.8
 #usr/share/man/man8/ext_wbinfo_group_acl.8
+#usr/share/man/man8/helper-mux.8
 #usr/share/man/man8/log_db_daemon.8
+#usr/share/man/man8/security_fake_certverify.8
 #usr/share/man/man8/squid.8
 #usr/share/man/man8/storeid_file_rewrite.8
+#usr/share/man/man8/url_lfs_rewrite.8
 #var/cache/squid
 var/ipfire/proxy/errorpage-ipfire.css
 var/ipfire/proxy/errorpage-squid.css

diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index e0286048709346caaf7d7372b63b80783094a208..9a8126c1540a73ade7f9e1c5d3689537ae9743d2 100644 (file)
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
 #usr/lib/libunbound.la
 #usr/lib/libunbound.so
 usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.0.2
+usr/lib/libunbound.so.8.0.3
 #usr/lib/pkgconfig/libunbound.pc
 usr/sbin/unbound
 usr/sbin/unbound-anchor

diff --git a/config/rootfiles/core/127/filelists/aarch64/files b/config/rootfiles/core/127/filelists/aarch64/files
new file mode 100644 (file)
index 0000000..d76f391
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/aarch64/files
@@ -0,0 +1,9 @@
+boot/boot.cmd
+boot/boot.scr
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/credits.cgi
+var/ipfire/langs
+etc/rc.d/init.d/aws
+etc/rc.d/init.d/unbound
+srv/web/ipfire/cgi-bin/dnsforward.cgi

diff --git a/config/rootfiles/core/127/filelists/aarch64/grub b/config/rootfiles/core/127/filelists/aarch64/grub
new file mode 120000 (symlink)
index 0000000..40ae85f
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/aarch64/grub
@@ -0,0 +1 @@
+../../../../common/aarch64/grub
\ No newline at end of file

diff --git a/config/rootfiles/core/127/filelists/armv5tel/files b/config/rootfiles/core/127/filelists/armv5tel/files
new file mode 100644 (file)
index 0000000..d76f391
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/armv5tel/files
@@ -0,0 +1,9 @@
+boot/boot.cmd
+boot/boot.scr
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/credits.cgi
+var/ipfire/langs
+etc/rc.d/init.d/aws
+etc/rc.d/init.d/unbound
+srv/web/ipfire/cgi-bin/dnsforward.cgi

diff --git a/config/rootfiles/core/127/filelists/files b/config/rootfiles/core/127/filelists/files
index ce4e5176819cd602789659e1ec55e95db3d971f4..0e9d8052095adb6ca320afb708a0c11bfcbba4d7 100644 (file)
--- a/config/rootfiles/core/127/filelists/files
+++ b/config/rootfiles/core/127/filelists/files
@@ -2,3 +2,6 @@ etc/system-release
 etc/issue
 srv/web/ipfire/cgi-bin/credits.cgi
 var/ipfire/langs
+etc/rc.d/init.d/aws
+etc/rc.d/init.d/unbound
+srv/web/ipfire/cgi-bin/dnsforward.cgi

diff --git a/config/rootfiles/core/127/filelists/i586/grub b/config/rootfiles/core/127/filelists/i586/grub
new file mode 120000 (symlink)
index 0000000..feb236a
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/i586/grub
@@ -0,0 +1 @@
+../../../../common/i586/grub
\ No newline at end of file

diff --git a/config/rootfiles/core/127/filelists/pcre b/config/rootfiles/core/127/filelists/pcre
new file mode 120000 (symlink)
index 0000000..b390d9a
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/pcre
@@ -0,0 +1 @@
+../../../common/pcre
\ No newline at end of file

diff --git a/config/rootfiles/core/127/filelists/sqlite b/config/rootfiles/core/127/filelists/sqlite
new file mode 120000 (symlink)
index 0000000..4ea5697
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/sqlite
@@ -0,0 +1 @@
+../../../common/sqlite
\ No newline at end of file

diff --git a/config/rootfiles/core/127/filelists/squid b/config/rootfiles/core/127/filelists/squid
new file mode 120000 (symlink)
index 0000000..2dc8372
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file

diff --git a/config/rootfiles/core/127/filelists/x86_64/grub b/config/rootfiles/core/127/filelists/x86_64/grub
new file mode 120000 (symlink)
index 0000000..78d3bd7
--- /dev/null
+++ b/config/rootfiles/core/127/filelists/x86_64/grub
@@ -0,0 +1 @@
+../../../../common/x86_64/grub
\ No newline at end of file

diff --git a/config/rootfiles/core/127/update.sh b/config/rootfiles/core/127/update.sh
index 0c928e89aad45957518f55da347982f76204b046..624ebe492c468ecbe698e9e008c182b2ba0bfc09 100644 (file)
--- a/config/rootfiles/core/127/update.sh
+++ b/config/rootfiles/core/127/update.sh
@@ -32,6 +32,7 @@ for (( i=1; i<=$core; i++ )); do
 done
 
 # Stop services
+/etc/init.d/squid stop
 
 # Remove files
 
@@ -46,6 +47,7 @@ ldconfig
 
 # Start services
 /etc/init.d/unbound restart
+/etc/init.d/squid start
 
 # Finish
 /etc/init.d/fireinfo start

diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt
index 30b9d1329e107c4b135c534e353e48f18dff682a..633febf055019ff424664f93cb50bcf24805d389 100644 (file)
--- a/config/rootfiles/packages/libvirt
+++ b/config/rootfiles/packages/libvirt
@@ -62,19 +62,19 @@ usr/bin/virt-xml-validate
 #usr/lib/libvirt-admin.la
 #usr/lib/libvirt-admin.so
 usr/lib/libvirt-admin.so.0
-usr/lib/libvirt-admin.so.0.4006.0
+usr/lib/libvirt-admin.so.0.4010.0
 #usr/lib/libvirt-lxc.la
 #usr/lib/libvirt-lxc.so
 usr/lib/libvirt-lxc.so.0
-usr/lib/libvirt-lxc.so.0.4006.0
+usr/lib/libvirt-lxc.so.0.4010.0
 #usr/lib/libvirt-qemu.la
 #usr/lib/libvirt-qemu.so
 usr/lib/libvirt-qemu.so.0
-usr/lib/libvirt-qemu.so.0.4006.0
+usr/lib/libvirt-qemu.so.0.4010.0
 #usr/lib/libvirt.la
 #usr/lib/libvirt.so
 usr/lib/libvirt.so.0
-usr/lib/libvirt.so.0.4006.0
+usr/lib/libvirt.so.0.4010.0
 #usr/lib/libvirt/connection-driver
 #usr/lib/libvirt/connection-driver/libvirt_driver_interface.la
 usr/lib/libvirt/connection-driver/libvirt_driver_interface.so
@@ -120,171 +120,171 @@ usr/sbin/virtlogd
 #usr/share/augeas/lenses/tests/test_virtlogd.aug
 #usr/share/augeas/lenses/virtlockd.aug
 #usr/share/augeas/lenses/virtlogd.aug
-#usr/share/doc/libvirt-4.6.0
-#usr/share/doc/libvirt-4.6.0/html
-#usr/share/doc/libvirt-4.6.0/html/32favicon.png
-#usr/share/doc/libvirt-4.6.0/html/404.html
-#usr/share/doc/libvirt-4.6.0/html/acl.html
-#usr/share/doc/libvirt-4.6.0/html/aclpolkit.html
-#usr/share/doc/libvirt-4.6.0/html/api.html
-#usr/share/doc/libvirt-4.6.0/html/api_extension.html
-#usr/share/doc/libvirt-4.6.0/html/apps.html
-#usr/share/doc/libvirt-4.6.0/html/architecture.gif
-#usr/share/doc/libvirt-4.6.0/html/architecture.html
-#usr/share/doc/libvirt-4.6.0/html/auditlog.html
-#usr/share/doc/libvirt-4.6.0/html/auth.html
-#usr/share/doc/libvirt-4.6.0/html/bindings.html
-#usr/share/doc/libvirt-4.6.0/html/bugs.html
-#usr/share/doc/libvirt-4.6.0/html/cgroups.html
-#usr/share/doc/libvirt-4.6.0/html/compiling.html
-#usr/share/doc/libvirt-4.6.0/html/contact.html
-#usr/share/doc/libvirt-4.6.0/html/contribute.html
-#usr/share/doc/libvirt-4.6.0/html/csharp.html
-#usr/share/doc/libvirt-4.6.0/html/dbus.html
-#usr/share/doc/libvirt-4.6.0/html/devguide.html
-#usr/share/doc/libvirt-4.6.0/html/docs.html
-#usr/share/doc/libvirt-4.6.0/html/downloads.html
-#usr/share/doc/libvirt-4.6.0/html/drivers.html
-#usr/share/doc/libvirt-4.6.0/html/drvbhyve.html
-#usr/share/doc/libvirt-4.6.0/html/drvesx.html
-#usr/share/doc/libvirt-4.6.0/html/drvhyperv.html
-#usr/share/doc/libvirt-4.6.0/html/drvlxc.html
-#usr/share/doc/libvirt-4.6.0/html/drvnodedev.html
-#usr/share/doc/libvirt-4.6.0/html/drvopenvz.html
-#usr/share/doc/libvirt-4.6.0/html/drvphyp.html
-#usr/share/doc/libvirt-4.6.0/html/drvqemu.html
-#usr/share/doc/libvirt-4.6.0/html/drvremote.html
-#usr/share/doc/libvirt-4.6.0/html/drvtest.html
-#usr/share/doc/libvirt-4.6.0/html/drvuml.html
-#usr/share/doc/libvirt-4.6.0/html/drvvbox.html
-#usr/share/doc/libvirt-4.6.0/html/drvvirtuozzo.html
-#usr/share/doc/libvirt-4.6.0/html/drvvmware.html
-#usr/share/doc/libvirt-4.6.0/html/drvxen.html
-#usr/share/doc/libvirt-4.6.0/html/errors.html
-#usr/share/doc/libvirt-4.6.0/html/firewall.html
-#usr/share/doc/libvirt-4.6.0/html/fonts
-#usr/share/doc/libvirt-4.6.0/html/fonts/LICENSE.md
-#usr/share/doc/libvirt-4.6.0/html/fonts/overpass-bold-italic.woff
-#usr/share/doc/libvirt-4.6.0/html/fonts/overpass-bold.woff
-#usr/share/doc/libvirt-4.6.0/html/fonts/overpass-italic.woff
-#usr/share/doc/libvirt-4.6.0/html/fonts/overpass-light-italic.woff
-#usr/share/doc/libvirt-4.6.0/html/fonts/overpass-light.woff
-#usr/share/doc/libvirt-4.6.0/html/fonts/overpass-mono-bold.woff
-#usr/share/doc/libvirt-4.6.0/html/fonts/overpass-mono-light.woff
-#usr/share/doc/libvirt-4.6.0/html/fonts/overpass-mono-regular.woff
-#usr/share/doc/libvirt-4.6.0/html/fonts/overpass-mono-semibold.woff
-#usr/share/doc/libvirt-4.6.0/html/fonts/overpass-regular.woff
-#usr/share/doc/libvirt-4.6.0/html/fonts/stylesheet.css
-#usr/share/doc/libvirt-4.6.0/html/format.html
-#usr/share/doc/libvirt-4.6.0/html/formatcaps.html
-#usr/share/doc/libvirt-4.6.0/html/formatdomain.html
-#usr/share/doc/libvirt-4.6.0/html/formatdomaincaps.html
-#usr/share/doc/libvirt-4.6.0/html/formatnetwork.html
-#usr/share/doc/libvirt-4.6.0/html/formatnode.html
-#usr/share/doc/libvirt-4.6.0/html/formatnwfilter.html
-#usr/share/doc/libvirt-4.6.0/html/formatsecret.html
-#usr/share/doc/libvirt-4.6.0/html/formatsnapshot.html
-#usr/share/doc/libvirt-4.6.0/html/formatstorage.html
-#usr/share/doc/libvirt-4.6.0/html/formatstorageencryption.html
-#usr/share/doc/libvirt-4.6.0/html/generic.css
-#usr/share/doc/libvirt-4.6.0/html/goals.html
-#usr/share/doc/libvirt-4.6.0/html/governance.html
-#usr/share/doc/libvirt-4.6.0/html/hacking.html
-#usr/share/doc/libvirt-4.6.0/html/hooks.html
-#usr/share/doc/libvirt-4.6.0/html/html
-#usr/share/doc/libvirt-4.6.0/html/html/home.png
-#usr/share/doc/libvirt-4.6.0/html/html/index.html
-#usr/share/doc/libvirt-4.6.0/html/html/left.png
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-common.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-domain-snapshot.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-domain.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-event.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-host.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-interface.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-network.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-nodedev.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-nwfilter.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-secret.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-storage.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-libvirt-stream.html
-#usr/share/doc/libvirt-4.6.0/html/html/libvirt-virterror.html
-#usr/share/doc/libvirt-4.6.0/html/html/right.png
-#usr/share/doc/libvirt-4.6.0/html/html/up.png
-#usr/share/doc/libvirt-4.6.0/html/hvsupport.html
-#usr/share/doc/libvirt-4.6.0/html/index.html
-#usr/share/doc/libvirt-4.6.0/html/internals
-#usr/share/doc/libvirt-4.6.0/html/internals.html
-#usr/share/doc/libvirt-4.6.0/html/internals/command.html
-#usr/share/doc/libvirt-4.6.0/html/internals/eventloop.html
-#usr/share/doc/libvirt-4.6.0/html/internals/locking.html
-#usr/share/doc/libvirt-4.6.0/html/internals/oomtesting.html
-#usr/share/doc/libvirt-4.6.0/html/internals/rpc.html
-#usr/share/doc/libvirt-4.6.0/html/java.html
-#usr/share/doc/libvirt-4.6.0/html/libvirt-daemon-arch.png
-#usr/share/doc/libvirt-4.6.0/html/libvirt-driver-arch.png
-#usr/share/doc/libvirt-4.6.0/html/libvirt-object-model.png
-#usr/share/doc/libvirt-4.6.0/html/libvirt.css
-#usr/share/doc/libvirt-4.6.0/html/locking-lockd.html
-#usr/share/doc/libvirt-4.6.0/html/locking-sanlock.html
-#usr/share/doc/libvirt-4.6.0/html/locking.html
-#usr/share/doc/libvirt-4.6.0/html/logging.html
-#usr/share/doc/libvirt-4.6.0/html/logos
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-banner-dark-256.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-banner-dark-800.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-banner-dark.svg
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-banner-light-256.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-banner-light-800.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-banner-light.svg
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-base.svg
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-square-128.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-square-192.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-square-256.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-square-96.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-square-powered-128.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-square-powered-192.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-square-powered-256.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-square-powered-96.png
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-square-powered.svg
-#usr/share/doc/libvirt-4.6.0/html/logos/logo-square.svg
-#usr/share/doc/libvirt-4.6.0/html/main.css
-#usr/share/doc/libvirt-4.6.0/html/migration-managed-direct.png
-#usr/share/doc/libvirt-4.6.0/html/migration-managed-p2p.png
-#usr/share/doc/libvirt-4.6.0/html/migration-native.png
-#usr/share/doc/libvirt-4.6.0/html/migration-tunnel.png
-#usr/share/doc/libvirt-4.6.0/html/migration-unmanaged-direct.png
-#usr/share/doc/libvirt-4.6.0/html/migration.html
-#usr/share/doc/libvirt-4.6.0/html/mobile.css
-#usr/share/doc/libvirt-4.6.0/html/news-2005.html
-#usr/share/doc/libvirt-4.6.0/html/news-2006.html
-#usr/share/doc/libvirt-4.6.0/html/news-2007.html
-#usr/share/doc/libvirt-4.6.0/html/news-2008.html
-#usr/share/doc/libvirt-4.6.0/html/news-2009.html
-#usr/share/doc/libvirt-4.6.0/html/news-2010.html
-#usr/share/doc/libvirt-4.6.0/html/news-2011.html
-#usr/share/doc/libvirt-4.6.0/html/news-2012.html
-#usr/share/doc/libvirt-4.6.0/html/news-2013.html
-#usr/share/doc/libvirt-4.6.0/html/news-2014.html
-#usr/share/doc/libvirt-4.6.0/html/news-2015.html
-#usr/share/doc/libvirt-4.6.0/html/news-2016.html
-#usr/share/doc/libvirt-4.6.0/html/news.html
-#usr/share/doc/libvirt-4.6.0/html/node.gif
-#usr/share/doc/libvirt-4.6.0/html/nss.html
-#usr/share/doc/libvirt-4.6.0/html/pci-hotplug.html
-#usr/share/doc/libvirt-4.6.0/html/php.html
-#usr/share/doc/libvirt-4.6.0/html/platforms.html
-#usr/share/doc/libvirt-4.6.0/html/python.html
-#usr/share/doc/libvirt-4.6.0/html/remote.html
-#usr/share/doc/libvirt-4.6.0/html/secureusage.html
-#usr/share/doc/libvirt-4.6.0/html/securityprocess.html
-#usr/share/doc/libvirt-4.6.0/html/storage.html
-#usr/share/doc/libvirt-4.6.0/html/support.html
-#usr/share/doc/libvirt-4.6.0/html/testapi.html
-#usr/share/doc/libvirt-4.6.0/html/testsuites.html
-#usr/share/doc/libvirt-4.6.0/html/testtck.html
-#usr/share/doc/libvirt-4.6.0/html/todo.html
-#usr/share/doc/libvirt-4.6.0/html/uri.html
-#usr/share/doc/libvirt-4.6.0/html/virshcmdref.html
-#usr/share/doc/libvirt-4.6.0/html/windows.html
+#usr/share/doc/libvirt-4.10.0
+#usr/share/doc/libvirt-4.10.0/html
+#usr/share/doc/libvirt-4.10.0/html/32favicon.png
+#usr/share/doc/libvirt-4.10.0/html/404.html
+#usr/share/doc/libvirt-4.10.0/html/acl.html
+#usr/share/doc/libvirt-4.10.0/html/aclpolkit.html
+#usr/share/doc/libvirt-4.10.0/html/api.html
+#usr/share/doc/libvirt-4.10.0/html/api_extension.html
+#usr/share/doc/libvirt-4.10.0/html/apps.html
+#usr/share/doc/libvirt-4.10.0/html/architecture.gif
+#usr/share/doc/libvirt-4.10.0/html/architecture.html
+#usr/share/doc/libvirt-4.10.0/html/auditlog.html
+#usr/share/doc/libvirt-4.10.0/html/auth.html
+#usr/share/doc/libvirt-4.10.0/html/bindings.html
+#usr/share/doc/libvirt-4.10.0/html/bugs.html
+#usr/share/doc/libvirt-4.10.0/html/cgroups.html
+#usr/share/doc/libvirt-4.10.0/html/compiling.html
+#usr/share/doc/libvirt-4.10.0/html/contact.html
+#usr/share/doc/libvirt-4.10.0/html/contribute.html
+#usr/share/doc/libvirt-4.10.0/html/csharp.html
+#usr/share/doc/libvirt-4.10.0/html/dbus.html
+#usr/share/doc/libvirt-4.10.0/html/devguide.html
+#usr/share/doc/libvirt-4.10.0/html/docs.html
+#usr/share/doc/libvirt-4.10.0/html/downloads.html
+#usr/share/doc/libvirt-4.10.0/html/drivers.html
+#usr/share/doc/libvirt-4.10.0/html/drvbhyve.html
+#usr/share/doc/libvirt-4.10.0/html/drvesx.html
+#usr/share/doc/libvirt-4.10.0/html/drvhyperv.html
+#usr/share/doc/libvirt-4.10.0/html/drvlxc.html
+#usr/share/doc/libvirt-4.10.0/html/drvnodedev.html
+#usr/share/doc/libvirt-4.10.0/html/drvopenvz.html
+#usr/share/doc/libvirt-4.10.0/html/drvphyp.html
+#usr/share/doc/libvirt-4.10.0/html/drvqemu.html
+#usr/share/doc/libvirt-4.10.0/html/drvremote.html
+#usr/share/doc/libvirt-4.10.0/html/drvtest.html
+#usr/share/doc/libvirt-4.10.0/html/drvuml.html
+#usr/share/doc/libvirt-4.10.0/html/drvvbox.html
+#usr/share/doc/libvirt-4.10.0/html/drvvirtuozzo.html
+#usr/share/doc/libvirt-4.10.0/html/drvvmware.html
+#usr/share/doc/libvirt-4.10.0/html/drvxen.html
+#usr/share/doc/libvirt-4.10.0/html/errors.html
+#usr/share/doc/libvirt-4.10.0/html/firewall.html
+#usr/share/doc/libvirt-4.10.0/html/fonts
+#usr/share/doc/libvirt-4.10.0/html/fonts/LICENSE.md
+#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-bold-italic.woff
+#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-bold.woff
+#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-italic.woff
+#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-light-italic.woff
+#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-light.woff
+#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-mono-bold.woff
+#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-mono-light.woff
+#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-mono-regular.woff
+#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-mono-semibold.woff
+#usr/share/doc/libvirt-4.10.0/html/fonts/overpass-regular.woff
+#usr/share/doc/libvirt-4.10.0/html/fonts/stylesheet.css
+#usr/share/doc/libvirt-4.10.0/html/format.html
+#usr/share/doc/libvirt-4.10.0/html/formatcaps.html
+#usr/share/doc/libvirt-4.10.0/html/formatdomain.html
+#usr/share/doc/libvirt-4.10.0/html/formatdomaincaps.html
+#usr/share/doc/libvirt-4.10.0/html/formatnetwork.html
+#usr/share/doc/libvirt-4.10.0/html/formatnode.html
+#usr/share/doc/libvirt-4.10.0/html/formatnwfilter.html
+#usr/share/doc/libvirt-4.10.0/html/formatsecret.html
+#usr/share/doc/libvirt-4.10.0/html/formatsnapshot.html
+#usr/share/doc/libvirt-4.10.0/html/formatstorage.html
+#usr/share/doc/libvirt-4.10.0/html/formatstorageencryption.html
+#usr/share/doc/libvirt-4.10.0/html/generic.css
+#usr/share/doc/libvirt-4.10.0/html/goals.html
+#usr/share/doc/libvirt-4.10.0/html/governance.html
+#usr/share/doc/libvirt-4.10.0/html/hacking.html
+#usr/share/doc/libvirt-4.10.0/html/hooks.html
+#usr/share/doc/libvirt-4.10.0/html/html
+#usr/share/doc/libvirt-4.10.0/html/html/home.png
+#usr/share/doc/libvirt-4.10.0/html/html/index.html
+#usr/share/doc/libvirt-4.10.0/html/html/left.png
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-common.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-domain-snapshot.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-domain.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-event.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-host.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-interface.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-network.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-nodedev.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-nwfilter.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-secret.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-storage.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-libvirt-stream.html
+#usr/share/doc/libvirt-4.10.0/html/html/libvirt-virterror.html
+#usr/share/doc/libvirt-4.10.0/html/html/right.png
+#usr/share/doc/libvirt-4.10.0/html/html/up.png
+#usr/share/doc/libvirt-4.10.0/html/hvsupport.html
+#usr/share/doc/libvirt-4.10.0/html/index.html
+#usr/share/doc/libvirt-4.10.0/html/internals
+#usr/share/doc/libvirt-4.10.0/html/internals.html
+#usr/share/doc/libvirt-4.10.0/html/internals/command.html
+#usr/share/doc/libvirt-4.10.0/html/internals/eventloop.html
+#usr/share/doc/libvirt-4.10.0/html/internals/locking.html
+#usr/share/doc/libvirt-4.10.0/html/internals/oomtesting.html
+#usr/share/doc/libvirt-4.10.0/html/internals/rpc.html
+#usr/share/doc/libvirt-4.10.0/html/java.html
+#usr/share/doc/libvirt-4.10.0/html/libvirt-daemon-arch.png
+#usr/share/doc/libvirt-4.10.0/html/libvirt-driver-arch.png
+#usr/share/doc/libvirt-4.10.0/html/libvirt-object-model.png
+#usr/share/doc/libvirt-4.10.0/html/libvirt.css
+#usr/share/doc/libvirt-4.10.0/html/locking-lockd.html
+#usr/share/doc/libvirt-4.10.0/html/locking-sanlock.html
+#usr/share/doc/libvirt-4.10.0/html/locking.html
+#usr/share/doc/libvirt-4.10.0/html/logging.html
+#usr/share/doc/libvirt-4.10.0/html/logos
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-dark-256.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-dark-800.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-dark.svg
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-light-256.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-light-800.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-banner-light.svg
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-base.svg
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-128.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-192.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-256.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-96.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-powered-128.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-powered-192.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-powered-256.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-powered-96.png
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-square-powered.svg
+#usr/share/doc/libvirt-4.10.0/html/logos/logo-square.svg
+#usr/share/doc/libvirt-4.10.0/html/main.css
+#usr/share/doc/libvirt-4.10.0/html/migration-managed-direct.png
+#usr/share/doc/libvirt-4.10.0/html/migration-managed-p2p.png
+#usr/share/doc/libvirt-4.10.0/html/migration-native.png
+#usr/share/doc/libvirt-4.10.0/html/migration-tunnel.png
+#usr/share/doc/libvirt-4.10.0/html/migration-unmanaged-direct.png
+#usr/share/doc/libvirt-4.10.0/html/migration.html
+#usr/share/doc/libvirt-4.10.0/html/mobile.css
+#usr/share/doc/libvirt-4.10.0/html/news-2005.html
+#usr/share/doc/libvirt-4.10.0/html/news-2006.html
+#usr/share/doc/libvirt-4.10.0/html/news-2007.html
+#usr/share/doc/libvirt-4.10.0/html/news-2008.html
+#usr/share/doc/libvirt-4.10.0/html/news-2009.html
+#usr/share/doc/libvirt-4.10.0/html/news-2010.html
+#usr/share/doc/libvirt-4.10.0/html/news-2011.html
+#usr/share/doc/libvirt-4.10.0/html/news-2012.html
+#usr/share/doc/libvirt-4.10.0/html/news-2013.html
+#usr/share/doc/libvirt-4.10.0/html/news-2014.html
+#usr/share/doc/libvirt-4.10.0/html/news-2015.html
+#usr/share/doc/libvirt-4.10.0/html/news-2016.html
+#usr/share/doc/libvirt-4.10.0/html/news.html
+#usr/share/doc/libvirt-4.10.0/html/node.gif
+#usr/share/doc/libvirt-4.10.0/html/nss.html
+#usr/share/doc/libvirt-4.10.0/html/pci-hotplug.html
+#usr/share/doc/libvirt-4.10.0/html/php.html
+#usr/share/doc/libvirt-4.10.0/html/platforms.html
+#usr/share/doc/libvirt-4.10.0/html/python.html
+#usr/share/doc/libvirt-4.10.0/html/remote.html
+#usr/share/doc/libvirt-4.10.0/html/secureusage.html
+#usr/share/doc/libvirt-4.10.0/html/securityprocess.html
+#usr/share/doc/libvirt-4.10.0/html/storage.html
+#usr/share/doc/libvirt-4.10.0/html/support.html
+#usr/share/doc/libvirt-4.10.0/html/testapi.html
+#usr/share/doc/libvirt-4.10.0/html/testsuites.html
+#usr/share/doc/libvirt-4.10.0/html/testtck.html
+#usr/share/doc/libvirt-4.10.0/html/todo.html
+#usr/share/doc/libvirt-4.10.0/html/uri.html
+#usr/share/doc/libvirt-4.10.0/html/virshcmdref.html
+#usr/share/doc/libvirt-4.10.0/html/windows.html
 #usr/share/gtk-doc/html/libvirt
 #usr/share/gtk-doc/html/libvirt/general.html
 #usr/share/gtk-doc/html/libvirt/home.png
@@ -301,7 +301,64 @@ usr/share/libvirt/api/libvirt-admin-api.xml
 usr/share/libvirt/api/libvirt-api.xml
 usr/share/libvirt/api/libvirt-lxc-api.xml
 usr/share/libvirt/api/libvirt-qemu-api.xml
-usr/share/libvirt/cpu_map.xml
+#usr/share/libvirt/cpu_map
+usr/share/libvirt/cpu_map/index.xml
+usr/share/libvirt/cpu_map/ppc64_POWER6.xml
+usr/share/libvirt/cpu_map/ppc64_POWER7.xml
+usr/share/libvirt/cpu_map/ppc64_POWER8.xml
+usr/share/libvirt/cpu_map/ppc64_POWER9.xml
+usr/share/libvirt/cpu_map/ppc64_POWERPC_e5500.xml
+usr/share/libvirt/cpu_map/ppc64_POWERPC_e6500.xml
+usr/share/libvirt/cpu_map/ppc64_vendors.xml
+usr/share/libvirt/cpu_map/x86_486.xml
+usr/share/libvirt/cpu_map/x86_Broadwell-IBRS.xml
+usr/share/libvirt/cpu_map/x86_Broadwell-noTSX-IBRS.xml
+usr/share/libvirt/cpu_map/x86_Broadwell-noTSX.xml
+usr/share/libvirt/cpu_map/x86_Broadwell.xml
+usr/share/libvirt/cpu_map/x86_Conroe.xml
+usr/share/libvirt/cpu_map/x86_EPYC-IBRS.xml
+usr/share/libvirt/cpu_map/x86_EPYC.xml
+usr/share/libvirt/cpu_map/x86_Haswell-IBRS.xml
+usr/share/libvirt/cpu_map/x86_Haswell-noTSX-IBRS.xml
+usr/share/libvirt/cpu_map/x86_Haswell-noTSX.xml
+usr/share/libvirt/cpu_map/x86_Haswell.xml
+usr/share/libvirt/cpu_map/x86_Icelake-Client.xml
+usr/share/libvirt/cpu_map/x86_Icelake-Server.xml
+usr/share/libvirt/cpu_map/x86_IvyBridge-IBRS.xml
+usr/share/libvirt/cpu_map/x86_IvyBridge.xml
+usr/share/libvirt/cpu_map/x86_Nehalem-IBRS.xml
+usr/share/libvirt/cpu_map/x86_Nehalem.xml
+usr/share/libvirt/cpu_map/x86_Opteron_G1.xml
+usr/share/libvirt/cpu_map/x86_Opteron_G2.xml
+usr/share/libvirt/cpu_map/x86_Opteron_G3.xml
+usr/share/libvirt/cpu_map/x86_Opteron_G4.xml
+usr/share/libvirt/cpu_map/x86_Opteron_G5.xml
+usr/share/libvirt/cpu_map/x86_Penryn.xml
+usr/share/libvirt/cpu_map/x86_SandyBridge-IBRS.xml
+usr/share/libvirt/cpu_map/x86_SandyBridge.xml
+usr/share/libvirt/cpu_map/x86_Skylake-Client-IBRS.xml
+usr/share/libvirt/cpu_map/x86_Skylake-Client.xml
+usr/share/libvirt/cpu_map/x86_Skylake-Server-IBRS.xml
+usr/share/libvirt/cpu_map/x86_Skylake-Server.xml
+usr/share/libvirt/cpu_map/x86_Westmere-IBRS.xml
+usr/share/libvirt/cpu_map/x86_Westmere.xml
+usr/share/libvirt/cpu_map/x86_athlon.xml
+usr/share/libvirt/cpu_map/x86_core2duo.xml
+usr/share/libvirt/cpu_map/x86_coreduo.xml
+usr/share/libvirt/cpu_map/x86_cpu64-rhel5.xml
+usr/share/libvirt/cpu_map/x86_cpu64-rhel6.xml
+usr/share/libvirt/cpu_map/x86_features.xml
+usr/share/libvirt/cpu_map/x86_kvm32.xml
+usr/share/libvirt/cpu_map/x86_kvm64.xml
+usr/share/libvirt/cpu_map/x86_n270.xml
+usr/share/libvirt/cpu_map/x86_pentium.xml
+usr/share/libvirt/cpu_map/x86_pentium2.xml
+usr/share/libvirt/cpu_map/x86_pentium3.xml
+usr/share/libvirt/cpu_map/x86_pentiumpro.xml
+usr/share/libvirt/cpu_map/x86_phenom.xml
+usr/share/libvirt/cpu_map/x86_qemu32.xml
+usr/share/libvirt/cpu_map/x86_qemu64.xml
+usr/share/libvirt/cpu_map/x86_vendors.xml
 #usr/share/libvirt/schemas
 usr/share/libvirt/schemas/basictypes.rng
 usr/share/libvirt/schemas/capability.rng

diff --git a/config/u-boot/boot.cmd b/config/u-boot/boot.cmd
index 5184e6f8723f56b040a56045d8fc7cbcc9daf1e7..2ba403824fdf26de5aabecb8828d1d5648e4588e 100644 (file)
--- a/config/u-boot/boot.cmd
+++ b/config/u-boot/boot.cmd
@@ -39,7 +39,7 @@ if test "${SERIAL-CONSOLE}" = "ON"; then
        if test ${console} = ""; then
                if test "${board}" = "rpi"; then
                        if test ${cpu} = "armv8"; then
-                               if test "${fdtfile}" = "boradcom/bcm2837-rpi-3-b-plus.dtb"; then
+                               if test "${fdtfile}" = "broadcom/bcm2837-rpi-3-b-plus.dtb"; then
                                        setenv console ttyS1,115200n8;
                                else
                                        if test "${fdtfile}" = "broadcom/bcm2837-rpi-3-b.dtb"; then

diff --git a/config/u-boot/boot.scr b/config/u-boot/boot.scr
index d9395c0aed4283f1e4e8693b58758a8697be0a8a..2c81cef7625b53e9c93b7e9a3a3734546c7661d4 100644 (file)
Binary files a/config/u-boot/boot.scr and b/config/u-boot/boot.scr differ

diff --git a/doc/language_issues.de b/doc/language_issues.de
index e2048d7d1407155043dad7f93c5c373ea7bbd716..6b770e5e398aede0d014559c7d71a1bc17f7aa6d 100644 (file)
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -706,6 +706,7 @@ WARNING: untranslated string: bytes = unknown string
 WARNING: untranslated string: captive = unknown string
 WARNING: untranslated string: community rules = Snort/VRT GPLv2 Community Rules
 WARNING: untranslated string: dead peer detection = Dead Peer Detection
+WARNING: untranslated string: dnsforward forward_server = unknown string
 WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
 WARNING: untranslated string: fwhost cust geoipgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string

diff --git a/doc/language_issues.en b/doc/language_issues.en
index 228b685f89f6ad2c9c460eba7a21ea85ed58a258..72a56b96d6d2fd1a60182d7a1a089b930c48afb4 100644 (file)
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -650,7 +650,8 @@ WARNING: untranslated string: dnsforward add a new entry = Add a new entry
 WARNING: untranslated string: dnsforward configuration = DNS forward configuration
 WARNING: untranslated string: dnsforward edit an entry = Edit an existing entry
 WARNING: untranslated string: dnsforward entries = Current entries
-WARNING: untranslated string: dnsforward forward_server = Nameserver
+WARNING: untranslated string: dnsforward forward_server = unknown string
+WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: dnsforward zone = Zone
 WARNING: untranslated string: dnssec aware = DNSSEC Aware
 WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
@@ -1120,6 +1121,7 @@ WARNING: untranslated string: invalid input for remote host/ip = Invalid input f
 WARNING: untranslated string: invalid input for state or province = Invalid input for state or province.
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
 WARNING: untranslated string: invalid ip = Invalid IP Address
+WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
 WARNING: untranslated string: invalid keep time = Keep time must be a valid number
 WARNING: untranslated string: invalid key = Invalid key.
 WARNING: untranslated string: invalid local-remote id = local & remote id must not be equal and begin with a "@" sign. These are leftid and rightid in strongswan terminology.

diff --git a/doc/language_issues.es b/doc/language_issues.es
index 01315971b466dc41933a904682cf178d475c4f00..caf8fc497c9dd1d9d9957f3ef9a85ff5d9f3de7c 100644 (file)
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -755,7 +755,8 @@ WARNING: untranslated string: dnsforward add a new entry = Add a new entry
 WARNING: untranslated string: dnsforward configuration = DNS forward configuration
 WARNING: untranslated string: dnsforward edit an entry = Edit an existing entry
 WARNING: untranslated string: dnsforward entries = Current entries
-WARNING: untranslated string: dnsforward forward_server = Nameserver
+WARNING: untranslated string: dnsforward forward_server = unknown string
+WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: dnsforward zone = Zone
 WARNING: untranslated string: dnssec aware = DNSSEC Aware
 WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
@@ -1028,6 +1029,7 @@ WARNING: untranslated string: invalid input for dpd delay = Invalid input for DP
 WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
+WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
 WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec network = IPsec network

diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 3fd7f35c413af26930b36e23c5df88494c8680a2..7b9119764f6fb170308924db38597c1ad48e694d 100644 (file)
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -742,6 +742,7 @@ WARNING: untranslated string: Captive clients = unknown string
 WARNING: untranslated string: Scan for Songs = unknown string
 WARNING: untranslated string: bytes = unknown string
 WARNING: untranslated string: captive = unknown string
+WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: fwhost cust geoipgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: guardian block a host = unknown string
@@ -781,6 +782,7 @@ WARNING: untranslated string: guardian service = unknown string
 WARNING: untranslated string: guardian watch snort alertfile = unknown string
 WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
 WARNING: untranslated string: info messages = unknown string
+WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
 WARNING: untranslated string: no data = unknown string
 WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant. <br>Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>
 WARNING: untranslated string: pakfire ago = ago.

diff --git a/doc/language_issues.it b/doc/language_issues.it
index 1a1b283c05701b73a239e53a5a7e2a6cc991b186..301c0c28ddefc5ff86866af948d677ac4ef476bf 100644 (file)
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -766,6 +766,7 @@ WARNING: untranslated string: dhcp dns update = DNS Update
 WARNING: untranslated string: dhcp dns update algo = Algorithm:
 WARNING: untranslated string: dhcp dns update secret = Secret:
 WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
+WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
 WARNING: untranslated string: eight hours = 8 Hours
 WARNING: untranslated string: email config = Configuration
@@ -856,6 +857,7 @@ WARNING: untranslated string: incoming overhead in bytes per second = Incoming O
 WARNING: untranslated string: info messages = unknown string
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
+WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
 WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
 WARNING: untranslated string: log server protocol = protocol:
 WARNING: untranslated string: masquerade blue = Masquerade BLUE

diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 0de2a0f17347420e1d18180133a5868e647ad1fe..bbd78eeeb44f0c5351fd74b56ebc6cd67d343bd4 100644 (file)
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -772,6 +772,7 @@ WARNING: untranslated string: dhcp dns update algo = Algorithm:
 WARNING: untranslated string: dhcp dns update secret = Secret:
 WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
 WARNING: untranslated string: dns servers = DNS Servers
+WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: dnssec aware = DNSSEC Aware
 WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
 WARNING: untranslated string: dnssec information = DNSSEC Information
@@ -872,6 +873,7 @@ WARNING: untranslated string: incoming overhead in bytes per second = Incoming O
 WARNING: untranslated string: info messages = unknown string
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
+WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
 WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
 WARNING: untranslated string: log server protocol = protocol:
 WARNING: untranslated string: masquerade blue = Masquerade BLUE

diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 01315971b466dc41933a904682cf178d475c4f00..caf8fc497c9dd1d9d9957f3ef9a85ff5d9f3de7c 100644 (file)
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -755,7 +755,8 @@ WARNING: untranslated string: dnsforward add a new entry = Add a new entry
 WARNING: untranslated string: dnsforward configuration = DNS forward configuration
 WARNING: untranslated string: dnsforward edit an entry = Edit an existing entry
 WARNING: untranslated string: dnsforward entries = Current entries
-WARNING: untranslated string: dnsforward forward_server = Nameserver
+WARNING: untranslated string: dnsforward forward_server = unknown string
+WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: dnsforward zone = Zone
 WARNING: untranslated string: dnssec aware = DNSSEC Aware
 WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
@@ -1028,6 +1029,7 @@ WARNING: untranslated string: invalid input for dpd delay = Invalid input for DP
 WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
+WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
 WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec network = IPsec network

diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index ca75c0b29d0a32910bcb21b40c2a826e361daf0b..d5a2fc3366f8446d3559a19a8868508124463ca8 100644 (file)
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -759,7 +759,8 @@ WARNING: untranslated string: dnsforward add a new entry = Add a new entry
 WARNING: untranslated string: dnsforward configuration = DNS forward configuration
 WARNING: untranslated string: dnsforward edit an entry = Edit an existing entry
 WARNING: untranslated string: dnsforward entries = Current entries
-WARNING: untranslated string: dnsforward forward_server = Nameserver
+WARNING: untranslated string: dnsforward forward_server = unknown string
+WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: dnsforward zone = Zone
 WARNING: untranslated string: dnssec aware = DNSSEC Aware
 WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
@@ -1030,6 +1031,7 @@ WARNING: untranslated string: invalid input for dpd delay = Invalid input for DP
 WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout
 WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout
 WARNING: untranslated string: invalid input for valid till days = Invalid input for Valid till (days).
+WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
 WARNING: untranslated string: invalid logserver protocol = Invalid syslogd server protocol
 WARNING: untranslated string: ipsec = IPsec
 WARNING: untranslated string: ipsec network = IPsec network

diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 6a79d65a4e760aff7704de22fc18fa3e46d3be3b..b32d216b5c3defbbbfd74fa77f9988ea26b334ae 100644 (file)
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -743,6 +743,7 @@ WARNING: untranslated string: bytes = unknown string
 WARNING: untranslated string: captive = unknown string
 WARNING: untranslated string: crypto error = Cryptographic error
 WARNING: untranslated string: crypto warning = Cryptographic warning
+WARNING: untranslated string: dnsforward forward_servers = Nameservers
 WARNING: untranslated string: fwdfw all subnets = All subnets
 WARNING: untranslated string: fwhost cust geoipgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
@@ -783,6 +784,7 @@ WARNING: untranslated string: guardian service = unknown string
 WARNING: untranslated string: guardian watch snort alertfile = unknown string
 WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
 WARNING: untranslated string: info messages = unknown string
+WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
 WARNING: untranslated string: no data = unknown string
 WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit! <br>Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".</br>
 WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore. <br>Please update to the latest IPFire version and generate a new root and host certificate.</br><br>All OpenVPN clients needs then to be renewed!</br>

diff --git a/doc/language_missings b/doc/language_missings
index 56219c5fcd11f5b2a9bc199c823979bcea263f7f..188455681d52b0ca4f2252807a3119b755596869 100644 (file)
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -210,7 +210,7 @@
 < dnsforward configuration
 < dnsforward edit an entry
 < dnsforward entries
-< dnsforward forward_server
+< dnsforward forward_servers
 < dnsforward zone
 < dnssec aware
 < dnssec disabled warning
@@ -494,6 +494,7 @@
 < invalid input for dpd timeout
 < invalid input for inactivity timeout
 < invalid input for valid till days
+< invalid ip or hostname
 < invalid logserver protocol
 < ipsec
 < ipsec network
@@ -781,6 +782,8 @@
 ############################################################################
 # Checking cgi-bin translations for language: fr                           #
 ############################################################################
+< dnsforward forward_servers
+< invalid ip or hostname
 < ovpn warning rfc3280
 < wlanap neighbor scan
 < wlanap neighbor scan warning
@@ -860,6 +863,7 @@
 < dhcp dns update algo
 < dhcp dns update secret
 < dl client arch insecure
+< dnsforward forward_servers
 < dnssec disabled warning
 < eight hours
 < email config
@@ -919,6 +923,7 @@
 < incoming overhead in bytes per second
 < invalid input for inactivity timeout
 < invalid input for valid till days
+< invalid ip or hostname
 < invalid logserver protocol
 < log server protocol
 < masquerade blue
@@ -1082,6 +1087,7 @@
 < dh name is invalid
 < dh parameter
 < dl client arch insecure
+< dnsforward forward_servers
 < dnssec aware
 < dnssec disabled warning
 < dnssec information
@@ -1153,6 +1159,7 @@
 < incoming overhead in bytes per second
 < invalid input for inactivity timeout
 < invalid input for valid till days
+< invalid ip or hostname
 < invalid logserver protocol
 < log server protocol
 < masquerade blue
@@ -1423,7 +1430,7 @@
 < dnsforward configuration
 < dnsforward edit an entry
 < dnsforward entries
-< dnsforward forward_server
+< dnsforward forward_servers
 < dnsforward zone
 < dnssec aware
 < dnssec disabled warning
@@ -1709,6 +1716,7 @@
 < invalid input for dpd timeout
 < invalid input for inactivity timeout
 < invalid input for valid till days
+< invalid ip or hostname
 < invalid logserver protocol
 < ipsec
 < ipsec network
@@ -2137,7 +2145,7 @@
 < dnsforward configuration
 < dnsforward edit an entry
 < dnsforward entries
-< dnsforward forward_server
+< dnsforward forward_servers
 < dnsforward zone
 < dnssec aware
 < dnssec disabled warning
@@ -2427,6 +2435,7 @@
 < invalid input for dpd timeout
 < invalid input for inactivity timeout
 < invalid input for valid till days
+< invalid ip or hostname
 < invalid logserver protocol
 < ipsec
 < ipsec network
@@ -2700,7 +2709,9 @@
 ############################################################################
 < crypto error
 < crypto warning
+< dnsforward forward_servers
 < fwdfw all subnets
+< invalid ip or hostname
 < ovpn error dh
 < ovpn error md5
 < ovpn warning rfc3280

diff --git a/html/cgi-bin/dnsforward.cgi b/html/cgi-bin/dnsforward.cgi
index ee63c6dd75853a1ed36b3baeaaf7802f9cf603cf..521a7a20b4279103b328aa4f167e2f8a0a47aca6 100644 (file)
--- a/html/cgi-bin/dnsforward.cgi
+++ b/html/cgi-bin/dnsforward.cgi
@@ -50,7 +50,7 @@ my %mainsettings = ();
 $cgiparams{'ENABLED'} = 'off';
 $cgiparams{'ACTION'} = '';
 $cgiparams{'ZONE'} = '';
-$cgiparams{'FORWARD_SERVER'} = '';
+$cgiparams{'FORWARD_SERVERS'} = '';
 $cgiparams{'REMARK'} ='';
 &Header::getcgihash(\%cgiparams);
 open(FILE, $filename) or die 'Unable to open config file.';
@@ -67,14 +67,21 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
                $errormessage = $Lang::tr{'invalid domain name'};
        }
 
-       # Check if the settings for the forward server are valid.
-       unless(&General::validip($cgiparams{'FORWARD_SERVER'})) {
-               $errormessage = $Lang::tr{'invalid ip'};
+       my @forward_servers = split(/\,/, $cgiparams{'FORWARD_SERVERS'});
+       foreach my $forward_server (@forward_servers) {
+               # Check if the settings for the forward server are valid.
+               unless(&General::validip($forward_server) || &General::validfqdn($forward_server)) {
+                       $errormessage = "$Lang::tr{'invalid ip or hostname'}: $forward_server";
+                       last;
+               }
        }
 
        # Go further if there was no error.
        if ( ! $errormessage)
        {
+               # Save servers separated by |
+               $cgiparams{'FORWARD_SERVERS'} = join("|", @forward_servers);
+
            # Check if a remark has been entered.
            $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
 
@@ -82,7 +89,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
                if($cgiparams{'EDITING'} eq 'no') {
                        open(FILE,">>$filename") or die 'Unable to open config file.';
                        flock FILE, 2;
-                       print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVER'},$cgiparams{'REMARK'}\n";
+                       print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVERS'},$cgiparams{'REMARK'}\n";
                } else {
                        open(FILE, ">$filename") or die 'Unable to open config file.';
                        flock FILE, 2;
@@ -91,7 +98,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'add'})
                        {
                                $id++;
                                if ($cgiparams{'EDITING'} eq $id) {
-                                       print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVER'},$cgiparams{'REMARK'}\n";
+                                       print FILE "$cgiparams{'ENABLED'},$cgiparams{'ZONE'},$cgiparams{'FORWARD_SERVERS'},$cgiparams{'REMARK'}\n";
                                } else { print FILE "$line"; }
                        }
                }
@@ -167,7 +174,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'})
                        my @temp = split(/\,/,$line);
                        $cgiparams{'ENABLED'} = $temp[0];
                        $cgiparams{'ZONE'} = $temp[1];
-                       $cgiparams{'FORWARD_SERVER'} = $temp[2];
+                       $cgiparams{'FORWARD_SERVERS'} = join(",", split(/\|/, $temp[2]));
                        $cgiparams{'REMARK'} = $temp[3];
                }
        }
@@ -214,7 +221,7 @@ print <<END
 
        <tr>
                <td width='20%' class='base'>$Lang::tr{'dnsforward forward_server'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
-               <td><input type='text' name='FORWARD_SERVER' value='$cgiparams{'FORWARD_SERVER'}' size='24' /></td>
+               <td><input type='text' name='FORWARD_SERVERS' value='$cgiparams{'FORWARD_SERVERS'}' size='24' /></td>
        </tr>
 </table>
 
@@ -255,7 +262,7 @@ print <<END
 <table width='100%' class='tbl'>
        <tr>
                <th width='35%' class='boldbase' align='center'><b>$Lang::tr{'dnsforward zone'}</b></th>
-               <th width='30%' class='boldbase' align='center'><b>$Lang::tr{'dnsforward forward_server'}</b></th>
+               <th width='30%' class='boldbase' align='center'><b>$Lang::tr{'dnsforward forward_servers'}</b></th>
                <th width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
                <th width='5%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
        </tr>
@@ -284,7 +291,10 @@ foreach my $line (@current)
        my $gif = '';
        my $gdesc = '';
        my $toggle = '';
-       
+
+       # Format lists of servers
+       my $servers = join(", ", split(/\|/, $temp[2]));
+
        if($cgiparams{'ACTION'} eq $Lang::tr{'edit'} && $cgiparams{'ID'} eq $id) {
                print "<tr>";
                $col="bgcolor='${Header::colouryellow}'"; }
@@ -303,7 +313,7 @@ foreach my $line (@current)
 #
 print <<END
        <td align='center' $col>$temp[1]</td>
-       <td align='center' $col>$temp[2]</td>
+       <td align='center' $col>$servers</td>
        <td align='center' $col>$temp[3]</td>
        <td align='center' $col>
                <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index bba1912939a983dadabf9811a9363dd51a47bdb9..f7aed59220f4bb5e6d96525cb1b6e634e3260fb4 100644 (file)
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -821,7 +821,7 @@
 'dnsforward configuration' => 'Einstellungen für DNS Weiterleitung',
 'dnsforward edit an entry' => 'Existierenden Eintrag bearbeiten',
 'dnsforward entries' => 'Aktuelle Einträge',
-'dnsforward forward_server' => 'DNS-Server',
+'dnsforward forward_servers' => 'DNS-Server',
 'dnsforward zone' => 'Zone',
 'dnssec aware' => 'DNSSEC-Informationen verfügbar, aber nicht validierend',
 'dnssec disabled warning' => 'WARNUNG: DNSSEC wurde deaktiviert',
@@ -1415,6 +1415,7 @@
 'invalid input for state or province' => 'Ungültige Eingabe für Bundesstaat oder Provinz.',
 'invalid input for valid till days' => 'Ungültige Eingabe für Gültig bis (Tage).',
 'invalid ip' => 'Ungültige IP-Adresse',
+'invalid ip or hostname' => 'Ungültige IP-Addresse oder Hostname',
 'invalid keep time' => 'Die Aufbewahrungszeit muss eine gültige Zahl sein',
 'invalid key' => 'Ungültiger Schlüssel.',
 'invalid loaded file' => 'Ungültige geladene Datei',

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index fa701f53a03b63675a00575b898678aab295ec7e..2a2a3d2f1dd97d148ec873c9be6a038ca81d12ef 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -846,7 +846,7 @@
 'dnsforward configuration' => 'DNS forward configuration',
 'dnsforward edit an entry' => 'Edit an existing entry',
 'dnsforward entries' => 'Current entries',
-'dnsforward forward_server' => 'Nameserver',
+'dnsforward forward_servers' => 'Nameservers',
 'dnsforward zone' => 'Zone',
 'dnssec aware' => 'DNSSEC Aware',
 'dnssec disabled warning' => 'WARNING: DNSSEC has been disabled',
@@ -1446,6 +1446,7 @@
 'invalid input for state or province' => 'Invalid input for state or province.',
 'invalid input for valid till days' => 'Invalid input for Valid till (days).',
 'invalid ip' => 'Invalid IP Address',
+'invalid ip or hostname' => 'Invalid IP Address or Hostname',
 'invalid keep time' => 'Keep time must be a valid number',
 'invalid key' => 'Invalid key.',
 'invalid loaded file' => 'Invalid loaded file',

diff --git a/lfs/bind b/lfs/bind
index c2530b174758e1f12fd84930d35242737a01bd16..44b649fcb14d7259c605fab59dc86c3a7c6f433e 100644 (file)
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 9.11.5
+VER        = 9.11.5-P1
 
 THISAPP    = bind-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 17a0d02102117c9a221e857cf2cc8157
+$(DL_FILE)_MD5 = 2825d818db51008f88a0030507edfa8a
 
 install : $(TARGET)
 

diff --git a/lfs/grub b/lfs/grub
index 1a10c2aa5c3a3d5ce27f783a572c6603eb54152f..e6131f2f59dd360b9d91b2956eba340a68d68049 100644 (file)
--- a/lfs/grub
+++ b/lfs/grub
@@ -99,6 +99,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @rm -rf $(DIR_APP) $(DIR_APP_EFI) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.02_disable_vga_fallback.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/grub-2.02-xfs-accept-filesystem-with-sparse-inodes.patch
 
        # Install unifont
        cp -v $(DIR_DL)/unifont-7.0.03.pcf.gz $(DIR_APP)/unifont.pcf.gz

diff --git a/lfs/ipvsadm b/lfs/ipvsadm
index db245b997516b11f92cd08299ed133c5d25948fd..6345237f0ea4d915e14f563302d8d79d256d6987 100644 (file)
--- a/lfs/ipvsadm
+++ b/lfs/ipvsadm
@@ -24,15 +24,15 @@
 
 include Config
 
-VER        = 1.26
+VER        = 1.29
 
 THISAPP    = ipvsadm-$(VER)
-DL_FILE    = $(THISAPP).tar.gz
+DL_FILE    = $(THISAPP).tar.xz
 DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = ipvsadm
-PAK_VER    = 1
+PAK_VER    = 2
 
 DEPS       = ""
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = eac3ba3f62cd4dea2da353aeddd353a8
+$(DL_FILE)_MD5 = 12f0d3b4d436e941d0c4dbe358144bfd
 
 install : $(TARGET)
 

diff --git a/lfs/keepalived b/lfs/keepalived
index 6bdd9d3debdef3b829b762bf36074a7439af2b60..4b4ae2300aed43ce2cb1397bb648a59942592e3f 100644 (file)
--- a/lfs/keepalived
+++ b/lfs/keepalived
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = keepalived
-PAK_VER    = 3
+PAK_VER    = 4
 
 DEPS       = ""
 

diff --git a/lfs/libvirt b/lfs/libvirt
index de25a3d553c031d256ca857e5c17e92c09ba2f4c..aba2f133916d973c5ac76203e532266c5aec594e 100644 (file)
--- a/lfs/libvirt
+++ b/lfs/libvirt
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 4.6.0
+VER        = 4.10.0
 
 THISAPP    = libvirt-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 6ea17a8f004a4bcdfc4beaed91fcdddd
+$(DL_FILE)_MD5 = f85067e830bd89db08b7b7ffa75db6ef
 
 install : $(TARGET)
 check : $(patsubst %,$(DIR_CHK)/%,$(objects))

diff --git a/lfs/pcre b/lfs/pcre
index 66b34cc30c93ad64c13e023df40f3feccbe981b1..dc6621f1c1b0b8fdb3ac8d5dfe4e212397d35714 100644 (file)
--- a/lfs/pcre
+++ b/lfs/pcre
@@ -74,7 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --prefix=/usr \
                --disable-static \
                --enable-utf8 \
-               --disable-jit \
+               --enable-jit \
                --enable-pcre16 \
                --enable-pcre32 \
                --enable-pcregrep-libz \

diff --git a/lfs/sqlite b/lfs/sqlite
index 467e01805b70f36f71a901578330945c52e38b56..8f02634cd6256993851f742762a624224c11a30b 100644 (file)
--- a/lfs/sqlite
+++ b/lfs/sqlite
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3250200
+VER        = 3260000
 
 THISAPP    = sqlite-autoconf-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = bfade31d59f58badc51aeaa6ae26a5de
+$(DL_FILE)_MD5 = ac2b3b8cd3a97600e36fb8e756e8dda1
 
 install : $(TARGET)
 

diff --git a/lfs/squid b/lfs/squid
index 11b84d7194451ab44012c8dc0c7ca0652b73a93f..aaa2d0b96b77017852b683ce0c08d678d4ba4ddc 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.5.28
+VER        = 4.4
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 9367e0375ea53ba0e99f77054d4402c5
+$(DL_FILE)_MD5 = 892504ca9700e1f139a53f84098613bd
 
 install : $(TARGET)
 
@@ -72,9 +72,10 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/01_Certificate_fields_injection_via_D_in_ERR_SECURE_CONNECT_FAIL_306.patch
-       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/02_Fix_memory_leak_when_parsing_SNMP_packet_313.patch
-       cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5.28-fix-max-file-descriptors.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/01_Fix_netdb_exchange_with_a_TLS_cache_peer_307.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/02_Maintenance_add_xz_tarball_format_formally_to_make_dist_325.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/03_The_handshake_logformat_code_331.patch
+       cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-4.4-fix-max-file-descriptors.patch
 
        cd $(DIR_APP) && autoreconf -vfi
        cd $(DIR_APP)/libltdl && autoreconf -vfi
@@ -125,7 +126,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --enable-zph-qos \
                --with-dl \
                --with-filedescriptors=$$(( 16384 * 64 )) \
-               --with-large-files
+               --with-large-files \
+               --without-gnutls \
+               --without-netfilter-conntrack
 
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install

diff --git a/lfs/unbound b/lfs/unbound
index 3c876b79a61ae7e065c164bc007effcf7e486b61..07501d1d6d5fe2e95dfc9c1e3e82bf735636850f 100644 (file)
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.8.2
+VER        = 1.8.3
 
 THISAPP    = unbound-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 3b2f1024df47ccc59a8100c3b40c6dc1
+$(DL_FILE)_MD5 = 4646203343d3b8f5aeb1b57753c27ead
 
 install : $(TARGET)
 
@@ -79,6 +79,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                        --disable-static \
                        --with-libevent \
                        --enable-event-api \
+                       --enable-tfo-client \
+                       --enable-tfo-server \
                        ac_cv_func_getentropy=no
 
        cd $(DIR_APP) && make $(MAKETUNING)

diff --git a/src/initscripts/packages/keepalived b/src/initscripts/packages/keepalived
index 5634194e6dedd62e16188f65cb02941c9ccb7c8b..baccdc15a3765ae121f4c08e021bb6b8643e3054 100644 (file)
--- a/src/initscripts/packages/keepalived
+++ b/src/initscripts/packages/keepalived
@@ -24,7 +24,7 @@ case "${1}" in
 
        reload)
                boot_mesg "Reloading keepalive daemon..."
-               reloadproc /etc/sbin/keepalived
+               reloadproc /usr/sbin/keepalived
                ;;
 
        restart)

diff --git a/src/initscripts/system/aws b/src/initscripts/system/aws
index 2a556801ac8ca5854798096b31b0fa65277a7cf3..b22af7573725820cae7d4c982ac197f4f00792c7 100644 (file)
--- a/src/initscripts/system/aws
+++ b/src/initscripts/system/aws
@@ -34,7 +34,8 @@ case "${1}" in
                running_on_ec2 || exit 0
 
                # Find the first interface to use
-               for i in /sys/class/net/*; do
+               for i in /sys/class/net/red* /sys/class/net/eth* \
+                               /sys/class/net/*; do
                        [ -d "${i}" ] || continue
                        i=$(basename ${i})
 

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index cc46c33c9425cc85d95b1d7412a9db3e146fea4b..08007f50a31a0ae51875e9cc9319f9f21f13c1d2 100644 (file)
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -197,8 +197,8 @@ write_forward_conf() {
 
                local insecure_zones="${INSECURE_ZONES}"
 
-               local enabled zone server remark
-               while IFS="," read -r enabled zone server remark; do
+               local enabled zone server servers remark
+               while IFS="," read -r enabled zone servers remark; do
                        # Line must be enabled.
                        [ "${enabled}" = "on" ] || continue
 
@@ -215,7 +215,13 @@ write_forward_conf() {
                                *.in-addr.arpa)
                                        echo "stub-zone:"
                                        echo "  name: ${zone}"
-                                       echo "  stub-addr: ${server}"
+                                       for server in ${servers//|/ }; do
+                                               if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+                                                       echo "  stub-addr: ${server}"
+                                               else
+                                                       echo "  stub-host: ${server}"
+                                               fi
+                                       done
                                        echo
                                        echo "server:"
                                        echo "  local-zone: \"${zone}\" transparent"
@@ -224,7 +230,13 @@ write_forward_conf() {
                                *)
                                        echo "forward-zone:"
                                        echo "  name: ${zone}"
-                                       echo "  forward-addr: ${server}"
+                                       for server in ${servers//|/ }; do
+                                               if [[ ${server} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+                                                       echo "  forward-addr: ${server}"
+                                               else
+                                                       echo "  forward-host: ${server}"
+                                               fi
+                                       done
                                        echo
                                        ;;
                        esac

diff --git a/src/patches/grub-2.02-xfs-accept-filesystem-with-sparse-inodes.patch b/src/patches/grub-2.02-xfs-accept-filesystem-with-sparse-inodes.patch
new file mode 100644 (file)
index 0000000..6c6a750
--- /dev/null
+++ b/src/patches/grub-2.02-xfs-accept-filesystem-with-sparse-inodes.patch
@@ -0,0 +1,60 @@
+From cda0a857dd7a27cd5d621747464bfe71e8727fff Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Tue, 29 May 2018 16:16:02 +0200
+Subject: xfs: Accept filesystem with sparse inodes
+
+The sparse inode metadata format became a mkfs.xfs default in
+xfsprogs-4.16.0, and such filesystems are now rejected by grub as
+containing an incompatible feature.
+
+In essence, this feature allows xfs to allocate inodes into fragmented
+freespace.  (Without this feature, if xfs could not allocate contiguous
+space for 64 new inodes, inode creation would fail.)
+
+In practice, the disk format change is restricted to the inode btree,
+which as far as I can tell is not used by grub.  If all you're doing
+today is parsing a directory, reading an inode number, and converting
+that inode number to a disk location, then ignoring this feature
+should be fine, so I've added it to XFS_SB_FEAT_INCOMPAT_SUPPORTED
+
+I did some brief testing of this patch by hacking up the regression
+tests to completely fragment freespace on the test xfs filesystem, and
+then write a large-ish number of inodes to consume any existing
+contiguous 64-inode chunk.  This way any files the grub tests add and
+traverse would be in such a fragmented inode allocation.  Tests passed,
+but I'm not sure how to cleanly integrate that into the test harness.
+
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Tested-by: Chris Murphy <lists@colorremedies.com>
+---
+ grub-core/fs/xfs.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
+index c6031bd..3b00c74 100644
+--- a/grub-core/fs/xfs.c
++++ b/grub-core/fs/xfs.c
+@@ -79,9 +79,18 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ #define XFS_SB_FEAT_INCOMPAT_SPINODES   (1 << 1)        /* sparse inode chunks */
+ #define XFS_SB_FEAT_INCOMPAT_META_UUID  (1 << 2)        /* metadata UUID */
+ 
+-/* We do not currently verify metadata UUID so it is safe to read such filesystem */
++/*
++ * Directory entries with ftype are explicitly handled by GRUB code.
++ *
++ * We do not currently read the inode btrees, so it is safe to read filesystems
++ * with the XFS_SB_FEAT_INCOMPAT_SPINODES feature.
++ *
++ * We do not currently verify metadata UUID, so it is safe to read filesystems
++ * with the XFS_SB_FEAT_INCOMPAT_META_UUID feature.
++ */
+ #define XFS_SB_FEAT_INCOMPAT_SUPPORTED \
+       (XFS_SB_FEAT_INCOMPAT_FTYPE | \
++       XFS_SB_FEAT_INCOMPAT_SPINODES | \
+        XFS_SB_FEAT_INCOMPAT_META_UUID)
+ 
+ struct grub_xfs_sblock
+-- 
+cgit v1.0-41-gc330
+

diff --git a/src/patches/squid/01_Certificate_fields_injection_via_D_in_ERR_SECURE_CONNECT_FAIL_306.patch b/src/patches/squid/01_Certificate_fields_injection_via_D_in_ERR_SECURE_CONNECT_FAIL_306.patch
deleted file mode 100644 (file)
index fadb1d4..0000000
--- a/src/patches/squid/01_Certificate_fields_injection_via_D_in_ERR_SECURE_CONNECT_FAIL_306.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-commit f1657a9decc820f748fa3aff68168d3145258031
-Author: Christos Tsantilas <christos@chtsanti.net>
-Date:   2018-10-17 15:14:07 +0000
-
-    Certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL (#306)
-    
-    %ssl_subject, %ssl_ca_name, and %ssl_cn values were not properly escaped when %D code was expanded in HTML context of the ERR_SECURE_CONNECT_FAIL template. This bug affects all
-    ERR_SECURE_CONNECT_FAIL page templates containing %D, including the default template.
-    
-    Other error pages are not vulnerable because Squid does not populate %D with certificate details in other contexts (yet).
-    
-    Thanks to Nikolas Lohmann [eBlocker] for identifying the problem.
-    
-    TODO: If those certificate details become needed for ACL checks or other non-HTML purposes, make their HTML-escaping conditional.
-    
-    This is a Measurement Factory project.
-
-diff --git a/src/ssl/ErrorDetail.cc b/src/ssl/ErrorDetail.cc
-index b5030e3..314e998 100644
---- a/src/ssl/ErrorDetail.cc
-+++ b/src/ssl/ErrorDetail.cc
-@@ -8,6 +8,8 @@
- 
- #include "squid.h"
- #include "errorpage.h"
-+#include "fatal.h"
-+#include "html_quote.h"
- #include "ssl/ErrorDetail.h"
- 
- #include <climits>
-@@ -432,8 +434,11 @@ const char  *Ssl::ErrorDetail::subject() const
- {
-     if (broken_cert.get()) {
-         static char tmpBuffer[256]; // A temporary buffer
--        if (X509_NAME_oneline(X509_get_subject_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer)))
--            return tmpBuffer;
-+        if (X509_NAME_oneline(X509_get_subject_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer))) {
-+            // quote to avoid possible html code injection through
-+            // certificate subject
-+            return html_quote(tmpBuffer);
-+        }
-     }
-     return "[Not available]";
- }
-@@ -461,8 +466,11 @@ const char *Ssl::ErrorDetail::cn() const
-         static String tmpStr;  ///< A temporary string buffer
-         tmpStr.clean();
-         Ssl::matchX509CommonNames(broken_cert.get(), &tmpStr, copy_cn);
--        if (tmpStr.size())
--            return tmpStr.termedBuf();
-+        if (tmpStr.size()) {
-+            // quote to avoid possible html code injection through
-+            // certificate subject
-+            return html_quote(tmpStr.termedBuf());
-+        }
-     }
-     return "[Not available]";
- }
-@@ -474,8 +482,11 @@ const char *Ssl::ErrorDetail::ca_name() const
- {
-     if (broken_cert.get()) {
-         static char tmpBuffer[256]; // A temporary buffer
--        if (X509_NAME_oneline(X509_get_issuer_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer)))
--            return tmpBuffer;
-+        if (X509_NAME_oneline(X509_get_issuer_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer))) {
-+            // quote to avoid possible html code injection through
-+            // certificate issuer subject
-+            return html_quote(tmpBuffer);
-+        }
-     }
-     return "[Not available]";
- }

diff --git a/src/patches/squid/01_Fix_netdb_exchange_with_a_TLS_cache_peer_307.patch b/src/patches/squid/01_Fix_netdb_exchange_with_a_TLS_cache_peer_307.patch
new file mode 100644 (file)
index 0000000..09f8961
--- /dev/null
+++ b/src/patches/squid/01_Fix_netdb_exchange_with_a_TLS_cache_peer_307.patch
@@ -0,0 +1,91 @@
+commit bc54d7a6f7ec510a25966f2f800d3ea874657546
+Author: chi-mf <43963496+chi-mf@users.noreply.github.com>
+Date:   2018-10-30 04:48:40 +0000
+
+    Fix netdb exchange with a TLS cache_peer (#307)
+    
+    Squid uses http-scheme URLs when sending netdb exchange (and possibly
+    other) requests to a cache_peer. If a DIRECT path is selected for that
+    cache_peer URL, then Squid sends a clear text HTTP request to that
+    cache_peer. If that cache_peer expects a TLS connection, it will reject
+    that request (with, e.g., error:transaction-end-before-headers),
+    resulting in an HTTP 503 or 504 netdb fetch error.
+    
+    Workaround this by adding an internalRemoteUri() parameter to indicate
+    whether https or http URL scheme should be used. Netdb fetches from
+    CachePeer::secure peers now get an https scheme and, hence, a TLS
+    connection.
+
+diff --git a/src/icmp/net_db.cc b/src/icmp/net_db.cc
+index 0f488de..526093f 100644
+--- a/src/icmp/net_db.cc
++++ b/src/icmp/net_db.cc
+@@ -1282,7 +1282,7 @@ netdbExchangeStart(void *data)
+ #if USE_ICMP
+     CachePeer *p = (CachePeer *)data;
+     static const SBuf netDB("netdb");
+-    char *uri = internalRemoteUri(p->host, p->http_port, "/squid-internal-dynamic/", netDB);
++    char *uri = internalRemoteUri(p->secure.encryptTransport, p->host, p->http_port, "/squid-internal-dynamic/", netDB);
+     debugs(38, 3, "Requesting '" << uri << "'");
+     const MasterXaction::Pointer mx = new MasterXaction(XactionInitiator::initIcmp);
+     HttpRequest *req = HttpRequest::FromUrl(uri, mx);
+diff --git a/src/internal.cc b/src/internal.cc
+index 6ebc7a6..ff7b4d6 100644
+--- a/src/internal.cc
++++ b/src/internal.cc
+@@ -82,7 +82,7 @@ internalStaticCheck(const SBuf &urlPath)
+  * makes internal url with a given host and port (remote internal url)
+  */
+ char *
+-internalRemoteUri(const char *host, unsigned short port, const char *dir, const SBuf &name)
++internalRemoteUri(bool encrypt, const char *host, unsigned short port, const char *dir, const SBuf &name)
+ {
+     static char lc_host[SQUIDHOSTNAMELEN];
+     assert(host && !name.isEmpty());
+@@ -115,7 +115,7 @@ internalRemoteUri(const char *host, unsigned short port, const char *dir, const
+     static MemBuf mb;
+ 
+     mb.reset();
+-    mb.appendf("http://" SQUIDSBUFPH, SQUIDSBUFPRINT(tmp.authority()));
++    mb.appendf("%s://" SQUIDSBUFPH, encrypt ? "https" : "http", SQUIDSBUFPRINT(tmp.authority()));
+ 
+     if (dir)
+         mb.append(dir, strlen(dir));
+@@ -132,7 +132,10 @@ internalRemoteUri(const char *host, unsigned short port, const char *dir, const
+ char *
+ internalLocalUri(const char *dir, const SBuf &name)
+ {
+-    return internalRemoteUri(getMyHostname(),
++    // XXX: getMy*() may return https_port info, but we force http URIs
++    // because we have not checked whether the callers can handle https.
++    const bool secure = false;
++    return internalRemoteUri(secure, getMyHostname(),
+                              getMyPort(), dir, name);
+ }
+ 
+diff --git a/src/internal.h b/src/internal.h
+index c91f9ac..13a43a6 100644
+--- a/src/internal.h
++++ b/src/internal.h
+@@ -24,7 +24,7 @@ void internalStart(const Comm::ConnectionPointer &clientConn, HttpRequest *, Sto
+ bool internalCheck(const SBuf &urlPath);
+ bool internalStaticCheck(const SBuf &urlPath);
+ char *internalLocalUri(const char *dir, const SBuf &name);
+-char *internalRemoteUri(const char *, unsigned short, const char *, const SBuf &);
++char *internalRemoteUri(bool, const char *, unsigned short, const char *, const SBuf &);
+ const char *internalHostname(void);
+ int internalHostnameIs(const char *);
+ 
+diff --git a/src/peer_digest.cc b/src/peer_digest.cc
+index 36a8705..f515aaa 100644
+--- a/src/peer_digest.cc
++++ b/src/peer_digest.cc
+@@ -323,7 +323,7 @@ peerDigestRequest(PeerDigest * pd)
+     if (p->digest_url)
+         url = xstrdup(p->digest_url);
+     else
+-        url = xstrdup(internalRemoteUri(p->host, p->http_port, "/squid-internal-periodic/", SBuf(StoreDigestFileName)));
++        url = xstrdup(internalRemoteUri(p->secure.encryptTransport, p->host, p->http_port, "/squid-internal-periodic/", SBuf(StoreDigestFileName)));
+     debugs(72, 2, url);
+ 
+     const MasterXaction::Pointer mx = new MasterXaction(XactionInitiator::initCacheDigest);

diff --git a/src/patches/squid/02_Fix_memory_leak_when_parsing_SNMP_packet_313.patch b/src/patches/squid/02_Fix_memory_leak_when_parsing_SNMP_packet_313.patch
deleted file mode 100644 (file)
index 2ae034c..0000000
--- a/src/patches/squid/02_Fix_memory_leak_when_parsing_SNMP_packet_313.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-commit bc9786119f058a76ddf0625424bc33d36460b9a2 (refs/remotes/origin/v3.5)
-Author: flozilla <fishyflow@gmail.com>
-Date:   2018-10-24 14:12:01 +0200
-
-    Fix memory leak when parsing SNMP packet (#313)
-    
-    SNMP queries denied by snmp_access rules and queries with certain
-    unsupported SNMPv2 commands were leaking a few hundred bytes each. Such
-    queries trigger "SNMP agent query DENIED from..." WARNINGs in cache.log.
-
-diff --git a/src/snmp_core.cc b/src/snmp_core.cc
-index c4d21c1..16c2993 100644
---- a/src/snmp_core.cc
-+++ b/src/snmp_core.cc
-@@ -409,6 +409,7 @@ snmpDecodePacket(SnmpRequest * rq)
-             snmpConstructReponse(rq);
-         } else {
-             debugs(49, DBG_IMPORTANT, "WARNING: SNMP agent query DENIED from : " << rq->from);
-+            snmp_free_pdu(PDU);
-         }
-         xfree(Community);
- 

diff --git a/src/patches/squid/02_Maintenance_add_xz_tarball_format_formally_to_make_dist_325.patch b/src/patches/squid/02_Maintenance_add_xz_tarball_format_formally_to_make_dist_325.patch
new file mode 100644 (file)
index 0000000..58ceaa0
--- /dev/null
+++ b/src/patches/squid/02_Maintenance_add_xz_tarball_format_formally_to_make_dist_325.patch
@@ -0,0 +1,22 @@
+commit 3c23ae8c7431344f8fc50bb5ee8f4b56d08c10a4
+Author: Amos Jeffries <yadij@users.noreply.github.com>
+Date:   2018-11-11 04:29:58 +0000
+
+    Maintenance: add .xz tarball format formally to make dist (#325)
+    
+    Automake can now handle generating this format itself and the
+    experiments of providing it for downstream have gone well.
+
+diff --git a/configure.ac b/configure.ac
+index 3f8af6d..f668567 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -10,7 +10,7 @@ AC_PREREQ(2.61)
+ AC_CONFIG_HEADERS([include/autoconf.h])
+ AC_CONFIG_AUX_DIR(cfgaux)
+ AC_CONFIG_SRCDIR([src/main.cc])
+-AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects])
++AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects dist-xz])
+ AC_REVISION($Revision$)dnl
+ AC_PREFIX_DEFAULT(/usr/local/squid)
+ AM_MAINTAINER_MODE

diff --git a/src/patches/squid/03_The_handshake_logformat_code_331.patch b/src/patches/squid/03_The_handshake_logformat_code_331.patch
new file mode 100644 (file)
index 0000000..2ce8bdc
--- /dev/null
+++ b/src/patches/squid/03_The_handshake_logformat_code_331.patch
@@ -0,0 +1,132 @@
+commit 0022167d80725513d95b38aaebc90086fc0b6938 (tag: refs/tags/M-staged-PR331, refs/remotes/origin/v4)
+Author: Christos Tsantilas <christos@chtsanti.net>
+Date:   2018-11-14 15:17:06 +0000
+
+    The %>handshake logformat code (#331)
+    
+    Logging client "handshake" bytes is useful in at least two contexts:
+    
+    * Runtime traffic bypass and bumping/splicing decisions. Identifying
+      popular clients like Skype for Business (that uses a TLS handshake but
+      then may not speak TLS) is critical for handling their traffic
+      correctly. Squid does not have enough ACLs to interrogate most TLS
+      handshake aspects. Adding more ACLs may still be a good idea, but
+      initial sketches for SfB handshakes showed rather complex
+      ACLs/configurations, _and_ no reasonable ACLs would be able to handle
+      non-TLS handshakes. An external ACL receiving the handshake is in a
+      much better position to analyze/fingerprint it according to custom
+      admin needs.
+    
+    * A logged handshake can be used to analyze new/unusual traffic or even
+      trigger security-related alarms.
+    
+    The current support is limited to cases where Squid was saving handshake
+    for other reasons. With enough demand, this initial support can be
+    extended to all protocols and port configurations.
+    
+    This is a Measurement Factory project.
+
+diff --git a/src/cf.data.pre b/src/cf.data.pre
+index fa8af56..a8ca587 100644
+--- a/src/cf.data.pre
++++ b/src/cf.data.pre
+@@ -4394,6 +4394,37 @@ DOC_START
+               <qos    Server connection TOS/DSCP value set by Squid
+               <nfmark Server connection netfilter mark set by Squid
+ 
++              >handshake Raw client handshake
++                      Initial client bytes received by Squid on a newly
++                      accepted TCP connection or inside a just established
++                      CONNECT tunnel. Squid stops accumulating handshake
++                      bytes as soon as the handshake parser succeeds or
++                      fails (determining whether the client is using the
++                      expected protocol).
++
++                      For HTTP clients, the handshake is the request line.
++                      For TLS clients, the handshake consists of all TLS
++                      records up to and including the TLS record that
++                      contains the last byte of the first ClientHello
++                      message. For clients using an unsupported protocol,
++                      this field contains the bytes received by Squid at the
++                      time of the handshake parsing failure.
++
++                      See the on_unsupported_protocol directive for more
++                      information on Squid handshake traffic expectations.
++
++                      Current support is limited to these contexts:
++                      - http_port connections, but only when the
++                        on_unsupported_protocol directive is in use.
++                      - https_port connections (and CONNECT tunnels) that
++                        are subject to the ssl_bump peek or stare action.
++
++                      To protect binary handshake data, this field is always
++                      base64-encoded (RFC 4648 Section 4). If logformat
++                      field encoding is configured, that encoding is applied
++                      on top of base64. Otherwise, the computed base64 value
++                      is recorded as is.
++
+       Time related format codes:
+ 
+               ts      Seconds since epoch
+diff --git a/src/format/ByteCode.h b/src/format/ByteCode.h
+index ad230bb..a6f8fd9 100644
+--- a/src/format/ByteCode.h
++++ b/src/format/ByteCode.h
+@@ -46,6 +46,8 @@ typedef enum {
+     LFT_CLIENT_LOCAL_TOS,
+     LFT_CLIENT_LOCAL_NFMARK,
+ 
++    LFT_CLIENT_HANDSHAKE,
++
+     /* client connection local squid.conf details */
+     LFT_LOCAL_LISTENING_IP,
+     LFT_LOCAL_LISTENING_PORT,
+diff --git a/src/format/Format.cc b/src/format/Format.cc
+index c1e19b4..8fd6720 100644
+--- a/src/format/Format.cc
++++ b/src/format/Format.cc
+@@ -8,6 +8,7 @@
+ 
+ #include "squid.h"
+ #include "AccessLogEntry.h"
++#include "base64.h"
+ #include "client_side.h"
+ #include "comm/Connection.h"
+ #include "err_detail_type.h"
+@@ -547,6 +548,24 @@ Format::Format::assemble(MemBuf &mb, const AccessLogEntry::Pointer &al, int logS
+             }
+             break;
+ 
++        case LFT_CLIENT_HANDSHAKE:
++            if (al->request && al->request->clientConnectionManager.valid()) {
++                const auto &handshake = al->request->clientConnectionManager->preservedClientData;
++                if (const auto rawLength = handshake.length()) {
++                    // add 1 byte to optimize the c_str() conversion below
++                    char *buf = sb.rawAppendStart(base64_encode_len(rawLength) + 1);
++
++                    struct base64_encode_ctx ctx;
++                    base64_encode_init(&ctx);
++                    auto encLength = base64_encode_update(&ctx, buf, rawLength, reinterpret_cast<const uint8_t*>(handshake.rawContent()));
++                    encLength += base64_encode_final(&ctx, buf + encLength);
++
++                    sb.rawAppendFinish(buf, encLength);
++                    out = sb.c_str();
++                }
++            }
++            break;
++
+         case LFT_TIME_SECONDS_SINCE_EPOCH:
+             // some platforms store time in 32-bit, some 64-bit...
+             outoff = static_cast<int64_t>(current_time.tv_sec);
+diff --git a/src/format/Token.cc b/src/format/Token.cc
+index 186ade5..06c60cf 100644
+--- a/src/format/Token.cc
++++ b/src/format/Token.cc
+@@ -141,6 +141,7 @@ static TokenTableEntry TokenTableMisc[] = {
+     TokenTableEntry("<qos", LFT_SERVER_LOCAL_TOS),
+     TokenTableEntry(">nfmark", LFT_CLIENT_LOCAL_NFMARK),
+     TokenTableEntry("<nfmark", LFT_SERVER_LOCAL_NFMARK),
++    TokenTableEntry(">handshake", LFT_CLIENT_HANDSHAKE),
+     TokenTableEntry("err_code", LFT_SQUID_ERROR ),
+     TokenTableEntry("err_detail", LFT_SQUID_ERROR_DETAIL ),
+     TokenTableEntry("note", LFT_NOTE ),

diff --git a/src/patches/squid/squid-3.5.28-fix-max-file-descriptors.patch b/src/patches/squid/squid-4.4-fix-max-file-descriptors.patch
similarity index 92%
rename from src/patches/squid/squid-3.5.28-fix-max-file-descriptors.patch
rename to src/patches/squid/squid-4.4-fix-max-file-descriptors.patch
index b740b6104ef66b393eb11f57d0a4918d0392329b..8d1a4e03a849e88b6e2e3b20c1c7cded5fe02226 100644 (file)
--- a/src/patches/squid/squid-3.5.28-fix-max-file-descriptors.patch
+++ b/src/patches/squid/squid-4.4-fix-max-file-descriptors.patch
@@ -1,6 +1,6 @@
 --- configure.ac.~     Wed Apr 20 14:26:07 2016
 +++ configure.ac       Fri Apr 22 17:20:46 2016
-@@ -3135,6 +3135,9 @@
+@@ -3156,6 +3156,9 @@
      ;;
  esac
  
@@ -10,7 +10,7 @@
  dnl --with-maxfd present for compatibility with Squid-2.
  dnl undocumented in ./configure --help  to encourage using the Squid-3 directive
  AC_ARG_WITH(maxfd,,
-@@ -3165,8 +3168,6 @@
+@@ -3186,8 +3189,6 @@
      esac
  ])